漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-058833
漏洞标题:三福百货sql注入漏洞
相关厂商:sanfu.com
漏洞作者: bitcoin
提交时间:2014-04-29 11:37
修复时间:2014-04-29 11:46
公开时间:2014-04-29 11:46
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-04-29: 细节已通知厂商并且等待厂商处理中
2014-04-29: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
三福百货sql注入漏洞
详细说明:
注入点:
http://www.sanfu.com/?class_new=0&do=index_new&mod=goods&page=11&per_page=32&price=-1&style=sale
对参数page过滤不严,导致注入。
将page设置成'
即http://www.sanfu.com/?class_new=0&do=index_new&mod=goods&page='&per_page=32&price=-1&style=sale
报错
SQL ERROR [ mysql4 ]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-32, 32' at line 4 [1064]
SQL
SELECT g.id,g.goods_name,g.goods_sn,g.sc_price,g.pf_price,g.name_style,g.name_color,g.smallpic FROM eb_goods AS g LEFT JOIN eb_n_category_goods AS cata ON g.id=cata.goods_id LEFT JOIN eb_goods_xm AS gxm ON gxm.goods_id=g.id WHERE g.isvalid = 1 AND EXISTS(SELECT id FROM eb_goods_xm WHERE goods_id=g.id AND (category='男装' OR category='女装') ) GROUP BY g.id ORDER BY cata.seq ASC,g.shelf_time DESC LIMIT -32, 32
BACKTRACE
FILE: includes/db/mysql4.php
LINE: 117
CALL: dbal->sql_error()
FILE: includes/db/mysql4.php
LINE: 166
CALL: dbal_mysql4->sql_query()
FILE: modules/goods/index_new.php
LINE: 261
CALL: dbal_mysql4->sql_query_limit()
FILE: index.php
LINE: 93
CALL: include('modules/goods/index_new.php')
Fatal error: in /home/www/html/includes/db/dbal.php on line 379
水平有限,用sqlmap没有跑出想要的结果!求指教!
漏洞证明:
如上
修复方案:
过滤
版权声明:转载请注明来源 bitcoin@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-04-29 11:46
厂商回复:
我们会改一下提示信息,没有注入的问题
最新状态:
暂无