当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0156508

漏洞标题:某协会SQL注入导致五百多个数据库泄露

相关厂商:cncert国家互联网应急中心

漏洞作者: 雅柏菲卡

提交时间:2015-11-30 00:24

修复时间:2016-01-18 10:36

公开时间:2016-01-18 10:36

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-30: 细节已通知厂商并且等待厂商处理中
2015-12-04: 厂商已经确认,细节仅向厂商公开
2015-12-14: 细节向核心白帽子及相关领域专家公开
2015-12-24: 细节向普通白帽子公开
2016-01-03: 细节向实习白帽子公开
2016-01-18: 细节向公众公开

简要描述:

................

详细说明:

..................

漏洞证明:

Target: 		http://**.**.**.**/getMainBusiness.asp?id=0
Host IP:		**.**.**.**
Powered-by: 	ASP.NET
Web Server: 	yunjiasu-nginx
DB Server: 	MSSQL 2005 with error
Resp. Time(avg):	207 ms
Current User: 	web376151
Sql Version: 	Microsoft SQL Server  2000 - 8.00.2055 (Intel X86) 
	Dec 16 2008 19:46:53 
	Copyright (c) 1988-2003 Microsoft Corporation
	Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
Current DB: 	www_gdase_com
System User: 	web376151
Host Name: 	WNWG-003
Server Name: 	IDC-D-790
		master
		tempdb
		model
		msdb
		pubs
		Northwind
		www_test-s-x-d_com_cn
		www_aliyana_cc
		www_n_ss_com_cn
		www_rdgs_gov_cn
		www_999pharm_com_cn
		www_21ppm_com
		www_wweus_com_cn
		www_cwlib_com
		www_8no_net_cn
		www_is800_net
		www_fcintershop_cn
		net7741491
		www_zzybook_com
		net9497047
		net6327455
		www_xstyd_com
		www_xwyslj_com
		www_changminghome_com
		www_wonsnow_cn
		www_world-jpyoshida_cn
		net5400058
		net2784142
		www_ebizi_com_cn
		www_120yisheng_com
		www_cnbxg_net
		www_ccfeiyang_com
		www_dicube_com_cn
		www_cncyls_com
		www_jinlongtang_com
		www_xingyilian_com_cn
		www_gophh_com
		www_mingwei_cn
		www_fdasfdsafdsa_com
		www_waychance_cn
		www_waychance_com
		www_82866_cn
		www_dlfuhai_com
		www_hhtljzbw_com
		www_nhsww_com
		net2754397
		www_it5151_com
		www_wuhcontrol_com
		www_dadegroup_com
		www_eadata_com_cn
		www_hgmeng_com
		www_shiprepair_xgsy_com
		www_lm8688_com
		www_wffzsyxx_com
		www_bjhunqing_com
		www_hk_assoc_org
		net0420564
		www_ezdata_com_cn
		www_ehm2008_com
		www_chinasuiling_com
		www_china_lfpe_com
		www_jhhl_cn
		www_sg_micro_com
		www_tobon_com
		www_sefon_com_cn
		www_balixianjing_com
		www_unison-china_com
		www_cuteseo_cn
		www_oyotoon_com
		www_liyiqun111_com_cn
		www_mzzjy_com
		www_aid_net_cn
		www_dgmj_org
		net8713174
		www_hnprint_com
		www_pmyljt_com
		www_0510qc_com
		www_zlove999_com
		www_52xuezi_com
		www_xpxgx_com
		www_yitemedia_com
		net8533249
		net4311428
		www_da1314_com
		www_3prelax_com
		www_gyjinyuan_com
		www_xeros_cn
		net6020411
		www_thomasint_cn
		net1297290
		net8720009
		www_sendws_com
		www_hrbfur_com
		www_gdase_com
		www_hnslly_com
		www_37women_com
		web2619988
		www_c1wyse_com
		www_motoham_com
		www_piao111_com
		www_chinablz_com
		www_bfsiliao_net_cn
		www_024tour_com
		www_hlj95558_cn
		www_xingpaibilliard_com
		www_nj_car_cn
		www_jiadawatch_com
		www_sywcyc_com_cn
		www_tkfacility_com_cn
		www_inginc_com_cn
		wu4296
		www_cnrubberinfo_net
		www_jato56_com
		www_cbs88_cn
		www_gqe_cn
		www_yhqh_net
