当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-048713

漏洞标题:湖北省国土资源厅地质勘查资质信息平台SQL注入

相关厂商:湖北省国土资源厅

漏洞作者: cuger

提交时间:2014-01-13 17:45

修复时间:2014-02-27 17:46

公开时间:2014-02-27 17:46

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-01-13: 细节已通知厂商并且等待厂商处理中
2014-01-18: 厂商已经确认,细节仅向厂商公开
2014-01-28: 细节向核心白帽子及相关领域专家公开
2014-02-07: 细节向普通白帽子公开
2014-02-17: 细节向实习白帽子公开
2014-02-27: 细节向公众公开

简要描述:

湖北省国土资源厅地质勘查资质信息平台SQL注入

详细说明:

从主站跳转到这个平台,登录框处存在SQL注入

POST /website/ HTTP/1.1
Host: 119.97.204.213:8001
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:26.0) Gecko/20100101 Firefox/26.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://119.97.204.213:8001/website/
Cookie: ASP.NET_SessionId=ig1qc5biyegmuaogq5cfsg0l
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 4940
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUIODgwNjgyNDIPZBYCAgMPZBYOAgEPZBYCAgMPDxYCHgdWaXNpYmxlaGRkAgIPZBYCAgEPFgIeC18hSXRlbUNvdW50AgUWCmYPZBYCZg8VAyQ0YzQ1YWYxZC03MzNkLTRlOWItYmI4Mi1hNDQwN2E3YjI1MmJF5rmW5YyX55yB5Y6%2F5Z%2Bf55%2B%2F5Lqn6LWE5rqQ5YuY5p%2Bl5byA5Y%2BR5pW05L2T5o6o6L%2Bb6K%2BV54K55bel5L2c5bqnLi4uCTIwMTMtMTEtN2QCAQ9kFgJmDxUDJDI3NTM2N2M1LTAyZWEtNDA5Ny05N2JlLWFlNWNiNDA0YTUwOELmnY7nuqrlubPlpITplb%2FmlbToo4Xli5jmn6XljLrpmLbmrrXmgKfmiJDmnpzlrqHmn6XkvJrkuIrnmoTorrLor50JMjAxMy0xMS02ZAICD2QWAmYPFQMkZDJlODI0MTctOTFkYS00ZTZmLWJkOGEtZWNkOGIzOTU0YWViReWFs%2BS6juW%2BgeaxguOAiua5luWMl%2BecgeWcsOi0qOWLmOafpei1hOi0qOebkeedo%2BeuoeeQhuaaguihjOWKnuazlS4uLgkyMDEzLTExLTZkAgMPZBYCZg8VAyQ4OTBjMmI0NS1lN2YzLTQ3ZGQtOGMxZS01NTU5ZDdlZjU5MjQ955yB5Zu95Zyf6LWE5rqQ5Y6F5YWz5LqOMjAxMuW5tOW6puesrOS6jOaJuemigeWPkeeahOWcsOi0qC4uLgkyMDEzLTEtMzBkAgQPZBYCZg8VAyRhNTI3NzA5OS0zZGYxLTRkOTYtOTI0Ni1mMTE2YjA3Nzc1ZmYY5YWz5LqO5pil6IqC5pS%2B5YGH5YWs5ZGKCTIwMTMtMS0yMWQCAw9kFgICAQ8WAh8BAgQWCGYPZBYCZg8VAyQ3YTliMWNlMS1jYTgzLTQ5Y2MtYjFhOS04M2NmYjNhY2I1ZGU%2F5YWo5Zu95Zyw6LSo5YuY5p%2Bl5oiQ5p6c6YCa5oql5LiO5Zyw6LSo5YuY5p%2Bl6KGM5Lia6YCa5oql57yWLi4uCjIwMTMtMTItMTNkAgEPZBYCZg8VAyRkZTg2YTJjOC1mNDAxLTQwMjgtODJmNS1kNjMwY2ZlYWE2MzM35oiR55