当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160245

漏洞标题:智库官网某处API接口不当导致文件任意下载包括SQL注入整站信息泄露

相关厂商:智库官网

漏洞作者: QRIND

提交时间:2015-12-11 15:57

修复时间:2016-01-23 15:16

公开时间:2016-01-23 15:16

漏洞类型:任意文件遍历/下载

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RTRT

详细说明:

http://ku.deshang365.com/api/resource/file_download?id=10287
API接口不当 导致文件任意下载
并且可以SQL注入
整站数据信息泄漏
大概有XXXXX多数据
请管理员给个邀请码吧 本人特别热爱安全的

漏洞证明:

[09:42:01] [INFO] retrieved: 10000
[09:42:01] [INFO] retrieved: 204
[09:42:01] [INFO] retrieved: 0
[09:42:02] [INFO] retrieved: 1050
[09:42:02] [INFO] retrieved: 10100
[09:42:03] [INFO] retrieved: 359
[09:42:03] [INFO] retrieved: 1050
[09:42:03] [INFO] retrieved: 227
[09:42:04] [INFO] retrieved: 2050
[09:42:04] [INFO] retrieved: 10100
[09:42:04] [INFO] retrieved: 2050
[09:42:04] [INFO] retrieved: 254
[09:42:05] [INFO] retrieved: 0
[09:42:05] [INFO] retrieved: 160
[09:42:05] [INFO] retrieved: 10100
[09:42:05] [INFO] retrieved: 10100
[09:42:06] [INFO] retrieved: 167
[09:42:06] [INFO] retrieved: 10100
[09:42:06] [INFO] retrieved: 10100
[09:42:07] [INFO] retrieved: 33630
[09:42:07] [INFO] retrieved: 10100
[09:42:07] [INFO] retrieved: 44
[09:42:08] [INFO] retrieved: 2
[09:42:08] [INFO] retrieved: 1
[09:42:09] [INFO] retrieved: 394
[09:42:09] [INFO] retrieved: 1
[09:42:09] [INFO] retrieved: 1
[09:42:09] [INFO] retrieved: 1
[09:42:10] [INFO] retrieved: 1
[09:42:11] [INFO] retrieved: 404
[09:42:11] [INFO] retrieved: 246
[09:42:12] [INFO] retrieved: 201
[09:42:12] [INFO] retrieved: 180
[09:42:12] [INFO] retrieved: 152
[09:42:12] [INFO] retrieved: 158
[09:42:13] [INFO] retrieved: 0
[09:42:13] [INFO] retrieved: 135
[09:42:14] [INFO] retrieved: 159
[09:42:14] [INFO] retrieved: 146
[09:42:14] [INFO] retrieved: 134
[09:42:14] [INFO] retrieved: 36
[09:42:15] [INFO] retrieved: 67
[09:42:15] [INFO] retrieved: 10100
[09:42:15] [INFO] retrieved: 10100
[09:42:16] [INFO] retrieved: 10100
[09:42:16] [INFO] retrieved: 109
[09:42:16] [INFO] retrieved: 0
[09:42:17] [INFO] retrieved: 86
[09:42:17] [INFO] retrieved: 1500
[09:42:17] [INFO] retrieved: 4853
[09:42:17] [INFO] retrieved: 10100
[09:42:18] [INFO] retrieved: 10100
[09:42:18] [INFO] retrieved: 299
[09:42:18] [INFO] retrieved: 10100
[09:42:19] [INFO] retrieved: 0
[09:42:19] [INFO] retrieved: 520
[09:42:19] [INFO] retrieved: 20
[09:42:20] [INFO] retrieved: 700
[09:42:20] [INFO] retrieved: 435
[09:42:20] [INFO] retrieved: 20
[09:42:21] [INFO] retrieved: 10
[09:42:21] [INFO] retrieved: 600
[09:42:21] [INFO] retrieved: 600
[09:42:21] [INFO] retrieved: 1600
[09:42:22] [INFO] retrieved: 1100
