乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-09: 细节已通知厂商并且等待厂商处理中 2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-21: 细节向核心白帽子及相关领域专家公开 2015-10-01: 细节向普通白帽子公开 2015-10-11: 细节向实习白帽子公开 2015-10-26: 细节向公众公开
2333333
存在注入URL:http://**.**.**.**/Portal/RfSoft.MapleTr.DPS/Hr/Html/Login.htm?autologin=false
用户名存在注入,报错信息可看出
抓post包
POST /Portal/RfSoft.MapleTr.DPS/Hr/Control/LoginHandler.ashx?opType=LOGIN HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0Accept: */*Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://**.**.**.**/Portal/RfSoft.MapleTr.DPS/Hr/Html/Login.htm?autologin=falseContent-Length: 64Cookie: msid=w2lfnpcfzlipsk2ojbnflqpgX-Forwarded-For: **.**.**.**Connection: keep-alivePragma: no-cacheCache-Control: no-cache<Login><UserName>123</UserName><Password>1234</Password></Login>
UserName参数存在注入,DBA权限
涉及24个库
数据量不小
Database: CMSIS+------------------------------+---------+| Table | Entries |+------------------------------+---------+| TEMP_AET2013110600008 | 669097 || TEMP_AET2013110700024 | 642707 || TEMP_AET2013110700033 | 495932 || MH_RENYUAN_INFO | 32597 || TEMP_AET2013110700015 | 16189 || DPS_LOG | 15780 || TEMP_AET2013110600002 | 10566 || TEMP_AET2013110600005 | 6906 || FILEINFO | 6327 || TEMP_AET2013110600011 | 4981 || TEMP_AET2013110700038 | 4952 || TEMP_AET2013111800003 | 2272 || TEMP_AET2013110700018 | 2231 || TEMP_AET2013110600006 | 1976 || DPS_SE_ROLE_USER | 1804 || TEMP_AET2013110600010 | 1706 || ETL_DATA_LOG | 1403 || ETL_DATAFILE_INFO | 1403 || TEMP_AET2013110600010A | 1122 || DPS_USER | 934 || DPS_USER_ORG | 902 || TEMP_AET2013110700036 | 835 || MH_MRO_INFO | 805 || MH_DATA_STATE | 696 || TEMP_AET2013110700027 | 647 || TEMP_AET2013110600004 | 495 || TEMP_AET2013110700021 | 486 || ETL_TABLE_COLUMN | 428 || TEMP_AET2013110600009 | 392 || DMD_MODELMEMBERS | 371 || DMD_MODELMEMBERS_HISVERSION | 317 || TEMP_AET2013110400002 | 284 || TEMP_AET2013110400003 | 274 || MH_JIANCHAYUAN_INFO | 241 || OMD_OBJECTMANAGE_PROPERTRY | 237 || TEMP_AET2013110700041 | 207 || TEMP_AET2013111800006 | 196 || C_DATADICTIONARY | 182 || DPS_MENU | 170 || TEMP_ET2013110100003 | 164 || TEMP_AET2013110400004 | 150 || DPS_SE_AUTHORIZE | 149 || TEMP_AET2013110700030 | 142 || TEMP_AET2013110600007 | 126 || TEMP_AET2013110600003 | 114 || MH_AIRLINE_INFO | 109 || S_AUTOCODE | 86 || TEMP_AET2013110700009 | 83 || C_TREEBASE_LEVELICON | 53 || ETL_CLASS | 50 || C_TABBASE_PARAM | 48 || LS_INDIVIDUATION_INFO | 47 || BS_BUSINESS_RESOURCE | 40 || DMD_SYSCONFIG | 40 || C_TREEBASE | 39 || MH_TIANBIAO_INFO | 36 || LS_SYSINFO | 34 || ETL_TABLE_DATA_RELATION | 31 || TEMP_AET2013110700012 | 31 || ETL_SUB_CLASS | 30 || OMD_OBJECTMANAGE_VIEW | 27 || OMD_OBJECTMANAGEVIEW_GROUP | 27 || PUBLISH_INFORM_DEPARTMENT | 23 || DMD_SYSCONFIG_HISTORYVERSION | 22 || LDM_SYS_OPTIONS | 22 || WF_WORKFLOW_FUNCTION | 21 || LDM_SYS_MSG | 19 || DPS_PART_VIEW | 16 || OMD_OBJECT_V_R_FUN | 14 || TREE_HELP_USE | 12 || BS_RESOURCE | 11 || MH_FENZHIJIGOU_INFO | 10 || DPS_SE_ROLE | 8 || LINKAGEFORVILLAGE | 8 || DPS_LOG_TYPE | 7 || DPS_PART_TEMPLATE | 7 || BC_FORMAT | 6 || MH_DOCUMENTFILE | 6 || DPS_ORGANIZATION | 5 || PULISH_INFORM | 5 || LDM_EXCEL_TOOLS | 4 || LINKAGEFORCITY | 4 || BC_CONNECTION | 3 || C_TABBASE | 3 || DPS_LOG_FLAGTYPE | 3 || DPS_MESSAGESTATE_TYPE | 3 || BC_CONFIG | 2 || DC_BASEINFO | 2 || DC_DIR_ELEMENT_RELATION | 2 || DPS_PART_PAGE | 2 || LINKAGEFORPROVINCE | 2 || BC_INSTANCE | 1 || CONTROL_FUNCTION | 1 || DC_ROOT_DIR | 1 || DPS_COMMON_MODULEMENU | 1 || DPS_SITE | 1 || XF_CODE_COMPANY | 1 |+------------------------------+---------+
过滤
危害等级:中
漏洞Rank:10
确认时间:2015-09-11 14:35
CNVD确认并复现所述情况,已经转由CNCERT向民航行业测评中心通报,由其后续协调网站管理单位处置。同时同步上报给国家上级信息安全协调机构。
暂无