yB5o%2BQ5YmN5a6M5oiQMjAxMuW5tOW6puWcsOi0qOWLmOafpeaIkOaenOebtOaKpS4uLgkyMDEzLTEtMzBkAgIPZBYCZg8VAyQ5MmIzZjM1My01N2Y5LTRiYjAtOGMwNC0yZDQ5MDJlNDhhMzAx5YWz5LqO5pil6IqC5pS%2B5YGHIOW3peS9nOWuieaOku%2B8iOW3peS9nOWKqOaAge%2B8iQkyMDEzLTEtMjFkAgMPZBYCZg8VAyQ2ZDcyYTA4My1kMjRiLTRkOWYtYjBmMS05ZGFmN2MyZTc3ODMq5YWz5LqO6JC95a6e5Z%2BO5biC5Yac5p2R5Zyf5Zyw56Gu5p2D5oSP6KeBCTIwMTMtMS0xNGQCBA9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAiQ2NGE4NWRhNS00MzA1LTQyYWMtOWVjYS02ZjI1MDYzZmQ0MWMr5Lit5Zu95Ya26YeR5Zyw6LSo5oC75bGA5Lit5Y2X5bGA5YWtMOWFremYn2QCAQ9kFgJmDxUCJDJlMjU0ODkxLTI5ZmQtNGViOS04ZGEyLTdjZDUyY2I4NmI5YyTmuZbljJfljY7kuprlu7rorr7lt6XnqIvmnInpmZDlhazlj7hkAgIPZBYCZg8VAiQ4OTY1NDFlMy02YmI2LTQ4N2EtYTZkNy1mYTFkMjYwNjA2NWIY5rmW5YyX55yB5Zyw6LSo6LCD5p%2Bl6ZmiZAIDD2QWAmYPFQIkYmEzOTNiNDItYjJlNC00ZjU3LTg5NTYtNzllZjdiZWMwMTRkHua5luWMl%2BecgeWcsOefv%2BW7uuiuvuW3peeoi%2BmZomQCBA9kFgJmDxUCJGQ4MGVlYWFiLTUyNTYtNDg4Ny1iNTQwLTBlYzQxZGExOGFiZivkuK3lm73lhrbph5HlnLDotKjmgLvlsYDkuK3ljZflsYDlha0w5LiD6ZifZAIFD2QWAmYPFQIkMWQyMDlmNGQtMzJhNy00OWNlLTllMjQtYTNlNmIxM2ZjOTg2MOilhOaoiuW4guS4ieWFrembtuefv%2BWxseaKgOacr%2BacjeWKoeaciemZkOWFrOWPuGQCBQ9kFgICAQ8WAh8BAgYWDGYPZBYCZg8VAiQwOTBhNDRjOC03M2YyLTQ1NGQtOTU5Zi1mY2ZhNmZkYWY2MWIb5rmW5YyX55yB56ys5Zub5Zyw6LSo5aSn6ZifZAIBD2QWAmYPFQIkMGI3NThhMjEtMTJiZS00YTU3LTlmMGYtMjg2YzI4MGYyZTg4G%2Ba5luWMl%2BmdnumHkeWxnuWcsOi0qOWFrOWPuGQCAg9kFgJmDxUCJDBjNTJhYzg2LWE3ZjgtNDQxYi04ODJjLTI0NjJhNmQwNzYwYjDopYTmqIrluILkuInlha3pm7bnn7%2FlsbHmioDmnK%2FmnI3liqHmnInpmZDlhazlj7hkAgMPZBYCZg8VAiQwYzVhYTBiZC0xYjdhLTRlNGUtYTc4Yi1iNDNlNTNjYmEzYzIh6ZKf56Wl5biC55%2B%2F5bGx5oqA5pyv5pyN5Yqh5Lit5b%2BDZAIED2QWAmYPFQIkMTE4ZmNhYWEtOGMwOC00MDhiLTllYTEtZGZmNjQ3MjAwMGZkKua5luWMl%2BS4reWNl%2BWLmOWvn%2BWfuuehgOW3peeoi%2BaciemZkOWFrOWPuGQCBQ9kFgJmDxUCJDEyNmNiOThiLTE4ZWUtNDgzNS1hMzU1LTMwODMzNzMyN2RmMCHmuZbljJfnnIHlrpzmmIzlnLDotKjli5jmjqLlpKfpmJ9kAgYPZBYCAgEPFgIfAQIGFgxmD2QWAmYPFQIkMDkwYTQ0YzgtNzNmMi00NTRkLTk1OWYtZmNmYTZmZGFmNjFiG%2Ba5luWMl%2BecgeesrOWbm%2BWcsOi0qOWkp%2BmYn2QCAQ9kFgJmDxUCJDBiNzU4YTIxLTEyYmUtNGE