当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-025937

漏洞标题:商务通主业务系统平台侧漏

相关厂商:zoosnet.net

漏洞作者: piaoye

提交时间:2013-06-14 17:58

修复时间:2013-06-19 17:59

公开时间:2013-06-19 17:59

漏洞类型:重要敏感信息泄露

危害等级:低

自评Rank:5

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-06-14: 细节已通知厂商并且等待厂商处理中
2013-06-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

商务通使用数量上千万,至少垄断了医疗行业。此问题可引起医疗行业信息泄露

详细说明:

出现在http://yktadmin.zoosnet.net/ 商务通目前主打业务,98以上医院网址使用此客服系统。
http://yktadmin.zoosnet.net/web.config 配置信息泄露
http://yktadmin.zoosnet.net/admin.rar 源码泄露
后台地址:http://yktadmin.zoosnet.net/LR_Admin/login.aspx
其他不多说

漏洞证明:

public string Add(string p_Parent_Admin_ID, string p_Admin_Name, string p_Real_Name, string p_Taxis, string p_Role_ID)
{
    string strRS = "";
    try
    {
        DataTable dtUser = DataHelper.QueryByCommand("select  " + AdminTable.DBColumn_Admin_ID + "  from " + AdminTable.DBTable_T_Admin + " where " + AdminTable.DBColumn_Admin_Name + "=@" + AdminTable.DBColumn_Admin_Name, "@" + AdminTable.DBColumn_Admin_Name, p_Admin_Name);
        if (!(((dtUser == null) || (dtUser.Rows.Count == 0)) || dtUser.Rows[0][AdminTable.DBColumn_Admin_ID].ToString().Equals("")))
        {
            return "此用户已存在!";
        }
        DataTable dtParents = DataHelper.QueryByCommand("select  " + AdminTable.DBColumn_Admin_Relation + "  from " + AdminTable.DBTable_T_Admin + " where " + AdminTable.DBColumn_Admin_ID + "=@" + AdminTable.DBColumn_Parent_Admin_ID, "@" + AdminTable.DBColumn_Parent_Admin_ID, p_Parent_Admin_ID);
        if ((dtParents != null) && (dtParents.Rows.Count != 0))
        {
            string p_Admin_Relation = dtParents.Rows[0][AdminTable.DBColumn_Admin_Relation].ToString() + "|" + p_Parent_Admin_ID;
            Hashtable htParameter = new Hashtable();
            htParameter.Add("@" + AdminTable.DBColumn_Admin_Name, p_Admin_Name);
            htParameter.Add("@" + AdminTable.DBColumn_Taxis, p_Taxis);
            htParameter.Add("@" + AdminTable.DBColumn_Real_Name, p_Real_Name);
            htParameter.Add("@" + AdminTable.DBColumn_Parent_Admin_ID, p_Parent_Admin_ID);
            htParameter.Add("@" + AdminTable.DBColumn_Role_ID, p_Role_ID);
            htParameter.Add("@" + AdminTable.DBColumn_Admin_Relation, p_Admin_Relation);
            string SQLstring = "insert into " + AdminTable.DBTable_T_Admin + " (" + AdminTable.DBColumn_Parent_Admin_ID + "," + AdminTable.DBColumn_Admin_Name + "," + AdminTable.DBColumn_Real_Name + "," + AdminTable.DBColumn_Taxis + "," + AdminTable.DBColumn_Del_Flag + "," + AdminTable.DBColumn_Role_ID + "," + AdminTable.DBColumn_Admin_Relation + ")values(@" + AdminTable.DBColumn_Parent_Admin_ID + ",@" + AdminTable.DBColumn_Admin_Name + ",@" + AdminTable.DBColumn_Real_Name + ",@" + AdminTable.DBColumn_Taxis + ",'0',@" + AdminTable.DBColumn_Role_ID + ",@" + AdminTable.DBColumn_Admin_Relation + ")";
            if (DataHelper.Execute(SQLstring, htParameter).IndexOf("False") != -1)
            {
                strRS = "添加失败!";
            }
            else
            {
                strRS = "添加成功!";
                try
                {
                    Backup_TickLogic.Add(SQLstring, htParameter, "1", this.strAdmin_ID);
                }
                catch (Exception ex)
                {
                    TextHelper.RecordErrorInfor(ex);
                }
            }
        }
        else
        {
            return "上级编号记录不存在!";
        }
    }
    catch
    {
        strRS = "添加失败!";
    }
    return strRS;
}

修复方案:

系统配置问题引起。

版权声明:转载请注明来源 piaoye@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-06-19 17:59

厂商回复:

最新状态:

暂无

漏洞评价:

评论

  1. 2013-06-28 09:22 | piaoye ( 普通白帽子 | Rank:343 漏洞数:53 | ww)

    @zoosnet.net bitch