当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-060895

漏洞标题:某财务系统多处SQL注入

相关厂商:天津神州浩天科技有限公司

漏洞作者: 酱油甲

提交时间:2014-05-15 18:28

修复时间:2014-08-13 18:30

公开时间:2014-08-13 18:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-05-15: 细节已通知厂商并且等待厂商处理中
2014-05-18: 厂商已经确认,细节仅向厂商公开
2014-05-21: 细节向第三方安全合作伙伴开放
2014-07-12: 细节向核心白帽子及相关领域专家公开
2014-07-22: 细节向普通白帽子公开
2014-08-01: 细节向实习白帽子公开
2014-08-13: 细节向公众公开

简要描述:

某财务系统多处SQL注入

详细说明:

天津神州浩天科技有限公司 http://www.szhtkj.com.cn/
旗下的:天财高校财务软件http://www.szhtkj.com.cn/onews.asp?id=331
存在SQL注入漏洞,问题涉及多家高校!!
如下图:

0.jpg


测试站点:
http://www.szhtkj.com.cn/otype.asp?owen1=3
http://cw.fjcc.edu.cn/cw/
http://59.75.114.210/
http://202.113.66.33/web/content.aspx?lb=zc
http://211.64.120.63/cw/content.aspx?lb=zc
----------------------
注入页面1
/wd.aspx?lb=zc
注入参数:
lb
测试地址:
1.http://cw.fjcc.edu.cn/cw/wd.aspx?lb=zc
2.http://59.75.114.210/wd.aspx?lb=zc

1.jpg


2.jpg


-------------------------------
注入页面2:
构造数据包:

