当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140242

漏洞标题:神州数码某系统SQL注入(大量用户信息泄露)

相关厂商:digitalchina.com

漏洞作者: 深度安全实验室

提交时间:2015-09-10 17:18

修复时间:2015-09-11 10:51

公开时间:2015-09-11 10:51

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-10: 细节已通知厂商并且等待厂商处理中
2015-09-10: 厂商已经确认,细节仅向厂商公开
2015-09-11: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

rt

详细说明:

Google Hacking到神州数码如下链接,其中,fix_id参数存在SQL注入

http://servexpress.digitalchina.com/sms/DELL/fix/fixAllInfo.asp?fix_id=C506031201

a.jpg


发现11个库

b.jpg

漏洞证明:

以ERS库为例,发现百万规模的表

Database: ERS
+---------------------+---------+
| Table               | Entries |
+---------------------+---------+
| LOGIN_LIST          | 4141728 |
| CUST                | 2718576 |
| PERSON_INF          | 2392669 |
| CCS_DELL_RESULT     | 1154633 |
| MAIL                | 1056855 |
| CCS_CASE            | 854095  |
| ORGNIZATION_PROFILE | 316973  |
| CCS_AD_BILL         | 260222  |
| CCS_AD_OPT_LOG      | 116561  |
| DAY_LIST            | 10000   |


