当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0110156

漏洞标题:某票务系统sql注入漏洞,影响大量商务网站#2

相关厂商:票友软件

漏洞作者: 路人甲

提交时间:2015-04-29 11:23

修复时间:2015-08-02 08:04

公开时间:2015-08-02 08:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-29: 细节已通知厂商并且等待厂商处理中
2015-05-04: 厂商已经确认,细节仅向厂商公开
2015-05-07: 细节向第三方安全合作伙伴开放
2015-06-28: 细节向核心白帽子及相关领域专家公开
2015-07-08: 细节向普通白帽子公开
2015-07-18: 细节向实习白帽子公开
2015-08-02: 细节向公众公开

简要描述:

注入

详细说明:

票友软件 http://www.piaoyou.org/
这里以官方演示站来进行演示
http://demo.piaoyou.org/
具体案例的话可以通过搜索
intitle:票友ERP管理系统 来进行寻找
用官方演示站演示账户密码登陆后
注入点位于签证业务->签证查询处
输入111
burp截包

POST /Visa/search.aspx HTTP/1.1
Host: demo.piaoyou.org
Proxy-Connection: keep-alive
Content-Length: 5360
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://demo.piaoyou.org
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://demo.piaoyou.org/Visa/search.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,zh-TW;q=0.4
Cookie: ASP.NET_SessionId=yw3uiho3ncyfvvifwyff2u0q; pycookie=loginname=admin&truename=%e7%b3%bb%e7%bb%9f%e7%ae%a1%e7%90%86%e5%91%98&flag=1&datagroup=&kefugroup=%e7%bd%91%e7%bb%9c%e9%83%a8&kpgroup=0&kpdian=none%7c%e5%a4%a9%e5%9c%b0%e8%a1%8c%7c%e4%b8%8d%e5%a4%9c%e5%9f%8e%7c%e4%bb%8a%e6%97%a5%e5%a4%a9%e4%b8%8b%e9%80%9a%7c%e5%8d%97%e8%88%aa%e7%bd%91%e7%ab%99%7c%e5%9b%bd%e8%88%aa%7c; Hm_lvt_c15d2259f5eee2c03f0739e5f8ff792c=1429862606; Hm_lpvt_c15d2259f5eee2c03f0739e5f8ff792c=1429862678
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=zAUuaJ5kFxN8AOI8mtNfuIrHoWmZEIcOPgEgvypWqe3NQPFRiaveEqSmf8hcIKpJqrJFutvQpAXMNaOCBNoUcvzN080dXGa9uoOPdLRmiQ3ikTlM%2BYreeKkZMt5dm4y%2FP%2BPNVfqZBgB9XpKB3saWW479ICUkhn%2Fel3aFXEE%2FljO3SpIGPkD0XgZBOAkyMm2juwz5z0Yi2Uy9dVXqAytC7np9msDTRWLdpSbY2zUCRL5fmA4pWvNLbcoibrz9j5gKQSEvnrtNx5sArCZaOwLjW6DbhuSnQGWk6qDiQRc%2BdT%2F4G%2BQqmdiXB3TemGBMxeLrqTPGM5YqBNaAb1oJ17Bz9Z6lF1ZMnOtTpUatsIUXxcFYi%2Bn7SI1D2Y083pAklvVASf0VWucSKkh7WLjeFASnpt%2FIV%2BQFN5DEUFg6xhFDRudX78A4QHThrIDS%2BBvrgN8yxZY0Z8uUrf%2FDMlDaoqVsWoCv61%2BRuDokxWF87jbeFLl15rySFerNVpvISZdWUon5Pwd2LD5Y%2FZP%2FXEJUkKyA284bddb9sJyvvQFc5OiTQ9VDxgJc69Xild7GrU9SDdjc%2B3CFP%2FqzZJ0FpM5dxmyPHtbcwSQXhsDhv%2FFQtc11SJJh2pvGIsp%2BNVCxyzv0AND6uvU1y5op1CVhtLqNhJGa4grNjvPmzOW9c%2BXYTINgRsxBTejqp1PLh%2F%2BxuKUfDdltQ9rZt%2FmqjfLhSLJ9OYwWDe6fiFOTkEuPyRrvtTU2VcCdaArNsnlmn3Ml6Y6OkGpjMP%2B4YQSxTBbUqkKOr%2BIe6Dbb3D%2FvUIDeDDsEEWygALqpY%2BlcH6JNuK%2FsClnFVOGrMs%2Bd%2BK55b%2FNjbeT5UddcEhFw0h9zZY5SyTFzfR%2B7Xuo3yZHCijInef68KI5Kzsuxx8qi8OuLaSbNx3kElrjXVoTQb4FsOMf9upp%2BL60oWJvh7Y%2BBxWt5E6BfnvGUvQ0SQFOBUzikR24RVX2j2xqSg9TrbqS1aazE1ifGmi2o08WwBC0qiFJgdqpTXgTqO%2FoB%2Fv1xoZYe3EaSPjM1FctTdPLIMZJhefjRjSEoE2CfYBAvqbcSYbERkkjV7Jl0NW7uEGNfY0PggUpPKve38i%2BI4i%2F%2FVw7WK4JLGMy5%2Fdq%2FLedwOOwyRqAPy9H%2B4Pua7KaX2%2BbApr%2Fnp9rq5T7mw1wsTFrpDiv3vQkvIKC2cGOdRZJSK1lsZV2RKJ41o1IimW4BEWfyRryw6u10MxbTrjjeSknMRrPsMLD3DoNIuyBeQiWpL3Mmr5Q7VUnFxStQI1m1oFPrBtSKCJ1%2FjituHH3k27QkfaM2Rm5d9xyuMJoHfRMix7tzb9OEGQJWh472qfiJV3Vri%2BVV%2BkSaU1eQT6%2BGYN6kEl4J7kWcjNEaozzNqUfgD%2FewNCMd%2BzXLsrHZ%2FznhPj4pJ0kjdINZZ77v%2Fh25oqLe3ncOovcZLwGGnvZ4CRzPCGxXmNlR89CrTwc%2Fdnn%2Bmb3FMOqMrCB9JqqcaJqCk9Tuyu2%2F8ME5c34vvB4if%2FwGZTcxwpPIkV9zS0fwQuNpzbaHfRNM5NhRgdN6TDI3HW3mzhdCbmFyoF%2FHOSBIkVgeci5dwy22uQyqjSVHzHi1hSKic0pFH43wtN%2BnslSVZaqXf1fZyBOXVISqKG23fWUiCRBGxCWigcnoZoy80ZItgEc4tcW1%2FRUGXycKrENBZSW7%2B%2FomMop2FKhoa%2B1RB9zPx81EKyKQkz0VdUJvTHnlWFwkFFq1UvvqRyrYQGXze%2Fh1AWvjHvvGmPJrbUOw%2FHtonrzHGtdga97TFgZQyrb%2BWd1Mr9gIwxdnpOzVfmoqRizSL14WdIrQ%2FhUkDJyHlAdyTUBdDJIDUL8s1TVmWbfbnY6Qwmf4RMMIao44CXRTKwVbEMZaCg5%2B%2B2ETPGB8DL27lTpGv8w09iImaqKaWHk3v5lIkf9f%2Bf4YzMW3r4ZsD1ib8j8WhYok%2B5Llt5hl4fxAgY%2Bok2uLlOap7BY0BTHQpBruPHvvnXJnfXyk0cjkJ2Km%2FPWrsBmn8dfx0MAU%2FczT2%2FLrBPfOK5WGkYFpZ8R7HZcVgmh24QMscaarAM%2BzILWDTg1aW%2BYv6m%2FSylPxSROQFwR2jEWmQi4Wn7OLo1lPSdq495RG0bOyRMhH%2BZya1OKnicxNu9dthvQs26YynPno6U9IyV6S9Zxaz7C5XBXVC9F%2FWxXhNv49pixMfyCu7CZ5tX%2FMXAbUDIYMjjvJZ%2BlhHS2ZBpA397VBATOSsh1Fl3SH7kxOCcBF9HHmykzDqOb7pxcSOfOeCaJjSXq4zXTfg4kGa23jtM70KtBUI%2BFjj2TFKjIb5uRc96RNpq%2BsJFt1XV5SkRKPZDPYJQ0TAC7Orfxvk3OSko34rhEwaL1bkmPZ5ble%2B3ZENxXq1ZmDM%2FaWefDOdnkObNih6spTB0ijNlgWF2kG8JHmEDj%2B8KUjPhU8dkXhWzw0IYWMf%2FFR9daw%2B5yUIgarmVqWubzm%2BR2eQI8j3gk27StB%2FimszDgrXBiqow1wL%2FasPqIELSxUVckThYroAKtClIak11h1jjdIKE%2Beq07VWRc%2BlehuxHxQyGV940%2B12A1snPb1bsdpw2rFrA0GLcWalAhXDjUoLWpT5LQG48BYnC1%2FyW717Heoq%2Fy0q%2BOUU%2FqqvQtxOOkbWHVW5sjwEo63Gtx2A9Gyk5AZDdNK3FPFWzz0O0W%2BY9U4VGhqfAe%2FvuywnJtJVvttnEfN3B%2FNy4xndEtk3ZpPWuvFjt%2B0RHPEVmcgZu%2B45LZGUADNfHYKfs5DmAlPTALkOXSZ27EN%2FM4nsmvVsT7V%2Ftf%2BqDb0kRgmDLAmuJbm8p2KiIe7YqdxecS%2Bo0FyYj0BWRgTMwaM9jEsqlZGfDNM6fG8pA%2Bhx5nZGHYZyB1RQg3dBmrF5EbpuHvrPXE9GqARhnlJQJ6z2diA79XXE8NnjMnkYU1nR%2FsNjdNwcOBHjunpVvdNDAzwKgZ3UgcdRzsZtQdqIsTpHzkHKSI5Y%2FqcdHA1wTwtaJBf%2FwxEWkXjrtrafv7P4VUHH252dFt47xeH%2BuFkH2wZc3wiyp%2BpFNKdMRTMSIUgh1Qng4Nd970MSasUEAFvnPq%2B47yrMcdCmpnYTQw62mb6jmBg0c4cEDKWW5f79ATgq9Yf1uSkzwR9bv4xuoQTzCvH4mD6%2FxzosIIb642rTutHOzw%2B00i4Nf0DC3%2BgJtKOmTLdB%2B%2FOXiHv4FF6yyn8RmfVFbvI4HvlkuNKK8sxrO4s4kJpC8BD6t4s31MGJRJyEOrIrV66HeAUpTgWi2zc1eYfBps%2F8%2FSAcX%2B17CzbYHgomlU7GY6YyDn5O6MQSdWvaG%2FRw%2BBL7NdWm%2Fhhx2ARgUM9vgjwGQ%2FZGpdIP5MI17s5MsnmboEURiKIsjxLP%2Bbl10m3771RdSPGpGQ1aVdDsyok1HvGL%2BFV6LV6FVX8p4WBfeZeRnmvjWce9HB07PawD9YY4iG4HzYVTn4cHVQEq7Z1l16Ui62RT1LanmkaxBshz38PoKa%2FYaSJDlIOI3%2FiM90XDsDolarmV7KlANy2egdFgV0EwCVuugIjbkMXoIe7k2iNg%2FzXikkBB8g1d5GIE%2B080%2FzQQuPjoR3gtKb%