当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-060790

漏洞标题:郑州市环境保护局数据库备份泄漏整站用户

相关厂商:郑州市环境保护局

漏洞作者: 路人甲

提交时间:2014-05-20 12:29

修复时间:2014-07-04 12:29

公开时间:2014-07-04 12:29

漏洞类型:重要敏感信息泄露

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-05-20: 细节已通知厂商并且等待厂商处理中
2014-05-25: 厂商已经确认,细节仅向厂商公开
2014-06-04: 细节向核心白帽子及相关领域专家公开
2014-06-14: 细节向普通白帽子公开
2014-06-24: 细节向实习白帽子公开
2014-07-04: 细节向公众公开

简要描述:

RT

详细说明:

INSERT INTO [manageUser] VALUES (1, 'tangfeng', '6c123949383c7150', '2011-1-25 11:57:34', '2014-2-10 17:10:53', '不爱吃鱼的猫', 'tangfeng', '1', '2013-1-29 19:45:24', 36, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '0', NULL);
GO
INSERT INTO [manageUser] VALUES (2, 'admin', '6913d0e3d51a5893', '2011-1-27 16:34:02', '2013-12-11 16:40:33', '管理员', 'tangfeng', '1', '2012-9-21 04:39:20', 76, NULL, NULL, NULL, NULL, NULL, NULL, '管理员', '0', NULL);
GO
INSERT INTO [manageUser] VALUES (3, 'rsc', '6913d0e3d51a5893', '2013-7-26 10:54:31', '2013-8-25 11:53:18', '人事处', '111111', '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '人事处', '0', NULL);
GO
INSERT INTO [manageUser] VALUES (5, 'rscsh', '6913d0e3d51a5893', '2013-7-26 19:01:48', '2013-8-25 02:14:17', '人事处审查', '1', '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '人事处', '0', NULL);
GO
INSERT INTO [manageUser] VALUES (6, 'jbgs', 'b333007706f4f9a6', '2013-8-19 12:51:31', '2014-1-6 17:22:19', '局办公室', NULL, '1', NULL, 10, NULL, NULL, NULL, NULL, NULL, NULL, '局办公室', '0', 2);
GO
INSERT INTO [manageUser] VALUES (7, 'jbgssh', '9def65456fc2a68a', '2013-8-25 02:14:07', '2014-1-6 17:24:05', '局办公室审核', NULL, '1', NULL, 7, NULL, NULL, NULL, NULL, NULL, NULL, '局办公室', '0', 2);
GO
INSERT INTO [manageUser] VALUES (8, 'gcc', '6913d0e3d51a5893', '2013-8-25 02:17:53', '2013-10-20 16:34:37', '规财处', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '规财处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (9, 'gccsh', '6913d0e3d51a5893', '2013-8-25 02:18:13', '2013-10-20 16:35:00', '规财处审核', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '规财处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (10, 'jcc', '77c539a395a8e1c0', '2013-8-25 02:19:12', '2013-12-19 16:48:26', '监测处', NULL, '1', NULL, 7, NULL, NULL, NULL, NULL, NULL, NULL, '监测处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (11, 'jccsh', '5df2bfe90d4af4dd', '2013-8-25 02:19:34', '2013-12-20 15:01:46', '监测处审核', NULL, '1', NULL, 4, NULL, NULL, NULL, NULL, NULL, NULL, '监测处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (12, 'jcz', '9def65456fc2a68a', '2013-8-25 02:19:59', '2014-2-8 15:49:05', '监测站', NULL, '1', NULL, 34, NULL, NULL, NULL, NULL, NULL, NULL, '监测站', '0', 2);
GO
INSERT INTO [manageUser] VALUES (13, 'jczsh', '9def65456fc2a68a', '2013-8-25 02:20:11', '2014-2-8 15:51:11', '监测站审核', NULL, '1', NULL, 38, NULL, NULL, NULL, NULL, NULL, NULL, '监测站', '0', 2);
GO
