当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147778

漏洞标题:浪潮某站sql注入

相关厂商:浪潮

漏洞作者: 路人甲

提交时间:2015-10-19 15:51

修复时间:2015-10-24 15:52

公开时间:2015-10-24 15:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-19: 细节已通知厂商并且等待厂商处理中
2015-10-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

/**/

详细说明:

POST /cwbase/biappcenter/default.aspx HTTP/1.1
Host: 218.57.146.178
User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://218.57.146.178/cwbase/biappcenter/default.aspx
Cookie: ASP.NET_SessionId=q3z3hcjerqw5m15mjtt4m34d
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4130
__EVENTTARGET=ctl00%24ContentPlaceHolder1%24btnNextPage&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTgxODI5NjQxMw8WAh4JUGFnZUNvdW50AgoWAmYPZBYCAgEPZBYEAgEPZBYCZg9kFgQCAQ8PFgIeB1Zpc2libGVoZGQCBQ8PFgIfAWhkZAICD2QWDmYPEGQQFRQHIOWFqOmDqA0g5omA5bGe6KGM5LiaByDpm4blm6IHIOmbhuWbogcg5Yab5belByDlhpvlt6UKIOWItumAoOS4mgog5Yi26YCg5LiaCiDlhbvogIHph5EKIOWFu%2BiAgemHkQcg5bu6562RByDlu7rnrZEHIOmAmueUqAcg6YCa55SoDSDlhbPplK7lupTnlKgHIOi0ouWKoQog5L6b5bqU6ZO%2BByDpooTnrpcHIOi1hOmHkQMgSFIVFANBTEwEU1NIWSQ5NzQwOTUwMi1lODJkLTQwOGYtYTdiMi04ZjUzNzFlMzUzMTUkOTc0MDk1MDItZTgyZC00MDhmLWE3YjItOGY1MzcxZTM1MzE1JGQyNTI0MThjLWVjMzItNGFhNC1iNDk4LTY5ZWYxODllY2U5MyRkMjUyNDE4Yy1lYzMyLTRhYTQtYjQ5OC02OWVmMTg5ZWNlOTMkZDcwNmI2YmYtOTJmMS00NjA0LWFhNmYtOWQyMDU3ZmZiNGIyJGQ3MDZiNmJmLTkyZjEtNDYwNC1hYTZmLTlkMjA1N2ZmYjRiMiRhYWZkZWM1Zi0zNDIzLTQ2YWQtYjU3Mi1lMDU2OTRiMDU3ZDMkYWFmZGVjNWYtMzQyMy00NmFkLWI1NzItZTA1Njk0YjA1N2QzJDMxYjExNGVkLWM4NjEtNDY3MC1hM2YxLTNhOWM3ZmRjMmQxMSQzMWIxMTRlZC1jODYxLTQ2NzAtYTNmMS0zYTljN2ZkYzJkMTEkNEM3MERBRDUtQzRGNC00MjExLUE3NTctNkJBN0UyOUQwMzA3JDRDNzBEQUQ1LUM0RjQtNDIxMS1BNzU3LTZCQTdFMjlEMDMwNwRHSllZJGQzZGUyZGFhLTQ0ZjctNGQ1MS04NzgyLTcxZDgwODA3NWMwNCQyYTdjZDAxZi1lMzI3LTRjNzItOWU3Yi05OWI0MGE1YWI1ZWYkNGEwMDI2ODktODdiMC00NGQxLThkMDUtOTU5NTIxYTU0MTUwJDFmYWZmODQxLTZhMjItNDhjMS05OTdhLTk0ZGY5YTFlZmU1NCQ1MjIxMUE0MS0xMjNBLTRGMDYtQTkyNS02OUY4RDU3NUQ2OTAUKwMUZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIDDxYCHgtfIUl0ZW1Db3VudAIEFghmD2QWAmYPFQsI5qih5Z6LMDIkZmYwOGU5ODctYzFjYi00ZGU4LWI0OGEtNTQ3NmNlZTVhMGMwBUJJNi4wAzAgIAMxLjA2QklNb2RlbEltYWdlcy8wYTY4YmIyOC0wOGQ5LTQzMTEtOGMxZS05NGQ2Zjk5YTYxM2MuanBnATEkZmYwOGU5ODctYzFjYi00ZGU4LWI0OGEtNTQ3NmNlZTVhMGMwBUJJNi4wAzAgIAMxLjBkAgEPZBYCZg8VCyHotKLliqHlv6vmiqXlj4rlhrPnrZbmlK%2FmjIHns7vnu58kODc0OGZlZmYtNzg3Zi00YmUwLThmNzQtMzg5NGE3ZGMwNGYyBUJJNi4wAzAgIAMxLjA2QklNb2RlbEltYWdlcy9jYTNiMzBiNi1mMzBlLTQ0YWEtODVjMC1mZmM5OGIxZTUzOWQuanBnATQkODc0OGZlZmYtNzg3Zi00YmUwLThmNzQtMzg5NGE3ZGMwNGYyBUJJNi4wAzAgIAMxLjBkAgIPZBYCZg8VCxvlm73otYTlp5TlhrPnrZbmlK%2FmjIHns7vnu58kMGY4ZWFmZjktYjkxZC00ZTcyLWI5NWMtZTJiNzQyMmE3OGYzC0JJNS4yLEJJNi4wAzAgIAMxLjA2QklNb2RlbEltYWdlcy81MjY1YWM0Yy1hYjcxLTRmYjktYjEwYy05NTg5NWVlMjE4YmQuanBnATIkMGY4ZWFmZjktYjkxZC00ZTcyLWI5NWMtZTJiNzQyMmE3OGYzC0JJNS4yLEJJNi4wAzAgIAMxLjBkAgMPZBYCZg8VCxLlhpvlt6XmiJDmnKzliIbmnpAkZmFkODBlMzQtMmQyZC00YmRjLWIwNmQtNmY4MDhiODIzNDMwBUJJNi4wAzAxIAMxLjA2QklNb2RlbEltYWdlcy9mMmI4OTNkZS05NjZhLTQzOTEtODM5Yy02OWZkMjNmZTVhNjQuanBnATEkZmFkODBlMzQtMmQyZC00YmRjLWIwNmQtNmY4MDhiODIzNDMwBUJJNi4wAzAxIAMxLjBkAgoPDxYGHgRUZXh0BQExHghDc3NDbGFzc2UeBF8hU0ICAmRkAgsPDxYGHwMFATIfBGUfBQICZGQCDA8PFgYfAwUBMx8EBQNub3cfBQICZGQCDQ8PFgYfAwUBNB8EZR8FAgJkZAIODw8WBh8DBQE1HwRlHwUCAmRkZGAX%2F%2B3Zx7JjEdJrxq%2BV607z8qGbG3aQFkWr4LE0nH3U&__VIEWSTATEGENERATOR=0FFE2662&__EVENTVALIDATION=%2FwEdACKOHjw5Npw6c3DhEsP%2BUA%2FlP9lYRP1o7sR%2FBmTitsgh8esCT1kpjTTdGeR%2F15BKdlqo2XQ%2BXQ84R4ppGL6hwDXEjoVPcrdZfAFiUwIz%2FX1%2F5kq0ooAt3eg850gckV6sBP9T9YH%2Fx%2F%2Fid5lzNbyw0AYYA7BNU3kw7FI9tGhnGw8uy0ufaCH42lXs7HP90ATd5%2F8WcGgm4sI63BUIaK%2FZujK1Rsgo7xdqtMQ00%2BknFH5xvY%2Bindc44hHSSEWJ3pUi3BA%2BaemxLv%2B%2FlQqGF9X2HZVBpK%2B33%2F%2Bzu9WGmYAHXdgjM99vJl9tA7z0MGehJVgFTktDOhBpbL0gmpWsMUucVFM2eHRGm7AHgPLi1Rc2%2FWxSAt3r6x3Qdx%2FJi0IY%2BOTz2dx4EkVxFU0Pj5j30f%2FeyKO9CN6tznyvTmDommY686OWpxE2e0oR0X25Dl33MpxXY6%2F5vBX0j%2FjjQAnSGBLM%2Bp5XIlYx7izWmcBhRACGQu82fxIXzRHYViRgzDkM98Ii7u3m0Ew47zUFBvIqk2jg3%2F28Vxfdln%2Bv0h6CRHcSgCf3SCSmwwFxxov%2FmKprHDsyQyWC1OQXtTxNaM8OJz4Gihz3g9mhxkamtIa9AMQUBAZdIlAYcvin2PYWwsOsDAjKQEP%2FeRvXmRntKfZc9VxF4g%2BlYk3lvreTDGxZFHS3HHpMPknSfiANOiS9z1RcAEdmDfsBXx9ZGVI3byXgG97KLOi4DEOm9hYzWE120msSl5iXNSHYuQscg4qydsbIBy2rCx0%3D&ctl00%24ContentPlaceHolder1%24ddListModelCategory=ALL&ctl00%24ContentPlaceHolder1%24txtKeyWords=&ctl00%24ContentPlaceHolder1%24repeaterModelList%24ctl00%24ModelRating_RatingExtender_ClientState=4&ctl00%24ContentPlaceHolder1%24repeaterModelList%24ctl01%24ModelRating_RatingExtender_ClientState=5&ctl00%24ContentPlaceHolder1%24repeaterModelList%24ctl02%24ModelRating_RatingExtender_ClientState=4&ctl00%24ContentPlaceHolder1%24repeaterModelList%24ctl03%24ModelRating_RatingExtender_ClientState=5&ctl00%24ContentPlaceHolder1%24repeaterModelList%24ctl04%24ModelRating_RatingExtender_ClientState=4


参数 ctl00$ContentPlaceHolder1$txtKeyWords

1.png

漏洞证明:

2.png


3.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-10-24 15:52

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无