当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138201

漏洞标题:东风汽车某站SQL注入之三

相关厂商:dfyb.com

漏洞作者: Xmyth_夏洛克

提交时间:2015-08-31 17:55

修复时间:2015-09-05 17:56

公开时间:2015-09-05 17:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-31: 细节已通知厂商并且等待厂商处理中
2015-09-05: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

233333

详细说明:

存在注入URL:
http://www.dfcv.com.cn/ServiceSite.aspx

存在注入页面.png


特殊字符尝试,出现报错

报错.png


感觉是注入

漏洞证明:

将POST放入SQLMAP跑

POST /ServiceSite.aspx HTTP/1.1
Host: www.dfcv.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.dfcv.com.cn/ServiceSite.aspx
Cookie: ASP.NET_SessionId=yiihdj1vsgr0muk1wak2sbtn
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4933
__VIEWSTATE=
%2FwEPDwULLTExOTg5MjA2OTgPZBYCZg9kFgICAw9kFgJmD2QWCAIBD2QWCgIBDxYCHgVjbGFzc2VkAgMPFgIfAGVkAgUPFgIfAAUFaG92ZXJkAgcPFgIfAGVkAgkPFgIfAGVkAgMPEA8WBh4NRGF0YVRleHRGaWVsZAUMUHJvdmluY
2VOYW1lHg5EYXRhVmFsdWVGaWVsZAUKUHJvdmluY2VJRB4LXyFEYXRhQm91bmRnZBAVJA%2For7fpgInmi6nnnIHku70J5YyX5Lqs5biCCeWkqea0peW4ggnmsrPljJfnnIEJ5bGx6KW
%2F55yBCeWGheiSmeWMugnovr3lroHnnIEJ5ZCJ5p6X55yBDOm7kem%2Bmeaxn%2BecgQnkuIrmtbfluIIJ5rGf6IuP55yBCeWuieW%2BveecgQnmtZnmsZ%2FnnIEJ56aP5bu655yBCeaxn%2Bilv
%2BecgQnlsbHkuJznnIEJ5rKz5Y2X55yBCea5luWMl%2BecgQnmuZbljZfnnIEJ5bm%2F5Lic55yBCeW5v%2Bilv%2BWMugnmtbfljZfnnIEJ5Zub5bed55yBCeS6keWNl%2BecgQnotLXlt57nnIEJ6KW%2F6JeP5Yy6CemZleilv
%2BecgQnnlJjogoPnnIEJ6Z2S5rW355yBCeWugeWkj%2BWMugnmlrDnlobljLoJ6YeN5bqG5biCBummmea4rwbmvrPpl6gG5Y%2Bw5rm
%2BBuWbveWklhUkAAExATIBMwE0ATUBNgE3ATgBOQIxMAIxMQIxMgIxMwIxNAIxNQIxNgIxNwIxOAIxOQIyMAIyMQIyMgIyMwIyNAIyNQIyNgIyNwIyOAIyOQIzMAIzMQIzMgIzMwIzNAIzNRQrAyRnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dn
Z2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAIJDxYCHgtfIUl0ZW1Db3VudAIUFigCAQ9kFgJmDxUFCeays%2BWMl%2BecgSfnn7PlrrbluoTngY%2FlmInmnLrnlLXorr7lpIfmnInpmZDlhazlj7ga6bm
%2F5rOJ5biC5piM55ub5aSn6KGXOTflj7cNMDMxMS04NTEzOTY4OABkAgIPZBYCZg8VBQnljJfkuqzluII55YyX5Lqs546v5aKD5Y2r55Sf5bel56iL6ZuG5Zui5pyJ6ZmQ5YWs5Y%2B45Zub5riF5YiG5YWs5Y%2B4NOWMl
