漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0155738
漏洞标题:中国电信某oa系统存在sql注入漏洞
相关厂商:中国电信
漏洞作者: 路人甲
提交时间:2015-11-25 13:34
修复时间:2016-01-11 16:44
公开时间:2016-01-11 16:44
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-25: 细节已通知厂商并且等待厂商处理中
2015-11-27: 厂商已经确认,细节仅向厂商公开
2015-12-07: 细节向核心白帽子及相关领域专家公开
2015-12-17: 细节向普通白帽子公开
2015-12-27: 细节向实习白帽子公开
2016-01-11: 细节向公众公开
简要描述:
/**/
详细说明:
易达通的oa系统,不知道是不是通用的。。
参数STAFFID
漏洞证明:
400多张表。。
web application technology: JSP
back-end DBMS: Oracle
Database: BASEDBA
+--------------------------+---------+
| Table | Entries |
+--------------------------+---------+
| TACHE_V_VALUE_HIS | 1439333 |
| TACHE_V_VALUE | 322958 |
| EVENT_Q_HIS | 276530 |
| STAFF_EVENT_HIS | 274997 |
| TACHE_HIS | 262840 |
| PATH_HIS | 224985 |
| COMMON_COUNTER_HIS | 155083 |
| COMMON_COUNTER_STAT | 133243 |
| TACHE | 49187 |
| FLOW_STAT_BY_STAFF | 45549 |
| "PATH" | 42697 |
| FLOW_HIS | 39044 |
| NOTIFY_Q_READLIST | 34272 |
| FORM_LONG_CONTENT | 17646 |
| DOC_LOCATE | 9376 |
| FLOW | 8212 |
| SYS_OP_LOG | 5951 |
| TACHE_V_DEF | 5823 |
| FORM_ELEMENT_TCH_LOG | 5638 |
| TACHE_MODEL_TJ | 5157 |
| EVENT_Q | 4136 |
| STAFF_EVENT | 4131 |
| FORM_ELEMENT_TCH | 4021 |
| FORM_ELEMENT | 3602 |
| PATH_MODEL | 3192 |
| TACHE_MODEL_HIDD_BDMB | 3166 |
| SMS_CONTENT | 3114 |
| KEY_MODULE_STAT | 2730 |
| PATH_ERR | 2462 |
| TACHE_ERR | 2461 |
| STAFF_INFO_OP_LOG | 2410 |
| BBS_STAFF_DETAIL | 2350 |
| STAFF_INFO | 2348 |
| VEHICLE_LOG | 2162 |
| STAFF_MESSAGE_HIS | 2131 |
| TACHE_MODEL | 1652 |
| BBS_TOPIC_TREE | 1558 |
| BBS_DOC | 1522 |
| OFOFFLINE | 1424 |
| DEPT_DOC_READLIST | 1337 |
| SMS_MESSAGE | 1140 |
| DEPT_DOC_ROLE | 945 |
| TACHE_V_VALUE_ERR | 779 |
| STATE | 765 |
| OFCONPARTICIPANT | 746 |
| MAIL | 632 |
| DEPT_TREE | 479 |
| FORM_MODEL | 475 |
| NOTIFY_LONG_CONTENT | 455 |
| OFCONVERSATION | 417 |
| FORM_LISTVIEW_DEFINE | 324 |
| MESSAGE_Q_HIS | 268 |
| OFGCMEMBER | 256 |
| OFGCAFFILIATION | 254 |
| V_TEAM_STAFF | 253 |
| XUNI | 223 |
| STAFF_ROLE | 205 |
| TACHE_MODEL_QW | 186 |
| NOTIFY_DOC | 182 |
| STAFF_DIR_TREE | 176 |
| NOTIFY_Q | 168 |
| BBS_LONG_CONTENT | 162 |
| V_TEAM_DOC | 132 |
| DDM_FORM_DEFINE_TREE | 111 |
| COMMON_COUNTER | 108 |
| DDM_FORM_DEFINE | 107 |
| SPECIAL_WORKDAY | 107 |
| STAFF_WALLPAPER | 103 |
| PM_RECV_MAIL | 93 |
| DDM_LAT_DEF | 91 |
| DEPT_DOC_PRIV | 90 |
| ROLE_DESC | 88 |
| INDEX_PAGE_LINK | 86 |
| VER_AREA_DEFINE | 85 |
| FLOW_MODEL | 73 |
| STAFF_EXEC_FUNC | 71 |
| FORM_MACRO_DEFINE | 61 |
| V_TEAM_DOC_DIR_TREE | 57 |
| DDM_TABLE_LIST | 49 |
| EXEC_FUNC | 49 |
| PM_CYCLE_DETAIL | 49 |
| OFPROPERTY | 46 |
| DEPT_DOC_DIR_TREE | 44 |
| STAFF_DIR_SPACE | 44 |
| DEPT_DOC | 41 |
| WALLPAPER | 41 |
| HR_PROFESSION_CFG | 39 |
| MODULE_DESC | 38 |
| TACHE_TJ_YSF | 34 |
| QRY_DATE_NUM | 32 |
| ALBUM_DOC | 31 |
| STATION_TREE | 31 |
| SMS_CONTENT_TYPE | 30 |
| STAFF_TIPS | 29 |
| PS_PLAN | 27 |
| IMAGE_SOURCE | 25 |
| PM_MSG_CONF | 24 |
| OA_MNT_BACKUP_CFG | 22 |
| V_MAIN_PAGE_CONTENT | 22 |
| VEHICLE_MENU | 22 |
