当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170943

漏洞标题:和平药房主站存在SQL注入漏洞(20万买药订单信息)

相关厂商:hp1997.com

漏洞作者: 路人甲

提交时间:2016-01-19 10:40

修复时间:2016-01-24 10:50

公开时间:2016-01-24 10:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-19: 细节已通知厂商并且等待厂商处理中
2016-01-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

GET /purchase/InitCartNumSerrive.aspx?cartid=81833634&cid=1&cname=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&count=2&did=34&dname=900&gid=6&gname=30%C6%AC%D7%B0&pid=8183&sku=2 HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://www.hp1997.com/
Cookie: HP1997Products=592=592|%u795e%u7334+%u5341%u4e94%u5473%u9f99%u80c6%u82b1%u4e38+0.3g*18%u4e38(%u6c34%u4e38)+%u7406%u80ba%u6b62%u54b3%u5316%u75f0+%u652f%u6c14%u7ba1%u708e%u6c14%u5598|Smallsmall%2f09050346%2f20140717%2f9ca02b4dcfc171aa3ef61e99dbffee78141426.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-592|21.60&2180=2180|%u3010%u5f3a%u751f%u3011%u8840%u7cd6%u8bd5%u7eb8%u7a33%u8c6a%u578b50%u7247%u88c5+%u8840%u7cd6%u4eea%u8bd5%u7eb8+%u8840%u7cd6%u8bd5%u7eb850%u724750%u9488%u5934|Smallsmall%2f12069899%2f20140814%2f6501ca0a9367b31ab699f953d500df5a162101.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-2180|199.00&2384=2384|%u7ecf%u7acb%u901a%u9888%u690e%u7275%u5f15%u5668QQ-A%u4fbf%u643a%u5f0f+%u8f85%u52a9%u6cbb%u7597%u9888%u690e%u75c5|Smallsmall%2f05111060%2f20150305%2fc3847ef4e959517866c5dd70021ab5b892743.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-2384|134.00&6646=6646|%u7247%u4ed4%u7640+%u795b%u9ec4%u4eae%u767d%u6d01%u9762%u4e73+100%u6beb%u5347+%u6e05%u6d01%u8865%u6c34%u63d0%u4eae%u80a4%u8272+%u53bb%u9ec4%u7f8e%u767d%u6d17%u9762%u5976|Smallsmall%2f13020194%2f20150113%2f2bb27edc82846821695e8eb35e2c474a153414.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-6646|79.20&9763=9763|%u4ee3%u7528%u8336(%u83ca%u82b1)|Smallsmall%2f15050563%2f20151124%2f2008e8bd1549d9e39d2e22ee2d8d4f8b153039.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-9763|27.00&2107=2107|%u4f55%u6c0f%u72d0%u81ed%u51c0+13ml(%u5b9e%u60e0%u88c5)+%u9664%u72d0%u81ed%u814b%u81ed|Smallsmall%2f05080140%2f20141028%2f0c2717e17d4eef257a6643cc2bdf4401140116.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-2107|214.20&8373=8373|%u535a%u58eb%u4f26%u6e05%u6717%u534a%u5e74%u9690%u5f62%u773c%u955c%u8fdb%u53e32%u7247%u88c5+%u8fd1%u89c6%u773c%u955c+%u8212%u9002%u900f%u6c27+%u6b63%u54c1%u5305%u90ae|Smallsmall%2f13060429%2f20140721%2f42fa1d8c1a722783ddc8bb987d1233f1154643.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-8373|99.00&9728=9728|%u4e00%u6b21%u6027%u4f7f%u7528%u706d%u83cc%u6a61%u80f6%u5916%u79d1%u624b%u5957|Smallsmall%2f12050787%2f20151028%2f7632b11c7d50151c3500abc4bb9540be91757.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-9728|2.50&3947=3947|%u671d%u9c9c%u84df%u8349%u590d%u5408%u8425%u517b%u7247|Smallsmall%2f20111104%2fb8bc5b4b1feb7e2ff7be5fa0d8c743af155200.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-3947|214.20&9717=9717|%u6d77%u4fea%u6069%u7f8e%u77b3%u9690%u5f62%u773c%u955c%u62a4%u7406%u6db2+%u6d77%u4fea%u6069%u6e05%u6da6%u9664%u86cb%u767d%u591a%u529f%u80fd500ml%2b120ml+|Smallsmall%2f141208X02%2f20150914%2f8fab7545bd09d915fb7b099620c02bae143205.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-9717|15.00&2294=2294|%u6b27%u59c6%u9f99%u4f53%u91cd%u8eab%u4f53%u8102%u80aa%u6d4b%u91cf%u5668HBF-306|Smallsmall%2f02051410%2f20150205%2fab9f1c0ef6ebd035356c2ea0ec8a3150152949.jpg|http%3a%2f%2fwww.hp1997.com%2fproduct-2294|185.00; ASP.NET_SessionId=0hmwuwo3is2qezfvulvhg3ic; hpmycart_url=http://www.hp1997.com/search.aspx?brandid=0; CNZZDATA3103466=cnzz_eid%3D1470973842-1452680740-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1452680740; bdshare_firstime=1452685286559; BAIDUID=1B0B986E19BE870C3F731E51C126B276:FG=1; HP1997ShopCart=83451138=8345|1|1|%ef%bf%bd%ef%bf%bd%c6%ac|1|2%c6%ac%d7%b0|38|1000|2
Host: www.hp1997.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

11.jpg

12.jpg

13.jpg

444.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-01-24 10:50

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价