当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0103602

漏洞标题:易车某站SQL注入

相关厂商:易车

漏洞作者: BMa

提交时间:2015-03-25 10:56

修复时间:2015-05-09 11:02

公开时间:2015-05-09 11:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-25: 细节已通知厂商并且等待厂商处理中
2015-03-25: 厂商已经确认,细节仅向厂商公开
2015-04-04: 细节向核心白帽子及相关领域专家公开
2015-04-14: 细节向普通白帽子公开
2015-04-24: 细节向实习白帽子公开
2015-05-09: 细节向公众公开

简要描述:

易车某站注入

详细说明:

http://tuan.bitauto.com/brand?spell=


参数:spell

1.jpg


2.jpg


3.jpg


4.jpg


5.jpg


6.jpg


漏洞证明:

Database: hd_huodong
+-------------------------+---------+
| Table                   | Entries |
+-------------------------+---------+
| statistics_analysisnew  | 25092539 |
| ippool                  | 345661  |
| activity_signup         | 273713  |
| mobile_ascription       | 258114  |
| statistics_analysissem  | 136815  |
| statistics              | 129807  |
| weixin_push_log         | 91951   |
| statistics_analysisdate | 89488   |
| system_smslogs          | 36498   |
| activity_dealer         | 33716   |
| activity_area           | 33118   |
| operation_log           | 23234   |
| admins_login_log        | 8627    |
| activity_sms_detail     | 7531    |
| weixin_user             | 6401    |
| activity_calls          | 5444    |
| duanxin_push_log        | 3927    |
| region                  | 2105    |
| activity_model          | 1999    |
| group_purchase_area     | 1613    |
| callcenter_logs         | 1349    |
| group_purchase_brand    | 1230    |
| page_group_purchase     | 1153    |
| callcenter_records      | 1018    |
| activity_code           | 774     |
| activity_intention      | 738     |
| group_purchase_issue    | 646     |
| activity_brand          | 531     |
| activity_content        | 514     |
| activity                | 450     |
| group_purchase          | 424     |
| page_group_area         | 229     |
| activity_focus          | 211     |
| tuandao                 | 132     |
| admins_purview          | 131     |
| activity_channel        | 114     |
| activity_history        | 98      |
| activity_sms            | 91      |
| feedback_list           | 77      |
| page_group              | 62      |
| admins                  | 42      |
| signin_active_bind      | 39      |
| activity_gift           | 28      |
| beacon_user             | 25      |
| blacklists              | 19      |
| signin_members          | 15      |
| page_platform           | 12      |
| dealer_activity         | 10      |
| activity_auto_detail    | 8       |
| admins_group            | 8       |
| activity_cartype        | 7       |
| beacon_dealer           | 4       |
| media                   | 3       |
| system                  | 3       |
| resource_class          | 2       |
| dealer_user             | 1       |
| resource_type           | 1       |
| system_sms              | 1       |
+-------------------------+---------+

修复方案:

版权声明:转载请注明来源 BMa@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-03-25 11:00

厂商回复:

非常感谢对易车的帮助,我们会尽快处理

最新状态:

2015-03-25:漏洞已经修复,谢谢对易车的支持