[09:42:22] [INFO] retrieved: 1600
[09:42:22] [INFO] retrieved: 1100
[09:42:23] [INFO] retrieved: 1600
[09:42:23] [INFO] retrieved: 1100
[09:42:24] [INFO] retrieved: 250
[09:42:24] [INFO] retrieved: 6200
[09:42:24] [INFO] retrieved: 1100
[09:42:24] [INFO] retrieved: 10100
[09:42:25] [INFO] retrieved: 10100
[09:42:25] [INFO] retrieved: 7899
[09:42:25] [INFO] retrieved: 36607
[09:42:25] [INFO] retrieved: 2051
[09:42:26] [INFO] retrieved: 2020
[09:42:26] [INFO] retrieved: 1520
[09:42:26] [INFO] retrieved: 969
[09:42:27] [INFO] retrieved: 411
[09:42:27] [INFO] retrieved: 391
[09:42:27] [INFO] retrieved: 396
[09:42:28] [INFO] retrieved: 402
[09:42:28] [INFO] retrieved: 389
[09:42:28] [INFO] retrieved: 0
[09:42:29] [INFO] retrieved: 590
[09:42:29] [INFO] retrieved: 0
[09:42:29] [INFO] retrieved: 500
[09:42:29] [INFO] retrieved: 0
[09:42:30] [INFO] retrieved: 0
[09:42:30] [INFO] retrieved: 0
[09:42:30] [INFO] retrieved: 343
[09:42:31] [INFO] retrieved: 0
[09:42:31] [INFO] retrieved: 0
[09:42:31] [INFO] retrieved: 416
[09:42:32] [INFO] retrieved: 0
[09:42:32] [INFO] retrieved: 0
[09:42:32] [INFO] retrieved: 0
[09:42:32] [INFO] retrieved: 1384
[09:42:33] [INFO] retrieved: 0
[09:42:33] [INFO] retrieved: 402
[09:42:34] [INFO] retrieved: 0
[09:42:34] [INFO] retrieved: 0
[09:42:34] [INFO] retrieved: 0
[09:42:35] [INFO] retrieved: 275
[09:42:35] [INFO] retrieved: 0
[09:42:35] [INFO] retrieved: 0
[09:42:35] [INFO] retrieved: 0
[09:42:36] [INFO] retrieved: 0
[09:42:36] [INFO] retrieved: 10000
[09:42:36] [INFO] retrieved: 0
[09:42:37] [INFO] retrieved: 0
[09:42:37] [INFO] retrieved: 0
[09:42:37] [INFO] retrieved: 0
[09:42:37] [INFO] retrieved: 0
[09:42:38] [INFO] retrieved: 771
[09:42:38] [INFO] retrieved: 0
[09:42:38] [INFO] retrieved: 0
[09:42:38] [INFO] retrieved: 0
[09:42:39] [INFO] retrieved: 1045
[09:42:39] [INFO] retrieved: 0
[09:42:39] [INFO] retrieved: 0
[09:42:39] [INFO] retrieved: 0
[09:42:40] [INFO] retrieved: 0
[09:42:40] [INFO] retrieved: 0
[09:42:40] [INFO] retrieved: 0
[09:42:40] [INFO] retrieved: 310
[09:42:41] [INFO] retrieved: 500
[09:42:41] [INFO] retrieved: 0
[09:42:41] [INFO] retrieved: 0
[09:42:42] [INFO] retrieved: 25611
[09:42:42] [INFO] retrieved: 310
[09:42:43] [INFO] retrieved: 141
[09:42:43] [INFO] retrieved: 1007
[09:42:43] [INFO] retrieved: 800
[09:42:44] [INFO] retrieved: 6
[09:42:44] [INFO] retrieved: 303
[09:42:44] [INFO] retrieved: 301
[09:42:45] [INFO] retrieved: 2458
[09:42:45] [INFO] retrieved: 92
[09:42:45] [INFO] retrieved: 1005
[09:42:46] [INFO] retrieved: 60
[09:42:46] [INFO] retrieved: 983
[09:42:46] [INFO] retrieved: 1157
