当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0141031

漏洞标题:萧然在线多个分站存在SQL注入漏洞

相关厂商:中国电信

漏洞作者: 憋屈

提交时间:2015-09-16 14:04

修复时间:2015-11-02 15:00

公开时间:2015-11-02 15:00

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-16: 细节已通知厂商并且等待厂商处理中
2015-09-18: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-28: 细节向核心白帽子及相关领域专家公开
2015-10-08: 细节向普通白帽子公开
2015-10-18: 细节向实习白帽子公开
2015-11-02: 细节向公众公开

简要描述:

萧然在线----萧山第一门户
萧山人自己的网站

详细说明:

http://**.**.**.**/rentlist.asp?isgood=2 萧山房产中介网
http://**.**.**.**/jianzhi_View.asp?jianzhiid=1098 萧山人才网

x1.png

漏洞证明:

available databases [26]:
[*] db_118114
[*] db_GongAn
[*] db_gualipolic
[*] DB_House
[*] DB_money
[*] db_OnLineBBS
[*] DB_qilan
[*] db_SPZR_hzxssyc
[*] db_xjc_2015
[*] db_xs163
[*] db_XS9Z
[*] DB_XSHR
[*] DB_zhuangxiu
[*] fangzheng
[*] huodong
[*] master
[*] model
[*] Mrmf
[*] msdb
[*] QJ360
[*] ReportServer
[*] ReportServerTempDB
[*] syc_OA
[*] syc_Web
[*] tempdb
[*] xshr_test
Database: DB_House
+---------------------+---------+
| Table | Entries |
+---------------------+---------+
| dbo.T_HousePic | 106039 |
| dbo.T_Sale | 26229 |
| dbo.v_sale | 20709 |
| dbo.v_rent | 4881 |
| dbo.T_FDsale | 2865 |
| dbo.T_FDRent | 2568 |
| dbo.v_fdsale | 1985 |
| dbo.v_fdrent | 1745 |
| dbo.T_communityPic | 850 |
| dbo.T_communityPic | 850 |
| dbo.T_Area | 760 |
| dbo.T_pay | 239 |
| dbo.T_User1 | 174 |
| dbo.T_User1 | 174 |
| dbo.T_menu | 78 |
| dbo.T_school | 31 |
| dbo.T_support | 17 |
| dbo.T_zhaopin | 16 |
| dbo.T_HouseType | 15 |
| dbo.T_SpaceType | 12 |
| dbo.T_HouseFace | 11 |
| dbo.T_company1 | 8 |
| dbo.T_company1 | 8 |
| dbo.T_housearea | 7 |
| dbo.T_housePrice | 7 |
| dbo.T_rentkind | 7 |
| dbo.T_rentkind | 7 |
| dbo.T_InfoClass | 6 |
| dbo.T_InfoClass | 6 |
| dbo.T_HouseRentPay | 5 |
| dbo.T_rentmoney | 5 |
| dbo.T_Taxes | 5 |
| dbo.T_Decoration | 4 |
| dbo.T_Housepersonal | 4 |
| dbo.T_housePay | 3 |
| dbo.T_HouseSex | 3 |
| dbo.T_Error | 2 |
+---------------------+---------+
-----+-----+-----+------------+---------+-----------------------------------------------------+------+------------------------------+------+------+-------------+--------------------+---------+-----------+----------+------------------+-----------+-------------+--------------+
| id | Fid | Sid | QQ | pic | Tel | Kind | sTel | flag | info | linker | RegTime | LogTime | UserName | UseCount | PassWord | keepCount | AllUseCount | AllkeepCount |
+-----+-----+-----+------------+---------+-----------------------------------------------------+------+------------------------------+------+------+-------------+--------------------+---------+-----------+----------+------------------+-----------+-------------+--------------+
| 100 | 40 | 0 | <blank> | <blank> | 82828826/83316168/83379292 | 1 | 907375/909292/903881 | 1 | NULL | 万宏经纪人 | 09 27 2013 9:06AM | NULL | whfc | 0 | 37031ea91b9b546c | 0 | 2000 | 500 |
