当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2014-055033
漏洞标题:
大河网某子站sql注射漏洞
相关厂商:
大河网
漏洞作者:
卡卡
提交时间:
2014-04-01 10:42
修复时间:
2014-04-06 10:42
公开时间:
2014-04-06 10:42
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
10
漏洞状态:
漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2014-04-01: 细节已通知厂商并且等待厂商处理中
2014-04-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

混个脸熟,别打脸~~

详细说明:

问题出现在http://book.dahe.cn
漏洞链接:

http://book.dahe.cn/book/content.asp?id=19


很明显的一处sql注射漏洞,参数IP未作防护,还是Oracle的库,有钱啊!

oracle.png


库:

[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] DHSL
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TONGSHU
[*] WMSYS
[*] XDB


当前库为DHSL
表:

Database: DHSL
[41 tables]
+-----------------------+
| DIMING                |
| DV_ASS                |
| DV_BAOZHANG           |
| DV_CART               |
| DV_FAVORITE           |
| DV_ORDER              |
| DV_ORDERITEM          |
| DV_PIC                |
| DV_PINDAO             |
| DV_TOP                |
| DV_TOP_ITEM           |
| DV_USER               |
| DV_USER_ORDERADDRESS  |
| ERP_BASE              |
| ERP_CBS               |
| ERP_FS                |
| ERP_HOT_KEY           |
| ERP_NEW_LB            |
| ERP_WEB_LB            |
| IMP_TEMP              |
| PLAN_TABLE            |
| WEB_BAOZHANG          |
| WEB_BOOK              |
| WEB_CXDJ              |
| WEB_DAXL              |
| WEB_DEL_DATA          |
| WEB_HISTORY_BAND      |
| WEB_HISTORY_BAND_ITEM |
| WEB_HISTORY_YEAR_BAND |
| WEB_LANMU             |
| WEB_LANMU_ITEM        |
| WEB_MRT               |
| WEB_MRT_ITEM          |
| WEB_NEWS              |
| WEB_PIC               |
| WEB_PRICE             |
| WEB_PRICE1            |
| WEB_PRICE_ITEM        |
| WEB_TOP               |
| WEB_TOP_ITEM          |
| WEB_TRANSPORT         |
+-----------------------+


还可以跨库的,亲~~
只是检测,并未继续深入!

漏洞证明:

oracle.png


库:

[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] DHSL
[*] EXFSYS
[*] FLOWS_FILES
[*] MDSYS
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TONGSHU
[*] WMSYS
[*] XDB


当前库为DHSL
表:

Database: DHSL
[41 tables]
+-----------------------+
| DIMING                |
| DV_ASS                |
| DV_BAOZHANG           |
| DV_CART               |
| DV_FAVORITE           |
| DV_ORDER              |
| DV_ORDERITEM          |
| DV_PIC                |
| DV_PINDAO             |
| DV_TOP                |
| DV_TOP_ITEM           |
| DV_USER               |
| DV_USER_ORDERADDRESS  |
| ERP_BASE              |
| ERP_CBS               |
| ERP_FS                |
| ERP_HOT_KEY           |
| ERP_NEW_LB            |
| ERP_WEB_LB            |
| IMP_TEMP              |
| PLAN_TABLE            |
| WEB_BAOZHANG          |
| WEB_BOOK              |
| WEB_CXDJ              |
| WEB_DAXL              |
| WEB_DEL_DATA          |
| WEB_HISTORY_BAND      |
| WEB_HISTORY_BAND_ITEM |
| WEB_HISTORY_YEAR_BAND |
| WEB_LANMU             |
| WEB_LANMU_ITEM        |
| WEB_MRT               |
| WEB_MRT_ITEM          |
| WEB_NEWS              |
| WEB_PIC               |
| WEB_PRICE             |
| WEB_PRICE1            |
| WEB_PRICE_ITEM        |
| WEB_TOP               |
| WEB_TOP_ITEM          |
| WEB_TRANSPORT         |
+-----------------------+


修复方案:

添加过滤语句或增加waf设备!

版权声明:转载请注明来源 卡卡@乌云

>

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-04-06 10:42

厂商回复:

最新状态:

暂无