当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122039

漏洞标题: 中国81890服务网站存在注入漏洞

相关厂商:中国81890服务网

漏洞作者: 路人甲

提交时间:2015-06-25 18:23

修复时间:2015-08-13 17:28

公开时间:2015-08-13 17:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-25: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

RT

详细说明:

中国81890服务网某站存致命注入漏洞,泄露大量数据。
注入点:http://tb.81890.gov.cn/EnterpriseWeb/Enterprise/Enterprise.aspx?ID=47220
中国81890服务网某站存致命注入漏洞,泄露大量数据。
由于是友情检测,未作深入。
求wooyun币。

漏洞证明:

1.png


Database: NB81890
+----------------------------+---------+
| Table                      | Entries |
+----------------------------+---------+
| T_TRANSACTIONBACK_LOG      | 4502712 |
| T_TRANSACTIONINFO_LOG      | 4502687 |
| T_TRANSACTORSTATUSLOG_BAK  | 4490512 |
| T_TRANSACTIONINFO          | 4394161 |
| T_TRANSACTIONBACK          | 4393258 |
| T_TRANSACTORSATIFY         | 3024685 |
| T_TRANSACTORSTATUSLOG      | 1837893 |
| T_CUSTOMER                 | 1685891 |
| T_SERVICEENTERPRISE        | 1104558 |
| T_COMINGCALL               | 991745  |
| T_SERVICETRACING           | 912372  |
| T_DISCONNECTCALL20111231   | 775062  |
| M_LOG                      | 634988  |
| T_DISMISS                  | 513290  |
| T_SMS_SEND                 | 222806  |
| T_SERVICETRACINGLOG        | 180314  |
| T_TRANSACTORLEAVEREASON    | 163940  |
| T_OLDPUSHTALK              | 135358  |
| T_HOSPITALORDER            | 112711  |
| T_REPOSITORY               | 71446   |
| T_TRANSACTIONBACK_DEPT     | 69514   |
| T_TRANSACTIONINFO_DEPT     | 69514   |
| T_DISCONNECTCALL           | 68949   |
| T_BACK                     | 62235   |
| T_REMIND                   | 52458   |
| T_SPECIALCARDUSE           | 44303   |
| T_LOGINLOG                 | 39187   |
| ST_ZHIBAN                  | 37695   |
| T_TRANSACTORLOGIN          | 37694   |
| T_OLDCADRE                 | 35662   |
| T_TRANSACTORLOGOUTREASON   | 29375   |
| T_OLDMISS                  | 26474   |
| T_OLDCADRELOG              | 24921   |
| T_ENTERPRISE_SERVICE       | 24181   |
| T_CALLMINCENTER            | 20193   |
| T_DEVOLUTE                 | 19647   |
| T_TRANSACTIONCONFIRM       | 18465   |
| T_SPECIALCARD              | 16712   |
| T_ASSISTANCERMONEYADD      | 16174   |
| T_SQL                      | 10387   |
| T_SMS_RECEIVE              | 10088   |
| T_SUMMARY                  | 9744    |
| T_ENTERPRISEBAK            | 9675    |
| T_TAXIORDER                | 9324    |
| T_SMS_LINKS                | 8193    |
| T_ENTERPRISE               | 7420    |
| T_HELPONLINE               | 7416    |
| T_PARTYSERVICES            | 6618    |
| T_ASSISTANCECOST           | 6337    |
| T_MESSAGE                  | 6319    |
| T_LAWREFER                 | 5684    |
| T_NEWSINFO                 | 5352    |
| T_ZMJIAN                   | 4737    |
| T_PARTYMEMBER              | 4584    |
| T_ENTERPRISE_LOGININFO     | 4333    |
| T_PETITION                 | 4132    |
| T_LABOURWORKINTRODUCE      | 4064    |
| T_ASSISTANCER              | 3802    |
| T_LOSECLAIM                | 3516    |
| ST_AREA                    | 3378    |
| T_TRANSACTIONFILL          | 2898    |
| T_TELMEMBER                | 2777    |
| T_PRISE_COMP               | 2651    |
| T_ASSISTANCEMONEY          | 2558    |
| T_HOTKEYWORD               | 2263    |
| T_VIPCUSTOMER              | 2051    |
| T_REPLYAPPLY               | 2014    |
| T_DEVOLUTEAPPROVE          | 1996    |
| T_IMPORTCUSTOMER           | 1958    |
| T_VOLUNTEER                | 1933    |
| M_USER_ROLE                | 1710    |
| T_TRACERETURN              | 1597    |
| T_DEVOLUTEAPPLY            | 1596    |
| T_LOSTANDMISS              | 1592    |
| T_DEVOLUTERETURN           | 1580    |
| T_ENTERPRISEMODIFY         | 1309    |
| T_COMPLAINRETURN           | 1229    |
| YT_TRANSACTIONINFO         | 1095    |
| T_FLASHNOTES               | 1087    |
| T_ENTERSERVICE_TRACING     | 1086    |
| T_LOST                     | 1075    |
| T_AVSERVICE                | 915     |
