当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0174726

漏洞标题:肯德基主站一个日志泄漏到一个完整SQL注射的过程

相关厂商:baison.com.cn

漏洞作者: 路人甲

提交时间:2016-02-04 11:20

修复时间:2016-02-22 09:00

公开时间:2016-02-22 09:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-02-04: 细节已通知厂商并且等待厂商处理中
2016-02-22: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

一个日志泄漏到一个完整SQL注射的过程

详细说明:

先是神器扫到

http://www.kfc.com.cn/service/log.txt


----------Begin-----------1/19/2016 12:49:04 PM
System.ServiceModel.FaultException: Server was unable to process request. ---> Incorrect syntax near '作为一个开放型消费休息场所'.
Unclosed quotation mark after the character string ''.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at kfcService.WebService1Soap.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent)
at kfcService.WebService1SoapClient.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent)
at complain.ibtnSubmit_Click(Object sender, ImageClickEventArgs e)
----------End-----------


这个语法错误说明似乎哪个地方有个注射?

kfc.jpg


----------Begin-----------2/4/2016 10:52:15 AM
System.ServiceModel.FaultException: Server was unable to process request. ---> Conversion failed when converting the nvarchar value 'Microsoft SQL Server 2012 - 11.0.2218.0 (X64)
Jun 12 2012 13:05:25
Copyright (c) Microsoft Corporation
Standard Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1) (Hypervisor)
' to data type int.
Server stack trace:
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at kfcService.WebService1Soap.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent)
at kfcService.WebService1SoapClient.complainDataSet(String strName, String strPhone, String strHappenTime, String strProvince, String strCity, String strStore, String strContent)
at complain.ibtnSubmit_Click(Object sender, ImageClickEventArgs e)
----------End-----------


搞定!!!

漏洞证明:


修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-02-22 09:00

厂商回复:

漏洞Rank:15 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价

  1. 2016-02-04 11:45 | %230CC ( 路人 | Rank:6 漏洞数:2 | 溜溜)

    该漏洞已经加入肯打鸡套餐

  2. 2016-02-04 23:02 | 梦皑皑 ( 路人 | Rank:1 漏洞数:1 | 本人小白,缺团队培养。)

    该漏洞已加入KFX豪华午餐

  3. 2016-02-05 21:54 | %230CC ( 路人 | Rank:6 漏洞数:2 | 溜溜)

    @梦皑皑 豪华 二字彰显大气呀