当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-051395

漏洞标题:中国建设银行某合作方网站存在SQL注入漏洞

相关厂商:中国建设银行

漏洞作者: se55i0n

提交时间:2014-02-19 17:39

修复时间:2014-04-05 17:40

公开时间:2014-04-05 17:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-02-19: 细节已通知厂商并且等待厂商处理中
2014-02-24: 厂商已经确认,细节仅向厂商公开
2014-03-06: 细节向核心白帽子及相关领域专家公开
2014-03-16: 细节向普通白帽子公开
2014-03-26: 细节向实习白帽子公开
2014-04-05: 细节向公众公开

简要描述:

RT,或可泄漏大量敏感信息

详细说明:

1)测试对象:http://hb.ccb365.com/

1.png


2)测试注入点:

3.png


2.png


4.png


3)获取的数据库信息:

available databases [7]:
[*] ABCKEY
[*] Cmbc
[*] JSCCBKEY
[*] master
[*] model
[*] msdb
[*] tempdb


Database: JSCCBKEY
[222 tables]
+--------------------------+
| AH_UserVerify |
| ActivitiesLimitRemoved |
| ActivitiesSet |
| ActivitiesTypes |
| ActivityCard |
| ActivityPeriod |
| ActivityRemoved |
| ActivityStatistics |
| AdManage |
| AdSetting |
| AffirAword |
| AnswerActivity |
| AnswerRecord |
| ApplyMiniCard |
| ApplyPointsLog |
| AuctionGoods |
| AuctionOKList |
| AuctionRecord |
| AwardOrder |
| AwardPeriod |
| AwardPro |
| AwardTurntableOK |
| AwardTurntableOK20121127 |
| AwardTurntableOrder |
| AwardTurntablePro |
| AwardUser |
| Balance |
| BankActivity |
| BankLobbyManager |
| BankUser |
| Blacklist |
| BookingPeriod |
| BranchActivity |
| Brand |
| CCBBranch |
| CQ_Area |
| CQ_Merchant |
| CQ_OfferType |
| CQ_Region |
| CQ_Reviews |
| CQ_SmallClass |
| CashCoupons |
| CcbFinanceService |
| CharityBook |
| CharityBookCategory |
| CharityBookOrder |
| CharityDonationOrder |
| Cities |
| City |
| CommonUsers |
| CouponCode |
| CouponOrders |
| Coupons |
| D99_Tmp |
| DC_Admin |
| DC_BaoJian_Code |
| DC_CaiPin |
| DC_CaiPin_Code |
| DC_CaiXi_Code |
| DC_KouWei_Code |
| DC_Order |
| DC_Order_CaiPin |
| DC_ShangJia |
| DC_ShangJia_CaiXi |
| DC_ShangQuan_Code |
| DC_XingZheng_Code |
| DeliverRemoved |
| DiceOrders |
| DicePrize |
| DiceSet |
| DiscountProducts |
| DrawPrizes |
| DrawPrizesOrder |
| EducationBackGround |
| EmailInvite |
| EmailTemplet |
| ExpressCompany |
| Feedback |
| FinanceCoupon |
| FinanceCouponReceiveLog |
| FinancialMerchant |
| FinancialProduct |
| ForumTopic |
| FreightTemplate |
| GS_UserVerify |
| GoodHarmonyOrder |
| GroupMembers |
| GroupTerms |
| Groups |
| HLJUkeyUser20121127 |
| HalfCard |
| HalfCard_Temp |
| HistoryStatistics |
| InvitationCode |
| InvitationCodeUsers |
| Invite |
| InviteStat |
| JSAwardOrder |
| JSAwardPro |
| JSCity |
| JSSchool |
| KeySNBatch |
| KeySequence |
| LN_MS_UserInfo |
| MailBox |
| Manager |
| ManagerUsbkey |
| ManagerUserBranchName |
| Menus |
| MiaoShaOK |
| MiaoShaOkBak |
