当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-072428

漏洞标题:重庆福彩代理商接入系统sql注入

相关厂商:cncert国家互联网应急中心

漏洞作者: scanf

提交时间:2014-08-15 11:54

修复时间:2014-09-29 19:08

公开时间:2014-09-29 19:08

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-08-15: 细节已通知厂商并且等待厂商处理中
2014-08-20: 厂商已经确认,细节仅向厂商公开
2014-08-30: 细节向核心白帽子及相关领域专家公开
2014-09-09: 细节向普通白帽子公开
2014-09-19: 细节向实习白帽子公开
2014-09-29: 细节向公众公开

简要描述:

这是官方代理哦
默念我是白帽

详细说明:

http://222.177.23.36:8080/index.do
注入点:http://222.177.23.36:8080/load.do?infoId=35

QQ截图20140814221948.png


随便看一个表吧

Database: AnteProxy
[343 tables]
+-------------------------------------+
| AccountBind |
| AgencyIssueBuy |
| AnteAngentPayLog |
| AnteAngentReport |
| AnteAngentReportAll |
| AnteAngentReportOld |
| AnteAngentReportView |
| AnteBind |
| AnteBuyState |
| AnteBuyTemp |
| AnteBuyTempOld |
| AnteCardInfo |
| AnteCodeRisk |
| AnteCounter |
| AnteCounterState |
| AnteCounterType |
| AnteDetail |
| AnteDetailOld |
| AnteFrontAccountBalance |
| AnteFrontDrawFeeConfig |
| AnteFrontDrawInfo |
| AnteFrontDrawInfoOld |
| AnteFrontDrawInfoView |
| AnteFrontDrawLog |
| AnteFrontDrawLogOld |
| AnteFrontDrawLogView |
| AnteFrontDrawProviderInfo |
| AnteFrontFillLog |
| AnteFrontFillLogOld |
| AnteFrontFillLogView |
| AnteFrontFinanceAccountReport |
| AnteFrontFinanceAnteReport |
| AnteFrontFinanceAnteReportOld |
| AnteFrontFinanceAnteReportView |
| AnteFrontFinanceMoneyReport |
| AnteFrontFinanceMoneyReportOld |
| AnteFrontFinanceMoneyReportView |
| AnteFrontGameMap |
| AnteFrontInfoAccessories |
| AnteFrontInfoIncepter |
| AnteFrontInfoTopic |
| AnteFrontIssueFlagMap |
| AnteFrontPayAccount |
| AnteFrontPayDetail |
| AnteFrontPayDetailOld |
| AnteFrontPayDetailReport |
| AnteFrontPayDetailReportOld |
| AnteFrontPayDetailReportView |
| AnteFrontPayDetailView |
| AnteFrontPlayTypeMap |
| AnteFrontPresentLog |
| AnteFrontPresentLogold |
| AnteFrontProviderInfo |
| AnteFrontSalesMoneyBalanceLog |
| AnteFrontTicketMap |
| AnteFrontTicketMapOld |
| AnteFrontTicketMapView |
| AnteFrontTransType |
| AnteFrontUniteAnteBuyInfo |
| AnteFrontUniteAnteBuyInfoOld |
| AnteFrontUniteAnteBuyInfoView |
| AnteFrontUniteAnteCommisionInfo |
| AnteFrontUniteAnteCommisionInfoOld |
| AnteFrontUniteAnteCommisionInfoView |
| AnteFrontUniteAnteInfo |
| AnteFrontUniteAnteInfoView |
| AnteFrontUniteAnteInfoold |
| AnteFrontUniteAnteSponsorInfo |
| AnteFrontUrl |
| AnteFrontWinLog |
| AnteFrontWinLogOld |
| AnteFrontWinLogView |
| AnteGame |
| AnteGameType |
| AnteIssue |
| AnteIssueAll |
| AnteIssueFlag |
| AnteIssueNotifyLog |
| AnteIssueNotifyLogOld |
| AnteIssueNotifyLogView |
| AnteIssueOld |
| AnteIssueView |
| AnteMobileBinding |
| AnteRequestLog |
| AnteRequestLogOld |
| AnteRequestLogView |
| AnteShortLoteryConfig |
| AnteShortLotreyConfLog |
| AnteSummary |
| AnteSysPara |
| AnteTicket |
| AnteTicketAll |
