乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-04: 细节已通知厂商并且等待厂商处理中 2015-01-09: 厂商已经确认,细节仅向厂商公开 2015-01-19: 细节向核心白帽子及相关领域专家公开 2015-01-29: 细节向普通白帽子公开 2015-02-08: 细节向实习白帽子公开 2015-02-18: 细节向公众公开
某大型支付机构电子支付客户关系管理系统整站源码可下载,且还存在SQL注入漏洞,敏感部门的敏感系统,不敢进一步测试。
http://crm.chinapay.com/
整站源码可下载http://crm.chinapay.com/www.rar
SQL注入漏洞 WooYun: 用友TurboCRM SQL盲注(通杀所有版本)
$dd = TDD_GetDatadict();//装载数据词典$dealconn = mssql_connect(SQL_DEALSYS_IP,SQL_DEALSYSACCOUNT,SQL_DEALSYSPASSWD) or die('连接数据库错误');$dealconn = mssql_connect('10.*.**.239','crm_login','chinapay') or die('连接数据库错误');mssql_select_db('CPDataWarehouse');$day = date('Y-m-d',time()-24*60*60);$day = gmdate('Y-m-d');$day = '2013-08-26'; $nowtime = time(); $nowstr = gmdate('Y-m-d H:i:s', ($nowtime+8*60*60));$dqrq=date("Y-m-d",$nowstr);//当前日期$day=date("Y-m-d",strtotime("-2 day",strtotime($dqrq)));echo($day);$startDay = $day.' 00:00:00';$endDay = $day.' 23:59:59';$crmdate = gmdate('Y-m-d H:i:s');//支付控台$get1Sql = "select *,DailyTransDate as TransDate,SucceedTransCount as Count,SucceedTransAmount as Amount from SQLCP.CPDataWarehouse.dbo.FactDailyTrans where DailyTransDate >= '$startDay' and DailyTransDate <= '$endDay'";//ORA代付平台$get2Sql = "select CPDate as TransDate,MerchantNo,sum(TransCount) as Count,SUM(TransAmount) as Amount from SQLCP.CPDataWarehouse.dbo.Table_OraTransSum where CPDate >= '$startDay' and CPDate <= '$endDay' group by CPDate,MerchantNo";//基金转账$get3Sql = "SELECT MerchantNo,TransDate,sum(TransAmt) as Amount,count(MerchantNo) as Count FROM SQLCP.CPDataWarehouse.dbo.Table_TrfTransLog where TransDate >= '$startDay' and TransDate <= '$endDay' group by MerchantNo,TransDate"; //西联汇款表$get4Sql = "select MerchantNo,TransDate,COUNT(MerchantNo)as Count,sum(DestTransAmount)as Amount from SQLCP.CPDataWarehouse.dbo.Table_WUTransLog where TransDate >= '$startDay' and TransDate <= '$endDay' group by MerchantNo,TransDate";
删除
危害等级:中
漏洞Rank:7
确认时间:2015-01-09 17:08
CNVD确认并复现所述情况,已经转由CNCERT向网站管理单位通报,其反馈已经及时修复漏洞.按备份文件信息风险评分,rank 7
暂无