漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-051438
漏洞标题:武汉票务网sql注入漏洞导致信息泄露危机
相关厂商:武汉票务网
漏洞作者: 那一份执着
提交时间:2014-02-26 17:50
修复时间:2014-04-12 17:51
公开时间:2014-04-12 17:51
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:13
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-02-26: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-04-12: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
路过票务网发现是aspx的,于是阅览了一会发现了报错页面,于是就发生了下面的检测!!
详细说明:
漏洞证明:
漏洞页面 截图中的字母是sql,打错了
证明
就一点数据做证明用
Database: ReportServerTempDB
[6 tables]
+---------------------------------------------------+
ChunkData
ExecutionCache
PersistedStream
SessionData
SessionLock
SnapshotData
+---------------------------------------------------+
Database: tempdb
[2 tables]
+---------------------------------------------------+
#5A46A1A7
#5B3AC5E0
+---------------------------------------------------+
Database: hotel
[31 tables]
+---------------------------------------------------+
Caches
Chains
CityChains
Citys
HotAreas
HotSences
Hotels
Images
IpRecords
LabelLists
Labels
Lines
Links
LowHotels
Members
Orders ?
Parmers
Provinces
Regions
Sections
SenceImages
SenceOrders
SenceRecords
Sences
SubWays
Themes
TrafficInfos
Users ?
tba
tbb
travels
+---------------------------------------------------+
Database: OPENOA
[4 tables]
+---------------------------------------------------+
Depar
Item
LoginUser
User_Flag
+---------------------------------------------------+
Database: travel
[18 tables]
+---------------------------------------------------+
Caches
CarOrders
Cars
Citys
Guides
Helps
LineOrders
Lines
Links
Members
News
Parmers
Provinces
Questions
Travels
Users
VisaOrders
Visas
+---------------------------------------------------+
Database: Manage
[168 tables]
+---------------------------------------------------+
APIOrders
APIPays
Additions
Agents
Airs
Announces
ApplyAgents
Areas
Areports
BasicPolicys
BigClientZcs
Brands
Caches
Cashs
Chains
CheckLogs
CityChains
CityCodes
CityPors
Cityhotels
Citys
CodePrices
CollSources
Comments
Cws
DatePrices
Depars
DiningAmenities
EModules
ERecords
EdmMetadata
Establishs
Features
Feedbacks
FlashImages
GjDatePrices
Gjcws
Gjhcitems
Gjtjs
Gjzcitems
Gjzcs
GoodApplys
Goods
Goodtypes
Gzdfs
Gzusers
Hcs
HelpLbs
Helpbacks
Helps
Hkgs
HkgsHbQjs
Hkgscards
HotAreas
HotSences
HotelDetails
HotelGeos
HotelImages
HotelRecords
HotelRegions
Hotellists
Hotelorders
Hotels
Images
Infos
IntPolicys
太多了就不复制了
修复方案:
过滤!
版权声明:转载请注明来源 那一份执着@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