当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0108543

漏洞标题:联想某站多处SQL注入

相关厂商:联想

漏洞作者: 深度安全实验室

提交时间:2015-04-21 11:51

修复时间:2015-06-05 16:34

公开时间:2015-06-05 16:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-21: 细节已通知厂商并且等待厂商处理中
2015-04-21: 厂商已经确认,细节仅向厂商公开
2015-05-01: 细节向核心白帽子及相关领域专家公开
2015-05-11: 细节向普通白帽子公开
2015-05-21: 细节向实习白帽子公开
2015-06-05: 细节向公众公开

简要描述:

详细说明:

http://yuyue.ecare365.com/Query.aspx


http://yuyue.ecare365.com/OrdModify.aspx


应该是每张页面的每个输入框都有问题,拿第一张页面举例:

POST /Query.aspx HTTP/1.1
Host: yuyue.ecare365.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:22.0) Gecko/20100101 Firefox/22.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://yuyue.ecare365.com/Query.aspx
Cookie: ASP.NET_SessionId=r2cuqlfxboed2yw2niqfr3p2; __utma=66602278.1222785959.1429234730.1429234730.1429234844.2; __utmc=66602278; __utmz=66602278.1429234844.2.2.utmcsr=baidu|utmccn=(organic)|utmcmd=organic|utmctr=site%3Ayuyue.ecare365.com; _smtz=smt_md%3Dwww.baidu.com%26smt_pl%3Dorganic%26smt_kw%3Dsite%253Ayuyue.ecare365.com%26smt_cp%3D(organic); _smta=5530649d.4d4d24af%2C1429234845%2C1429236645%2C1%2C1%2C1%2C1429234845; _smtp=7f2b727fefc2; _smtt=1429234863; pgv_pvi=8866345984; pgv_si=s8493341696
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 1334
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTQyMTM0MzI1OA9kFgJmD2QWAgIDD2QWBAIFD2QWAmYPZBYEZg9kFgRmD2QWAgIBDxBkZBYBZmQCAQ9kFgICAQ8QZBAVAgPlkKYD5pivFQID5ZCmA%2BaYrxQrAwJnZxYBZmQCAQ9kFgICAQ9kFgICAQ8QZBAVBAblhajpg6gM55S16ISR5LyY5YyWDOaVhemanOaOkuafpQzmiYvmnLrov57mjqUVBAblhajpg6gM55S16ISR5LyY5YyWDOaVhemanOaOkuafpQzmiYvmnLrov57mjqUUKwMEZ2dnZ2RkAgYPZBYCAgEPPCsAEQMADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50ZmQBEBYAFgAWAAwUKwAAZBgCBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAQUSY3RsMDAkSW1hZ2VCdXR0b24xBRtjdGwwMCRNYWluQ29udGVudCRHcmlkVmlldzEPPCsADAEIZmT6xWd8nRbisYz4d0Gc7pvMloUxS3invTU6CBSOzTz1FQ%3D%3D&ctl00%24FeaturedContent%24DropDownList1=%E5%85%A8%E9%83%A8&ctl00%24FeaturedContent%24DropDownList5=%E5%90%A6&ctl00%24FeaturedContent%24DropDownList6=&ctl00%24FeaturedContent%24DropDownList3=%E5%85%A8%E9%83%A8&ctl00%24FeaturedContent%24DropDownList4=%E5%85%A8%E9%83%A8&ctl00%24FeaturedContent%24yid=&ctl00%24FeaturedContent%24name=123&ctl00%24FeaturedContent%24mgr=&ctl00%24FeaturedContent%24tl=&ctl00%24FeaturedContent%24engr=&ctl00%24FeaturedContent%24cardno=&ctl00%24FeaturedContent%24phone=&ctl00%24FeaturedContent%24DateReceived1=&ctl00%24FeaturedContent%24DateReceived2=&ctl00%24FeaturedContent%24DateReceived3=&ctl00%24FeaturedContent%24DateReceived4=&ctl00%24FeaturedContent%24BtnTest2=%E6%9F%A5%E8%AF%A2


漏洞证明:

1.JPG

2.JPG

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-04-21 16:33

厂商回复:

感谢您对联想信息安全工作的关注与支持!
联想于2015年4月3日启用安全应急响应中心(LSRC),欢迎大家向我们反馈联想产品、服务和业务系统的安全漏洞,以帮助我们提升产品和业务的安全性。相关细则请登录安全应急响应中心站点(http:// )
1. 4月联想组织双倍积分回馈活动!
2. 4月杰出贡献奖,Ipad Air2一台!

最新状态:

暂无