当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149948

漏洞标题:驴妈妈旅游网存在SQL注入漏洞(布尔盲注)

相关厂商:驴妈妈旅游网

漏洞作者: 路人甲

提交时间:2015-10-28 09:36

修复时间:2015-12-12 16:16

公开时间:2015-12-12 16:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-28: 细节已通知厂商并且等待厂商处理中
2015-10-28: 厂商已经确认,细节仅向厂商公开
2015-11-07: 细节向核心白帽子及相关领域专家公开
2015-11-17: 细节向普通白帽子公开
2015-11-27: 细节向实习白帽子公开
2015-12-12: 细节向公众公开

简要描述:

RT

详细说明:

http://www.lvmama.com/trip/show/64766

1.png


ajax传参过滤不严,出现注入

2.png


报错

3.png


POST /trip/show/ajaxGetCommon HTTP/1.1
Host: www.lvmama.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://www.lvmama.com/trip/show/64766
Content-Length: 25
Cookie: uid=wKgKcFYV/08MNBR9PJSHAg==; oUC=017878017878017878017878; oUT=0908091309240927; CoreID6=15990546218214442821961&ci=90409730; __utma=30114658.19330767.1444282197.1445652395.1445946558.26; __utmz=30114658.1445946558.26.10.utmcsr=baidu|utmccn=cpt|utmcmd=zhuanqu|utmctr=%E9%A9%B4%E5%A6%88%E5%A6%88%E6%97%85%E6%B8%B8%E7%BD%91; Hm_lvt_cb09ebb4692b521604e77f4bf0a61013=1445599048,1445652395,1445946558,1445946606; tma=30114658.57217025.1444282198371.1444282198371.1444359447690.2; tmd=147.30114658.57217025.1444282198371.; __xsptplus443=443.17.1445946559.1445947838.6%231%7Cbaidu%7Czhuanqu%7Ccpt%7C%25E9%25A9%25B4%25E5%25A6%2588%25E5%25A6%2588%25E6%2597%2585%25E6%25B8%25B8%25E7%25BD%2591%7C%23%23GztOMNiNaTiIWb5Fn1x_n3enOavZ-Dqi%23; bfd_g=a7fcd4ae5266aa77000076390003a49556161903; bkng=11UmFuZG9tSVYkc2RlIyh9YWJdm48m5cJDhntHqCuZeXILhFXLcgE01LpjXN%2FtASG%2FsWN3uf1Z2WoGWKDMD7lyfpRtzy%2FyQHOVEoW7zTk%2FmXS%2Fzidxfqscivy%2FgqafeiQOQvStTJGqCNyitNv088Ml9aDFwv9joQDOezefRiUysMCGFlGIz77F4AwXAddGucekbpg46%2BZsmsA%3D; utag_main=v_id:01506a6d250e0098f8e79d98bd0013048001800d00bd0$_sn:1$_ss:0$_pn:4%3Bexp-session$_st:1444896371389$ses_id:1444894549262%3Bexp-session; syappfoot_cookie=syappfoot_cookie; TUANGOU_DETAIL_PRODUCTID=%5B%7B%22imageUrl%22%3A%22http%3A%2F%2Fpic.lvmama.com%2F%2Fuploads%2Fpc%2Fplace2%2F2015-10-09%2Fa6a219c2-eb1b-4308-bd84-6044c0c01292.jpg%22%2C%22name%22%3A%22%E3%80%90%E4%B9%B0%E4%B8%80%E4%BA%BA%E8%B5%A0%E9%80%811%E4%BD%8D%E6%88%90%E4%BA%BA%EF%BC%8B1%E4%BD%8D12%E5%B2%81%E4%BB%A5%E4%B8%8B%E5%84%BF%E7%AB%A5%EF%BC%8C%E9%95%BF%E7%99%BD%E5%B1%B1%E6%BB%91%E9%9B%AA%E5%BA%A6%E5%81%87%E3%80%91%E8%A5%BF%E5%9D%A1%E4%B8%87%E8%BE%BE%E5%BA%A6%E5%81%87%E5%8C%BA6%E5%AE%B6%E9%85%92%E5%BA%97%E4%BB%BB%E9%80%89%E4%BD%8F%E5%AE%BF3%E6%99%9A%EF%BC%8B%E6%AF%8F%E5%A4%A9%E4%B8%8D%E9%99%90%E6%AC%A1%E6%BB%91%E9%9B%AA%EF%BC%8B%E4%B8%9C%E5%8C%97%E5%86%9C%E5%AE%B6%E9%A5%AD%E4%BB%A3%E9%87%91%E5%8D%B7%EF%BC%8B%E6%97%A9%E9%A4%90%EF%BC%8B%E6%8E%A5%E9%80%81%E6%9C%BA%E3%80%9011.11%E6%97%A5%E6%88%AA%E6%AD%A2%E3%80%91%E3%80%90%E8%87%AA%E7%94%B1%E8%A1%8C%E7%89%B9%E5%8D%96%E3%80%91%22%2C%22placeId%22%3A%22http%3A%2F%2Fwww.lvmama.com%2Ftuangou%2Fdeal-599258%22%2C%22productsPrice%22%3A%221096%22%7D%5D; _lvTrack_UUID=506ED0FF-5304-4D78-B346-FD65315B1F64; JSESSIONID=686B29B8E2B406A2DF4B5C92066DFF04; lvsessionid=aacc4219-7bab-4501-93b9-5a7c5875ec66_13553688; ip_from_place_id=1; ip_from_place_name=""; ip_area_location=BJ; ip_location=124.127.207.186; ip_province_place_id=110000; ip_city_place_id=110000; ip_city_name=%E5%8C%97%E4%BA%AC; cmTPSet=Y; 