%2BS6rOW4guacnemYs%2BWMuuWMl%2Ba5lua4oOi3rzE15Y%2B36ZmiMeWPt%2BalvDMtLTTlsYIMMDEwLTU5NjgyMDQ1AGQCAw9kFgJmDxUFCeWxseilv%2BecgSflpKrljp%2FluILpo47mma
%2Fmsb3ovabmnI3liqHmnInpmZDlhazlj7gk5aSq5Y6f5biC6Ziz5puy5Y6%2F5L6v5p2R5Lmh6Z2S6b6Z5p2RDDAzNTEtNzY4MzUzOABkAgQPZBYCZg8VBQnlpKnmtKXluIIq5ZSQ5bGx6KOV56Wl5rG96L2m6ZSA5ZSu5pyN5Yqh5
pyJ6ZmQ5YWs5Y%2B4MOWUkOWxseW4guS4sOa2puWMuuilv%2BWklueOr%2BS6rOS4nOaxvei0uOWfjuWMl%2BalvAwwMzE1LTUxNjk3ODgAZAIFD2QWAmYPFQUJ5a6J5b6955yBJ%2BWQiOiCpeW4guS6kem
%2Bmeaxvei9pui0uOaYk%2BaciemZkOWFrOWPuBjlkIjogqXluILlkIjlha3ot683MDDlj7cNMDU1MS02NTM4Mzk4MABkAgYPZBYCZg8VBQnmsZ%2Foi4%2FnnIEe5peg6ZSh6IGU6L%2BQ5pyJ6ZmQ6LSj5Lu75YWs5Y%2B4GOWMl
%2BWhmOWMuumUoea%2BhOi3rzEzOOWPtw0wNTEwLTgzNzEyOTYwAGQCBw9kFgJmDxUFCea1meaxn%2BecgSTmna3lt57kuJzlu7rmsb3ovabphY3ku7bmnInpmZDlhazlj7g35oux5aKF5Yy66Iqx5Zut5bKX6KGXMTEx5Y
%2B3KOmHkemAmuaxvemFjeWfjjMz5qCLMzMtMzYjKQ0wNTcxLTg4MTA4NjA2AGQCCA9kFgJmDxUFCeW5v%2BS4nOecgTDkuJzpo47msb3ovablub%2FkuJzplIDllK7mioDmnK%2FmnI3liqHogZTlkIjlhazlj7g95bm
%2F5bee5biC55m95LqR5Yy65aSq5ZKM6ZWH5bm%2F5LuO5YWs6LevMTA15Zu96YGTMjUzNOWFrOmHjOWkhAwwMjAtODc0NzUxMDcAZAIJD2QWAmYPFQUJ5bm%2F5Lic55yBKuiLseW%2Bt%2BW4gumHkeWIqei
%2Bvuaxvei9puacjeWKoeaciemZkOWFrOWPuCroi7HlvrfluILlpKfnq5nplYfoj5zmtLLoi7HlnZHlhazot6%2FkuJzkvqcMMDc2My0yMzEyMDU4AGQCCg9kFgJmDxUFCeW5v%2Bilv%2BecgTDlub%2Fopb
%2FkuJzpo47msb3ovabplIDllK7mioDmnK%2FmnI3liqHogZTlkIjlhazlj7gl5bm%2F6KW
%2F5Y2X5a6B5biC5LqU5p2R5bKt6YKV5a6%2B6LevOOWPtwwwNzcxLTMzMjg1NzYAZAILD2QWAmYPFQUJ5Y2B5aCw55yBMOWNgeWgsOS6qOi
%2FkOmbhuWbouaxvei9pumUgOWUruacjeWKoeaciemZkOWFrOWPuCDmuZbljJfljYHloLDluILovabln47ljZfot681OeWPtwwwNzE5LTg4OTc5MDgAZAIMD2QWAmYPFQUJ55SY6IKD55yBKuS4tOWkj%2BW4guS4h%2Bael
%2BenkeW3pei0uOaciemZkOi0o%2BS7u%2BWFrOWPuCTkuLTlpI%2FluILljZfpvpnplYfljZflt53opb%2Fot68xMDnlj7cMMDkzMC02MzgzNDIyAGQCDQ9kFgJmDxUFCeWugeWkj%2BecgTPlm7rljp%2Flub
%2FmsYfmupDmsb3ovabplIDllK7mnI3liqHmnInpmZDotKPku7vlhazlj7gq5Zu65Y6f5biC5Y6f5bee5Yy65LiJ6JCl6ZWH6LW15a%2B65byA5Y