1Ny05ZjBmLTI4NmMyODBmMmU4OBvmuZbljJfpnZ7ph5HlsZ7lnLDotKjlhazlj7hkAgIPZBYCZg8VAiQwYzUyYWM4Ni1hN2Y4LTQ0MWItODgyYy0yNDYyYTZkMDc2MGIw6KWE5qiK5biC5LiJ5YWt6Zu255%2B%2F5bGx5oqA5pyv5pyN5Yqh5pyJ6ZmQ5YWs5Y%2B4ZAIDD2QWAmYPFQIkMGM1YWEwYmQtMWI3YS00ZTRlLWE3OGItYjQzZTUzY2JhM2MyIemSn%2BelpeW4guefv%2BWxseaKgOacr%2BacjeWKoeS4reW%2Fg2QCBA9kFgJmDxUCJDExOGZjYWFhLThjMDgtNDA4Yi05ZWExLWRmZjY0NzIwMDBmZCrmuZbljJfkuK3ljZfli5jlr5%2Fln7rnoYDlt6XnqIvmnInpmZDlhazlj7hkAgUPZBYCZg8VAiQxMjZjYjk4Yi0xOGVlLTQ4MzUtYTM1NS0zMDgzMzczMjdkZjAh5rmW5YyX55yB5a6c5piM5Zyw6LSo5YuY5o6i5aSn6ZifZAIHD2QWAgIBDxYCHwECBBYIZg9kFgJmDxUCF2h0dHA6Ly93d3cubmVkcC5vcmcuY24vGOaJvuefv%2BeqgeegtOaImOeVpeihjOWKqGQCAQ9kFgJmDxUCMGh0dHA6Ly93d3cuaGJsci5nb3YuY24vd3psbS9qZ2Rqdy9kamR0LzIxODg0Lmh0bUDnnIHljoXlj6zlvIDlhajns7vnu5%2FmnLrlhbPlhZrlu7rlt6XkvZzmmqjlhZrliqHlt6XkvZzln7norq3kvJogZAICD2QWAmYPFQIwaHR0cDovL3d3dy5oYmxyLmdvdi5jbi93emxtL2pnZGp3L2RqZHQvMjIzNDcuaHRtTuecgeWOheWPrOW8gOKAnOWinuW8uuWFmuaAp%2BOAgeW7iea0geS7juaUv%2BKAneS4k%2BmimOWtpuS5oOiuqOiuuuaAu%2Be7k%2BivhOiusuS8mmQCAw9kFgJmDxUCL2h0dHA6Ly93d3cuaGJsci5nb3YuY24vd3psbS96d2R0L2djeHcvMjI2OTIuaHRtP%2BWbveWcn%2Bi1hOa6kOmDqOW8gOWxleWFqOWbveKAnOWcn%2BWcsOaXpeKAneS4u%2BmimOWuo%2BS8oOWRqOa0u%2BWKqGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFgMFEFJlc291cmNlTWFuYWdlcjEFIUxvZ2luV2ViVXNlckNvbnRyb2wxJEltYWdlQnV0dG9uMQUhTG9naW5XZWJVc2VyQ29udHJvbDEkSW1hZ2VCdXR0b24yR5dPJ3KdLpxy4pGOzOVfqLvqc8gK5p3kZP5wqDIVZUo%3D&__VIEWSTATEGENERATOR=748D4755&__EVENTVALIDATION=%2FwEWBgK5lfSeCgLk1b%2BVAgLdhOHYDwLd1oT8DQLn%2Fa%2BbCgLo%2Fa%2BbCkKL3U9ruHvJFrALwpUDWJcFbEQRh5sLLyExkG%2F4rgXi&LoginWebUserControl1%24userName=admin&LoginWebUserControl1%24passWord=admin888&LoginWebUserControl1%24ImageButton1.x=32&LoginWebUserControl1%24ImageButton1.y=15&menu1=&menu1=%23&menu1=

漏洞证明:

11.jpg


一共22个数据库,当前数据库”XSYSTEM“,基于时间延迟的,太慢了,就不跑了,不过还是DBA权限。。。。

12.jpg


13.jpg


14.jpg

修复方案:

找开发商吧,貌似这个开发商做的系统有几个单位在用

版权声明:转载请注明来源 cuger@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-01-18 09:21

厂商回复:

最新状态:

暂无

漏洞评价:

评论