当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137176

漏洞标题:搜房网某管理后台登录页面存在SQL注入漏洞

相关厂商:搜房网

漏洞作者: 路飞

提交时间:2015-08-27 16:55

修复时间:2015-10-11 19:36

公开时间:2015-10-11 19:36

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-27: 细节已通知厂商并且等待厂商处理中
2015-08-27: 厂商已经确认,细节仅向厂商公开
2015-09-06: 细节向核心白帽子及相关领域专家公开
2015-09-16: 细节向普通白帽子公开
2015-09-26: 细节向实习白帽子公开
2015-10-11: 细节向公众公开

简要描述:

搜房网某管理后台登录页面存在SQL注入漏洞

详细说明:

搜房网某站SQL注入漏洞

漏洞证明:

SQL注入地址


POST /hr/cgi-bin/admin/login.php HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://space2.soufun.com/hr/cgi-bin/admin/login.html
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: space2.soufun.com
Content-Length: 50
Pragma: no-cache
Cookie: global_cookie=4z1dz3kbyo7q3bhhige5fak9c1oidsemrt2; Hm_lvt_71c560ba10f46ed65ed494321dd51b24=1440570805; Hm_lpvt_71c560ba10f46ed65ed494321dd51b24=1440570826; cookiecitys=%B1%B1%BE%A9; Captcha=4B4932353243654C6E5563323446746C66753447725344775655797553633474366B66346643385572572B4B51506C4E2F505444536C41584537504D72434576434E38577673693566334A4F755748414E66363333413D3D; __utmt_t1=1; jiatxShopWindow=1; unique_cookie=U_4z1dz3kbyo7q3bhhige5fak9c1oidsemrt2*6; __utma=77873355.730920994.1440570754.1440570754.1440570754.1; __utmb=77873355.20.10.1440570754; __utmc=77873355; __utmz=77873355.1440570754.1.1.utmcsr=baidu|utmccn=(organic)|utmcmd=organic
uname=admin&pwd=123456&submit_s=%B5%C7%A1%A1%C2%BC


注入参数uname

2.jpg


也可以直接万能密码登录

修复方案:

有大牛

版权声明:转载请注明来源 路飞@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2015-08-27 19:35

厂商回复:

感谢您对搜房安全的关注,此站点为一个废弃多年的站点,目前已经关闭。

最新状态:

暂无