乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-11: 细节已通知厂商并且等待厂商处理中 2013-12-11: 厂商已经确认,细节仅向厂商公开 2013-12-21: 细节向核心白帽子及相关领域专家公开 2013-12-31: 细节向普通白帽子公开 2014-01-10: 细节向实习白帽子公开 2014-01-25: 细节向公众公开
苏宁易购分站SQL注射可泄漏大量用户信息~
1)存在问题的站点:http://venus.suning.comhttp://venus.suning.com/CN/user.aspx?act=tag&type=1&id=4
2)非常典型的字符型注入,同时泄漏路径信息;
Stack Trace:[SqlException (0x80131904): 字符串 '4' and mu_project_type=2 ) t where ROWID between 1 and 12 order by mu_id desc' 后的引号不完整。'4' and mu_project_type=2 ) t where ROWID between 1 and 12 order by mu_id desc' 附近有语法错误。] ...... Sex_Lib.SqlHelper.ExecuteReader(SqlConnection connection, SqlTransaction transaction, CommandType commandType, String commandText, SqlParameter[] commandParameters, SqlConnectionOwnership connectionOwnership) in E:\Community\Project\Special\Code\LongBaby\Sex_Lib\SqlHelper.cs:865 Sex_Lib.SqlHelper.ExecuteReader(String connectionString, CommandType commandType, String commandText, SqlParameter[] commandParameters) in E:\Community\Project\Special\Code\LongBaby\Sex_Lib\SqlHelper.cs:917 Sex_Lib.SqlHelper.ExecuteReader(String connectionString, CommandType commandType, String commandText) in E:\Community\Project\Special\Code\LongBaby\Sex_Lib\SqlHelper.cs:882 Sex_DAL.Second_DataBse.GetPageList(String connstr, String tableName, String columKey, String whereStr, String orderStr, Int32 pageIndex, Int32 perPageCount, Int32& recordCount) in E:\Community\Project\Special\Code\LongBaby\Sex_DAL\DataCommon\Second_DataBse.cs:57 Sex_BLL.mz_user.GetListPrdtId(String where, Int32 pageIndex, Int32 perPageCount, Int32& recordCount) in E:\Community\Project\Special\Code\LongBaby\Sex_BLL\mz_user.cs:125 Sex_BLL.mz_user.GetProductListBy(String where, Int32 pageIndex, Int32 perPageCount, Int32& recordCount) in E:\Community\Project\Special\Code\LongBaby\Sex_BLL\mz_user.cs:20 LongBaby.CN.user.Bind() in E:\Community\Project\Special\Code\LongBaby\LongBaby\CN\user.aspx.cs:129 LongBaby.CN.user.Page_Load(Object sender, EventArgs e) in E:\Community\Project\Special\Code\LongBaby\LongBaby\CN\user.aspx.cs:35 System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25 System.Web.UI.Control.LoadRecursive() +71 System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3048
3)sa权限,数据库里含大量库信息;
4)查询了下红孩子的管理员信息,一览无余呀~
PS:其他的我就不继续深入测试了,赶紧修复吧~
过滤
危害等级:高
漏洞Rank:15
确认时间:2013-12-11 15:05
感谢您对苏宁易购的关注,正在安排人员对此漏洞进行修复。
暂无