INSERT INTO [manageUser] VALUES (14, 'zfc', '6ea9e26766df1925', '2013-8-25 02:21:43', '2014-2-11 11:25:05', '政法处', NULL, '1', NULL, 11, NULL, NULL, NULL, NULL, NULL, NULL, '政法处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (15, 'zfcsh', '6ea9e26766df1925', '2013-8-25 02:21:57', '2014-2-11 11:25:20', '政法处审核', NULL, '1', NULL, 15, NULL, NULL, NULL, NULL, NULL, NULL, '政法处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (16, 'kbc', '6913d0e3d51a5893', '2013-8-25 02:22:26', '2013-10-22 10:34:58', '科标处', NULL, '1', NULL, 1, NULL, NULL, NULL, NULL, NULL, NULL, '科标处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (17, 'kbcsh', '6913d0e3d51a5893', '2013-8-25 02:22:42', '2013-8-25 02:22:42', '科标处审核', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '科标处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (18, 'yjzx', '8c12d632173bc143', '2013-8-25 02:23:16', '2014-1-17 13:56:18', '应急中心', NULL, '1', NULL, 10, NULL, NULL, NULL, NULL, NULL, NULL, '应急中心', '0', 2);
GO
INSERT INTO [manageUser] VALUES (19, 'yjzxsh', '8c3ce0724d04c71f', '2013-8-25 02:23:31', '2014-1-17 14:38:16', '应急中心审核', NULL, '1', NULL, 14, NULL, NULL, NULL, NULL, NULL, NULL, '应急中心', '0', 2);
GO
INSERT INTO [manageUser] VALUES (20, 'xjzx', '6913d0e3d51a5893', '2013-8-25 02:24:05', '2014-1-6 16:30:46', '宣教中心', NULL, '1', NULL, 3, NULL, NULL, NULL, NULL, NULL, NULL, '宣教中心', '0', 2);
GO
INSERT INTO [manageUser] VALUES (21, 'xjzxsh', '6913d0e3d51a5893', '2013-8-25 02:24:18', '2014-2-8 09:54:36', '宣教中心审核', NULL, '1', NULL, 30, NULL, NULL, NULL, NULL, NULL, NULL, '宣教中心', '0', 2);
GO
INSERT INTO [manageUser] VALUES (22, 'wfc', '03777f16dea6ff50', '2013-8-25 02:25:20', '2013-12-27 07:56:09', '污防处', NULL, '1', NULL, 5, NULL, NULL, NULL, NULL, NULL, NULL, '污防处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (23, 'wfcsh', 'a8e64da72a1a018f', '2013-8-25 02:25:36', '2013-10-22 08:17:30', '污防处审核', NULL, '1', NULL, 1, NULL, NULL, NULL, NULL, NULL, NULL, '污防处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (24, 'fscsh', '40f4c1b2a5e09181', '2013-8-25 02:25:59', '2014-1-16 15:17:02', '辐射处审核', NULL, '1', NULL, 9, NULL, NULL, NULL, NULL, NULL, NULL, '辐射处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (25, 'fsc', 'e55fe4efab7f8544', '2013-8-25 02:26:08', '2014-1-16 14:29:18', '辐射处', NULL, '1', NULL, 12, NULL, NULL, NULL, NULL, NULL, NULL, '辐射处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (26, 'stc', '13a868744c24a5f2', '2013-8-25 02:27:57', '2014-2-8 14:29:10', '生态处', NULL, '1', NULL, 42, NULL, NULL, NULL, NULL, NULL, NULL, '生态处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (27, 'stcsh', '12c568d0785e5139', '2013-8-25 02:28:14', '2014-2-8 14:46:01', '生态处审核', NULL, '1', NULL, 20, NULL, NULL, NULL, NULL, NULL, NULL, '生态处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (28, 'zlcsh', 'e6861e2d291c86cf', '2013-8-25 02:29:41', '2013-10-22 11:34:15', '总量处审核', NULL, '1', NULL, 1, NULL, NULL, NULL, NULL, NULL, NULL, '总量处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (29, 'zlc', 'e6861e2d291c86cf', '2013-8-25 02:29:55', '2013-10-22 11:35:08', '总量处', NULL, '1', NULL, 2, NULL, NULL, NULL, NULL, NULL, NULL, '总量处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (30, 'jczd', 'c73f1b5f10e7d1b6', '2013-8-25 02:30:24', '2014-1-26 09:20:46', '监察支队', NULL, '1', NULL, 10, NULL, NULL, NULL, NULL, NULL, NULL, '监察支队', '0', 2);
GO