POST /cw/whpjcx.aspx HTTP/1.1
Content-Length: 3158
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://cw.fjcc.edu.cn:80/cw/
Cookie: ASP.NET_SessionId=h112iraq3lgaqs45omhifd2y
Host: cw.fjcc.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
bh1=1&bh2=1&Button1=Button&Button2=%b5%bc%b3%f6%b4%f2%d3%a1&hkrdw=none&hpca1=&hpca2=&hprq1=1&hprq2=1&hprxm=1&ImageButton1=&ImageButton2=&ImageButton3=&ImageButton4=&jje1=1&jje2=1&jpca1=&jpca2=&jprdw=none&jprgzbh=aaa&jprq1=1&jprq2=1&pdh=1&pjbh=1&pjdwmc=1&pjlx=none&reset=%d6%d8%20%d6%c3&TextBox1=1&tijiao=%c8%b7%20%b6%a8&xh=1&xm=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWWgLai7bjBwKp8pn0BQKM54rGBgLs0bLrBgLSwtXkAgLSwv2aBALSwsGJCgLSwpnTCALro5biCwLoo5biCwKlo5biCwLDkZWMBgLzl4vRBQKOganmDwKQx6mpBALIgpXEBQLbpturCgLapturCgL47azvCAKvj%2bD/DALXgo%2bdAgLY77bvDAKLhMXUDgLYsfSoAQL9ppaDCwLmz7meDQKL9dtoAqya/cMKAtGDn94MAvqogakGAs/CwfcOAvDr40ICt4jW3Q8C2LH4qAEC/aaagwsCrJrBwwoC0YPj3gwC%2bqiFqQYCz8LF9w4C8OvnQgK3iNrdDwLYsfyoAQL9pp6DCwLmz4GeDQKL9aNpAqyaxcMKAtGD594MAvqoiakGAs/CyfcOAvDr60IC8OuHQgK0iNLdDwLXgvvBCQLY78rvDAKdp9urCgKCq7eWAgLRp4/gCAKgp9urCgKmo5biCwK7q7GGCALNhanvDgKesJiTAQK7p/q4CwKgztWlDQLN9LdTAuqbkfgKApeC8%2bUMAryp7ZIGAonDrcwOArbqj3kC8Ym65g8CnrCUkwECu6f2uAsC6put%2bAoCl4KP5QwCvKnpkgYCicOpzA4CtuqLeQLxibbmDwKesJCTAQK7p/K4CwKgzu2lDQLN9M9SAuqbqfgKApeCi%2bUMAryp5ZIGAonDpcwOArbqh3kCturreQLyib7mD23NAEdxEUxnwPPzW7ZV2PzFCaT6&__VIEWSTATE=/wEPDwUKMTMzODA1MTUyMw9kFgICAQ9kFhYCDw8PFgIeBFRleHQFHOWFseiuoTDmnaHorrDlvZUg5q%2bP6aG1MjDmnaFkZAIRDw8WAh8ABQnnrKwxLzHpobVkZAIXDw8WAh4HRW5hYmxlZGhkZAIZDw8WAh8BaGRkAhsPDxYCHwFoZGQCHQ8PFgIfAWhkZAI6DzwrAAsBAA8WCh4IUGFnZVNpemUCFB4IRGF0YUtleXMWAB4JUGFnZUNvdW50AgEeC18hSXRlbUNvdW50Zh4VXyFEYXRhU291cmNlSXRlbUNvdW50ZmRkAkUPEA8WAh4LXyFEYXRhQm91bmRnZBAVAQnmnKrpgInmi6kVAQRub25lFCsDAWdkZAJJDxAPFgIfB2dkEBUeCeacqumAieaLqQnmoKHpooblr7wG5bel5LyaBuWFmuWnlAbmoKHlip4J5Lq65LqL5aSECeaVmeWKoeWkhAnpq5jmlZnmiYAJ55uR5a%2bf5aSECeWtpueUn%2bWkhA/lkI7li6TnrqHnkIblpIQS5ZCO5Yuk5pyN5Yqh5Lit5b%2bDDOaIkOaVmeS4reW/gwnnp5HnoJTlpIQJ6LSi5Yqh5aSECeS/neWNq%2benkQ/lt6XllYbnrqHnkIbns7sJ57uP6LS457O7CeS8muiuoeezuwzorqHnrpfmnLrns7sJ5peF5ri457O7Cee%2bjuacr%2bezuwnlpJbor63ns7sP5Lq65paH56S%2b56eR57O7CemprOWIl%2bmDqAnln7rnoYDpg6gJ5Zu%2b5Lmm6aaGEueOsOS7o%2baVmeiCsuS4reW/gwnnprvpgIDkvJEG5Li05pe2FR4Ebm9uZQMwMDEDMDAyAzAwMwMwMDQDMDA1AzAwNgMwMDcDMDA4AzAwOQMwMTADMDExAzAxMgMwMTUDMDE2AzAxNwMwMTgDMDE5AzAyMAMwMjEDMDIyAzAyMwMwMjQDMDI1AzAyNgMwMjcDMDI4AzAyOQMwOTkDMTAwFCsDHmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAlAPDxYCHwAFCTIwMTQtNS0xNGRkAloPEA8WAh8HZ2QQFR4J5pyq6YCJ5oupCeagoemihuWvvAblt6XkvJoG5YWa5aeUBuagoeWKngnkurrkuovlpIQJ5pWZ5Yqh5aSECemrmOaVmeaJgAnnm5Hlr5/lpIQJ5a2m55Sf5aSED%2bWQjuWLpOeuoeeQhuWkhBLlkI7li6TmnI3liqHkuK3lv4MM5oiQ5pWZ5Lit5b%2bDCeenkeeglOWkhAnotKLliqHlpIQJ5L%2bd5Y2r56eRD%2bW3peWVhueuoeeQhuezuwnnu4/otLjns7sJ5Lya6K6h57O7DOiuoeeul%2bacuuezuwnml4XmuLjns7sJ576O5pyv57O7CeWkluivreezuw/kurrmlofnpL7np5Hns7sJ6ams5YiX6YOoCeWfuuehgOmDqAnlm77kuabppoYS546w5Luj5pWZ6IKy5Lit5b%2bDCeemu%2bmAgOS8kQbkuLTml7YVHgRub25lAzAwMQMwMDIDMDAzAzAwNAMwMDUDMDA2AzAwNwMwMDgDMDA5AzAxMAMwMTEDMDEyAzAxNQMwMTYDMDE3AzAxOAMwMTkDMDIwAzAyMQMwMjIDMDIzAzAyNAMwMjUDMDI2AzAyNwMwMjgDMDI5AzA5OQMxMDAUKwMeZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZGQYAQUeX19Db250cm9sc1JlcXVpcmVQb3N0QmFja0tleV9fFggFDEltYWdlQnV0dG9uMgUMSW1hZ2VCdXR0b240BQxJbWFnZUJ1dHRvbjMFDEltYWdlQnV0dG9uMQUFaHBjYTIFBWhwY2ExBQVqcGNhMgUFanBjYTEqpQdqFwy1bbiJLF6el%2bUgPoVTTQ%3d%3d


12.jpg


13.jpg


---------------------------------

漏洞证明:

都在上面,这么多高校,不知算不算通用呢……?

修复方案:

过滤

版权声明:转载请注明来源 酱油甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2014-05-18 15:56

厂商回复:

CNVD确认并复现所述情况,由CNVD通过公开渠道联系软件生产厂商天津神州浩天科技有限公司处置。

最新状态:

暂无

漏洞评价:

评论