%2BR5Yy6DDA5NTQtMjY5MDQ4OABkAg4PZBYCZg8VBQnpnZLmtbfnnIEt5qC85bCU5pyo5Lic6IGU5rG96L2m6ZSA5ZSu5pyN5Yqh5pyJ6ZmQ5YWs5Y%2B4HOagvOWwlOacqOW4guebkOahpeWNl
%2Bi3rzLlj7cMMDk3OS04NDY3Nzc2AGQCDw9kFgJmDxUFCemZleilv%2BecgS3kuJzpo47msb3ovablhazlj7jpmZXopb%2FmpobmnpfmioDmnK%2FmnI3liqHnq5kn6ZmV6KW
%2F5qaG5p6X5biC5qaG6Ziz5Yy65LiJ5a6Y5Lya5LiL5be3DDA5MTItMzI4MjIwOQBkAhAPZBYCZg8VBQnpmZXopb%2FnnIEe6ZmV6KW%2F5rmW5aCw5a6e5Lia5pyJ6ZmQ5YWs5Y%2B4Huilv%2BWuieW4guacseWuj%2Bi3r
%2BWMl%2BautTE5MOWPtwwwMjktODYzOTMxNjEAZAIRD2QWAmYPFQUJ6ZmV6KW%2F55yBJ%2Bmdlui%2BueWOv%2Bato%2Bi%2BvuW3pei0uOaciemZkOi0o%2BS7u%2BWFrOWPuA%2FpnZbovrnljr
%2Flr6jlsbEMMDkxMi00NjQ2ODA4AGQCEg9kFgJmDxUFCemZleilv%2BecgSrpk5zlt53ph5Hor7rmsb3ovabplIDllK7mnI3liqHmnInpmZDlhazlj7gk6ZOc5bed5biC6ICA5bee5Yy65a2Z5aGs6ZWH5a2d6KW
%2F5p2RDDA5MTktMzE4MzEyMwBkAhMPZBYCZg8VBQnpmZXopb%2FnnIEq5rGJ5Lit6ZGr6K%2Ba5rG96L2m6ZSA5ZSu5pyN5Yqh5pyJ6ZmQ5YWs5Y%2B4POmZleilv%2BecgeaxieS4reW4guWLieWOv%2Baxieaxn%2Bi3r%2BWMl
%2Baute%2B8iDEwOOWbvemBk%2BS7peWMl%2B
%2B8iQwwOTE2LTMyMTgwODkAZAIUD2QWAmYPFQUJ5paw55aG5Yy6KuWTiOWvhuWNjumikOaxvei9pumUgOWUruacjeWKoeaciemZkOWFrOWPuCrlk4jlr4bluILljJflh7rlj6PkuqTpgJrlrr7ppobovaznm5jopb
%2FkvqcMMDkwMi0yNTg4Njk1AGQCCw8PFgIeC1JlY29yZGNvdW50Ah5kZGSbXm%2BV4KhEAHxc3u%2BPs0QYwnDtGpUqCbC6ROdfBSnIww%3D%3D&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=
%2FwEWJwL6s9fdDwL445%2B1BwL3jLXbCwL2jLXbCwL1jLXbCwL0jLXbCwLzjLXbCwLyjLXbCwLxjLXbCwLgjLXbCwLvjLXbCwL3jPXYCwL3jPnYCwL3jP3YCwL3jMHYCwL3jMXYCwL3jMnYCwL3jM3YCwL3jNHYCwL3jJXbCwL3jJn
bCwL2jPXYCwL2jPnYCwL2jP3YCwL2jMHYCwL2jMXYCwL2jMnYCwL2jM3YCwL2jNHYCwL2jJXbCwL2jJnbCwL1jPXYCwL1jPnYCwL1jP3YCwL1jMHYCwL1jMXYCwL1jMnYCwKMkfXVCAKjkJHZAtsKUnhT32f1ySjI04Z9oM0bXXeckh
4Z%2BrpvPpy0suGP&ctl00%24MainContent%24ddlProvince=&ctl00%24MainContent%24txtDealerName=123&ctl00%24MainContent%24btnSearch=


ctl00%24MainContent%24txtDealerName参数存在注入
DBA权限

DBA.png


7个库

7个库.png


当前数据库存在20个表

20个表.png


修复方案:

过滤

版权声明:转载请注明来源 Xmyth_夏洛克@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-05 17:56

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论