当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0150887

漏洞标题:一汽某站sql注入漏洞

相关厂商:中国第一汽车集团公司

漏洞作者: 路人甲

提交时间:2015-11-02 18:30

修复时间:2015-12-18 16:52

公开时间:2015-12-18 16:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-02: 细节已通知厂商并且等待厂商处理中
2015-11-03: 厂商已经确认,细节仅向厂商公开
2015-11-13: 细节向核心白帽子及相关领域专家公开
2015-11-23: 细节向普通白帽子公开
2015-12-03: 细节向实习白帽子公开
2015-12-18: 细节向公众公开

简要描述:

/**/

详细说明:

http://faw3s.com/Member/Login.aspx


试了试,直接万能密码登陆了,肯定有问题。

0.png


漏洞证明:

POST /Member/Login.aspx HTTP/1.1
Host: faw3s.com
User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://faw3s.com/Member/Login.aspx
Cookie: yunsuo_session_verify=c850ec6436c744b9be005dac86431dc3; ASP.NET_SessionId=awmpak55oeaupwire3jh2ej3
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 2863
__VIEWSTATE=%2FwEPDwUKLTI4MTk3NzU0OA9kFgICAw9kFgICAQ9kFhJmDxYCHgtfIUl0ZW1Db3VudAISFiRmD2QWAmYPFQIDMTY2Due7vOWQiOmZhOS7ti4uZAIBD2QWAmYPFQIDMTY3DueCueeBq%2Bezu%2Be7ny4uZAICD2QWAmYPFQICMTIO5bi46KeE5L%2Bd5YW7Li5kAgMPZBYCZg8VAgIxMw7nm7jov57mjqXnmoQuLmQCBA9kFgJmDxUCAjE0DuaCrOaMguezu%2Be7ny4uZAIFD2QWAmYPFQICMTUO5Yi25Yqo57O757ufLi5kAgYPZBYCZg8VAgIxNg7kvKDliqjns7vnu58uLmQCBw9kFgJmDxUCAjE3Dui9pui6q%2BWkluingi4uZAIID2QWAmYPFQICMTgO5YmN5ZCO5L%2Bd6ZmpLi5kAgkPZBYCZg8VAgIxOQbovabpl6hkAgoPZBYCZg8VAgIyMQ7liY3lkI7mnLrnm5YuLmQCCw9kFgJmDxUCAjIyBuWkp%2BeBr2QCDA9kFgJmDxUCAjM0DuabtOaNouWIuei9pi4uZAIND2QWAmYPFQICOTIO56m66LCD5riF5rSXLi5kAg4PZBYCZg8VAgMxNjMO5aWl6L%2Bq57O75YiXLi5kAg8PZBYCZg8VAgMxNjQO5Liw55Sw57O75YiXLi5kAhAPZBYCZg8VAgMxNjUJ6ams6Ieq6L6%2BZAIRD2QWAmYPFQIDMTYxDuWkp%2BS8l%2Bezu%2BWIly4uZAIBDxYCHwACCBYQZg9kFgJmDxUCAjQwB%2BWlpSDov6pkAgEPZBYCZg8VAgI0MgbkuLDnlLBkAgIPZBYCZg8VAgI0MQblpKfkvJdkAgMPZBYCZg8VAgMxODUG5aWU6IW%2BZAIED2QWAmYPFQICNDMM5Y%2BR5Yqo5py657G7ZAIFD2QWAmYPFQIDMTgzCemprOiHqui%2BvmQCBg9kFgJmDxUCAjQ0CeW6leebmOexu2QCBw9kFgJmDxUCAzE4NAbnuqLml5dkAgIPFgIfAAICFgRmD2QWAmYPFQICNDYM5Zyo57q%2F6aKE57qmZAIBD2QWAmYPFQICNDcM5