当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155513

漏洞标题:一览英才网某站SQL注射漏洞(含绕过)

相关厂商:job1001.com

漏洞作者: 路人甲

提交时间:2015-11-24 15:04

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-24: 细节已通知厂商并且等待厂商处理中
2015-11-24: 厂商已经确认,细节仅向厂商公开
2015-12-04: 细节向核心白帽子及相关领域专家公开
2015-12-14: 细节向普通白帽子公开
2015-12-24: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

详细说明:

POST /ask/admin.php?doaction=topicDeal&mode=zhadui HTTP/1.1
Content-Length: 184
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://2.job1001.com
Cookie: PHPSESSID=52e47135592c92b85072174c467115b4; company_visit_hotcm1305190795416=1; company_visit_hotcm1316998102851=1; company_visit_hotcm1309423455275=1; company_visit_hotcm1314689749806=1; company_visit_hotcm1314578883608=1; company_visit_hotcm1303722802251=1; company_visit_hotcm1307934310334=1; company_visit_hotcm1316141701317=1; company_visit_hotcm1438847885895=1; 8e1fee50b82123494553688c060f2879=1; company_visit_hotcm1425128438596=1; 3c052f08b73a5a98344acdb24c019097=1; company_visit_hotcm1448250064506=1; 764ea8a3b728efe78fade58fba31fe1c=1; company_visit_hotcm1398327727578=1; 916e33d5e0ece0e3b8feb5f33adaa1fc=1; company_visit_hotcm1445328958751=1; 525dc8834cba5167e57d4b7b7c68171e=1; company_visit_hotcm1408523856199=1; a2db7e32ad1edce58f89f6a68f8c7209=1; company_visit_hotcm1448248808741=1; ba1cb0c1b2f0cac95f6a4d2d978dd092=1; company_visit_hotcm1374126352576=1; 3635e5fc63e00172a68ccc9e67b87257=1; company_visit_hotcm1303737709325=1; running_time=1448335755467; url_running=http%3A%2F%2F2.job1001.com%2Faboutus%2Fwww.buildexchina.com.cn%23; cookieflag=1448334301526102062; cookieflagall=1448334301526860417; cookiesession=14483343015270.29070144472643733; cookieflagfor=3132074426; ucheck=false; uname=; password=; ucheck_enter=false; uname_enter=; password_enter=; safe_code=; IM_running_on=1; Hm_lvt_a2cccb25ea1b4807cf3720f792c919c1=1448335446,1448335476,1448335573,1448335595; Hm_lpvt_a2cccb25ea1b4807cf3720f792c919c1=1448335595; HMACCOUNT=F77BBB58784F51A5; _fmdata=8CA4DA6E8B3846CD31C4F84E17AB1262D867FD852F46E879BC5FC1B433CD3927335FB03FBECA25DF492011E5AD6D84EEA738E694E98B050C; BAIDUID=78394D3771D6C76CF0D3B036B4403BC7:FG=1; bdshare_firstime=1448334927687; Hm_lvt_0216ff792088201b251e5b7ae8ac7ffb=1448334928; Hm_lpvt_0216ff792088201b251e5b7ae8ac7ffb=1448334928; zw_view_history_str=46839014%252B%252B%25B3%25A4%25CA%25E4%25B9%25DC%25B5%25C0%25BC%25EC%25D1%25E9%25CA%25A6%252B%252B%252FJob_Detail.php%253FCompanyDetail%253Dcm1448250064506%2526ZhoaPinDetail%253D46839014%2526action%253DMyApply%252B%252B1448336318%252C%252C46133136%252B%252B%25CF%25EE%25C4%25BF%25BE%25AD%25C0%25ED%252B%252B%252FJob_Detail.php%253FCompanyDetail%253Dcm1398327727578%2526ZhoaPinDetail%253D46133136%2526contract%253D1%252B%252B1448334184; aacfc53cc06d2ae26efe1bfd5e0a7851=1; a944bcddd41bb8320dc4524205b7f236=1; 7d128618be5f354ad8b8fd9f409fb6e6=1; 64fb49f52b90939d6ef588375920dfc8=1; df20782477eec1ed8892999f9c289902=1; da6a8394fb9c33c61295dd1e3747ad9e=1; 7e92257c54c25fe09241df7a29e9700c=1; company_visit_hotcm1447832728658=1; dc119b91a0bc7ce5ceb5da121b6130ea=1; 25e66279c4667ae48a02b2742cfb9ab8=1; company_visit_hotcm1364975769601=1; 5577e8fa0a4068b35db591a5b693ed7a=1; 0d5d214347f5508f7718c9a5f67ae8d5=1; tc=1
Host: 2.job1001.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
http_request_count=0&request_type=loadTopic&tradeid=4&uid=1

uid参数存在注入,过滤了大于符号,使用between.py绕过

71.png

涉及206张表:

11.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:3

确认时间:2015-11-24 18:36

厂商回复:

感谢白帽子,感谢乌云平台,开发人员已经第一时间处理。

最新状态:

暂无


漏洞评价:

评价