2BAP3hj%2BhbVzE%2F4Bux0woUesOq6szR1y1YbokVSK%2F5u8DvJOlJG9jC1WiWPr0xrVMFccPdJVA%2B9eTEpFE6r6otRV%2FPQWAeb7S4MyPw3YhnzNaU6QirZTG9fwh%2FmdpAhd8dN7Cs0A73gbM4G7yjbI7lCeroYzq8zU%2Bv3QsUu8rpca1olJHJmWk4EVodbJqKKxAwl%2F1fPpG2S5j%2B0upr%2FQvCSxDiW3Ca6iOFzADr2dKJTbx%2BAqKjfgeFrN%2Fa%2BvLrG3T3zlGdZEs4fIUM8NYuNbCcseQembLwEjDTPzeY3BktaUE%2ByY2FfdPcH8plQoitsf6E8gU65d0OGleTceEh1O%2FIaif9o6%2B7qInT2xl05yoNKutuXp2H1E2WsHfNZM7mHzLhhsCxTA%2BTUmVy4K2zyu6PoTMHeZaJoPS8wexVwfceJJ5%2FIlpoueWGEFu%2BVXGtTapKLNLe8YRCHio22fotXtNUTS%2FB6HqDzhUGPq96evPyielfk%2F2Y0mHhJXAHH%2Fu7KNoinZeFGL99In1JLlN1u5nv%2Bp4U6PHbT2mquoGhuV8l2n1xZ6q8DF7B%2F%2BYnGMgbuQpvXwcS5EHsTiTK9kFRGL57N52RUfe3UCZhm81iAT1jFvk3KbsjxVKLtSOxeFKlP14h%2FZdoJN4Swhei%2BykWv8Wg%2BzQvuKxB8qoioCqCdRcN9WpYG9mpvVC%2B6ELCkmgJv5%2FrMftMRpVT7pE9vYTfmwHZ1VS%2FD9tOC6ikMO5%2BH8w%2FuIIDzzcD%2B1ncBCBj%2FH765kn1KoH%2B%2BF5GR3dC7L2RtDk4rMcpaOZ3xTgYgLCTxM7E8v5qg4ixIzDiCtBYPiN2hqiQde20eV14b5hb4LmDhe2sV%2Fi1n5pYkcGgoOsz3mvsfT%2FBTRllxTExSZ1%2FE2k63R8XKw22Gka1gGw4GDCM8g%3D%3D&__VIEWSTATEENCRYPTED=&__EVENTVALIDATION=qmX%2FjawJdCxqfVJ6Ilj5rnRokM7CRk5cCS6RYL679scK%2Fh5lZo%2B7YxC%2Fj1nm1gkOszhumj%2BQ9kmkcWQApSvyUXUHU%2B03xNweb6xL%2B0kwqp3SuwJAgcOoJvO7azqMsNKQZ4SUxXyCNQaXwtHeOa2ylKfrKrxVn9aycr7jabVPMIQmj15LoDklQyi70GWkrAKM2gfCxENYpC%2B1NLEGZcHDy2q3asrbPYh3n7mDEvHtTO4asxrD1%2BX4dk440%2FKDlF4H&type=%E5%95%86%E5%8A%A1%E7%AD%BE%E8%AF%81&zhou=%E4%BA%9A%E6%B4%B2&guojia=111&Button1=%E6%9F%A5%E8%AF%A2&GridView1%24ctl18%24inPageNum=&mid=0


可以看出是对参赛guojia过滤不严的,导致注入

4.jpg


5.jpg


其他部分案例
吉日通旅行网
http://zw.jiritong.com/
商务航空
http://www.yeehang.cc/
北京保盛航空服务有限公司
http://sdn.4000211929.com/
上海迦南商务航空
http://jy.4000211929.com/

漏洞证明:

如上

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-05-04 08:03

厂商回复:

暂未能建立与软件生产厂商的直接处置渠道,待认领。

最新状态:

暂无