泄露的账户信息

Database: ERS
Table: DIC_USERS
[50 entries]
+---------+-------------+--------------+-----+-------------+----------------------+
| USER_ID | LOGIN_ID    | PASSWORD     | M1  | M2          | LAST_UPDATE_PWD_DATE |
+---------+-------------+--------------+-----+-------------+----------------------+
| 10140   | dc-fucx1    | zzzzzz1      | nec | dc-fucx1    | 2015-04-01 15:56:26  |
| 10141   | xa-songzy   | song123      | nec | xa-songzy   | 2009-10-09 09:38:18  |
| 10142   | bj-zhaoyan  | 885669       | nec | bj-zhaoyan  | 2001-01-01 00:00:00  |
| 10144   | dc-lyq      | 1qa23z       | nec | dc-lyq      | 2012-03-12 11:48:43  |
| 10145   | sh-kl       | 64661559kl   | nec | sh-kl       | 2011-09-07 18:27:12  |
| 10146   | bj2-yzy     | yzy          | nec | bj2-yzy     | 2001-01-01 00:00:00  |
| 10147   | wh-lvyp     | lyp811214    | nec | wh-lvyp     | 2008-12-15 10:10:58  |
| 10148   | sy-huanghai | huanghai     | nec | sy-huanghai | 2001-01-01 00:00:00  |
| 10149   | bj-libr     | libr         | nec | bj-libr     | 2001-01-01 00:00:00  |
| 10150   | bj-liujd    | 12345        | nec | bj-liujd    | 2001-01-01 00:00:00  |
| 10151   | xa-liwq     | 123456l      | nec | xa-liwq     | 2015-04-01 14:24:12  |
| 10152   | dc-syl      | enter        | nec | dc-syl      | 2001-01-01 00:00:00  |
| 10153   | bj-lj       | lijiae1      | nec | bj-lj       | 2009-10-09 10:58:50  |
| 10154   | bj-fuqh     | fuqh         | nec | bj-fuqh     | 2001-01-01 00:00:00  |
| 10155   | dc-zb       | zhaobin7879  | nec | dc-zb       | 2014-06-16 17:59:19  |
| 10156   | nj-zt       | nj           | nec | nj-zt       | 2001-01-01 00:00:00  |
| 10157   | bj-fanyj    | blfiqpgf     | nec | bj-fanyj    | 2001-01-01 00:00:00  |
| 10158   | bj-jl       | akuma820809  | nec | bj-jl       | 2001-01-01 00:00:00  |
| 10159   | bj2-jl      | akuma820809  | nec | bj2-jl      | 2001-01-01 00:00:00  |
| 10160   | bj2-mn      | maning122802 | nec | bj2-mn      | 2013-02-21 14:29:31  |
| 10161   | bj2-fyj     | 198000       | nec | bj2-fyj     | 2001-01-01 00:00:00  |
| 10162   | bj-xzm      | xzm          | nec | bj-xzm      | 2001-01-01 00:00:00  |
| 10163   | sh-zxl      | zxl321       | nec | sh-zxl      | 2015-04-03 14:39:05  |
| 10164   | bj-zhy      | zhy123       | nec | bj-zhy      | 2013-07-08 09:16:43  |
| 10165   | dc-cc       | dccc800      | nec | dc-cc       | 2015-06-26 09:25:13  |
| 10166   | bj-lbw      | 5211314      | nec | bj-lbw      | 2001-01-01 00:00:00  |
| 10167   | sh-lx       | anad0728     | nec | sh-lx       | 2015-05-08 18:08:50  |
| 10168   | dc-sqj      | 13301353150  | nec | dc-sqj      | 2001-01-01 00:00:00  |
| 10170   | dc-wwj      | 0606wwj      | nec | dc-wwj      | 2011-09-14 09:42:55  |
| 10171   | dc-wg       | newpass123x  | nec | dc-wg       | 2013-09-23 15:13:00  |
| 10173   | bj-hxq      | hxq000       | nec | bj-hxq      | 2015-01-23 09:20:29  |
| 10175   | sh-zsy      | tos901       | nec | sh-zsy      | 2014-05-13 16:15:57  |
| 10176   | wh-lly      | asd321       | nec | wh-lly      | 2014-03-28 12:35:06  |
| 10177   | sz-tzy      | NONE         | nec | sz-tzy      | 2001-01-01 00:00:00  |
| 10178   | bj-ty       | ty19710401   | nec | bj-ty       | 2008-12-31 15:16:16  |
| 10179   | bj-ln       | 1234         | nec | bj-ln       | 2001-01-01 00:00:00  |
| 10180   | bj-mn       | 19810802     | nec | bj-mn       | 2001-01-01 00:00:00  |
| 10181   | bj-wl       | 741852pp     | nec | bj-wl       | 2013-07-04 18:44:50  |
| 10182   | bj-jxl      | ooo          | nec | bj-jxl      | 2001-01-01 00:00:00  |
| 10183   | dc-nw       | 781029       | nec | dc-nw       | 2001-01-01 00:00:00  |
| 10184   | jn-zl       | 123asd       | nec | jn-zl       | 2009-10-16 15:38:12  |
| 10185   | nj-zxy      | zxy          | nec | nj-zxy      | 2012-07-05 14:19:53  |
| 10186   | dc-zhuhj    | aaa111       | nec | dc-zhuhj    | 2014-06-06 11:21:41  |
| 10187   | dc-niewei   | 456          | nec | dc-niewei   | 2001-01-01 00:00:00  |
| 10188   | nec-jzq     | nec12345     | nec | nec-jzq     | 2009-01-05 13:57:29  |
| 10189   | 10189       | lizhb2009    | nec | cd-zhouzh   | 2010-09-21 18:17:24  |
| 10190   | nec-zq      | nec111       | nec | nec-zq      | 2009-03-12 17:55:26  |
| 10191   | nec-zgyj    | 11111        | nec | nec-zgyj    | 2001-01-01 00:00:00  |
| 10192   | nec-hy      | 12345678     | nec | nec-hy      | 2001-01-01 00:00:00  |
| 10193   | dc-yangqian | 42yangqian   | nec | dc-yangqian | 2014-07-15 11:35:09  |
+---------+-------------+--------------+-----+-------------+----------------------+

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-09-10 17:25

厂商回复:

好的。

最新状态:

2015-09-11:已修复

漏洞评价:

评论

  1. 2015-09-11 11:14 | 深度安全实验室 ( 核心白帽子 | Rank:1936 漏洞数:315 )

    秒确认,秒修复,牛叉,给力

  2. 2015-09-11 16:03 | 千牛 ( 路人 | 还没有发布任何漏洞 | 敢想敢做,come on)

    修复个毛线,我还能注入的

  3. 2015-09-11 16:13 | RickGray ( 路人 | Rank:15 漏洞数:3 )

    这没修复就公开也太草率了吧

  4. 2015-09-11 16:27 | 深度安全实验室 ( 核心白帽子 | Rank:1936 漏洞数:315 )

    神州数码今天主动公开了两个:wooyun-2015-140093、wooyun-2015-140242。当时只把140093验了,确实修复了.所以,140242就没验,刚试了,注入确实还存在,汗

  5. 2015-09-13 18:16 | memetest ( 路人 | Rank:28 漏洞数:10 | memetest)

    ...深度,你提交的很多洞,前面的人都提交过了