当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-076439

漏洞标题:杭州市人社局某系统存在SQL注入(二)

相关厂商:杭州市人力资源和社会保障局

漏洞作者: Feei

提交时间:2014-09-18 14:18

修复时间:2014-11-02 14:22

公开时间:2014-11-02 14:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-09-18: 细节已通知厂商并且等待厂商处理中
2014-09-23: 厂商已经确认,细节仅向厂商公开
2014-10-03: 细节向核心白帽子及相关领域专家公开
2014-10-13: 细节向普通白帽子公开
2014-10-23: 细节向实习白帽子公开
2014-11-02: 细节向公众公开

简要描述:

杭州市人力资源和社会保障局某系统因参数过滤不严导致SQL注入漏洞,泄露大量敏感信息!

详细说明:

杭州市专业技术资格网上申报评定系统 - http://hzzcpd.train.gov.cn/
注入点:http://hzzcpd.train.gov.cn/Home/Index/viewNews/id/2447
可修改<专业技能技术证书查询>数据库,技能证书查询都能修改可想而知危害多大!
可获取管理员帐号密码以及大量敏感专家用户信息

漏洞证明:

拿下数据库(declare)表(adminuser)权限后获取到管理员帐号person密码1234567
登陆后可以管理网站后台

111111111111111.png


几千名专家信息

44444444444.png


还有黑名单

55555555555.png


个人敏感详细信息泄露

1111111111.png


DB 管理员用户表

454545455555555555.png


DB TABLE
Database: think_declare
[49 tables]
+---------------------------------------+
| admininfo |
| blacklist |
| cate_item_dao |
| cate_item_mace |
| cate_item_main |
| cate_item_meetcode |
| cate_item_meetresult |
| cate_item_template |
| cate_seniority |
| cate_seniority_nosenior |
| certificate_ce |
| certificate_cerproject |
| certificate_exam |
| certificate_rep_fillprint |
| certificate_repository |
| companys |
| declares |
| declares_checked |
| declares_com_quantiz |
| declares_dels |
| declares_exp_quantiz |
| declares_extent |
| declares_extent_types |
| departments |
| expert |
| expert_audit |
| expert_dao |
| expert_group |
| expert_pgroup |
| expert_template |
| file_dao |
| judges |
| model |
| news |
| news_extents |
| nulltable |
| products |
| products_expert_person |
| products_expert_setting |
| products_group |
| products_passinfo |
| products_quantiz_item |
| products_quantiz_templ |
| products_review |
| products_specialty_item |
| products_specialty_templ |
| users |
| users_account |
| users_role |
+---------------------------------------+
Database: declare
[90 tables]
+---------------------------------------+
| adminclass |
| adminmanage |
| adminmanage_state |
| adminuser |
| adminuser0711 |
| blacklist |
| blacklist_dao |
| cate_ce |
| cate_ce20120306 |
| cate_ce_log |
| cate_group |
| cate_group_templ |
| cate_group_templ_item |
| cate_item |
| cate_item1226 |
| cate_item20120111 |
| cate_item20120116 |
| cate_item20120130 |
| cate_item_black |
| cate_item_cerproject |
| cate_item_dao |
| cate_item_dels |
| cate_item_extent |
| cate_item_infopublic |
| cate_item_list |
| cate_item_mace |
| cate_item_mace0609 |
| cate_item_mace1222 |
| cate_item_mace1223 |
| cate_item_mace20120111 |
| cate_item_mace20120118 |
| cate_item_mace20120130 |
| cate_item_mace20120306 |
| cate_item_mace20120307 |
| cate_item_mace20120308 |
| cate_item_mace20120312 |
| cate_item_mace20120322 |
| cate_item_mace20120515 |
| cate_item_mace20120529 |
| cate_item_mace20130428 |
| cate_item_mace_temp |
| cate_item_main |
| cate_item_meetcode |
| cate_item_meetresult |
| cate_item_reprint |
| cate_item_result |
| cate_item_return |
| cate_item_score |
| cate_item_template |
| cate_item_template_bak |
| cate_item_template_old |
| cate_score |
| cate_score_templ |
| cate_score_templ_item |
| cate_seniority |
| cate_seniority0823 |
| cate_seniority0902 |
| cate_seniority_0609 |
| cate_subject |
| cate_unioncate |
| cate_unioncate_expert |
| company |
| companyuser_dao |
| companyuser_template |
| expert |
| expert_audit |
| expert_dao |
| expert_group |
| expert_group_person |
| expert_pgroup |
| expert_template |
| expert_template0613 |
| expert_template_bak |
| file_dao |
| interface_fy01 |
| interface_fy02 |
| interface_fy07 |
| members_login |
| news |
| news_extent |
| products |
| products0805 |
| products_attr_templ |
| products_dels |
| products_expert |
| products_expert_person |
| products_expert_persontmp |
| products_expert_setting |
| products_group |
| products_template |
+---------------------------------------+
点到为止

修复方案:

过滤参数

版权声明:转载请注明来源 Feei@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-09-23 08:34

厂商回复:

最新状态:

暂无