乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-02-19: 细节已通知厂商并且等待厂商处理中 2014-02-24: 厂商已经确认,细节仅向厂商公开 2014-03-06: 细节向核心白帽子及相关领域专家公开 2014-03-16: 细节向普通白帽子公开 2014-03-26: 细节向实习白帽子公开 2014-04-05: 细节向公众公开
RT,或可泄漏大量敏感信息~
1)测试对象:http://sdnh.citybank365.com/
2)测试SQL注入点,这里仅仅在客户端使用js检测敏感字符:
3)获取的数据库信息:
available databases [7]:[*] ABCKEY[*] Cmbc[*] JSCCBKEY[*] master[*] model[*] msdb[*] tempdb
Database: ABCKEY[211 tables]+--------------------------+| AH_UserVerify || ActivitiesLimitRemoved || ActivitiesSet || ActivitiesTypes || ActivityCard || ActivityPeriod || ActivityRemoved || ActivitySignUp || ActivityStatistics || AdManage || AdSetting || AffirAword || AnswerActivity || AnswerRecord || ApplyMiniCard || ApplyPointsLog || AuctionGoods || AuctionOKList || AuctionRecord || AwardOrder || AwardPeriod || AwardPro || AwardTurntableOK20121127 || AwardTurntableOK20121127 || AwardTurntableOrder || AwardTurntablePro || AwardUser || Balance || BankActivity || BankLobbyManager || BankUser || BookingPeriod || BranchActivity || Brand || CCBBranch || CQ_Area || CQ_Merchant || CQ_OfferType || CQ_Region || CQ_Reviews || CQ_SmallClass || CashCoupons || CcbFinanceService || CharityBookCategory || CharityBookCategory || CharityBookOrder || CharityDonationOrder || Cities || City || CommonUsers || CouponCode || CouponOrders || Coupons || D99_Tmp || DC_Admin || DC_BaoJian_Code || DC_CaiPin_Code || DC_CaiPin_Code || DC_CaiXi_Code || DC_KouWei_Code || DC_Order_CaiPin || DC_Order_CaiPin || DC_ShangJia_CaiXi || DC_ShangJia_CaiXi || DC_ShangQuan_Code || DC_XingZheng_Code || DeliverRemoved || DiceOrders || DicePrize || DiceSet || DiscountProducts || DrawPrizesOrder || DrawPrizesOrder || EducationBackGround || EmailInvite || EmailTemplet || ExpressCompany || Feedback || FinancialProduct || ForumTopic || FreightTemplate || GS_UserVerify || GroupMembers || GroupTerms || Groups || HLJUkeyUser20121127 || HalfCard_Temp || HalfCard_Temp || HistoryStatistics || InvitationCodeOrder || InvitationCodeOrder || InvitationCodeUsers || Invite || InviteStat || JSAwardOrder || JSAwardPro || JSCity || JSSchool || KeySNBatch || KeySequence || LN_MS_UserInfo || MailBox || Manager || ManagerUsbkey || ManagerUserBranchName || Menus || MiaoShaOkBak || MiaoShaOkBak || MiaoShaPro || MiaoShaZC || ModuleCategory || MovieOrder || MsgTempletRemoved || NewsCategory || NewsCategory || Options || OrderDetail || P_CommodityDetail || P_CommodityDetail || P_OrderDetail || P_Orders || P_ProductSpecifications || P_ThreeSpecifications || P_TwoSpecifications || P_UserCoupon || PhilatelicSpike || PointsConsumptionLog || PointsToVoucherLog || ProductCategory || ProductFreightTemplate || ProductItem || ProductOrders || Province || RaffleItemsSettings || ReceiveManager || Receiving || RechargeLog || RechargeLotteryRecords || RechargePayment || SMSLog || SecondsKillLog || ShareDetail || Signedpolite || SuAwardFlashOrder || SuAwardFlashPro || SuZhouT_UserVerify || Subject || SupplierActivity || SupplierActivity || SupplierCategory || Sys_Function || Sys_RoleFunction || Sys_RoleFunction || Sys_UserRole || Tbl_SPPParameter || Tbl_SellerProduct || Tbl_SellersOrderProduct || Tbl_SellersOrderProduct || Tbl_VouchersPay || Tbl_VouchersPay || TuanGoldType || TuanGouBranchShop || TuanGouBranchShop || TuanGouCars || TuanGouCarsType || TuanGouCode || TuanOrder || TuanProCateg || TurnOKLobbyManagerExtend || UkeyUser20121127 || UkeyUser20121127 || UserActivity || UserBindPoints || UserBlackList || UserBooking || UserPerm || UserPoints || UserTemp || VAnswerList || VAuctionRecord || VCouponOrderList || VCouponOrderList || VCouponOrderStatistics || VOIP || V_P_Commodity || VerificationCodeRecord || VersionUpgrad || VoteItem || VoteItem || Voucher || WinningLimit || XJ_CCBUserInfo || XJ_UserAccess || YZMActivityCodeSNCJ || YZMActivityCodeSNCJ || YZMActivityCodeSNRemoved || YZMActivityType || YouLifeOrders || ZQAward || ZQAwardRemark || aukeyuser || choujiangdingdan || eCouponOrders || gsBranch || gssubbranch || temptable || test10 || test11 || test20 || vGroupList || xinchoujiangdingdan |+--------------------------+
PS:由于是金融行业比较敏感,未近一步测试~
服务器端对所有参数进行过滤,而不仅仅在客户端使用js检测
危害等级:高
漏洞Rank:11
确认时间:2014-02-24 09:19
CNVD确认所述情况,网站为银行合作方网站,已经转由CNCERT直接通报给中国农业银行信息化管理部门处置。
暂无