2016-02-04: 细节已通知厂商并且等待厂商处理中 2016-02-22: 厂商已经主动忽略漏洞,细节向公众公开
一个日志泄漏到一个完整SQL注射的过程
先是神器扫到
http://www.kfc.com.cn/service/log.txt
----------Begin-----------1/19/2016 12:49:04 PMSystem.ServiceModel.FaultException: Server was unable to process request. ---> Incorrect syntax near '作为一个开放型消费休息场所'.Unclosed quotation mark after the character string ''.Server stack trace: at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at kfcService.WebService1Soap.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at kfcService.WebService1SoapClient.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at complain.ibtnSubmit_Click(Object sender, ImageClickEventArgs e)----------End-----------
这个语法错误说明似乎哪个地方有个注射?
----------Begin-----------2/4/2016 10:52:15 AMSystem.ServiceModel.FaultException: Server was unable to process request. ---> Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2012 - 11.0.2218.0 (X64) Jun 12 2012 13:05:25 Copyright (c) Microsoft Corporation Standard Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) (Hypervisor)' to data type int.Server stack trace: at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc) at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at kfcService.WebService1Soap.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at kfcService.WebService1SoapClient.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent) at complain.ibtnSubmit_Click(Object sender, ImageClickEventArgs e)----------End-----------
搞定!!!
危害等级:无影响厂商忽略
忽略时间:2016-02-22 09:00
漏洞Rank:15 (WooYun评价)
暂无
该漏洞已经加入肯打鸡套餐
该漏洞已加入KFX豪华午餐
@梦皑皑 豪华 二字彰显大气呀