当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0149343

漏洞标题: 某志愿者网SQL注入导致上万志愿者档案泄露(姓名/学校/照片/手机号码/生日/地址等)

相关厂商:cncert国家互联网应急中心

漏洞作者: 路人甲

提交时间:2015-10-27 18:09

修复时间:2015-12-14 17:36

公开时间:2015-12-14 17:36

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-27: 细节已通知厂商并且等待厂商处理中
2015-10-30: 厂商已经确认,细节仅向厂商公开
2015-11-09: 细节向核心白帽子及相关领域专家公开
2015-11-19: 细节向普通白帽子公开
2015-11-29: 细节向实习白帽子公开
2015-12-14: 细节向公众公开

简要描述:

RT

详细说明:

http://**.**.**.**/volunteers/show_vhuodong.aspx?Vid=18803


QQ截图20151025151728.png


部分表单

| sys.dm_tran_commit_table                          |
| sys.dm_tran_current_snapshot                      |
| sys.dm_tran_current_transaction                   |
| sys.dm_tran_database_transactions                 |
| sys.dm_tran_locks                                 |
| sys.dm_tran_session_transactions                  |
| sys.dm_tran_top_version_generators                |
| sys.dm_tran_transactions_snapshot                 |
| sys.dm_tran_version_store                         |
| sys.dm_xe_map_values                              |
| sys.dm_xe_object_columns                          |
| sys.dm_xe_objects                                 |
| sys.dm_xe_packages                                |
| sys.dm_xe_session_event_actions                   |
| sys.dm_xe_session_events                          |
| sys.dm_xe_session_object_columns                  |
| sys.dm_xe_session_targets                         |
| sys.dm_xe_sessions                                |
| sys.endpoint_webmethods                           |
| sys.endpoints                                     |
| sys.event_notification_event_types                |
| sys.event_notifications                           |
| sys.events                                        |
| sys.extended_procedures                           |
| sys.extended_properties                           |
| sys.filegroups                                    |
| sys.foreign_key_columns                           |
| sys.foreign_keys                                  |
| sys.fulltext_catalogs                             |
| sys.fulltext_document_types                       |
| sys.fulltext_index_catalog_usages                 |
| sys.fulltext_index_columns                        |
| sys.fulltext_index_fragments                      |
| sys.fulltext_indexes                              |
| sys.fulltext_languages                            |
| sys.fulltext_stoplists                            |
| sys.fulltext_stopwords                            |
| sys.fulltext_system_stopwords                     |
| sys.function_order_columns                        |
| sys.http_endpoints                                |
| sys.identity_columns                              |
| sys.index_columns                                 |
| sys.indexes                                       |
| sys.internal_tables                               |
| sys.key_constraints                               |
| sys.key_encryptions                               |
| sys.linked_logins                                 |
| sys.login_token                                   |
| sys.master_files                                  |
| sys.master_key_passwords                          |
| sys.message_type_xml_schema_collection_usages     |
| sys.messages                                      |
| sys.module_assembly_usages                        |
| sys.numbered_procedure_parameters                 |
| sys.numbered_procedures                           |
| sys.objects                                       |
| sys.openkeys                                      |
| sys.parameter_type_usages                         |
| sys.parameter_xml_schema_collection_usages        |
| sys.parameters                                    |
| sys.partition_functions                           |
| sys.partition_parameters                          |
| sys.partition_range_values                        |
| sys.partition_schemes                             |
| sys.partitions                                    |
| sys.plan_guides                                   |
| sys.procedures                                    |
| sys.remote_logins                                 |
| sys.remote_service_bindings                       |
| sys.resource_governor_configuration               |
| sys.resource_governor_resource_pools              |
| sys.resource_governor_workload_groups             |
| sys.routes                                        |
| sys.schemas                                       |
| sys.securable_classes                             |
| sys.server_assembly_modules                       |
| sys.server_audit_specification_details            |
| sys.server_audit_specifications                   |
| sys.server_audits                                 |
| sys.server_event_notifications                    |
| sys.server_event_session_actions                  |
| sys.server_event_session_events                   |
| sys.server_event_session_fields                   |
| sys.server_event_session_targets                  |
| sys.server_event_sessions                         |
| sys.server_events                                 |
| sys.server_file_audits                            |
| sys.server_permissions                            |
| sys.server_principal_credentials                  |
| sys.server_principals                             |
| sys.server_role_members                           |
| sys.server_sql_modules                            |
| sys.server_trigger_events                         |
| sys.server_triggers                               |
| sys.servers                                       |
| sys.service_broker_endpoints                      |
| sys.service_contract_message_usages               |
| sys.service_contract_usages                       |
| sys.service_contracts                             |
| sys.service_message_types                         |
| sys.service_queue_usages                          |
| sys.service_queues                                |
| sys.services                                      |
| sys.soap_endpoints                                |
| sys.spatial_index_tessellations                   |
| sys.spatial_indexes                               |
| sys.spatial_reference_systems                     |
| sys.sql_dependencies                              |
| sys.sql_expression_dependencies                   |
| sys.sql_logins                                    |
| sys.sql_modules                                   |
| sys.stats_columns                                 |
| sys.stats_columns                                 |
| sys.symmetric_keys                                |
| sys.synonyms                                      |
| sys.sysaltfiles                                   |
| sys.syscacheobjects                               |
