当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162147

漏洞标题:某市住房公积金管理中心SQL注入漏洞影响158库

相关厂商:某市住房公积金管理中心

漏洞作者: 路人甲

提交时间:2015-12-17 18:06

修复时间:2016-02-04 17:47

公开时间:2016-02-04 17:47

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-17: 细节已通知厂商并且等待厂商处理中
2015-12-21: 厂商已经确认,细节仅向厂商公开
2015-12-31: 细节向核心白帽子及相关领域专家公开
2016-01-10: 细节向普通白帽子公开
2016-01-20: 细节向实习白帽子公开
2016-02-04: 细节向公众公开

简要描述:

某市住房公积金管理中心

详细说明:

衡水市住房公积金管理中心SQL注入漏洞
eg:http://**.**.**.**/info.aspx?id=158

漏洞证明:

1.png


available databases [158]:                                                     
[*] 2594115
[*] 3hgolf
[*] 6066998
[*] 93782
[*] apagroupprc_com
[*] baijiefm_cn
[*] bd_cnco-op_com
[*] bh360_net
[*] bikemuseum
[*] ccjm
[*] cdrft
[*] celia-makeup_com
[*] cemgnc
[*] checheng123
[*] china-pingpang
[*] chinatianhua_com
[*] cn-haex_com
[*] cz_cnco-op_com
[*] dbx_gov_cn
[*] dgz_gov_cn
[*] dmuchina
[*] dongdi-com
[*] fuhuadajiudian_com
[*] gerun
[*] glzx
[*] greenwallfood_com
[*] gtxdweb
[*] guoda-hotel_com
[*] guyujiaohua_com
[*] gxjsdb
[*] hbaccp
[*] hbgxjsh
[*] hbgygt_gov_cn
[*] hbjxgt_gov_cn
[*] hbjzgt_gov_cn
[*] hbkcjjw
[*] hblsgt_gov_cn
[*] hbpamirs
[*] hbpude
[*] hbsinostar_com
[*] hbsjzzbb
[*] hbttwnet
[*] hbwjgt_com
[*] hbxinda
[*] hbxlgt_gov_cn
[*] hbxtanggt_gov_cn
[*] hdjjldd
[*] hdrise
[*] hdwsjy_com_delete
[*] hebayst612
[*] hebcec
[*] hebeicy
[*] hebeiqinglian
[*] hebeiwp-cdt
[*] hebhbed_com
[*] hebnaiye
[*] hebnetfocus_com
[*] hebpicc
[*] hebpoop
[*] hengshidc
[*] hepingluxiaoxue
[*] hgks_com
[*] house_delete
[*] housemanagement
[*] hradmin
[*] hszfgjj
[*] hwship
[*] hwwjdb
[*] hyproject_com
[*] jingshui
[*] jjzd
[*] junlebaoruye
[*] jxdrb_gov_cn
[*] landroverhebei
[*] lanxiangzs_com
[*] lcdangwu
[*] lclt
[*] lfkj
[*] liantongweixin
[*] lingjingmy
[*] lixin
[*] ltwl
[*] master
[*] meiyidasuye_cn
[*] model
[*] msdb
[*] nationaltour
[*] net1721498
[*] Northwind
[*] nqxingtai678
[*] psjybg_delete_delete
[*] pubs
[*] pxcjcx
[*] qdsbj0311_delete
[*] qhdytlw
[*] qhitxt_com
[*] qilangshangmao1
[*] qxsbj
[*] ryntv
[*] sanyouxx_delete
[*] shangjie
[*] sjzgaj_gov_cn
[*] sjzgkw_com
[*] sjzjnjc
[*] sjzjyhd
[*] sjzlszg
[*] sjzqyzc
[*] sjzsanzhong
[*] sjzsdyyy
[*] sjzskwy_com
[*] ske_delete
[*] slslc_net
[*] sq32767993
[*] ssicargo
[*] strongertech
[*] sxgaj
[*] tempdb
[*] test
[*] TSJTWLB
[*] tssfj
[*] tsunicom_delete_delete
[*] tsyyzx
[*] TXOrder
[*] vintagestone
[*] wjgs126
[*] wopaizhixiao
[*] xbpjt
[*] xhxdcyy
[*] xiabianyige
[*] xiaochun
[*] xiaochunzaoxing_com
[*] xinghe
[*] xingtang_gov_cn
[*] xinlianshe
[*] xn--2qq09gdzj0r1annh8yd_xn--fiqs8s
[*] xn--7mqq7h632a2xcg02c_com
[*] xn--djrv90dknfjql_com
[*] xnwpharma_com_eng
[*] xsz_gov_cn
[*] xtcucc
[*] xtjnrceh9xt
[*] xygsds
[*] ycgdpx
[*] ysxfby
[*] ysxxld
[*] yszzymw
[*] yuanshizf
[*] yzhqsnxxg
[*] yzp0502
[*] zc13_delete
[*] zdsf
[*] zhengyu-zs_com
[*] zhguoyi_com
[*] zjcc_delete
[*] Zjkqxga
[*] zkjuhe
[*] zsj123
[*] zxqy2012

修复方案:

过滤 waf safedog

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-12-21 17:46

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给河北分中心,由其后续协调网站管理单位处置.

最新状态:

暂无


漏洞评价:

评价