漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0160928
漏洞标题:技成培训网SQL注入DBA权限(涉及160万+用户账号\邮箱\密码)
相关厂商:cncert国家互联网应急中心
漏洞作者: 路人甲
提交时间:2015-12-18 00:48
修复时间:2016-02-01 19:48
公开时间:2016-02-01 19:48
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-18: 细节已通知厂商并且等待厂商处理中
2015-12-22: 厂商已经确认,细节仅向厂商公开
2016-01-01: 细节向核心白帽子及相关领域专家公开
2016-01-11: 细节向普通白帽子公开
2016-01-21: 细节向实习白帽子公开
2016-02-01: 细节向公众公开
简要描述:
深圳市技成科技有限公司(www.jcpeixun.com)成立于2007年,是一家致力于制造业职业教育的互联网在线教育企业,截止2015年7月底,200多万学员遍布全国各地,遍及石油、化工、机械、能源、电子、包装印刷、电梯、物流等40多个传统行业及3D打印、工业机器人、智慧工厂、城市智能交通、工业设计等10多个新兴产业。目前以优质丰富的教学资源、海量的课程库、庞大的学员数量被业界公认为中国制造业远程教育第一品牌。
详细说明:
SQL注入:http://**.**.**.**/userreg.aspx?u=20130925003
漏洞证明:
数据库类型:
DBA权限:
数据库:
Database: jcpeixun
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| jct_videorecord | 11851091 |
| jc_stat_videorecord | 8574588 |
| jcsys_operate_log | 7792940 |
| jc_video_logging | 6657246 |
| jc_mp_lesson_collect | 3947815 |
| jcsys_message_base | 3325598 |
| jc_video_logs | 3284062 |
| jc_email_autosrv_sendlog | 3004373 |
| jcsys_integral_log | 2146057 |
| jc_learncoin_history | 1721751 |
| jcsys_message_content | 1641397 |
| pre_ucenter_memberfields | 1624360 |
| pre_ucenter_members | 1622673 |
| pre_common_member | 1622646 |
| jc_asset | 1619779 |
| jc_learner_search | 1619343 |
| pre_common_member_profile | 1618965 |
| pre_common_member_status | 1618965 |
| pre_common_member_count | 1618904 |
| pre_common_member_field_home | 1618896 |
| pre_common_member_field_forum | 1618891 |
| jc_learner_detail | 1618588 |
| jc_learner_report | 1618587 |
| jc_learner_base | 1618548 |
| jc_examlog | 1199843 |
| jc_mp_play_analysis | 1028291 |
| jct_videorecord_course_day_stat | 974814 |
| jc_smsverifycode | 861421 |
| pre_home_notification | 756455 |
| jc_verification_code | 658460 |
| jc_learncoin_base | 622016 |
| jc_learner_position | 591938 |
| pre_home_follow | 590331 |
| jc_smsemailpost_temporary | 578340 |
| pre_common_member_log | 448491 |
| pre_forum_post | 395478 |
| jc_learner_login_log | 375342 |
| jc_order_lesson_deatail | 350943 |
| pre_common_credit_rule_log | 312533 |
| jc_email_autosrv_openclicklog | 245152 |
| jc_mobile_area_contrast | 240106 |
| jc_video_record_visitor | 239480 |
| pre_home_follow_feed | 232360 |
| jcsys_scratchcards | 227513 |
| jc_zd_question | 224932 |
| pre_forum_threadpartake | 205779 |
| pre_common_onlinetime | 205400 |
| jccrm_mobile_locate | 174497 |
| pre_home_feed | 156576 |
| jc_experience_detail | 139900 |
| jc_video_capture_error | 135358 |
| jc_learner_video_viewlog | 106663 |
| jc_lessoninfo | 103730 |
| pre_forum_statlog | 101486 |
| jc_invitation_activation_history | 92532 |
| jc_learner_gradechange | 89415 |
| jc_learner_key | 88749 |
| jc_order_lesson | 86670 |
| jc_shopping_cart | 69004 |
| jc_favorite | 67402 |
| jc_email_autosrv_clicklog | 64756 |
| jcsys_order | 64085 |
| jc_learner_history | 62691 |
| jc_guide_userdata | 62351 |
| jcsys_evaluation | 58841 |
| jc_apply_base | 51319 |
| jc_examscore | 50549 |
| pre_common_district | 45051 |
| jc_smsxs_rpt | 41817 |
| oldorderdetails | 37483 |
| pre_forum_thread | 37207 |
| jc_lxtest | 36152 |
| jc_partner_mobile_all | 35021 |
| jcsys_order_info | 34903 |
| jcsys_orderdetail | 33674 |
| pre_common_tagitem | 29026 |
| jc_partner_mobile | 26320 |
| jc_order_procrecord | 25501 |
| jc_freelook_regstatis | 23789 |
| jc_remotemeeting | 23457 |
| z_zw_11_6 | 22718 |
| jcsys_info_base | 20101 |
| jcsys_info_content | 19838 |
| pre_forum_attachment | 17215 |
| jc_drawgift_vmobile | 16910 |
| jc_adminlogin_information | 15894 |
| pre_forum_threadpreview | 15294 |
| jc_hedy_vote_history | 15062 |
| jc_preferential_card | 15042 |