[09:42:46] [INFO] retrieved: 48
[09:42:47] [INFO] retrieved: 613
[09:42:47] [INFO] retrieved: 51
[09:42:47] [INFO] retrieved: 798
[09:42:48] [INFO] retrieved: 44499
[09:42:48] [INFO] retrieved: 1004
[09:42:49] [INFO] retrieved: 2501
[09:42:49] [INFO] retrieved: 0
[09:42:49] [INFO] retrieved: 682
[09:42:49] [INFO] retrieved: 0
[09:42:50] [INFO] retrieved: 410
[09:42:50] [INFO] retrieved: 0
[09:42:50] [INFO] retrieved: 0
[09:42:51] [INFO] retrieved: 0
[09:42:51] [INFO] retrieved: 0
[09:42:51] [INFO] retrieved: 0
[09:42:51] [INFO] retrieved: 0
[09:42:52] [INFO] retrieved: 0
[09:42:52] [INFO] retrieved: 0
[09:42:52] [INFO] retrieved: 0
[09:42:53] [INFO] retrieved: 0
[09:42:53] [INFO] retrieved: 0
[09:42:53] [INFO] retrieved: 0
[09:42:54] [INFO] retrieved: 0
[09:42:54] [INFO] retrieved: 0
[09:42:54] [INFO] retrieved: 0
[09:42:55] [INFO] retrieved: 0
[09:42:55] [INFO] retrieved: 0
[09:42:55] [INFO] retrieved: 0
[09:42:55] [INFO] retrieved: 0
[09:42:56] [INFO] retrieved: 0
[09:42:56] [INFO] retrieved: 0
[09:42:56] [INFO] retrieved: 0
[09:42:56] [INFO] retrieved: 0
[09:42:57] [INFO] retrieved: 0
[09:42:57] [INFO] retrieved: 0
[09:42:57] [INFO] retrieved: 353
[09:42:57] [INFO] retrieved: 0
[09:42:58] [INFO] retrieved: 0
[09:42:58] [INFO] retrieved: 0
[09:42:58] [INFO] retrieved: 0
[09:42:59] [INFO] retrieved: 0
[09:42:59] [INFO] retrieved: 0
[09:42:59] [INFO] retrieved: 0
[09:42:59] [INFO] retrieved: 0
[09:43:00] [INFO] retrieved: 0
[09:43:00] [INFO] retrieved: 0
[09:43:00] [INFO] retrieved: 76
[09:43:01] [INFO] retrieved: 0
[09:43:01] [INFO] retrieved: 0
[09:43:01] [INFO] retrieved: 0
[09:43:02] [INFO] retrieved: 0
[09:43:02] [INFO] retrieved: 0
[09:43:02] [INFO] retrieved: 0
[09:43:03] [INFO] retrieved: 0
[09:43:03] [INFO] retrieved: 329
[09:43:03] [INFO] retrieved: 0
[09:43:03] [INFO] retrieved: 0
[09:43:04] [INFO] retrieved: 0
[09:43:04] [INFO] retrieved: 2
[09:43:04] [INFO] retrieved: 1
[09:43:04] [INFO] retrieved: 1
[09:43:05] [INFO] retrieved: 10
[09:43:05] [INFO] retrieved: 392
[09:43:05] [INFO] retrieved: 0
[09:43:05] [INFO] retrieved: 0
[09:43:06] [INFO] retrieved: 0
[09:43:06] [INFO] retrieved: 6
[09:43:07] [INFO] retrieved: 0
[09:43:07] [INFO] retrieved: 0
[09:43:07] [INFO] retrieved: 6
[09:43:07] [INFO] retrieved: 29
[09:43:08] [INFO] retrieved: 0
[09:43:08] [INFO] retrieved: 1
[09:43:08] [INFO] retrieved: 16
[09:43:09] [INFO] retrieved: 0
[09:43:09] [INFO] retrieved: 100
[09:43:09] [INFO] retrieved: 18000
[09:43:09] [INFO] retrieved: 99999
[09:43:10] [INFO] retrieved: 10000
[09:43:10] [INFO] retrieved: 10000