| MiaoShaPro |
| MiaoShaZC |
| ModuleCategory |
| MovieOrder |
| MsgTempletRemoved |
| News |
| NewsCategory |
| Options |
| OrderDetail |
| P_Commodity |
| P_CommodityDetail |
| P_OrderDetail |
| P_Orders |
| P_ProductSpecifications |
| P_ThreeSpecifications |
| P_TwoSpecifications |
| P_UserCoupon |
| PhilatelicSpike |
| PointsConsumptionLog |
| PointsToVoucherLog |
| ProductCategory |
| ProductFreightTemplate |
| ProductItem |
| ProductOrders |
| Province |
| RaffleItemsSettings |
| ReceiveManager |
| Receiving |
| RechargeLog |
| RechargeLotteryRecords |
| RechargePayment |
| SMSLog |
| SecondsKillLog |
| SendCardRechargeOrder |
| ShareDetail |
| Signedpolite |
| SuAwardFlashOrder |
| SuAwardFlashPro |
| SuZhouT_UserVerify |
| Subject |
| Supplier |
| SupplierActivity |
| SupplierCategory |
| Sys_Function |
| Sys_Role |
| Sys_RoleFunction |
| Sys_UserRole |
| Tbl_SPPParameter |
| Tbl_SellerProduct |
| Tbl_SellersOrder |
| Tbl_SellersOrderProduct |
| Tbl_Vouchers |
| Tbl_VouchersPay |
| TuanGoldType |
| TuanGou |
| TuanGouBranchShop |
| TuanGouCars |
| TuanGouCarsType |
| TuanGouCode |
| TuanOrder |
| TuanProCateg |
| TurnOKLobbyManagerExtend |
| UkeyUser |
| UkeyUser20121127 |
| UkeyUserTransform |
| UserActivity |
| UserBindPoints |
| UserBlackList |
| UserBooking |
| UserPerm |
| UserPoints |
| UserTemp |
| VAnswerList |
| VAuctionRecord |
| VCouponOrderList |
| VCouponOrderStatistics |
| VOIP |
| V_DicePrize |
| V_P_Commodity |
| VerificationCodeRecord |
| VersionUpgrad |
| VisitOrder |
| Vote |
| VoteItem |
| Voucher |
| VoucherSupplier |
| WeChatMenu |
| WeChatNews |
| Whitelist |
| WinningLimit |
| XJ_CCBUserInfo |
| XJ_UserAccess |
| YZMActivityCodeSN |
| YZMActivityCodeSNCJ |
| YZMActivityCodeSNRemoved |
| YZMActivityType |
| YouLifeOrders |
| ZQAward |
| ZQAwardRemark |
| aukeyuser |
| choujiangdingdan |
| eCouponOrders |
| gsBranch |
| gssubbranch |
| temptable |
| test10 |
| test11 |
| test20 |
| vCouponOrder |
| vGroupList |
| xinchoujiangdingdan |
+--------------------------+


PS:由于金融行业的敏感性,这里未近一步测试~

漏洞证明:

2.png


4.png

修复方案:

过滤

版权声明:转载请注明来源 se55i0n@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-02-24 09:24

厂商回复:

CNVD确认并复现所述情况,与http:///bugs/wooyun-2014-一并处置,由于案例重复,总计rank 25。此外,经建设银行确认,网站为合作方网站,对标题由wooyun进行了更正。

最新状态:

暂无


漏洞评价:

评论

  1. 2014-02-19 18:00 | U神 ( 核心白帽子 | Rank:1285 漏洞数:142 | 感谢乌云,知恩不忘,其实我一直都在乌云默...)

    咱不搞银行好吗?

  2. 2014-04-19 16:19 | 大大怪 ( 路人 | Rank:0 漏洞数:1 | PHP 爱好者)

    C# 有类型检查,这个是 int 型,根本 sqlmap 不了。

  3. 2014-04-19 21:05 | gniq ( 路人 | Rank:8 漏洞数:1 | 学习无止境,生活更美好)

    @大大怪 那这个手注的?