当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-060237

漏洞标题:太仓市便民服务中心 sql注入一枚+mssql远程口令执行

相关厂商:太仓市便民服务中心

漏洞作者: sec_jtn

提交时间:2014-05-10 22:14

修复时间:2014-06-24 22:15

公开时间:2014-06-24 22:15

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-05-10: 细节已通知厂商并且等待厂商处理中
2014-05-13: 厂商已经确认,细节仅向厂商公开
2014-05-23: 细节向核心白帽子及相关领域专家公开
2014-06-02: 细节向普通白帽子公开
2014-06-12: 细节向实习白帽子公开
2014-06-24: 细节向公众公开

简要描述:

n多的数据库,能走一次大厂商?

详细说明:

注入点:http://www.tc12345.gov.cn/Company.aspx?type=1
参数type

tc.jpg


漏洞证明:

数据库太大了,不截图直接复制了

[*] obefsycs8
[*] obghaysh13
[*] obghaysh15
[*] obghaysh20
[*] obghaysh23
[*] obghaysh29
[*] obghaysh40
[*] obghaysh43
[*] obghaysh44
[*] obghcz1
[*] obghcz2
[*] obghcz3
[*] obghcz4
[*] obghcz5
[*] obghcz6
[*] obghcz7
[*] obghcz8
[*] obghcz9
[*] obghgd1
[*] obghgd11
[*] obghgd13
[*] obghgd14
[*] obghgd15
[*] obghgd16
[*] obghgd17
[*] obghgd18
[*] obghgd19
[*] obghgd2
[*] obghgd20
[*] obghgd21
[*] obghgd22
[*] obghgd23
[*] obghgd24
[*] obghgd25
[*] obghgd26
[*] obghgd27
[*] obghgd28
[*] obghgd29
[*] obghgd3
[*] obghgd30
[*] obghgd31
[*] obghgd32
[*] obghgd33
[*] obghgd34
[*] obghgd35
[*] obghgd36
[*] obghgd37
[*] obghgd38
[*] obghgd39
[*] obghgd40
[*] obghgd43
[*] obghgd44
[*] obghgd45
[*] obghgd46
[*] obghgd5
[*] obghgd50
[*] obghgd51
[*] obghgd52
[*] obghgd53
[*] obghgd54
[*] obghgd55
[*] obghgd56
[*] obghgd57
[*] obghgd58
[*] obghgd59
[*] obghgd6
[*] obghgd60
[*] obghgd61
[*] obghgd62
[*] obghgd63
[*] obghgd64
[*] obghgd65
[*] obghgd66
[*] obghgd67
[*] obghgd68
[*] obghgd69
[*] obghgd7
[*] obghgd70
[*] obghgd73
[*] obghgd8
[*] obghgd9
[*] obghjr2
[*] obghntcs10
[*] obghntcs7
[*] obghntcs8
[*] obghntcs9
[*] obghntls2
[*] obghrsnt10
[*] obghrsnt11
[*] obghrsnt12
[*] obghrsnt13
[*] obghrsnt14
[*] obghrsnt7
[*] obghrsnt8
[*] obghrsnt9
[*] obghsh102
[*] obghsh103
[*] obghsh109
[*] obghsh110
[*] obghsh111
[*] obghsh113
[*] obghsh114
[*] obghsh115
[*] obghsh116
[*] obghsh117
[*] obghsh118
[*] obghsh119
[*] obghsh120
[*] obghsh121
[*] obghsh122
[*] obghsh123
[*] obghsh124
[*] obghsh125
[*] obghsh126
[*] obghsh127
[*] obghsh129
[*] obghsh130
[*] obghsh131
[*] obghsh132
[*] obghsh133
[*] obghsh134
[*] obghsh135
[*] obghsh136
[*] obghsh137
[*] obghsh138
[*] obghsh139
[*] obghsh140
[*] obghsh141
[*] obghsh142
[*] obghsh143