| AnteTicketNotifyLog |
| AnteTicketNotifyLogOld |
| AnteTicketNotifyLogView |
| AnteTicketOld |
| AnteTotalRisk |
| AnteTradeState |
| AnteTradeType |
| AnteUserInfo |
| AnteUserProfile |
| AnteWin |
| AnteWinAll |
| AnteWinBulletin |
| AnteWinOld |
| Ante_TransDetail |
| Ante_TransDetailOld |
| AwardParameter |
| BankCardBind |
| BetTypeMap |
| CardOrderInfo |
| Club |
| D99_CMD |
| D99_REG |
| D99_Tmp |
| DBConvertCheckPoint |
| DIY_TEMPCOMMAND_TABLE |
| FrontBonusProviderInfo |
| FrontSendBonusFileLog |
| FrontUniteAnteBonusDetail |
| FrontUniteAnteBonusDetailOld |
| FrontUniteAnteBonusDetailView |
| Game |
| GiftCertificate |
| HP_ConnType |
| HP_Trans |
| HP_flag_name |
| IssueSalesInfo |
| LotteryRequestInfo |
| M_ATransCounter_Sta_Day |
| M_ATransCounter_Sta_Min |
| M_ATransIssue_Sta_Day |
| M_ATransIssue_Sta_Min |
| M_ATransSummary |
| M_TransSrv |
| MatchResult |
| Msg_AnswerInfo |
| Msg_AnswerInfoOld |
| Msg_AnteInfo |
| Msg_AnteInfoOld |
| Msg_messagein |
| Msg_messagereport |
| MultiIssueEntrust |
| MultiIssueEntrustDetail |
| OperateLog |
| PCoopID_TransID |
| P_Acc2Oper |
| P_AccountType |
| P_AccountUpdateDetail |
| P_AcctBalance |
| P_CheckDetail |
| P_OCoops |
| P_OperItems |
| P_PCoops |
| P_PayAccount |
| P_PayDetail |
| P_PayDetailAll |
| P_PayDetailOld |
| P_PayDetailTemp |
| P_PaydetailView |
| P_PaymentPara |
| P_PrePayment |
| P_PrePaymentOld |
| P_PresentList |
| P_PutTemp |
| P_ReconcileEveryDay |
| P_SysPara |
| P_TaskDetail |
| P_TimerTask |
| P_TradePro |
| P_TransType |
| P_UndoDetail |
| PaymentTransDetail |
| PaymentTransDetailOld |
| PaymentTransDetailView |
| PickUpAwardMoney |
| PrintAccount |
| PrintAccountDetail |
| PrintAccountDetailold |
| PrintCounter |
| PrintCounterIssue |
| PrintCounterPayInfo |
| PrintCounterPayInfoLog |
| PrintCounterView |
| PrintGameMap |
| PrintPlayTypeMap |
| PrintPriority |
| PrintSalseBonusReport |
| PrintThreadControl |
| PrintWinPondReport |
| PrizeBulletin |
| ReconcileDetail |
| RiskControl |
| RiskControlInfo |
| RiskControlInfo_bak20110420 |
| RiskControl_bak20110420 |
| SalseCommissionReport |
| SalseCommissionReportView |
| SalseCommissionReportold |
| ScAnteGameMap |
| ScAnteIssueMap |
| ScAnteIssueMapAll |
| ScAnteIssueMapOld |
| ScAnteSaleReport |
| ScAnteSaleReportAll |
| ScAnteSaleReportOld |
| ScAnteSeqMap |
| ScAnteSeqMapOld |
| ScAnteTicketMap |
| ScAnteTicketMapAll |
| ScAnteTicketMapOld |
| ScAnteTicketMapView |
| ScIssue |
| ScIssueAll |
| ScIssueOld |
| ScStation |
| ScWin |
| ScWinAll |
| ScWinFile |
| ScWinFileOld |
| ScWinInfo |
| ScWinInfoOld |
| ScWinLevel |
| ScWinLevelOld |
| ScWinOld |
| ScheduleInfo |
| Sequence |
| Siwebtmp |
| Sjczmb |
| Sjczmbold |
| Sjispda |
| SoccerMatch |
| SolarData |
| StationGroup |
| T_User |
| Tb_Lottery_Info |
| Tb_Lottery_Infoold |
| Tb_Ticket_Info |
| Tb_Win_Ticket |
| Tb_Win_Ticketold |