		net4326655
		www_bbt88888_cn
		www_hutoon_com
		net8699894
		www_meixl_com
		www_cnjockey_com
		www_city_gou_com_cn
		www_ght365_com
		www_aduos_com
		www_axgww_com
		www_haosumeng_com
		www_10000dns_com_cn
		www_anquandiyi_com
		net9069891
		www_elory_com_cn
		www_wolfu_cn
		host1378114
		www_simc_com_cn
		www_lovegogo_net
		www_yichaofs_com
		net4851543
		www_86099999_com
		www_lnvei_com
		www_it68_cn
		net3724019
		www_100zssj_com
		www_luxbetter_com
		www_51tijian_sh_cn
		www_sxdtest090709_com
		www_bdlsz_com_cn
		net89582945
		net0994778
		net8909926
		net3785762
		net8351836
		www_deckome_com
		net0823707
		www_npk_com_cn
		www_belt800_com
		www_jiluhome_com
		www_chinahaomenmian_com
		www_cdsilverstone_com
		www_wewinner_com_cn
		www_sometea_coffee_com
		host8543980
		www_yuantongtang_com
		net2546266
		www_huqin2_com
		www_huqin3_com
		www_sq_net_cn
		www_wisdomshtest_com
		net4756106
		www_gladoffice_com
		www_leadertech_com_cn
		www_china_iraq_org
		host0501119
		www_tdht_com_cn
		www_baokaisoft_com
		net9468975
		www_hysdjj_com
		www_cbi_hk
		www_qss2008_cn
		www_ceohq_cn
		net8693067
		www_bellaes_net
		www_chinabcy_com
		www_dtdsh_com
		www_zjgbbs_net
		net8455282
		www_jiuhe_com
		www_jiufu68_com
		net2166023
		www_cn_grease_com
		www_qdyixingroup_com
		net3431207
		www_hk521_com_cn
		www_csfddea_cn
		www_hnindustry_com
		www_liyiqun999_com
		www_liyiqun1002_cn
		www_liyiqun1003_com_cn
		www_zdxybj_com
		www_zhcjda_com
		net0806475
		www_cnzywh_com
		www_jinren_cc
		www_microchannel_com
		www_microchannelservice_com
		www_wslsoft_com_cn
		net5005941
		www_naluwan_com_cn
		www_qilecc_com
		net6850576
		www_sgczj_gov_cn
		www_gwp_cn
		www_tjevercare_com
		net9087680
		host3911165
		net5452582
		host4953748
		www_lefen_com
		web58389
		net6329008
		net9365957
		net9978308
		net4539576
		net7803201
		net1689244
		net7742077
		net9966975
		net75001995
		net5250692
		net1542771
		host7390693
		host9524051
		web1830149
		net5436390
		net2152203
		net2854109
		host2754217
		net0290042
		web637814
		net4991420
		net6693231
		web474131
		net0576335
		host9489592
		net2562539
		net8819049
		net36852879
		net3180457
		net6329356
		host5673177
		host8456735
		net2737250
		net7644808
		net39726121
		net0499143
		www_ahauto_org_cn
		net1950007
		net2496883
		net3083296
		host3213965
		net8503389
		net4596837
		net0009543
		net2806494
		net8194661
		net1386098
		net0458485
		net9496924
		net4726170
		net4199169
		net7207521
		net0561044
		net1552040
		net4755792
		net8778869
		net2643721
		web954196
		net1555944
		www_bestguilin_com
		net4463611
		net2182316
		net9360887
		net3759885
		web2154812
		net8563531
		net8949194
		net7603581
		net6033528
		net9678773
		net1707048
		host4510823
		net2243895
		net0039996
		net4856862
		net4120240
		net7192445
		net9364604
		host7310659
		host6852376
		net1763557
		net8532553
		host6719636
		host8088951
		net1566271
		net7937752
		net3377705
		net2764478
		net9271314
		net3090975
