Sogou mobile phone input method sites exist SQL injection vulnerability-vulnerability warning-the black bar safety net

2012-09-16T00:00:00
ID MYHACK58:62201234931
Type myhack58
Reporter 佚名
Modified 2012-09-16T00:00:00

Description

Vulnerability type: SQL injection vulnerability

Hazard rating: low

The self-assessment Rank of: 5

Vulnerability status: the vendor has confirmed

Brief description:

Browse sogou input method web site, found that the presence ofSQL injectionvulnerabilities.

Detailed description:

1. http://shouji.sogou.com/dict_show.php?sort=date&cate=0&keyword= Parameter keyword did not do the filter, the malicious input led to the error message, may be injected. Parameters of the sort the presence of the same error, but here to sort through some processing, it should be is the“union|select”key to do the replace, this parameter appears in the SQL statement order by position, with the blinds perhaps may be, I'm not the injection is successful, but still should be for malicious input process more stringent.

2. http://shouji.sogou.com/wap/index.php?c=down&a=content_all&id=2 6 Parameter id not do the filter, the same can be an error to inject. 3. http://shouji.sogou.com/wap/?c=skin&a=platform&platform_type=s60v2 Parameters platform_type http://shouji.sogou.com/wap/index.php?c=skin&a=info_gx&skin_id=1 5 3 6 5 1&pos=3 Parameters skin_id And 2 of the case.

http://shouji.sogou.com/wap/index.php?c=dict The search box present POST injection, submitted to the test'will error

Vulnerability proof:

Several injection points are a situation.

banner: '5.0.95-log' current user: 'ime_shouji@10.14.131.131' Database: dt_ime_shouji_dictdata [3 2 tables]

Repair solutions:

The parameters of the input do strict filtering. The error handling more friendly to some, to avoid the database, the path information leakage.