当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132769

漏洞标题:海南省中医院存在SQL注入(已爆管理员账户,发现一条黑链)

相关厂商:海南省中医院

漏洞作者: 路人甲

提交时间:2015-08-12 16:35

修复时间:2015-09-26 17:34

公开时间:2015-09-26 17:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-12: 细节已通知厂商并且等待厂商处理中
2015-08-12: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-08-22: 细节向核心白帽子及相关领域专家公开
2015-09-01: 细节向普通白帽子公开
2015-09-11: 细节向实习白帽子公开
2015-09-26: 细节向公众公开

简要描述:

毕竟也是省级医院,还被挂了黑链,必须通过啊!

详细说明:

注入地址http://**.**.**.**/showsinglepage.php?catid=23


黑链地址http://**.**.**.**/images/

漏洞证明:

注入地址http://**.**.**.**/showsinglepage.php?catid=23


库.jpg



表.jpg


部分表

Database: hizyy2012
[145 tables]
+---------------------------------------+
| dx_admin |
| dx_admin_panel |
| dx_admin_role |
| dx_admin_role_priv |
| dx_attachment |
| dx_attachment_index |
| dx_badword |
| dx_block |
| dx_block_history |
| dx_block_priv |
| dx_cache |
| dx_category |
| dx_category_priv |
| dx_collection_content |
| dx_collection_history |
| dx_collection_node |
| dx_collection_program |
| dx_comment |
| dx_comment_check |
| dx_comment_data_1 |
| dx_comment_setting |
| dx_comment_table |
| dx_content_check |
| dx_copyfrom |
| dx_datacall |
| dx_dbsource |
| dx_download |
| dx_download_data |
| dx_downservers |
| dx_extend_setting |
| dx_favorite |
| dx_hits |
| dx_ipbanned |
| dx_keylink |
| dx_keyword |
| dx_keyword_data |
| dx_link |
| dx_linkage |
| dx_log |
| dx_member |
| dx_member_detail |
| dx_member_group |
| dx_member_menu |
| dx_member_verify |
| dx_member_vip |
| dx_menu |
| dx_message |
| dx_message_data |
| dx_message_group |
| dx_model |
| dx_model_field |
| dx_module |
| dx_mood |
| dx_news |
| dx_news_data |
| dx_office |
| dx_page |
| dx_pay_account |
| dx_pay_payment |
| dx_pay_spend |
| dx_picture |
| dx_picture_data |
| dx_position |
| dx_position_data |
| dx_poster |
| dx_poster_200906 |
| dx_poster_201303 |
| dx_poster_201304 |
| dx_poster_201305 |
| dx_poster_201306 |
| dx_poster_201307 |
| dx_poster_201309 |
| dx_poster_201310 |
| dx_poster_201311 |
| dx_poster_201312 |
| dx_poster_201402 |
| dx_poster_201403 |
| dx_poster_201404 |
| dx_poster_201405 |
| dx_poster_201406 |
| dx_poster_201407 |
| dx_poster_201408 |
| dx_poster_201409 |
| dx_poster_201410 |
| dx_poster_201411 |
| dx_poster_201501 |
| dx_poster_201502 |
| dx_poster_201503 |
| dx_poster_201504 |
| dx_poster_201505 |
| dx_poster_201506 |
| dx_poster_201507 |
| dx_poster_201508 |
| dx_poster_space |
| dx_queue |
| dx_release_point |
| dx_search |
| dx_search_keyword |
| dx_session |
| dx_site |
| dx_special |
| dx_special_c_data |
| dx_special_content |
| dx_sphinx_counter |
| dx_sso_admin |
| dx_sso_applications |
| dx_sso_members |
| dx_sso_messagequeue |
| dx_sso_session |
| dx_sso_settings |
| dx_tag |
| dx_template_bak |
| dx_times |
| dx_type |
| dx_urlrule |
| dx_video |
| dx_video_content |
| dx_video_data |
| dx_video_store |
| dx_wap |
| dx_wap_type |
| dx_workflow |
| h_ad |
| h_admin |
| h_administer |
| h_adminloginlog |
| h_column |
| h_config |
| h_datatable |
| h_dictionary |
| h_download |
| h_experts |
| h_field |
| h_info_submit |
| h_ip |
| h_ipstates |
| h_ksnews |
| h_kssinglepage |
| h_links |
| h_news |
| h_online |
| h_picture |
| h_pictures |
| h_singlepage |
| h_video |
+---------------------------------------+
Database: information_schema
[37 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| INNODB_CMP |
| INNODB_CMPMEM |
| INNODB_CMPMEM_RESET |
| INNODB_CMP_RESET |
| INNODB_LOCKS |
| INNODB_LOCK_WAITS |
| INNODB_TRX |
| KEY_COLUMN_USAGE |
| PARAMETERS |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLESPACES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+


爆管理账户.jpg


注入爆出管理账户

已被挂黑链接.jpg


无意间发现被挂了黑链http://**.**.**.**/images/


也就不尝试去登陆后台,有人来过,请管理员们尽点心哈~

修复方案:

你们懂得!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-08-12 17:32

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给海南分中心,由其后续协调网站管理单位处置。

最新状态:

暂无