当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0127114

漏洞标题:某通用型资料管理系统存在SQL注射漏洞

相关厂商:金盘鹏图软件技术有限公司

漏洞作者: 路人甲

提交时间:2015-07-18 11:23

修复时间:2015-10-19 08:32

公开时间:2015-10-19 08:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-18: 细节已通知厂商并且等待厂商处理中
2015-07-21: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-07-24: 细节向第三方安全合作伙伴开放
2015-09-14: 细节向核心白帽子及相关领域专家公开
2015-09-24: 细节向普通白帽子公开
2015-10-04: 细节向实习白帽子公开
2015-10-19: 细节向公众公开

简要描述:

某通用型资料管理系统存在SQL注射漏洞

详细说明:

系统同:http://**.**.**.**/bugs/wooyun-2010-062061
1.厂商和系统: 金盘鹏图软件技术有限公司 金盘非书资料管理系统
2.漏洞文件:
CombinationScarch.aspx
3.案例:
http://**.**.**.**/fsweb/
**.**.**.**:22/fsweb/
**.**.**.**/fsweb/
http://**.**.**.**/gdlibweb/
**.**.**.**:83/
数据包:

POST /fsweb/CombinationScarch.aspx HTTP/1.1
Cache-Control: no-cache
Referer: **.**.**.**/fsweb/CombinationScarch.aspx
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36
Accept-Language: en-us,en;q=0.5
Host: **.**.**.**
Cookie: ASP.NET_SessionId=45dr5kqlph3pul2qwbvrii55; CheckCode=L0K66I
Accept-Encoding: gzip, deflate
Content-Length: 9549
Content-Type: application/x-www-form-urlencoded
__EVENTTARGET=3&__EVENTARGUMENT=3&__LASTFOCUS=3&__VIEWSTATE=%2fwEPDwULLTIwNjM5NjA1NTAPZBYCAgMPZBYGAgEPZBYIAgEPFgIeCWlubmVyaHRtbAWIAQ0KICAgIDxwIGNsYXNzPSJ0b3BUeHQiPjxzcGFuIGNsYXNzPSJ5ZWxsb3ciPuWFrOWRijo8L3NwYW4%2bIOi%2fmemHjOaUvuermeeCueWFrOWRiiA8c3BhbiBjbGFzcz0icmVkIj7mn6XnnIs8L3NwYW4%2bIOeCueWHu%2bi%2fmemHjDwvcD4NCiAgICBkAgMPFgIeB1Zpc2libGVoZAIFDxYCHwAFiwI8bGk%2bPGEgaHJlZj0iRGVmYXVsdC5hc3B4Ij7kuLvpobU8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iQmFzZVNjYXJjaC5hc3B4IiBjbGFzcz0iaG92ZXIiPuaVsOaNruafpeivojwvYT48L2xpPjxsaT48YSBocmVmPSJSZWFkZXJUYWJsZS5hc3B4Ij7or7vogIXnrqHnkIY8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iSG90QnJvd3NlLmFzcHgiPueDremXqOS5puWIijwvYT48L2xpPjxsaT48YSBocmVmPSJTcGVha0ludGVydFNjYXJjaC5hc3B4Ij7lm77kuablvoHorqI8L2E%2bPC9saT5kAgcPFgIfAAWgATxsaT48YSBocmVmPSJCYXNlU2NhcmNoLmFzcHgiPueugOWNleafpeivojwvYT48L2xpPjxsaT48YSBocmVmPSJDb21iaW5hdGlvblNjYXJjaC5hc3B4Ij7nu4TlkIjmn6Xor6I8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iU29ydFNjYXJjaC5hc3B4Ij7liIbnsbvmn6Xor6I8L2E%2bPC9saT5kAgMPZBYIAgEPZBYGAgEPFgIfAWhkAgUPFgIeCW9ua2V5ZG93bgUPVWVyc0tleUNsaWNrKCk7ZAIHDxYCHwIFIkVudGVyS2V5Q2xpY2soJ0xlZnRNdW4xX0J1dHRvbjInKTtkAgMPFgIfAWhkAgcPFgIfAAXRCTxsaT48YSBocmVmPSJNYWtlSW50ZXJ0LmFzcHg%2fSUQ9MTIzIj48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wMTwvc3Bhbj7jgIrlj43mnZzmnpforrrjgIvkuK3nmoTmlL%2fmsrvnu4%2fmtY7lraY8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTExNDcxIj48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wMjwvc3Bhbj7lpofnp5HpmLTpg6jmiYvmnK%2flm77op6M8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTIyMjk3Ij48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wMzwvc3Bhbj7pvp%2fom4fmsJTlip88L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTM4MDkzIj48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wNDwvc3Bhbj7lpbPnlJ%2fnp4HmiL%2for5065aWz5a2p55qE5oCn55%2bl6K%2bGPC9hPjwvbGk%2bPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD02OCI%2bPHNwYW4gY2xhc3M9Im5vciI%2bICAgPC9zcGFuPjxzcGFuIGNsYXNzPSJiZyI%2bMDU8L3NwYW4%2b5YiX5a6B55qE5pyA5ZCO5paX5LqJPC9hPjwvbGk%2bPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD03MzcxMjQiPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjA2PC9zcGFuPuacsemVleWfuuetlOiusOiAhemXrjwvYT48L2xpPjxsaT48YSBocmVmPSJNYWtlSW50ZXJ0LmFzcHg%2fSUQ9MTIwIj48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wNzwvc3Bhbj7jgIroh6rnhLbovqnor4Hms5XjgIvop6Por7Q8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTcwNDgyNyI%2bPHNwYW4gY2xhc3M9Im5vciI%2bICAgPC9zcGFuPjxzcGFuIGNsYXNzPSJiZyI%2bMDg8L3NwYW4%2b5peg6aKG5Yiw55m96aKGPC9hPjwvbGk%2bPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD0zNTA1MyI%2bPHNwYW4gY2xhc3M9Im5vciI%2bICAgPC9zcGFuPjxzcGFuIGNsYXNzPSJiZyI%2bMDk8L3NwYW4%2b576O5Zu95LmL5peFPC9hPjwvbGk%2bPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD03MzcxNTUiPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjEwPC9zcGFuPue%2bjuS6uuS9leWkhDwvYT48L2xpPmQCCQ8WAh8ABe8JPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD03MDQ4MjciPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjAxPC9zcGFuPuaXoOmihuWIsOeZvemihjwvYT48L2xpPjxsaT48YSBocmVmPSJNYWtlSW50ZXJ0LmFzcHg%2fSUQ9NzI4MDc3Ij48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wMjwvc3Bhbj7ljLrln5%2fliJvmlrDmoIfmnYY8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTcxODE0MiI%2bPHNwYW4gY2xhc3M9Im5vciI%2bICAgPC9zcGFuPjxzcGFuIGNsYXNzPSJiZyI%2bMDM8L3NwYW4%2b5Y2O5YyX54Wk55Sw5bKp5rq26Zm36JC95p%2bx5Y%2bK5YW256qB5rC056CU56m2PC9hPjwvbGk%2bPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD02Mjk1OTMiPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjA0PC9zcGFuPuefv%2bWxseawtOWus%2bmYsuayu%2beQhuiuuuS4juaWueazlTwvYT48L2xpPjxsaT48YSBocmVmPSJNYWtlSW50ZXJ0LmFzcHg%2fSUQ9NTA2OTYiPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjA1PC9zcGFuPuWfuuS4mumVv%2bmdkjwvYT48L2xpPjxsaT48YSBocmVmPSJNYWtlSW50ZXJ0LmFzcHg%2fSUQ9NzM3MTI0Ij48c3BhbiBjbGFzcz0ibm9yIj4gICA8L3NwYW4%2bPHNwYW4gY2xhc3M9ImJnIj4wNjwvc3Bhbj7mnLHplZXln7rnrZTorrDogIXpl648L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTczNzE1NSI%2bPHNwYW4gY2xhc3M9Im5vciI%2bICAgPC9zcGFuPjxzcGFuIGNsYXNzPSJiZyI%2bMDc8L3NwYW4%2b576O5Lq65L2V5aSEPC9hPjwvbGk%2bPGxpPjxhIGhyZWY9Ik1ha2VJbnRlcnQuYXNweD9JRD03MzM0NjIiPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjA4PC9zcGFuPuW%2bruingue7j%2ba1juWtpjwvYT48L2xpPjxsaT48YSBocmVmPSJNYWtlSW50ZXJ0LmFzcHg%2fSUQ9MTI1MDIiPjxzcGFuIGNsYXNzPSJub3IiPiAgIDwvc3Bhbj48c3BhbiBjbGFzcz0iYmciPjA5PC9zcGFuPuW3peenkeeglOeptueUn%2bivlemimOS4juino%2betlCDmnZDmlpnlipvlraY8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iTWFrZUludGVydC5hc3B4P0lEPTYwNjI3MCI%2bPHNwYW4gY2xhc3M9Im5vciI%2bICAgPC9zcGFuPjxzcGFuIGNsYXNzPSJiZyI%2bMTA8L3NwYW4%2b5ZSQ6K%2bX5a6L6K%2bN5Y2B5LqU6K6yPC9hPjwvbGk%2bZAIFDw8WBB4GQnRuQ3NzBQZzdWJidG4eBk9sZUNvbgVsUHJvdmlkZXI9T3JhT0xFREIuT3JhY2xlLjE7UGFzc3dvcmQ9Z2QxMW5ldDtQZXJzaXN0IFNlY3VyaXR5IEluZm89VHJ1ZTtVc2VyIElEPWdkbGlzbmV0O0RhdGEgU291cmNlPWdkbGlzbmV0ZBYMAgcPEA8WBh4NRGF0YVRleHRGaWVsZAUM5a2X5q615ZCN56ewHg5EYXRhVmFsdWVGaWVsZAUJ5omA5bGe6KGoHgtfIURhdGFCb3VuZGdkEBUOD%2baAu%2baLrOeZu%2biusOWPtwnorqLljZXlj7cG6aKY5ZCNCei0o%2bS7u%2biAhQnkuLvpopjor40M5qCH5YeG57yW56CBCeaWh%2beMruWQjQzpopjlkI3nvKnlhpkM6aaG6JeP5Zyw5Z2ACee0ouS5puWPtwnlh7rniYjogIUG6K%2bt56eNBumZhOS7tgzmoIflh4bnvJbnoIEVDgnph4fotK3lupMJ6YeH6LSt5bqTD%2bmmhuiXj%2bS5puebruW6kxLmo4DntKLotKPku7vogIXlupMS5qOA57Si5Li76aKY6K%2bN5bqTD%2bajgOe0oue8lueggeW6kxLmo4DntKLkuIDlr7nlpJrlupMP6aaG6JeP5Lmm55uu5bqTD%2bmmhuiXj%2bWFuOiXj%2bW6kw%2fppobol4%2fkuabnm67lupMP6aaG6JeP5Lmm55uu5bqTD%2bmmhuiXj%2bS5puebruW6kxLmo4DntKLkuIDlr7nlpJrlupMP6aaG6JeP5Lmm55uu5bqTFCsDDmdnZ2dnZ2dnZ2dnZ2dnZGQCCw8QDxYGHwUFDOWtl%2bauteWQjeensB8GBQnmiYDlsZ7ooagfB2dkEBUOD%2baAu%2baLrOeZu%2biusOWPtwnorqLljZXlj7cG6aKY5ZCNCei0o%2bS7u%2biAhQnkuLvpopjor40M5qCH5YeG57yW56CBCeaWh%2beMruWQjQzpopjlkI3nvKnlhpkM6aaG6JeP5Zyw5Z2ACee0ouS5puWPtwnlh7rniYjogIUG6K%2bt56eNBumZhOS7tgzmoIflh4bnvJbnoIEVDgnph4fotK3lupMJ6YeH6LSt5bqTD%2bmmhuiXj%2bS5puebruW6kxLmo4DntKLotKPku7vogIXlupMS5qOA57Si5Li76aKY6K%2bN5bqTD%2bajgOe0oue8lueggeW6kxLmo4DntKLkuIDlr7nlpJrlupMP6aaG6JeP5Lmm55uu5bqTD%2bmmhuiXj%2bWFuOiXj%2bW6kw%2fppobol4%2fkuabnm67lupMP6aaG6JeP5Lmm55uu5bqTD%2bmmhuiXj%2bS5puebruW6kxLmo4DntKLkuIDlr7nlpJrlupMP6aaG6JeP5Lmm55uu5bqTFCsDDmdnZ2dnZ2dnZ2dnZ2dnZGQCDw8QDxYGHwUFDOWtl%2bauteWQjeensB8GBQnmiYDlsZ7ooagfB2dkEBUOD%2baAu%2baLrOeZu%2biusOWPtwnorqLljZXlj7cG6aKY5ZCNCei0o%2bS7u%2biAhQnkuLvpopjor40M5qCH5YeG57yW56CBCeaWh%2beMruWQjQzpopjlkI3nvKnlhpkM6aaG6JeP5Zyw5Z2ACee0ouS5puWPtwnlh7rniYjogIUG6K%2bt56eNBumZhOS7tgzmoIflh4bnvJbnoIEVDgnph4fotK3lupMJ6YeH6LSt5bqTD%2bmmhuiXj%2bS5puebruW6kxLmo4DntKLotKPku7vogIXlupMS5qOA57Si5Li76aKY6K%2bN5bqTD%2bajgOe0oue8lueggeW6kxLmo4DntKLkuIDlr7nlpJrlupMP6aaG6JeP5Lmm55uu5bqTD%2bmmhuiXj%2bWFuOiXj%2bW6kw%2fppobol4%2fkuabnm67lupMP6aaG6JeP5Lmm55uu5bqTD%2bmmhuiXj%2bS5puebruW6kxLmo4DntKLkuIDlr7nlpJrlupMP6aaG6JeP5Lmm55uu5bqTFCsDDmdnZ2dnZ2dnZ2dnZ2dnZGQCEg8QDxYGHwUFDOS5puebruW6k%2bWQjR8GBQnlupPplK7noIEfB2dkEBUGDOS4reaWh%2bWbvuS5pgzlpJbmloflm77kuaYM5Lit5paH5pyf5YiKDOWkluaWh%2bacn%2bWIihLkuK3mlofop4blkKzotYTmlpkS6KW%2f5paH6KeG5ZCs6LWE5paZFQYBMQEyATMBNAE1ATYUKwMGZ2dnZ2dnFgFmZAIVDw8WBh4EVGV4dAUI5qOAICDntKIeCENzc0NsYXNzBQZzdWJidG4eBF8hU0ICAmRkAhYPEA8WBh8FBQnljZXkvY3lkI0fBgUJ6aaG6ZSu56CBHwdnZBAVAQnlm77kuabppoYVAQExFCsDAWdkZGRew7XpzkmbhmW8mot2nly7hNI6cA%3d%3d&__EVENTVALIDATION=%2fwEWWwLUj6nKAQKQqZmoDgKhys%2fcBQLq67C%2fBALfrdrJDwLq2OeKCgL7rqy9DAKqh6beAgLgmKDWBALFr4LBCgKqxuQrAoaa6ecCAoaardYIAoaawbEBAp2dlpAGAp2dlpAGAoDTyocLAqDO%2btgIAuC%2b3agOAtGFvc0CAsTYtfAPAoDTyocLArbVn7cFAoDTyocLAoDTyocLAoDTyocLAsTYtfAPAoDTyocLAoGT1sMDAqH9yfcHAoGk%2