| CRM_DESCRIBE_INFO_CONFIG | 20 |
| BBS_USE_DEPT | 19 |
| STAFF_MESSAGE_DEL | 19 |
| DDM_LAT_LINK | 18 |
| MNT_PROCESS_INFO | 18 |
| FLOW_TYPE_TREE | 17 |
| FQ_COMMON_CFG | 17 |
| PM_STAFF_FOLDER | 16 |
| WORKACCEPT_CFG | 16 |
| DDM_TOPIC_TREE | 15 |
| ALBUM_DOC_DIR_TREE | 14 |
| NEED_CFG_COL | 14 |
| OFGCSERVICEPROP | 14 |
| OFRRDS | 14 |
| BBS_CATALOG_TREE | 13 |
| CRM_VALUE_DEFINE | 13 |
| FORM_TCH_RELA | 13 |
| KEY_MODULE_CFG | 11 |
| OA_LOGIN_DEF | 11 |
| BUREAU | 10 |
| OFGCROOM | 10 |
| SMS_TASK_TYPE | 10 |
| TACHE_ROLE_CFG | 10 |
| BLACKLIST | 9 |
| BOTTOM_LINK_DEF | 9 |
| SUB_SYSTEM_DESC | 9 |
| V_TEAM_TREE | 9 |
| CHAT_TO_VTEAM | 8 |
| FORM_MODEL_M | 8 |
| HR_STATION_TREE | 8 |
| PLAN_TABLE | 8 |
| PM_MAIL_ACCT | 8 |
| PM_PROTOCOL_CONF | 8 |
| SMS_SUBJECT_GROUP | 8 |
| FQ_FLOW_COMMON | 7 |
| HR_STAFF_BASE_INFO | 7 |
| DIARY | 6 |
| FQ_STAT | 6 |
| LEVEL_DESC | 6 |
| STAFF_WARRANT | 6 |
| TACHE_MODEL_QW_CFG | 6 |
| V_MAIN_PAGE_MENU | 6 |
| VML_TEXT_TYPE | 6 |
| NOTIFY_PRIV | 5 |
| WORK_REPORT | 5 |
| YH_WARE_CHECK | 5 |
| CRM_ATTACH_INFO_DEFINE | 4 |
| CRM_VALUE_TYPE_DEFINE | 4 |
| DEPT_TYPE_DESC | 4 |
| FQ_INFO | 4 |
| MESSAGE_Q | 4 |
| PM_CYCLE_CFG | 4 |
| STAFF_MESSAGE | 4 |
| CPVS_OA_MESSAGE | 3 |
| FLOW_EVENT_TYPE | 3 |
| GRADE | 3 |
| NEED_CFG_TABLE | 3 |
| OFVERSION | 3 |
| PAPER_INPUT_ITEM | 3 |
| SFW_DOC_TREE | 3 |
| SYSTEM_DESC | 3 |
| V_MAIN_PAGE_TITLE | 3 |
| WORK_REPORT_PROCESS | 3 |
| YH_MATER_RANGE | 3 |
| YH_WARE_CHECK_DETAIL | 3 |
| YH_WAREHOUSE | 3 |
| COMMON_COUNTER_TOTAL | 2 |
| COMP_TITLE | 2 |
| CONTACT_CARD | 2 |
| CONTACT_CARD_GROUP | 2 |
| CRM_TOPIC_INFO | 2 |
| FQ_CONDITION | 2 |
| KNOWLEDGE_DOC_TREE | 2 |
| LEADER_MAIL_RECEIVER | 2 |
| MAIN_PAGE_TITLE | 2 |
| MESSAGE_LONG_CONTENT | 2 |
| OFID | 2 |
| OFPUBSUBDEFAULTCONF | 2 |
| PAPER_DEF | 2 |
| PAPER_QUESTION | 2 |
| PM_STAFF_SIGN | 2 |
| QUESTION_SELECTION | 2 |
| SMS_SEARCH_TYPE | 2 |
| STAFF_HOT_LINK | 2 |
| TASK_Q_HIS | 2 |
| TMP_AREA | 2 |
| YH_MATERIALS | 2 |
| YH_SUPPLIERS | 2 |
| BBS_TOPIC_TYPE | 1 |
| CHAT_GROUP | 1 |
| CHAT_GROUP_MEMBER | 1 |
| CHAT_USER | 1 |
| COMMON_COUNTER_PAGE | 1 |
| COMPANY_ACCT | 1 |
| CONTACT_GROUP | 1 |
| CRM_AREA_INFO_DEFINE | 1 |
| DIV_DEF | 1 |
| FLOW_AUTO_CREATE_CFG | 1 |
| FQ_RESULT | 1 |
| HR_STAFF_CE | 1 |
| HR_STAFF_EDU | 1 |
| HR_STAFF_R_P | 1 |
| HR_STAFF_RELATION | 1 |
| HR_STAFF_STORY | 1 |
| MESSAGE_DOC | 1 |
| MNT_TOMCAT_CFG | 1 |
| MSG_BOARD | 1 |
| NOTIFY_ROLE | 1 |
| OFGCSERVICE | 1 |
| OFPRESENCE | 1 |
| OFPUBSUBAFFILIATION | 1 |
| OFPUBSUBNODE | 1 |
| OFPUBSUBSUBSCRIPTION | 1 |
| PM_ATTACH_LIMIT | 1 |
| PM_STAFF_NAME | 1 |
| PS_SCHEDULED | 1 |
| PS_SCHEDULED_STAFF | 1 |
| PS_SUMMARY | 1 |
| STAFF_DETAIL_INFO | 1 |
| STAFF_DIR_DOC | 1 |
| TEMP | 1 |
| XHTML_DOC_MODEL | 1 |
| YH_MATE_CLASS | 1 |
| YH_SUPP_CLASS | 1 |
+--------------------------+---------+
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-11-27 16:42
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理部门处置.
最新状态:
暂无