| WIN20131121110 |
| WinPondReport |
| XMLDBMSKey |
| antewin(上海) |
| aabbcc |
| acl_group |
| acl_permission |
| acl_role |
| acl_role_permission |
| acl_user_group_role |
| aneissue0326 |
| ante |
| ante1 |
| anteangentreport127 |
| antecounter101021 |
| antecounter6888 |
| antefrontpayaccount802stop |
| antefrontticketmap3d212301 |
| antefrontticketmap_error |
| antefrontticketmaperr |
| anteissue0208 |
| anteissue0209 |
| anteissue040 |
| antetempssc |
| anteticket20131224120 |
| anteticket2123 |
| anteticket23277 |
| anteticket3d212301 |
| anteticket61119 |
| anteticketerr |
| antewin0014 |
| antewin0231030 |
| antewin20130107084 |
| antewin2013102 |
| antewin2013148 |
| antewin2013151 |
| antewin455244 |
| antewin455982 |
| antewin469790 |
| antewinO |
| antewinView |
| antewinlose |
| antewinsh |
| app_identifier |
| app_user |
| bigwinlog |
| comd_list |
| counterbalance |
| errorBAKangepaylog |
| hp_cqelper_20140401_20140401 |
| hp_cqelper_20140402_20140402 |
| hp_cqelper_20140403_20140403 |
| hp_cqelper_20140404_20140404 |
| hp_cqelper_20140405_20140405 |
| hp_cqelper_20140406_20140406 |
| hp_cqelper_20140407_20140407 |
| hp_cqelper_20140408_20140408 |
| hp_cqelper_20140409_20140409 |
| hp_cqelper_20140410_20140410 |
| hp_cqelper_20140411_20140411 |
| hp_cqelper_20140412_20140412 |
| hp_cqelper_20140413_20140413 |
| hp_cqelper_20140415_20140415 |
| hp_cqelper_20140416_20140416 |
| hp_cqelper_20140417_20140417 |
| hp_cqelper_20140418_20140418 |
| hp_cqelper_20140419_20140419 |
| hp_cqelper_20140420_20140420 |
| hp_cqelper_20140421_20140421 |
| hp_cqelper_20140422_20140422 |
| hp_cqelper_20140423_20140423 |
| hp_cqelper_20140424_20140424 |
| hp_cqelper_20140425_20140425 |
| hp_cqelper_20140426_20140426 |
| hp_cqelper_20140427_20140427 |
| hp_cqelper_20140428_20140428 |
| hp_cqelper_20140429_20140429 |
| hp_cqelper_20140430_20140430 |
| lasttime |
| p_putTemp_history |
| printGameType |
| printProvinceDateReportView |
| printcounter20110713 |
| printcounterissueold |
| printdrawlog |
| provinceDateReportView |
| sjfhxx |
| ssc20131121110 |
| ssc_130128006 |
| ssc_130404028 |
| ssq011 |
| sysdiagrams |
| t_jiaozhu |
| tb_ticket_infoold |
| ticketidaaaa |
| vv |
| win023015 |
| winlog2010001 |
| wy023015 |
| wy_hpsales |
| zwc07251 |
| zwc0818 |
| zwc1 |
+-------------------------------------+


QQ截图20140814222411.png


打吗不专业

漏洞证明:

QQ截图20140814222551.png


QQ截图20140814222843.png


QQ截图20140814223658.png


就不深入了,怕被查水表.

修复方案:

过滤,密码不要明文

版权声明:转载请注明来源 scanf@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-08-20 09:33

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给重庆分中心,由重庆分中心后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论

  1. 2014-08-15 12:25 | scanf ( 核心白帽子 | Rank:1232 漏洞数:186 | 。)

    完了有个图没有上

  2. 2014-08-15 15:51 | darkrerror ( 普通白帽子 | Rank:263 漏洞数:44 )

    @scanf 你可以编辑的