当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-053499

漏洞标题:奇客星空某分站sql注射漏洞

相关厂商:奇客星空

漏洞作者: chopper

提交时间:2014-03-13 11:24

修复时间:2014-04-27 11:24

公开时间:2014-04-27 11:24

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-03-13: 细节已通知厂商并且等待厂商处理中
2014-03-13: 厂商已经确认,细节仅向厂商公开
2014-03-23: 细节向核心白帽子及相关领域专家公开
2014-04-02: 细节向普通白帽子公开
2014-04-12: 细节向实习白帽子公开
2014-04-27: 细节向公众公开

简要描述:

奇客星空某站sql注射漏洞

详细说明:

注入页面:
http://web.7k7k.com/code/ajax.php
post注入参数:
c_type,gid,sid
注射包:

POST /code/ajax.php HTTP/1.1
Content-Length: 189
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://web.7k7k.com
Cookie: PHPSESSID=8on74est1lj6um6tie17oqe2s2; sssg_client=web; qmr_client=web; timekey=9ffbd030a864485cf4537562e825de1a; username=oxdkpype; identity=oxdkpype; nickname=196502247; userid=484706292; kk=196502247; logintime=1394674336; k7_lastlogin=1394674397; loginfrom=0011; avatar=http%3A%2F%2Fsface.7k7kimg.cn%2Fuicons%2Fphoto_default_s.png; securitycode=56b74820576f6e7223b0ab449d073fbf; k7_union=9999999; k7_username=oxdkpype; k7_uid=484706292; k7_from=2762127; k7_reg=1394674336; k7_ip=222.138.229.47; userprotect=062ab4d5c8d6b340312100a831a6cb4e; userpermission=fb914e06e9616fb300c9811b11b68a0d; k7_lastlogin=2014-03-13+09%3A32%3A16; web_uniques=482233444; k7_gamekey=%5B%2221_1%22%2C%2221_12%22%5D; k7_gamelist=%5B%7B%22sname%22%3A%22%5Cu5929%5Cu5730%5Cu82f1%5Cu96c4%5B%5Cu53cc%5Cu7ebf%5Cu4e00%5Cu533a%5D%22%2C%22key%22%3A%22tdyx%22%2C%22gid%22%3A21%2C%22server_id%22%3A%221%22%7D%2C%7B%22sname%22%3A%22%5Cu5929%5Cu5730%5Cu82f1%5Cu96c4%5B%5Cu53cc%5Cu7ebf12%5Cu533a%5D%22%2C%22key%22%3A%22tdyx%22%2C%22gid%22%3A21%2C%22server_id%22%3A%2212%22%7D%5D; yourplayedwebgames=dcj%257C%25E9%25BE%2599%25E7%25BA%25B9%25E6%2588%2598%25E5%259F%259F%252Csq%257C%25E7%25A5%259E%25E6%259B%25B2%252Cyt%257C%25E5%25BE%25A1%25E5%25A4%25A9%252Cqjll%257C%25E5%25A5%2587%25E8%25BF%25B9%25E6%259D%25A5%25E4%25BA%2586%252Csctx%257C%25E7%25A5%259E%25E5%2588%259B%25E5%25A4%25A9%25E4%25B8%258B%252Ctdyx%257C%25E5%25A4%25A9%25E5%259C%25B0%25E8%258B%25B1%25E9%259B%2584
Host: web.7k7k.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
c_type=13945&gid=251&ran=0.14362087147310376&sid=2&username=cvdciknt


成功注入:

c_type.png


数据库:

db.png


当前用户:

user.png


点到为止,不继续了~

漏洞证明:

如上

修复方案:

过滤参数

版权声明:转载请注明来源 chopper@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2014-03-13 17:39

厂商回复:

感谢白帽作者反馈,确实有此漏洞,已修复,之后联系作者发送小礼物,希望和白帽人员进行合作

最新状态:

暂无

漏洞评价:

评论

  1. 2014-03-13 14:03 | Neeke ( 普通白帽子 | Rank:101 漏洞数:24 | 求传授刷Rank方法?)

    京东礼品卡

  2. 2014-03-13 14:05 | chopper ( 普通白帽子 | Rank:144 漏洞数:29 | 菜鸟求学,多多关照~)

    @Neeke 可以抵钱的?

  3. 2014-03-13 14:11 | U神 ( 核心白帽子 | Rank:1285 漏洞数:142 | 感谢乌云,知恩不忘,其实我一直都在乌云默...)

    @Neeke 我给奇客旗下的游戏共赢找了个洞,果断一个功夫熊猫移动电源

  4. 2014-03-13 14:15 | Neeke ( 普通白帽子 | Rank:101 漏洞数:24 | 求传授刷Rank方法?)

    @chopper 100块的京东礼品卡,可以抵钱。

  5. 2014-03-13 14:16 | Neeke ( 普通白帽子 | Rank:101 漏洞数:24 | 求传授刷Rank方法?)

    @U神 这厂商还不错

  6. 2014-03-13 14:18 | chopper ( 普通白帽子 | Rank:144 漏洞数:29 | 菜鸟求学,多多关照~)

    @Neeke 看厂商活动很活跃,就挖挖~