INSERT INTO [manageUser] VALUES (31, 'jczdsh', '429e7c9d8af2dbc3', '2013-8-25 02:30:37', '2014-1-26 09:28:59', '监察支队审核', NULL, '1', NULL, 7, NULL, NULL, NULL, NULL, NULL, NULL, '监察支队', '0', 2);
GO
INSERT INTO [manageUser] VALUES (32, 'jdcsh', 'a6f788e6b1e580e1', '2013-8-25 02:31:46', '2014-1-8 09:42:45', '机动车审核', NULL, '1', NULL, 4, NULL, NULL, NULL, NULL, NULL, NULL, '机动车', '0', 2);
GO
INSERT INTO [manageUser] VALUES (33, 'jdc', 'a6f788e6b1e580e1', '2013-8-25 02:31:59', '2014-1-8 09:38:33', '机动车', NULL, '1', NULL, 5, NULL, NULL, NULL, NULL, NULL, NULL, '机动车', '0', 2);
GO
INSERT INTO [manageUser] VALUES (34, 'hpc', '5a9b233069465dd0', '2013-8-25 02:33:33', '2014-2-10 16:54:52', '环评处', NULL, '1', NULL, 224, NULL, NULL, NULL, NULL, NULL, NULL, '环评处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (35, 'hpcsh', '5a9b233069465dd0', '2013-8-25 02:33:43', '2014-2-10 16:55:31', '环评处审核', NULL, '1', NULL, 196, NULL, NULL, NULL, NULL, NULL, NULL, '环评处', '0', 2);
GO
INSERT INTO [manageUser] VALUES (36, 'hkssh', 'ec97ae7e2c343631', '2013-8-25 02:34:17', '2014-2-11 09:05:20', '环科所审核', NULL, '1', NULL, 73, NULL, NULL, NULL, NULL, NULL, NULL, '环科所', '0', 2);
GO
INSERT INTO [manageUser] VALUES (37, 'hks', 'ec97ae7e2c343631', '2013-8-25 02:34:29', '2014-1-13 20:24:13', '环科所', NULL, '1', NULL, 46, NULL, NULL, NULL, NULL, NULL, NULL, '环科所', '0', 2);
GO
INSERT INTO [manageUser] VALUES (38, 'jgdw', '6913d0e3d51a5893', '2013-10-20 17:40:58', '2013-10-20 17:45:49', '机关党委', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '机关党委', '0', 1);
GO
INSERT INTO [manageUser] VALUES (39, 'jgdwsh', '6913d0e3d51a5893', '2013-10-20 17:41:20', '2013-10-20 17:49:34', '机关党委', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '机关党委审核', '0', 1);
GO
INSERT INTO [manageUser] VALUES (40, 'xqzd', '9def65456fc2a68a', '2013-10-20 18:13:07', '2014-2-10 14:25:38', '新区支队', NULL, '1', NULL, 8, NULL, NULL, NULL, NULL, NULL, NULL, '新区支队', '0', 1);
GO
INSERT INTO [manageUser] VALUES (41, 'xqzdsh', '9688dfca0c120762', '2013-10-20 18:13:25', '2014-2-10 14:36:41', '新区支队', NULL, '1', NULL, 6, NULL, NULL, NULL, NULL, NULL, NULL, '新区支队审核', '0', 1);
GO
INSERT INTO [manageUser] VALUES (42, 'wfzx', '6913d0e3d51a5893', '2013-10-20 18:14:56', '2013-10-20 18:15:31', '危废中心', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '危废中心', '0', 1);
GO
INSERT INTO [manageUser] VALUES (43, 'wfzxsh', '6913d0e3d51a5893', '2013-10-20 18:15:18', '2013-10-20 18:15:18', '危废中心', NULL, '1', NULL, 0, NULL, NULL, NULL, NULL, NULL, NULL, '危废中心审核', '0', 1);
GO
INSERT INTO [manageUser] VALUES (44, 'yuqing', '04826f9934a375ce', '2013-10-22 07:53:29', '2014-2-10 09:46:30', '网络舆情', NULL, '1', NULL, 61, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '0', 2);
GO
INSERT INTO [manageUser] VALUES (45, 'xinwenke', '6913d0e3d51a5893', '2013-10-22 07:54:18', '2014-2-8 09:24:14', '新闻科', NULL, '1', NULL, 22, NULL, NULL, NULL, NULL, NULL, NULL, NULL, '0', 2);
GO

漏洞证明:

http://www.zzepb.gov.cn/data.zip

1.png

2.png

修复方案:

管理员比我清楚

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2014-05-25 09:02

厂商回复:

cnvd确认并复现所述情况,已经转 由cncert下发给郑州 分中心处置。

最新状态:

暂无