90409730_clogin=l=1445946558&v=1&e=1445952077646; __utmb=30114658.23.10.1445946558; __utmc=30114658; Hm_lpvt_cb09ebb4692b521604e77f4bf0a61013=1445949792; Rvyz72RO3yiChuCn=1aO9JqTm6jt66R%2BvN3uksRLZJzebayjZHvi61LQmdORXiEjgNDKmtb4lgccdVKvzq88bBr675gYy8vN1X3ITDbT84W2wqeiUP0%2F7e%2F8WhKb%2FwHwQhBVSV060umDsQhwwCm%2Bzia49GyCBmnDEKa85bwNGPZX%2Bx%2B3bAkhrJ2tODbR8o8yhiyJc5C8f3oDw86TgUh3%2FNZy%2FoCr2CBc9uFaniOhmUYsATWLLBcJhjajgRAx%2FZqcvLXlOtQbFwGuSQHLp3M85yznDgavwn%2BX5ed02IgQesrj2pdr5iVXvt3PuBjDTlgAdUymJz4HWNFkjdjDySDC8Mtd3Y5S8V%2FVTH2hKPEoWhdezfio88OB20ooZvgJvBBmrnts4dWDdwT4ttHe6KaDMUHw2%2B%2F%2Fpa4hA6V06W4CpW3OC71zMovfOiG6twY4%3D99cbce7fab8339e5a24a8ac55539cc219dd48c05; bfd_s=30114658.75994099.1445946560069; tmc=20.30114658.38275795.1445946560073.1445948257437.1445949792096; CASTGC=TGC-50-D4vOf1oQ8O1z00jW8j7cq0hHRZdcevjTZHisN0xyaKTdEUfobT; UN=l.sherlock%5E%21%5E40288a3f50a8fcc10150a9223e07000a; unUserName=L.sherlock; LSTA=ee9b24dc667f9e66cdc5f3cdad263bd4; ticket=ST-50-i7UR71w0Uy3IuEi3DNov; EMV=E; orderFromChannel=qqcb; cpsuid=E13EC0CB85ABBC8889A78808BE06F565; tracking_code=100.1080.00.000.00; HeadShow=%3Cb%3EQQ%E5%BD%A9%E8%B4%9D%E8%81%94%E7%9B%9F%E5%95%86%E5%AE%B6%EF%BC%9A%3C%2Fb%3E%E9%A9%B4%E5%A6%88%E5%A6%88%E6%97%85%E6%B8%B8%E7%BD%91-QQ%E4%BC%9A%E5%91%98%E8%B4%AD%E7%89%A9%E6%88%90%E5%8A%9F%E6%9C%80%E9%AB%98%E8%BF%94%3Cfont+color%3D%22red%22%3E2.4%25%3C%2Ffont%3E%E5%BD%A9%E8%B4%9D%E7%A7%AF%E5%88%86%EF%BC%8C%E6%99%AE%E9%80%9A%E7%94%A8%E6%88%B7%E6%9C%80%E9%AB%98%E8%BF%94%3Cfont+color%3D%22red%22%3E1.5%25%3C%2Ffont%3E%E5%BD%A9%E8%B4%9D%E7%A7%AF%E5%88%86%3Ca+href%3D%22http%3A%2F%2Fitem.cb.qq.com%2Fmall%2F10543.html%22+target%3D%22_blank%22%3E%EF%BC%88%E8%AF%A6%E6%83%85%EF%BC%89%3C%2Fa%3E; jXVJUTNgMEfp6rEr=k9BTI%2BpZV41Opr4vBHem8pIZCxdJMvBCoOqZMfG3XqVVEWQAOCxYQf24ImmknzANCrjuAsCJJQZfpJfEzT6wzreD9%2BWHlCFcmP8%2B1Pw5gsHhUt3RnwCI4RSXzHbiORispkOkjggasXUQQozKYTcgbSclZYgaubdRDtsu0StKk0v5u3mjKSscCqjErf7e%2B4giW2r%2B6t123dpFcndM00a5bsaQMbRRBZPoJxm3YISpkALTMtBj8C24DZ3YH0kKEtRhkx33K66wBbw7%2BV8rqzpOG3q%2BVA2w4RHpr4xv6feizSETco6B3xJ%2FALV1eAvLjR1rct%2BMc%2F0XUyeIyrep3N%2FCapwKzS67ArG%2F2%2BmnJrHZUkt%2F3yG8mx4Mb8PoWM48DcyrUBeGaPTC6nCgD%2F7zjRRGKlwxmFf4hmtBPJdWUkXawcY%3D9f2c6b950a0e945983657f579b8f8c6fc0ffd822
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
type=trip&id=64766&page=1


type参数存在注入

漏洞证明:

注入点.png


版本

数据库版本.png


4.png

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-10-28 16:14

厂商回复:

thx

最新状态:

暂无


漏洞评价:

评价