当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-076431

漏洞标题:杭州市人社局某系统存在SQL注入

相关厂商:cncert国家互联网应急中心

漏洞作者: Feei

提交时间:2014-09-18 14:13

修复时间:2014-11-02 14:14

公开时间:2014-11-02 14:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-09-18: 细节已通知厂商并且等待厂商处理中
2014-09-23: 厂商已经确认,细节仅向厂商公开
2014-10-03: 细节向核心白帽子及相关领域专家公开
2014-10-13: 细节向普通白帽子公开
2014-10-23: 细节向实习白帽子公开
2014-11-02: 细节向公众公开

简要描述:

杭州市人社局某系统由于参数过滤不严导致SQL注入,可获取大量敏感信息!

详细说明:

杭州市人力社保局高层次人才与专家管理系统 http://review.train.gov.cn/
注入点:
http://review.train.gov.cn/Index/Index/viewNews/id/33
由于参数ID没有限制造成存在boolean/union/time三种注入
通过adminuser表拿到超级管理员帐号和密码,可登陆控制网站
可以获取大量敏感信息:各类专家/高级人才联系方式

漏洞证明:

后台

444.png


555.png


666.png


777.png


各种管理员用户

888.png


DB
Database: think_declare
[49 tables]
+---------------------------------------+
| admininfo |
| blacklist |
| cate_item_dao |
| cate_item_mace |
| cate_item_main |
| cate_item_meetcode |
| cate_item_meetresult |
| cate_item_template |
| cate_seniority |
| cate_seniority_nosenior |
| certificate_ce |
| certificate_cerproject |
| certificate_exam |
| certificate_rep_fillprint |
| certificate_repository |
| companys |
| declares |
| declares_checked |
| declares_com_quantiz |
| declares_dels |
| declares_exp_quantiz |
| declares_extent |
| declares_extent_types |
| departments |
| expert |
| expert_audit |
| expert_dao |
| expert_group |
| expert_pgroup |
| expert_template |
| file_dao |
| judges |
| model |
| news |
| news_extents |
| nulltable |
| products |
| products_expert_person |
| products_expert_setting |
| products_group |
| products_passinfo |
| products_quantiz_item |
| products_quantiz_templ |
| products_review |
| products_specialty_item |
| products_specialty_templ |
| users |
| users_account |
| users_role |
+---------------------------------------+
Database: declare
[90 tables]
+---------------------------------------+
| adminclass |
| adminmanage |
| adminmanage_state |
| adminuser |
| adminuser0711 |
| blacklist |
| blacklist_dao |
| cate_ce |
| cate_ce20120306 |
| cate_ce_log |
| cate_group |
| cate_group_templ |
| cate_group_templ_item |
| cate_item |
| cate_item1226 |
| cate_item20120111 |
| cate_item20120116 |
| cate_item20120130 |
| cate_item_black |
| cate_item_cerproject |
| cate_item_dao |
| cate_item_dels |
| cate_item_extent |
| cate_item_infopublic |
| cate_item_list |
| cate_item_mace |
| cate_item_mace0609 |
| cate_item_mace1222 |
| cate_item_mace1223 |
| cate_item_mace20120111 |
| cate_item_mace20120118 |
| cate_item_mace20120130 |
| cate_item_mace20120306 |
| cate_item_mace20120307 |
| cate_item_mace20120308 |
| cate_item_mace20120312 |
| cate_item_mace20120322 |
| cate_item_mace20120515 |
| cate_item_mace20120529 |
| cate_item_mace20130428 |
| cate_item_mace_temp |
| cate_item_main |
| cate_item_meetcode |
| cate_item_meetresult |
| cate_item_reprint |
| cate_item_result |
| cate_item_return |
| cate_item_score |
| cate_item_template |
| cate_item_template_bak |
| cate_item_template_old |
| cate_score |
| cate_score_templ |
| cate_score_templ_item |
| cate_seniority |
| cate_seniority0823 |
| cate_seniority0902 |
| cate_seniority_0609 |
| cate_subject |
| cate_unioncate |
| cate_unioncate_expert |
| company |
| companyuser_dao |
| companyuser_template |
| expert |
| expert_audit |
| expert_dao |
| expert_group |
| expert_group_person |
| expert_pgroup |
| expert_template |
| expert_template0613 |
| expert_template_bak |
| file_dao |
| interface_fy01 |
| interface_fy02 |
| interface_fy07 |
| members_login |
| news |
| news_extent |
| products |
| products0805 |
| products_attr_templ |
| products_dels |
| products_expert |
| products_expert_person |
| products_expert_persontmp |
| products_expert_setting |
| products_group |
| products_template |
+———————————————————+

修复方案:

过滤参数

版权声明:转载请注明来源 Feei@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-09-23 08:34

厂商回复:

最新状态:

暂无


漏洞评价:

评论