| jc_mobilereg_send_member | 12660 |
| sys_report_date | 10980 |
| jc_sitemap_detail | 10084 |
| pre_common_credit_log | 9622 |
| jc_ke_qq_lottery | 8841 |
| pre_forum_threadmod | 8714 |
| pre_forum_threadlog | 8348 |
| dede_archives | 8096 |
| dede_arctiny | 8096 |
| dede_addonsoft | 8095 |
| jc_oneyuangou_prizecode | 7988 |
| jc_file_info | 7815 |
| jc_questions | 6465 |
| jc_sms_send_error | 6363 |
| jc_email_online_sendlog | 6262 |
| jc_orderlesson_log | 6013 |
| jc_plan_record | 5872 |
| jc_exam_certificate | 5194 |
| jc_ke_qq_apply | 5009 |
| pre_home_favorite | 4953 |
| pre_common_tag | 4617 |
| pre_common_credit_rule_log_field | 4274 |
| pre_home_follow_feed_archiver | 3898 |
| jc_user_teacher_questions | 3809 |
| jcsys_privilege_users | 3803 |
| jc_file_info_app | 3725 |
| jc_course_base | 3450 |
| dede_sys_enum | 3347 |
| pre_forum_threadimage | 3299 |
| pre_forum_medallog | 3202 |
| jc_plan | 3108 |
| jcsys_pay_info | 3013 |
| jc_balance_recharge | 3010 |
| jc_video_member_application | 2985 |
| jc_invitation_link | 2978 |
| pre_home_friend_request | 2978 |
| pre_common_member_medal | 2893 |
| oldfileinfo | 2531 |
| pre_ucenter_pm_members | 2421 |
| jc_partner_buymessage | 2396 |
| jc_renew_coupons | 2344 |
| jc_apply_manage | 2335 |
| pre_home_friend | 2208 |
| jc_email_autosrv_href | 2094 |
| silver_user | 2051 |
| jc_limit_qa | 2028 |
| jcsys_video_comment | 1964 |
| jc_learner_join | 1947 |
| pre_forum_attachment_4 | 1791 |
| pre_ucenter_pm_indexes | 1783 |
| pre_forum_attachment_1 | 1735 |
| pre_forum_attachment_6 | 1733 |
| pre_forum_postcomment | 1664 |
| pre_common_member_grouppm | 1655 |
| pre_forum_attachment_2 | 1653 |
| pre_home_pic | 1651 |
| pre_forum_attachment_5 | 1633 |
| pre_forum_attachment_0 | 1626 |
| jc_invitation_activation_card | 1600 |
| pre_forum_attachment_3 | 1562 |
| pre_forum_attachment_8 | 1554 |
| pre_forum_attachment_7 | 1515 |
| pre_forum_pollvoter | 1495 |
| pre_forum_attachment_9 | 1466 |
| pre_forum_postlog | 1437 |
| jcsys_ad_price_date | 1429 |
| pre_forum_rsscache | 1428 |
| jc_yy_callmobile | 1360 |
| jct_videorecord_day_stat | 1346 |
| pre_common_stat | 1346 |
| jc_learner_heartfelt | 1271 |
| z_app_url | 1270 |
| pre_ucenter_pm_lists | 1263 |
| pre_forum_modwork | 1158 |
| jc_group_temporary | 1147 |
| pre_home_friendlog | 1104 |
| jc_course_base_category_index | 1043 |
| z_lm_order | 1039 |
| pre_home_comment | 949 |
| jc_credit_temporary | 939 |
| pre_forum_attachment_unused | 861 |
| jc_yy_interest | 838 |
| jc_onlinecoach | 834 |
| jcsys_updategrade_log | 815 |
| jc_zd_answer | 785 |
| pre_common_block_item | 752 |
| jc_examusers | 725 |
| pre_forum_polloption | 710 |
| jc_college_users_accounts | 700 |
| jc_course_chapter | 679 |
| jc_pay_log | 652 |
| pre_home_pokearchive | 639 |
| jc_device_apply | 627 |
| jc_balance_cost | 625 |
| pre_forum_postcache | 617 |
| jc_univers_users_accounts | 596 |
| tt | 520 |
| dede_area | 482 |
| jc_group_log | 478 |
| pre_plugin_vfastpost_stat | 469 |
| pre_common_statuser | 447 |
| pre_common_word | 443 |
| jccrm_user_base | 437 |
| jc_activity_exhibition | 435 |
| pre_common_setting | 421 |
| jc_group_join | 419 |
| pre_forum_activityapply | 401 |
| jc_learner_recommends | 388 |
| jcsys_dictionary | 381 |
| jc_email_autosrv_plan | 374 |
| pre_common_syscache | 367 |
| pre_ucenter_newpm | 342 |
| pre_ucenter_friends | 315 |
| jc_email_autosrv_waited | 305 |
| pre_common_member_action_log | 300 |
| jcsys_message_back_base | 299 |
| jcsys_message_back_content | 299 |
可以爆库(也不知道那个是user表,没有细找了):
修复方案:
过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:9
确认时间:2015-12-22 18:15
厂商回复:
CNVD未直接复现所述情况,暂未建立与网站管理单位的直接处置渠道,待认领。
最新状态:
暂无