当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154844

漏洞标题:西藏某服务管理平台注入漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-11-26 23:54

修复时间:2016-01-14 17:48

公开时间:2016-01-14 17:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-26: 细节已通知厂商并且等待厂商处理中
2015-11-30: 厂商已经确认,细节仅向厂商公开
2015-12-10: 细节向核心白帽子及相关领域专家公开
2015-12-20: 细节向普通白帽子公开
2015-12-30: 细节向实习白帽子公开
2016-01-14: 细节向公众公开

简要描述:

注入漏洞

详细说明:

注入漏洞,可以执行系统命令
服务器还在公网上,上面还有其他多个其他服务网站(通过不通端口访问)
**.**.**.**:880/Login.aspx
**.**.**.**:801/Login.aspx
抓包注入

POST /BLXWCK.aspx?blzz=1 HTTP/1.1
Host: **.**.**.**
Content-Length: 3783
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://**.**.**.**
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://**.**.**.**/BLXWCK.aspx?blzz=1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=brxnhkz3chnkxhbt5umpwm45
__VIEWSTATE=%2FwEPDwULLTIwNTI0NTQzNjIPZBYCAgMPZBYKAgMPFgIeBFRleHQFswM8bGkgY2xhc3M9ImwxIj48YSBocmVmPSJMb2dpbi5hc3B4IiB0aXRsZT0iIj4mbmJzcDs8L2E%2BPC9saT4gPGxpIGNsYXNzPSJsMiI%2BPGEgaHJlZj0iZG93bmxvYWRzLmFzcHgiIHRpdGxlPSIiPiZuYnNwOzwvYT48L2xpPjxsaSBjbGFzcz0ibDMiPjxhIGhyZWY9Im5ld3MuYXNweCIgdGl0bGU9IiI%2BJm5ic3A7PC9hPjwvbGk%2BPGxpIGNsYXNzPSJsNCI%2BPGEgaHJlZj0ieHhjeC5hc3B4IiB0aXRsZT0iIj4mbmJzcDs8L2E%2BPC9saT4gPGxpIGNsYXNzPSJsNSI%2BPGEgaHJlZj0icnl4eGN4LmFzcHgiIHRpdGxlPSIiPiZuYnNwOzwvYT48L2xpPiA8bGkgY2xhc3M9Imw2Ij48YSBocmVmPSJwYXJ0eUJBLmFzcHg%2FenQ9MSIgdGl0bGU9IiI%2BJm5ic3A7PC9hPjwvbGk%2BIDxsaSBjbGFzcz0ibDciPjxhIGhyZWY9InhteHhjeC5hc3B4IiB0aXRsZT0iIj4mbmJzcDs8L2E%2BPC9saT5kAgUPFgIfAAXlATxsaT48YSAgIGNsYXNzPSJzZWxlY3RlZCIgICBocmVmPSJibHh3Y2suYXNweD9ibHp6PTEiPuS8geS4muivmuS%2FoeihjOS4uuWFrOekujwvYT48L2xpPjxsaT48YSAgIGhyZWY9ImJseHdjay5hc3B4P2Jseno9MiI%2B5Lq65ZGY6K%2Ba5L%2Bh6KGM5Li65YWs56S6PC9hPjwvbGk%2BPGxpPjxhICAgaHJlZj0iYmx4d2NrLmFzcHg%2FYmx6ej0zIj7lu7rorr7ljZXkvY3or5rkv6HooYzkuLrlhaznpLo8L2E%2BPC9saT5kAgcPZBYEZg9kFgJmD2QWAgIBDw8WAh8ABRjkvIHkuJror5rkv6HooYzkuLrlhaznpLpkZAIBD2QWAmYPZBYCAgEPDxYCHwAFDOS8geS4muWQjeensGRkAgsPZBYGAgEPDxYCHwAFDOS8geS4muWQjeensGRkAgMPFgIeC18hSXRlbUNvdW50AgMWBmYPZBYCZg8VCAcjRkZGRkZGNOWbm%2BW3neWvjOaYh%2BW7uuetkeW3peeoi%2BaciemZkOWFrOWPuC3opb%2Fol4%2Foh6rmsrvljLr8AemAmui%2Fh%2BmYv%2BmHjOWcsOWMuuS9j%2BaIv%2BWfjuS5oeW7uuiuvuWxgOiwg%2Bafpe%2B8jOatpOWFrOWPuOWcqOaXpeWcn%2BWOv%2BaXpeadvuS5oeWNq%2BeUn%2BmZoumhueebruS4iuWHuuWAn%2Bi1hOi0qO%2B8jOWunumZheaJv%2BWMheS6uuW8oOWuneWzsOWPiOWvueW3peeoi%2Bi%2Fm%2BihjOS6jOasoei9rOWMhe%2B8jOeUseS6juS4jeWFt%2BWkh%2BebuOW6lOWuieWFqOeUn%2BS6p%2BadoeS7tu%2B8jOmAoOaIkOWuieWFqOeUn%2BS6p%2BS6i%2BaVheiHtOS4gOS6uuatu%2BS6oeOAggzkuI3oia%2FooYzkuLoJMjAxNS0zLTMwCTIwMTctMy0zMAQy5bm0jQLjgIrlu7rnrZHms5XjgIvnrKzkuozljYHlha3mnaHvvIzjgIrlu7rorr7lt6Xnp43otKjph4%2FnrqHnkIbmnaHkvovjgIvnrKzkuozljYHkupTmnaHjgIHnrKzlha3ljYHkuIDmnaHvvIzjgIrlronlhajnlJ%2Fkuqforrjlj6%2FmnaHkvovjgIvnrKzljYHkuInmnaHjgIHljYHkuZ3mnaHjgIHkuozljYHkuIDmnaHvvIzjgIropb%2Fol4%2Foh6rmsrvljLrlu7rnrZHluILlnLrkuI3oia%2FooYzkuLrorrDlvZXkuI7lhaznpLrnrqHnkIblip7ms5XjgItCMS0xLTAz5ZKMRDEtNC0yNOOAgmQCAQ9kFgJmDxUIByNGRkZGQ0Mh5YyX5Lqs5biC5Lqs5Y%2BR5oub5qCH5pyJ6ZmQ5YWs5Y%2B4qALlnKgyMDE05bm0MeaciOS7o%2BeQhuilv%2BiXj%2BiHquayu%2BWMuuajgOWvn%2BWumOWtpumZouilv%2BiXj%2BWIhumZouW7uuiuvuaLm%2BaKleagh%2BmhueebruS4re%2B8jOaUtuWPluilv%2BiXj%2BawuOS4sOW7uuiuvuW3peeoi%2BaciemZkOWFrOWPuOOAgeilv%2BiXj%2BiHquayu%2BWMuuesrOS6jOW7uuetkeW3peeoi%2BWFrOWPuOOAgeilv%2BiXj%2Bilv%2BmDqOW7uuiuvuW3peeoi%2BaciemZkOWFrOWPuOS4ieWutuWNleS9jeaKleagh%2BS%2FneivgemHkeWQiOiuoTI0MOS4h%2BWFg%2B%2B8jOebtOWIsOWPkeW4g%2BS5i%2BaXpeacquaMieinhOWumumAgOi%2FmOOAggzkuI3oia%2FooYzkuLoKMjAxNC0xMi0xNwoyMDE1LTEyLTE3BDHlubSfAeOAiuS4reWNjuS6uuawkeWFseWSjOWbveaLm%2Bagh%2BaKleagh%2BazleWunuaWveadoeS%2Bi%2BOAi%2BesrOS6lOWNgeS4g%2BadoeesrOS6jOasvuOAgeesrOWFreWNgeWFreadoeOAgeOAiuS4reWNjuS6uuawkeWFseWSjOWbveihjOaUv%2BWkhOe9muazleOAi%2BesrOS6lOWNgeS4gOadoeOAgmQCAg9kFgJmDxUIByNGRkZGRkY06YeN5bqG5rCR56aP5bu66K6%2B5bel56iL5pyJ6ZmQ5YWs5Y%2B4Leilv%2BiXj%2BiHquayu%2BWMuuoB6K%2Bl5LyB5Lia5Lul6Jma5YGH6LWE5paZ6L%2Bb6KGM5aSH5qGI77yM57uP5p%2Bl6K%2BB5LqL5a6e56Gu5Ye%2F77yM5oyJ54Wn55u45YWz5rOV5b6L5rOV6KeE77yM57uZ5LqI6K%2Bl5LyB5Lia5Y%2BK5aeU5omY5Luj55CG5Lq65p2o5bqt546J77yI6Lqr5Lu96K%2BB5Y%2B356CB77yaNTExMzAzMTk4NzA2MDIwMDRY77yJ6K6w5YWl6KW%2F6JeP6Ieq5rK75Yy65bu6562R5biC5Zy65LiN6Imv6KGM5Li66K6w5b2V5Lik5bm044CCDOS4jeiJr%2BihjOS4ugkyMDE0LTctMTEJMjAxNi03LTEwBDLlubRP44CK6KW%2F6JeP6Ieq5rK75Yy65bu6562R5biC5Zy65LiN6Imv6KGM5Li66K6w5b2V5LiO5YWs56S6566h55CG5Yqe5rOV44CLRDEtMS0wN2QCBQ8PFgQeEEN1cnJlbnRQYWdlSW5kZXhmHgpUb3RhbFBhZ2VzAgFkZAINDw8WAh4HVmlzaWJsZWhkZGThkfSLx%2FMc%2B45Enq9WqZn30B2vGg%3D%3D&__VIEWSTATEGENERATOR=A673655D&txtPartyName=123&ddlNotGoodType=%E4%B8%8D%E8%89%AF%E8%A1%8C%E4%B8%BA&btnQuery=%E6%9F%A5++++%E8%AF%A2

漏洞证明:

1.png

2.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-11-30 17:47

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向其信息化主管部门通报,由其后续协调网站管理单位处置。

最新状态:

2015-11-30:更正处置情况:CNVD确认并复现所述情况,已经转由CNCERT下发给西藏分中心,由其后续协调网站管理单位处置。