a6i5oi36Zeu562UZAIDDxYCHwACAxYGZg9kFgJmDxUCAjYwDOS8muWRmOivtOaYjmQCAQ9kFgJmDxUCAjYxDOS8muWRmOazqOWGjGQCAg9kFgJmDxUCAjYyDOS8muWRmOa0u%2BWKqGQCBA8WAh8AAgUWCmYPZBYCZg8VAgEyDOi%2Fkeacn%2Ba0u%2BWKqGQCAQ9kFgJmDxUCATMM5YWs5Y%2B45paw6Ze7ZAICD2QWAmYPFQIBNAzlqpLkvZPogZrnhKZkAgMPZBYCZg8VAgI2Nwzkv53pmanotYTorq9kAgQPZBYCZg8VAgMxNzUM5L%2Bd6Zmp55CG6LWUZAIFDxYCHwACCxYWZg9kFgJmDxUCAzEwMBvmsrPljJfljLrmrKflrqLov6rmnI3liqHnq5lkAgEPZBYCZg8VAgMxMDEb6JOf5Y6%2F5bCP6Z2S5rG96LS45pyN5Yqh56uZZAICD2QWAmYPFQIDMTAyGOmdmea1t%2Bi9pueZvuaxh%2BacjeWKoeermWQCAw9kFgJmDxUCAzEwMxXlroHmsrPlroHkvJfmnI3liqHnq5lkAgQPZBYCZg8VAgMxMDQh5ruo5rW35aSn5riv6L%2Be6ZqG5a6P5rOw5pyN5Yqh56uZZAIFD2QWAmYPFQIDMTA2HuWNl%2BW8gOWMuuS8l%2Bebm%2BS8n%2BS4muacjeWKoeermWQCBg9kFgJmDxUCAzEwNxjkuJzkuL3lnaTmh7%2FlkJvmnI3liqHnq5lkAgcPZBYCZg8VAgMxMDgY5a6d5Z275Yy65ZCM6IOc5pyN5Yqh56uZZAIID2QWAmYPFQIDMTA5G%2Ba0peWNl%2BmahumRq%2BiFvui%2BvuacjeWKoeermWQCCQ9kFgJmDxUCAzIwMy3lpKnmtKXpvI7nm5vpgJrmsb3ovabnu7Tkv67mnI3liqHmnInpmZDlhazlj7hkAgoPZBYCZg8VAgMyMDU56YW35Y2h5rG96L2m5aGY5rK95ruo5rW35paw5Yy654m557qm57u05L%2Bu5Lit5b%2BD5peX6Iiw5bqXZAIGDxYCHwACAxYGZg9kFgJmDxUCAjY1BuS%2FnemZqWQCAQ9kFgJmDxUCAjY2BuS6p%2BWTgWQCAg9kFgJmDxUCAjY0BuS%2FneWFu2QCBw8WAh8AAgcWDmYPZBYCZg8VAgI2OAzlkIjkvZzlk4HniYxkAgEPZBYCZg8VAgI5MQzmnI3liqHkv53pmpxkAgIPZBYCZg8VAgI0OQzop4bpopHlsZXnpLpkAgMPZBYCZg8VAgI1MAzkvIHkuJrnroDku4tkAgQPZBYCZg8VAgI1MQzkvIHkuJrmlofljJZkAgUPZBYCZg8VAgI1MgzojaPoqonotYTotKhkAgYPZBYCZg8VAgI1MwzmnI3liqHmib%2For7pkAggPFgIfAAICFgRmD2QWAmYPFQICNTcM6IGU57O75oiR5LusZAIBD2QWAmYPFQICNTgM5Lq65omN5oub6IGYZGR4DBvjTTUbX0r2xutlwxYlXf%2FiNw%3D%3D&__VIEWSTATEGENERATOR=625BA342&__EVENTVALIDATION=%2FwEWBAK3go%2BnCAKl1bKzCQK1qbSRCwLwhZ6iD1onGYAuZ0UpCpIljO9OwcXlZgh6&txtUserName=admin&txtPassword=admin&btn_submit=%B5%C7++%C2%BC


参数txtUserName

1.png


2.png


各种信息

3.png


修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-11-03 16:50

厂商回复:

已经提交相关部门进行分析防护。

最新状态:

暂无