| T_WOMAN_UNITSERVICEITEM    | 909     |
| T_ENTERPRISE_BACK          | 878     |
| M_ROLE_AUTH                | 839     |
| T_VOL_REGISTERINFO         | 734     |
| T_ENTERPRISEREMIND         | 718     |
| T_COMP_DONATION            | 710     |
| T_LABOURVISITINFO          | 700     |
| YT_TURNMESSAGE             | 691     |
| T_DRIVER_BLIND             | 648     |
| T_MEMBERENTERPRISE         | 617     |
| T_RECOGANGCOMP             | 610     |
| T_COMP_SUBSCRIPTION        | 591     |
| T_ES_PASS                  | 570     |
| T_BUSMANAGE                | 549     |
| T_ENTERPRISESTOPLOG        | 547     |
| T_ES_TRACING               | 545     |
| T_REPOSITORY_TEMP          | 526     |
| YT_SERVICETRACING          | 499     |
| T_MEMBERINFO               | 458     |
| T_ENTERPRISESTOPCHECKLOG   | 425     |
| T_ENTERDISPATCHWORKER      | 413     |
| T_ENTERPRISECOMMUNITY      | 410     |
| T_WOMAN_UNIT               | 405     |
| T_OLDCADREREPORT           | 358     |
| ST_SERVICETYPE             | 355     |
| T_CARTYPE                  | 335     |
| T_ASSISTANCEVOLUNTEER      | 306     |
| M_TRANSACTOR               | 283     |
| T_WOMAN_SERVICEUNIT        | 264     |
| T_FARMMACHINEREPAIR        | 246     |
| T_ENTERPRISE_HUIFU         | 243     |
| T_ENTERWORKERREPLY         | 239     |
| TEMP_DISCONNECT            | 234     |
| T_CARREPAIR                | 213     |
| T_CULTURE                  | 198     |
| T_EXECUTEMISS              | 167     |
| T_ENTERSERVICE_LIAISON     | 151     |
| YT_UNITS                   | 143     |
| ST_WOMANSERVICEITEM        | 142     |
| T_VIPCUSTOMERBAK           | 142     |
| T_WORK                     | 142     |
| T_BLIND                    | 121     |
| T_LABOURUNIONINFO          | 113     |
| T_NETSERVICETRACING        | 112     |
| T_XXFGSERVICE              | 109     |
| M_RESOURCENEW              | 95      |
| T_FLASHMESSAGE             | 95      |
| T_ZYZSESSION               | 91      |
| T_PROPERTYCOMMUNITY        | 78      |
| T_TRANSACTORFORDIS         | 78      |
| ST_ASSERVICETYPE           | 77      |
| T_ASSESSDETAILS            | 76      |
| T_ASSESSMONTH              | 76      |
| T_ASSESSYEAR               | 75      |
| T_SMS_DEPT                 | 74      |
| ST_DEVOLUTETYPE            | 71      |
| T_UNITLINKER               | 71      |
| T_PARTYINFO                | 65      |
| T_LINKS                    | 58      |
| T_ENTERSERVICE_DEPT        | 57      |
| ST_NATION                  | 56      |
| T_ENTERPRISE_ADMIN         | 55      |
| ST_ASSESSTYPE              | 53      |
| M_ROLE                     | 52      |
| T_ZYZTEAM                  | 52      |
| T_ENTERPRISE_APPLY         | 51      |
| M_RESOURCE                 | 50      |
| T_PARTY                    | 49      |
| T_ENTERPRISE_LOGINLOG      | 45      |
| T_ENTERPRISE_WORKER        | 44      |
| T_WORKER                   | 44      |
| T_ASSISTANCERCHANGE        | 40      |
| T_XXFGRETURN               | 40      |
| T_ENTERPRISE_PHOTO         | 38      |
| T_LINKPHONE                | 38      |
| ST_TRANSACTIONTYPE         | 36      |
| ST_REPOSITORYSORT          | 35      |
| ST_FARMSERVICEKINDS        | 31      |
| T_LAWREFERTYPE             | 28      |
| T_PROPERTYCOMPANY          | 27      |
| T_VOL_ADVICERETURN         | 25      |
| T_CURRSTATUS               | 24      |
| T_CALLED                   | 23      |
| ST_LAWJUDGE                | 21      |
| TMP_TAXIRPT                | 21      |
| ST_DEALTYPE                | 19      |
| ST_QUERYMETHOD             | 19      |
| ST_QUERYTYPE               | 19      |
| T_ZYZAREA                  | 17      |
| YST_HELPTYPE               | 16      |
| ST_LASOLVETYPE             | 15      |
| T_TELVOLUNTEER             | 15      |
| ST_CONFIRMLEVEL            | 14      |
| ST_CUSTOMERSOURCE          | 14      |
| T_BUYTICKET                | 14      |
| YST_AREA                   | 14      |
| ST_CLIENT                  | 13      |
| T_BUYTICKETTRACE           | 13      |