| sys.syscharsets                                   |
| sys.syscolumns                                    |
| sys.syscomments                                   |
| sys.sysconfigures                                 |
| sys.sysconstraints                                |
| sys.syscurconfigs                                 |
| sys.syscursorcolumns                              |
| sys.syscursorrefs                                 |
| sys.syscursors                                    |
| sys.syscursortables                               |
| sys.sysdatabases                                  |
| sys.sysdepends                                    |
| sys.sysdevices                                    |
| sys.sysfilegroups                                 |
| sys.sysfiles                                      |
| sys.sysforeignkeys                                |
| sys.sysfulltextcatalogs                           |
| sys.sysindexes                                    |
| sys.sysindexkeys                                  |
| sys.syslanguages                                  |
| sys.syslockinfo                                   |
| sys.syslogins                                     |
| sys.sysmembers                                    |
| sys.sysmessages                                   |
| sys.sysobjects                                    |
| sys.sysoledbusers                                 |
| sys.sysopentapes                                  |
| sys.sysperfinfo                                   |
| sys.syspermissions                                |
| sys.sysprocesses                                  |
| sys.sysprotects                                   |
| sys.sysreferences                                 |
| sys.sysremotelogins                               |
| sys.sysservers                                    |
| sys.system_columns                                |
| sys.system_components_surface_area_configuration  |
| sys.system_internals_allocation_units             |
| sys.system_internals_partition_columns            |
| sys.system_internals_partitions                   |
| sys.system_objects                                |
| sys.system_parameters                             |
| sys.system_sql_modules                            |
| sys.system_views                                  |
| sys.systypes                                      |
| sys.sysusers                                      |
| sys.table_types                                   |
| sys.tables                                        |
| sys.tcp_endpoints                                 |
| sys.trace_categories                              |
| sys.trace_columns                                 |
| sys.trace_event_bindings                          |
| sys.trace_events                                  |
| sys.trace_subclass_values                         |
| sys.traces                                        |
| sys.transmission_queue                            |
| sys.trigger_event_types                           |
| sys.trigger_events                                |
| sys.triggers                                      |
| sys.type_assembly_usages                          |
| sys.types                                         |
| sys.user_token                                    |
| sys.via_endpoints                                 |
| sys.views                                         |
| sys.xml_indexes                                   |
| sys.xml_schema_attributes                         |
| sys.xml_schema_collections                        |
| sys.xml_schema_component_placements               |
| sys.xml_schema_components                         |
| sys.xml_schema_elements                           |
| sys.xml_schema_facets                             |
| sys.xml_schema_model_groups                       |
| sys.xml_schema_namespaces                         |
| sys.xml_schema_types                              |
| sys.xml_schema_wildcard_namespaces                |
| sys.xml_schema_wildcards                          |
+---------------------------------------------------+
Database: hds0280121_db
[45 tables]
+---------------------------------------------------+
| Adminpictemp                                      |
| Adminpictemp                                      |
| Art_Example                                       |
| Art_board                                         |
| Art_class                                         |
| Art_type                                          |
| D99_CMD                                           |
| D99_Tmp                                           |
| ad_ads                                            |
| ad_iplist                                         |
| ad_weizhi                                         |
| article                                           |
| clear                                             |
| declare_unit                                      |
| diaodong_info                                     |
| dnt_admingroups                                   |
| dnt_adminvisitlog                                 |
| dnt_advertisements                                |
| dnt_announcements                                 |
| dnt_attachments                                   |
| dnt_attachpaymentlog                              |
| dnt_attachtypes                                   |
| dnt_banned                                        |
| dnt_bbcodes                                       |
| dnt_bonuslog                                      |
| dnt_creditslog                                    |
| dnt_debatediggs                                   |
| dnt_debates                                       |
| dnt_failedlogins                                  |
| dnt_favorites                                     |
| dnt_forumfields                                   |
| dnt_forumlinks                                    |
| dnt_forums                                        |
| dnt_help                                          |
| dnt_invitation                                    |
| dnt_locations                                     |
| dnt_medalslog                                     |
| dnt_medalslog                                     |
| dnt_moderatormanagelog                            |
| dnt_moderators                                    |
| dnt_myattachments                                 |
| dnt_myposts                                       |
| dnt_mytopics                                      |
| dnt_navs                                          |
| dnt_notices                                       |
+---------------------------------------------------+


找不着管理员的数据库表。、。
不然可以泄露很多自愿者的资料。

漏洞证明:

QQ截图20151025151728.png


修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-30 17:34

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。

最新状态:

暂无