当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-067397

漏洞标题:河南教育网某分站存在SQL注入漏洞

相关厂商:河南教育网

漏洞作者: 浮萍

提交时间:2014-07-04 16:46

修复时间:2014-08-18 16:48

公开时间:2014-08-18 16:48

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-07-04: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-08-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

还有几个洞没给审呢

详细说明:

河南教育网分站http://book.haedu.cn/book/view.asp?bh=278818

Snap16.jpg


Snap17.jpg


服务器和数据库类型

web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Oracle
banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bi'
current user: 'HAEDU'
current schema (equivalent to database on Oracle): 'HAEDU'
current user is DBA: True


其中数据库

available databases [25]:
[*] BJ_ERP
[*] BODANI
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] ERP2
[*] ERP2_TEST
[*] EXFSYS
[*] HAEDU
[*] KGBOOK
[*] MAIWANG1KG
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TANFU
[*] TEST
[*] TEST_KGBOOK
[*] TONGSHU
[*] TSMSYS
[*] WMSYS
[*] XDB


HAEDU中的表

Database: HAEDU
[114 tables]
+------------------------+
| DIMING |
| DV_ACTION |
| DV_BAOZHANG |
| DV_BASE |
| DV_BOOKCOUPON |
| DV_BOOKSHELF |
| DV_BOOKWARNING |
| DV_BOOK_HOT |
| DV_BT |
| DV_CART |
| DV_CHAT |
| DV_CLIENTMODULE |
| DV_CUXIAO |
| DV_CUXIAO_ITEM |
| DV_DEPART |
| DV_DISPATCH_BOOK |
| DV_DISPATCH_PLAN |
| DV_DISPATCH_PLAN_PLAT |
| DV_ERP_PARA |
| DV_FANKUI |
| DV_FAVORITE |
| DV_FOCUSBOOK |
| DV_HUODONG |
| DV_KC_ITEM |
| DV_LB2 |
| DV_LB3 |
| DV_LB31 |
| DV_LB_INDEX |
| DV_LB_INDEX_ITEM |
| DV_LOSTBOOK |
| DV_MODULE |
| DV_NEWS |
| DV_ORDER |
| DV_ORDERITEM |
| DV_ORDER_ITEM_IMPORT |
| DV_PIC |
| DV_PINDAO |
| DV_PINDAO_ITEM |
| DV_PLAT |
| DV_PLAT_LINK |
| DV_PLAT_MAC |
| DV_PLAT_USER |
| DV_PROMOTORDER_ITEM_KC |
| DV_QIANGGOU |
| DV_REPORT_BOOK |
| DV_REPORT_FS |
| DV_REPORT_FS_SEASON |
| DV_REPORT_PROJECT |
| DV_ROLE |
| DV_ROLEUSER_PLAT |
| DV_ROLE_ACTION |
| DV_ROLE_MODULE |
| DV_ROLE_USER |
| DV_SEARCH |
| DV_SITE |
| DV_SITE_BOOK |
| DV_SUMPLAT |
| DV_SUMPLAT_PLAT |
| DV_TEMP_ORDER |
| DV_TEMP_ORDER_ITEM |
| DV_TOP |
| DV_TOP_ITEM |
| DV_TUIJIE |
| DV_TUIJIE_ITEM |
| DV_USER |
| DV_USER_ZSY |
| DV_VIEW_LOG |
| ERP_BASE |
| ERP_BASE_BZBOOK_ITEM |
| ERP_BASE_HOTBOOK_ITEM |
| ERP_BASE_HOT_ITEM |
| ERP_BASE_OLD |
| ERP_BASE_TBTJ_ITEM |
| ERP_BASE_TJBOOK_ITEM |
| ERP_CBS |
| ERP_CBS_TMP |
| ERP_CHEAP |
| ERP_FS |
| ERP_FS_DZ |
| ERP_JK |
| ERP_LB |
| ERP_LB2 |
| ERP_LB3 |
| ERP_LOGIN |
| ERP_MODULE |
| ERP_NEWS |
| ERP_NEWS_READ |
| ERP_NEW_LB |
| ERP_ORDERITEM_ERP |
| ERP_PART |
| ERP_PART_MODULE |
| ERP_PICK |
| ERP_PICK_ITEM |
| ERP_PICK_ITEM_BOOK |
| ERP_PLUS |
| ERP_RK_USER |
| ERP_ROLL |
| ERP_TSD_DBF |
| ERP_USER |
| ERP_USER_MODULE |
| ERP_YCK_CBS |
| ERP_YCK_DW |
| ERP_YCK_FS |
| ERP_YCK_USER |
| ERP_YF |
| ERP_YF_ITEM |
| ERP_YF_ITEM_SUB |
| ERP_ZK_MANAGEMENT |
| ERP_ZTF_TYPE |
| MAIWANG_COMMODITY |
| PLAN_TABLE |
| SHIBAIDV_USER |
| TEMPBOOK |
| TESTBH |
+------------------------+


漏洞证明:

河南教育网分站http://book.haedu.cn/book/view.asp?bh=278818

Snap16.jpg


Snap17.jpg


服务器和数据库类型

web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Oracle
banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bi'
current user: 'HAEDU'
current schema (equivalent to database on Oracle): 'HAEDU'
current user is DBA: True