| T_COURTCONTACTS            | 13      |
| ST_CONFIRMFORM             | 12      |
| ST_DEPARTMENT              | 12      |
| ST_SUBMITUNIT              | 12      |
| STB_BANCI                  | 12      |
| ST_PETITIONTYPE            | 11      |
| ST_SUBSIDYTYPE             | 11      |
| T_BLACKTELLIST             | 11      |
| T_CHAT                     | 11      |
| T_ENTERPRISE_INFO          | 11      |
| ST_MINCENTER               | 10      |
| T_COMP_SUBORGAN            | 10      |
| T_LABOURHARDHELP           | 10      |
| T_VOL_HARDHELP             | 10      |
| T_ALLMONITOR               | 9       |
| T_TICKETCUSTOMER           | 9       |
| T_COMP_DONATIONTYPE        | 8       |
| T_ENTERPRISETYPE           | 8       |
| ST_LAWORKTYPE              | 7       |
| T_VOL_ACVITITY             | 7       |
| ST_81890580HELPTYPE        | 6       |
| ST_HELPTYPE                | 6       |
| ST_IDENTITY                | 6       |
| T_MEMBERADDRESS            | 6       |
| ST_HELPKIND                | 5       |
| ST_OLDTYPE                 | 5       |
| ST_PETITIONTARGET          | 5       |
| ST_SERVTRACESCORE          | 5       |
| ST_TRACETYPE               | 5       |
| ST_UNITKIND                | 5       |
| ST_VOLUNTEERTYPE           | 5       |
| ST_COURT                   | 4       |
| ST_CREDITCLASS             | 4       |
| ST_ENTERPRISETYPE          | 4       |
| ST_LEVEL                   | 4       |
| ST_PETITIONREASON          | 4       |
| ST_WOMANUNITTYPE           | 4       |
| T_TRANSTELSEND             | 4       |
| T_ZMSET                    | 4       |
| YT_TRANSACTIONFILL         | 4       |
| ST_AVSERVICETYPE           | 3       |
| ST_AVSUPPORTTYPE           | 3       |
| ST_SATISFACTION            | 3       |
| ST_SERVICEPRICE            | 3       |
| ST_SERVICEQUALITY          | 3       |
| ST_SERVICETIME             | 3       |
| ST_SOURCEOFINFO            | 3       |
| ST_TRACERESULT             | 3       |
| ST_VOCATION                | 3       |
| ST_XXFGBANCI               | 3       |
| T_CARENTERSURE             | 3       |
| T_ENTERPRISE_DISPATCH      | 3       |
| T_LEADERINSTRUCTIONS       | 3       |
| YST_RELATION               | 3       |
| ST_CLAIMPLACE              | 2       |
| ST_ENTERREGTYPE            | 2       |
| ST_EYELEVEL                | 2       |
| ST_GENDER                  | 2       |
| ST_PETITIONMARK            | 2       |
| T_APP_UPDATE               | 2       |
| T_ENTERPRISE_COMMUNICATION | 2       |
| T_ENTERPRISE_MESSAGE       | 2       |
| T_WOMAN_REPLY              | 2       |
| T_ZYZSESSIONTYPE           | 2       |
| ST_BACKREASON              | 1       |
| ST_DEVOLUTEDISTRICT        | 1       |
| ST_EDULVL                  | 1       |
| ST_OPERTYPE                | 1       |
| ST_POLITY                  | 1       |
| ST_SIMPLEDEALTYPE          | 1       |
| ST_SUPPORTERTEAM           | 1       |
| ST_WORKTYPE                | 1       |
| T_CARREPAIR_REPLY          | 1       |
| T_EMERGENCY                | 1       |
| T_ENTERPRISE_CHANGE        | 1       |
| T_ENTERPRISE_PPRICE        | 1       |
| T_MEMBERTRANSACTIONINFO    | 1       |
| T_SERVICEBACK              | 1       |
| T_VOL_HARDHELPREFUSE       | 1       |
| T_VOLUNTEER_ENTERPRISE     | 1       |
| T_WOMAN_REFUSE             | 1       |
| YST_SCHOOL                 | 1       |
+----------------------------+---------+


只是当前数据库,数据不下于3千万
总共28个数据库

available databases [28]:
[*] CTXSYS
[*] CX81890
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] HOPERZX
[*] JH8890
[*] LQSKYM
[*] MDSYS
[*] NB81890
[*] NB81890BAK
[*] NBX24365
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] QQH81890
[*] REP
[*] SCOTT
[*] SCSLX
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] VS81890
[*] WMSYS
[*] WXZHSQ
[*] XDB
[*] ZH12345

修复方案:

你们更专业
求wooyun币。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-06-29 17:27

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给浙江分中心,由浙江分中心后续协调网站管理单位处置。

最新状态:

暂无