[*] obghsh144
[*] obghsh145
[*] obghsh146
[*] obghsh147
[*] obghsh148
[*] obghsh150
[*] obghsh151
[*] obghsh152
[*] obghsh153
[*] obghsh154
[*] obghsh155
[*] obghsh156
[*] obghsh157
[*] obghsh67
[*] obghsh68
[*] obghsh69
[*] obghsh70
[*] obghsh71
[*] obghsh83
[*] obghsh84
[*] obghsh85
[*] obghsh95
[*] obghshjq35
[*] obghtfsh19
[*] obghtfsh28
[*] obghtfsh43
[*] obgzefcs1
[*] obgzefcs2
[*] obhzyfcs1
[*] objbcs1
[*] oblfcs1
[*] oblflt2
[*] oblflt4
[*] obnbllcs1
[*] obnbllcs2
[*] obnbyd1
[*] obnbyd10
[*] obnbyd2
[*] obnbyd3
[*] obnbyd4
[*] obnbyd5
[*] obnbyd6
[*] obnbyd7
[*] obnbyd8
[*] obnbyd9
[*] obnjjr1
[*] obnjjr2
[*] obshbc1
[*] obshjr10
[*] obshjr102
[*] obshjr106
[*] obshjr109
[*] obshjr11
[*] obshjr110
[*] obshjr112
[*] obshjr115
[*] obshjr117
[*] obshjr118
[*] obshjr12
[*] obshjr13
[*] obshjr14
[*] obshjr15
[*] obshjr16
[*] obshjr22
[*] obshjr25
[*] obshjr26
[*] obshjr28
[*] obshjr29
[*] obshjr30
[*] obshjr31
[*] obshjr36
[*] obshjr41
[*] obshjr42
[*] obshjr43
[*] obshjr44
[*] obshjr45
[*] obshjr5
[*] obshjr51
[*] obshjr58
[*] obshjr60
[*] obshjr62
[*] obshjr63
[*] obshjr65
[*] obshjr67
[*] obshjr69
[*] obshjr7
[*] obshjr70
[*] obshjr71
[*] obshjr72
[*] obshjr73
[*] obshjr74
[*] obshjr75
[*] obshjr76
[*] obshjr77
[*] obshjr78
[*] obshjr79
[*] obshjr8
[*] obshjr87
[*] obshjr88
[*] obshjr9
[*] obshjr90
[*] obshwb11
[*] obshwb12
[*] obshwb13
[*] obshwb19
[*] obshwb20
[*] obshwb23
[*] obshwb24
[*] obshwb26
[*] obshwb27
[*] obshwb29
[*] obshwb34
[*] obshwb36
[*] obshwb40
[*] obshwb41
[*] obshwb46
[*] obshwb48
[*] obshwb49
[*] obshwb51
[*] obshwb52
[*] obshwb60
[*] obshwb65
[*] obshwb68
[*] obshwb69
[*] obshwb73
[*] obshwb80
[*] obshwb83
[*] obshwb87
[*] obshwb89
[*] obshwb90
[*] obshwb91
[*] obshwb92
[*] obshwb93
[*] obshwb94
[*] obshwb95
[*] obshwb96
[*] obshwb97
[*] obszwb10
[*] obszwb11
[*] obszwb12
[*] obszwb2
[*] obszwb5
[*] obszwb8
[*] obtemp
[*] obtest3
[*] obwb1
[*] obyfsycs23
[*] obyfsycs24
[*] obyfsycs25
[*] olderEONCRMTEST
[*] onshwb6
[*] OpManagerDB
[*] SMS_Telecom
[*] SMZTC
[*] TEMP_DELETE
[*] tempdb
[*] ????88


net user的结果:

tc1.jpg


修复方案:

给次大厂商不?

版权声明:转载请注明来源 sec_jtn@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2014-05-13 17:50

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心处置。

最新状态:

暂无