当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-025937

漏洞标题:商务通主业务系统平台侧漏

相关厂商:zoosnet.net

漏洞作者: piaoye

提交时间:2013-06-14 17:58

修复时间:2013-06-19 17:59

公开时间:2013-06-19 17:59

漏洞类型:重要敏感信息泄露

危害等级:低

自评Rank:5

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-06-14: 细节已通知厂商并且等待厂商处理中
2013-06-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

商务通使用数量上千万,至少垄断了医疗行业。此问题可引起医疗行业信息泄露

详细说明:

出现在http://yktadmin.zoosnet.net/ 商务通目前主打业务,98以上医院网址使用此客服系统。
http://yktadmin.zoosnet.net/web.config 配置信息泄露
http://yktadmin.zoosnet.net/admin.rar 源码泄露
后台地址:http://yktadmin.zoosnet.net/LR_Admin/login.aspx
其他不多说

漏洞证明:

public string Add(string p_Parent_Admin_ID, string p_Admin_Name, string p_Real_Name, string p_Taxis, string p_Role_ID)
{
string strRS = "";
try
{
DataTable dtUser = DataHelper.QueryByCommand("select " + AdminTable.DBColumn_Admin_ID + " from " + AdminTable.DBTable_T_Admin + " where " + AdminTable.DBColumn_Admin_Name + "=@" + AdminTable.DBColumn_Admin_Name, "@" + AdminTable.DBColumn_Admin_Name, p_Admin_Name);
if (!(((dtUser == null) || (dtUser.Rows.Count == 0)) || dtUser.Rows[0][AdminTable.DBColumn_Admin_ID].ToString().Equals("")))
{
return "此用户已存在!";
}
DataTable dtParents = DataHelper.QueryByCommand("select " + AdminTable.DBColumn_Admin_Relation + " from " + AdminTable.DBTable_T_Admin + " where " + AdminTable.DBColumn_Admin_ID + "=@" + AdminTable.DBColumn_Parent_Admin_ID, "@" + AdminTable.DBColumn_Parent_Admin_ID, p_Parent_Admin_ID);
if ((dtParents != null) && (dtParents.Rows.Count != 0))
{
string p_Admin_Relation = dtParents.Rows[0][AdminTable.DBColumn_Admin_Relation].ToString() + "|" + p_Parent_Admin_ID;
Hashtable htParameter = new Hashtable();
htParameter.Add("@" + AdminTable.DBColumn_Admin_Name, p_Admin_Name);
htParameter.Add("@" + AdminTable.DBColumn_Taxis, p_Taxis);
htParameter.Add("@" + AdminTable.DBColumn_Real_Name, p_Real_Name);
htParameter.Add("@" + AdminTable.DBColumn_Parent_Admin_ID, p_Parent_Admin_ID);
htParameter.Add("@" + AdminTable.DBColumn_Role_ID, p_Role_ID);
htParameter.Add("@" + AdminTable.DBColumn_Admin_Relation, p_Admin_Relation);
string SQLstring = "insert into " + AdminTable.DBTable_T_Admin + " (" + AdminTable.DBColumn_Parent_Admin_ID + "," + AdminTable.DBColumn_Admin_Name + "," + AdminTable.DBColumn_Real_Name + "," + AdminTable.DBColumn_Taxis + "," + AdminTable.DBColumn_Del_Flag + "," + AdminTable.DBColumn_Role_ID + "," + AdminTable.DBColumn_Admin_Relation + ")values(@" + AdminTable.DBColumn_Parent_Admin_ID + ",@" + AdminTable.DBColumn_Admin_Name + ",@" + AdminTable.DBColumn_Real_Name + ",@" + AdminTable.DBColumn_Taxis + ",'0',@" + AdminTable.DBColumn_Role_ID + ",@" + AdminTable.DBColumn_Admin_Relation + ")";
if (DataHelper.Execute(SQLstring, htParameter).IndexOf("False") != -1)
{
strRS = "添加失败!";
}
else
{
strRS = "添加成功!";
try
{
Backup_TickLogic.Add(SQLstring, htParameter, "1", this.strAdmin_ID);
}
catch (Exception ex)
{
TextHelper.RecordErrorInfor(ex);
}
}
}
else
{
return "上级编号记录不存在!";
}
}
catch
{
strRS = "添加失败!";
}
return strRS;
}

修复方案:

系统配置问题引起。

版权声明:转载请注明来源 piaoye@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2013-06-19 17:59

厂商回复:

最新状态:

暂无