| 101 | 41 | 0 | 879246667 | <blank> | 82801222//13606526762/8307688 | 1 | 907885 | 1 | NULL | 徐月明 吴小姐 | 09 27 2013 9:08AM | NULL | ymfc | 0 | d2d425959fd4da86 | 0 | 2000 | 500 |
| 102 | 42 | 0 | 915991194 | <blank> | 82896603/83019601/83206398/83239321 | 1 | 909601/909321/905229 | 1 | NULL | 朱何芬 | 09 27 2013 9:08AM | NULL | jlfc | 0 | 989c7b09389894f1 | 0 | 2000 | 500 |
| 103 | 43 | 0 | 435523870 | <blank> | 13336138665/13738120660 | 1 | 901127 | 1 | NULL | 童经理 | 09 27 2013 9:11AM | NULL | jjfc | 0 | e10667d48f306d9a | 0 | 1500 | 300 |
| 104 | 44 | 0 | <blank> | <blank> | 83360317/82771507/18967195037 | 1 | <blank> | 1 | NULL | 陈小姐 | 09 27 2013 9:13AM | NULL | xbxb | 0 | 8eb0e6d8ba5773ef | 0 | 1000 | 250 |
| 105 | 45 | 0 | <blank> | <blank> | 82815009/82064886/22919368 | 1 | <blank> | 1 | NULL | 王方 | 09 27 2013 9:14AM | NULL | ljbld | 0 | ce97c032f034d145 | 0 | 2000 | 500 |
| 106 | 46 | 0 | 951135149 | <blank> | 83961319 83250321 82735695 82094453 | 1 | 902378 904453 901319 | 1 | NULL | 段小丽 华岳娟 华利娟 | 09 27 2013 9:16AM | NULL | hafc | 0 | 2cf886dd4bd13a05 | 0 | 2000 | 500 |
| 107 | 31 | 0 | 1056249009 | <blank> | 租售热线83203036、83388669、82064272 | 1 | 903036、900230、904272 | 1 | NULL | 房产经纪人 | 09 27 2013 9:17AM | NULL | xssd | 0 | 5110265cb7dae3d4 | 0 | 2000 | 500 |
| 108 | 47 | 0 | <blank> | <blank> | 83073972//82065816 15355462737 | 1 | 903972 905816 907679 | 1 | NULL | 邵小姐 张小姐 | 09 27 2013 9:18AM | NULL | tffc | 0 | 1b93e6a8d068f4ec | 0 | 2000 | 500 |
| 109 | 48 | 0 | 826857621 | <blank> | 83312398. 82010320 15355442356 | 1 | 902398 900320 | 1 | NULL | 裘小姐 沈大姐 | 09 27 2013 9:19AM | NULL | dali | 0 | dced6c26d4d03f9c | 0 | 2000 | 500 |
| 110 | 50 | 0 | 390449818 | <blank> | 83260101...13777871780 | 1 | 900101 | 1 | NULL | 吴杏贞 | 09 27 2013 9:22AM | NULL | xwfc | 0 | bbe6b21a0b4cdae0 | 0 | 2000 | 500 |
| 111 | 51 | 0 | 851857794 | <blank> | 83120118/82087075//82002009/ | 1 | 901118/907075/902009 | 1 | NULL | 吴珍芬 | 09 27 2013 9:23AM | NULL | wxfc | 0 | 7b379f1031018723 | 0 | 2000 | 500 |
| 112 | 53 | 0 | 534234238 | <blank> | 83092067 82062623 83098487 | 1 | 902067 | 1 | NULL | 厉燕芬 洪刚 | 09 27 2013 9:24AM | NULL | jjqfc | 0 | 29c64edd2eae1b5a | 0 | 2000 | 500 |
| 113 | 55 | 0 | 690592913 | <blank> | 82083122/82883022/904122 | 1 | <blank> | 1 | NULL | 钟女士 | 09 27 2013 9:25AM | NULL | qqfc | 0 | 5a95ebc535c9d917 | 0 | 1000 | 250 |
| 114 | 56 | 0 | 704478535 | <blank> | 82814850//82816750//82816785 | 1 | 905051/ 905048 905049 905762 | 1 | NULL | 门店经纪人 | 10 10 2013 2:19PM | NULL | ldfc | 0 | 4ff089323d1a5f78 | 0 | 2000 | 500 |
| 115 | 11 | 0 | <blank> | <blank> | 82007889/82662226 /15058106166/18072985117/82063806 | 1 | <blank> | 1 | NULL | 阳城-房产经纪 | 10 10 2013 2:21PM | NULL | yangcheng | 0 | 8305bd7d13a902a1 | 0 | 2000 | 500 |
| 116 | 25 | 0 | 965973023 | <blank> |

修复方案:

版权声明:转载请注明来源 憋屈@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-18 14:58

厂商回复:


暂未建立与网站管理单位的直接处置渠道,待认领.

最新状态:

暂无