ffEMAsCw%2ffEMApGd%2fecKAsGL5fELAqHjqYEOApKdlpAGApKdlpAGAo%2fTyocLAq%2fO%2btgIAu%2b%2b3agOAt6Fvc0CAsvYtfAPAo%2fTyocLArnVn7cFAo%2fTyocLAo%2fTyocLAo%2fTyocLAsvYtfAPAo%2fTyocLAoGT4sMDAqH95VoCgaTR3AsCwLDR3AsCkZ3Ryg0CwYvp8QsCoeOlgQ4Ck52WkAYCk52WkAYCjtPKhwsCrs762AgC7r7dqA4C34W9zQICyti18A8CjtPKhwsCuNWftwUCjtPKhwsCjtPKhwsCjtPKhwsCyti18A8CjtPKhwsCiu2irwkCof3xvQgCgaTFuwMCwLDFuwMCkZ3FrQUCpZTxlw8Cqvvb%2bQMCq%2fvb%2bQMCqPvb%2bQMCqfvb%2bQMCrvvb%2bQMCr%2fvb%2bQMC%2fJenvQ8CiIDImwMC3vDxhAcC15aL8QECndGTmg4Ch%2buOmg4C1LDDwQ0C3onc2wwCiu2OVK6yWdvLyxuiVv5qTWoBnlkGsSvQ&LeftMun1%24RadioButtonList1=BARCODE&LeftMun1%24name=Smith&LeftMun1%24password=3&LeftMun1%24Button2=%e7%99%bb%e5%bd%95&LeftMun1%24usercode=3&GoldCombinationScarch1%24hidtext1=1&GoldCombinationScarch1%24hidtext2=%e8%ae%a2%e5%8d%95%e5%8f%b7&GoldCombinationScarch1%24hidtext3=%e9%a2%98%e5%90%8d&GoldCombinationScarch1%24hidValue1=%e9%87%87%e8%b4%ad%e5%ba%93&GoldCombinationScarch1%24hidValue2=%e9%87%87%e8%b4%ad%e5%ba%93&GoldCombinationScarch1%24hidValue3=%e9%a6%86%e8%97%8f%e4%b9%a6%e7%9b%ae%e5%ba%93&GoldCombinationScarch1%24TxtKay1=3&GoldCombinationScarch1%24TxtKay2=3&GoldCombinationScarch1%24ctl01=3&GoldCombinationScarch1%24SortLX=%e5%8d%87%e5%ba%8f%e6%8e%92%e5%88%97&GoldCombinationScarch1%24ctl02=%e6%a3%80++%e7%b4%a2&GoldCombinationScarch1%24ScarchKay1=%e9%87%87%e8%b4%ad%e5%ba%93&GoldCombinationScarch1%24Drop1=%e4%b8%ad%e9%97%b4%e4%b8%80%e8%87%b4&GoldCombinationScarch1%24DropTj1=%e5%b9%b6%e4%b8%94&GoldCombinationScarch1%24ScarchKay2=%e9%87%87%e8%b4%ad%e5%ba%93&GoldCombinationScarch1%24Drop2=%e4%b8%ad%e9%97%b4%e4%b8%80%e8%87%b4&GoldCombinationScarch1%24DropTj2=%e5%b9%b6%e4%b8%94&GoldCombinationScarch1%24ScarchKay3=%e9%a6%86%e8%97%8f%e4%b9%a6%e7%9b%ae%e5%ba%93&GoldCombinationScarch1%24Drop3=%e4%b8%ad%e9%97%b4%e4%b8%80%e8%87%b4&GoldCombinationScarch1%24ScarchType=1&GoldCombinationScarch1%24SortType=%e5%85%a5%e8%97%8f%e6%97%a5%e6%9c%9f&GoldCombinationScarch1%24CbbLibList=1

漏洞证明:

31.JPG


32.JPG

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-07-21 08:30

厂商回复:

CNVD确认并复现所述情况,已经由CNVD通过以往建立的联系渠道向软件生产厂商金盘鹏图软件公司通报(历史上通报过十余起)。目前,软件生产厂商对所通报漏洞均为无回应。该软件同类风险存在多起。

最新状态:

暂无