[09:43:10] [INFO] retrieved: 5000
[09:43:10] [INFO] retrieved: 10000
[09:43:11] [INFO] retrieved: 0
[09:43:11] [INFO] retrieved: 20000
[09:43:12] [INFO] retrieved: 10000
[09:43:12] [INFO] retrieved: 4000
[09:43:12] [INFO] retrieved: 21831
[09:43:12] [INFO] retrieved: 200
[09:43:13] [INFO] retrieved: 20000
[09:43:13] [INFO] retrieved: 10000
[09:43:13] [INFO] retrieved: 2261
[09:43:14] [INFO] retrieved: 4400
[09:43:14] [INFO] retrieved: 5001
[09:43:14] [INFO] retrieved: 504
[09:43:14] [INFO] retrieved: 40000
[09:43:15] [INFO] retrieved: 40000
[09:43:15] [INFO] retrieved: 10000
[09:43:15] [INFO] retrieved: 10000
[09:43:16] [INFO] retrieved: 0
[09:43:16] [INFO] retrieved: 9999
[09:43:16] [INFO] retrieved: 5000
[09:43:16] [INFO] retrieved: 5001
[09:43:17] [INFO] retrieved: 2384
[09:43:17] [INFO] retrieved: 4400
[09:43:17] [INFO] retrieved: 10000
[09:43:18] [INFO] retrieved: 5001
[09:43:18] [INFO] retrieved: 1901
[09:43:18] [INFO] retrieved: 5001
[09:43:18] [INFO] retrieved: 9034
[09:43:19] [INFO] retrieved: 1999
[09:43:19] [INFO] retrieved: 5000
[09:43:19] [INFO] retrieved: 2865
[09:43:19] [INFO] retrieved: 5000
[09:43:20] [INFO] retrieved: 5000
[09:43:20] [INFO] retrieved: 15978
[09:43:21] [INFO] retrieved: 5000
[09:43:21] [INFO] retrieved: 19999
[09:43:21] [INFO] retrieved: 2251
[09:43:21] [INFO] retrieved: 0
[09:43:22] [INFO] retrieved: 16317
[09:43:22] [INFO] retrieved: 1998
[09:43:22] [INFO] retrieved: 5000
[09:43:23] [INFO] retrieved: 4910
[09:43:23] [INFO] retrieved: 5000
[09:43:23] [INFO] retrieved: 5000
[09:43:23] [INFO] retrieved: 10561
[09:43:24] [INFO] retrieved: 5000
[09:43:24] [INFO] retrieved: 3547
[09:43:24] [INFO] retrieved: 4754
[09:43:24] [INFO] retrieved: 9900
[09:43:25] [INFO] retrieved: 710
[09:43:25] [INFO] retrieved: 9900
[09:43:25] [INFO] retrieved: 900
[09:43:26] [INFO] retrieved: 10100
[09:43:26] [INFO] retrieved: 10100
[09:43:26] [INFO] retrieved: 2251
[09:43:27] [INFO] retrieved: 2090
[09:43:27] [INFO] retrieved: 9635
[09:43:27] [INFO] retrieved: 5000
[09:43:28] [INFO] retrieved: 50
[09:43:31] [INFO] retrieved: 20000
[09:43:32] [INFO] retrieved: 17000
[09:43:32] [INFO] retrieved: 5000
[09:43:32] [INFO] retrieved: 12
[09:43:33] [INFO] retrieved: 10010
[09:43:33] [INFO] retrieved: 10010
[09:43:34] [INFO] retrieved: 10010
[09:43:34] [INFO] retrieved: 10010
[09:43:34] [INFO] retrieved: 10
[09:43:34] [INFO] retrieved: 30010
[09:43:35] [INFO] retrieved: 10010
[09:43:35] [INFO] retrieved: 100010
[09:43:35] [INFO] retrieved: 0

修复方案:

修复接口部分
过滤参数

版权声明:转载请注明来源 QRIND@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