其中数据库

available databases [25]:
[*] BJ_ERP
[*] BODANI
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] ERP2
[*] ERP2_TEST
[*] EXFSYS
[*] HAEDU
[*] KGBOOK
[*] MAIWANG1KG
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TANFU
[*] TEST
[*] TEST_KGBOOK
[*] TONGSHU
[*] TSMSYS
[*] WMSYS
[*] XDB


HAEDU中的表

Database: HAEDU
[114 tables]
+------------------------+
| DIMING |
| DV_ACTION |
| DV_BAOZHANG |
| DV_BASE |
| DV_BOOKCOUPON |
| DV_BOOKSHELF |
| DV_BOOKWARNING |
| DV_BOOK_HOT |
| DV_BT |
| DV_CART |
| DV_CHAT |
| DV_CLIENTMODULE |
| DV_CUXIAO |
| DV_CUXIAO_ITEM |
| DV_DEPART |
| DV_DISPATCH_BOOK |
| DV_DISPATCH_PLAN |
| DV_DISPATCH_PLAN_PLAT |
| DV_ERP_PARA |
| DV_FANKUI |
| DV_FAVORITE |
| DV_FOCUSBOOK |
| DV_HUODONG |
| DV_KC_ITEM |
| DV_LB2 |
| DV_LB3 |
| DV_LB31 |
| DV_LB_INDEX |
| DV_LB_INDEX_ITEM |
| DV_LOSTBOOK |
| DV_MODULE |
| DV_NEWS |
| DV_ORDER |
| DV_ORDERITEM |
| DV_ORDER_ITEM_IMPORT |
| DV_PIC |
| DV_PINDAO |
| DV_PINDAO_ITEM |
| DV_PLAT |
| DV_PLAT_LINK |
| DV_PLAT_MAC |
| DV_PLAT_USER |
| DV_PROMOTORDER_ITEM_KC |
| DV_QIANGGOU |
| DV_REPORT_BOOK |
| DV_REPORT_FS |
| DV_REPORT_FS_SEASON |
| DV_REPORT_PROJECT |
| DV_ROLE |
| DV_ROLEUSER_PLAT |
| DV_ROLE_ACTION |
| DV_ROLE_MODULE |
| DV_ROLE_USER |
| DV_SEARCH |
| DV_SITE |
| DV_SITE_BOOK |
| DV_SUMPLAT |
| DV_SUMPLAT_PLAT |
| DV_TEMP_ORDER |
| DV_TEMP_ORDER_ITEM |
| DV_TOP |
| DV_TOP_ITEM |
| DV_TUIJIE |
| DV_TUIJIE_ITEM |
| DV_USER |
| DV_USER_ZSY |
| DV_VIEW_LOG |
| ERP_BASE |
| ERP_BASE_BZBOOK_ITEM |
| ERP_BASE_HOTBOOK_ITEM |
| ERP_BASE_HOT_ITEM |
| ERP_BASE_OLD |
| ERP_BASE_TBTJ_ITEM |
| ERP_BASE_TJBOOK_ITEM |
| ERP_CBS |
| ERP_CBS_TMP |
| ERP_CHEAP |
| ERP_FS |
| ERP_FS_DZ |
| ERP_JK |
| ERP_LB |
| ERP_LB2 |
| ERP_LB3 |
| ERP_LOGIN |
| ERP_MODULE |
| ERP_NEWS |
| ERP_NEWS_READ |
| ERP_NEW_LB |
| ERP_ORDERITEM_ERP |
| ERP_PART |
| ERP_PART_MODULE |
| ERP_PICK |
| ERP_PICK_ITEM |
| ERP_PICK_ITEM_BOOK |
| ERP_PLUS |
| ERP_RK_USER |
| ERP_ROLL |
| ERP_TSD_DBF |
| ERP_USER |
| ERP_USER_MODULE |
| ERP_YCK_CBS |
| ERP_YCK_DW |
| ERP_YCK_FS |
| ERP_YCK_USER |
| ERP_YF |
| ERP_YF_ITEM |
| ERP_YF_ITEM_SUB |
| ERP_ZK_MANAGEMENT |
| ERP_ZTF_TYPE |
| MAIWANG_COMMODITY |
| PLAN_TABLE |
| SHIBAIDV_USER |
| TEMPBOOK |
| TESTBH |
+------------------------+


修复方案:

版权声明:转载请注明来源 浮萍@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论

  1. 2014-07-04 16:52 | 浮萍 ( 普通白帽子 | Rank:555 漏洞数:118 | 默默潜水)

    @xss@疯狗求审核http://www.wooyun.org/bugs/wooyun-2014-066956/trace/45132eae6c31be5325e6a36dd732e441 http://www.wooyun.org/bugs/wooyun-2014-067211/trace/b763a44568b7397e4bb51fe585094415 http://www.wooyun.org/bugs/wooyun-2014-067215/trace/868998f6ccf55643d4701e80d7b5888d http://www.wooyun.org/bugs/wooyun-2014-067336/trace/82cb39e064a2cbde4ccc58da750cd2f5还有几个