		net0628268
		net4812264
		net5132300
		net7172698
		net4279448
		net64173325
		net3236446
		host6482227
		net2122304
		net9040012
		net6560806
		net3047680
		web576591
		net2616794
		net94425810
		net7399178
		net1855444
		net9706544
		net8052049
		net1339215
		net3497921
		host6338996
		net2773683
		net26735695
		net3751335
		net96540152
		net0442724
		net6327766
		net8494822
		net3130740
		net1868879
		net3118772
		net9134635
		net7230602
		net4119467
		net6789109
		net3421476
		net1871736
		net6060140
		net9355785
		host4354658
		net6519990
		net3702823
		net2336327
		net0825673
		net0410950
		host2537375
		net4809300
		net7298334
		net6088413
		net7760048
		net6825640
		net4711462
		net5590691
		net6551058
		net1340474
		net21464830
		net4061370
		net5755645
		net2992759
		net6272623
		net1968126
		net6308567
		net8560426
		net1482148
		net2208597
		net4720240
		net7039661
		net4995465
		net8866978
		net8143670
		net4094845
		net1420720
		net9226953
		net3049279
		net5196720
		web2111756
		net8527482
		net5768987
		host1712937
		net9602869
		net9556871
		net4507722
		net8551878
		net5718462
		www_shop0757_com-auditing
		net3163108
		host5865346
		host8337771
		net1444085
		web647483
		host3995324
		net8525361
		net2104687
		net3075769
		net7474178
		net8076007
		net61408189
		net7452831
		net3854911
		net1241228
		net7773108
		net2018916
		net3085598
		net6962510
		net7256799
		net3014989
		net7862535
		net9653365
		net5554033
		net9607658
		net9610100
		net4122192
		net7605456
		net4412664
		testdavy410
		net1076405
		net8267198
		net7402301
		net3900947
		net9304794
		net1413410
		net2321116
		net6059360
		net6724213
		net3477020
		net9955660
		web430448
		net7874131
		net25498882
		net7448533
		net8967507
		net1675980
		net3315736
		net5211504
		net8080953
		net7356772
		net0937926
		net01693939
		net3045276
		net4058452
		net7248717
		net2018433
		net04048492
		net7400248
		net6843153
		net4758889
		net7071958
		net4520061
		net1641624
		net8025159
		net1038342
		net8411403
		net0189789
		net2403228
		host3863874
		net0122037
		net0384765
		net5110536
		net2380989
		net4539838
		net9009432
		net1285125
		net9373840
		net5498774
		net8812019
		net9943685
		net1617011
		net2451416
		net7191453
		net4436011
		net7228870
		net5955265
		net4873582
		net9805406
		net4472466
		net4291094
		net7686679
		net5674656
		net25222712
		net3048959
		net7173255
		net1359183
		net4889355
		net1945047
		net6402004
		net9427613
		net2010379
		net39934914
		net8364040
		net1839433
		net7965401
		net1579737
		net4508121
		net2612480
		net6962364
		net6595934
		net7855813
		net9172773
		net6934615
		net7441808
		net9622924
		net8960007
		net9913839
		net4408583
		net3048072
		net6535119
		net5073676
		net8361935
		net1980920
		net3130342
		net7324297
		net3788926
		net1870819
		net1239202
		net8478761
		host1612511
		net8875986
		net11040562
		web1700750
		net4931313
		net3116416
		net2054071
		net7144518
		net0938756
		web331952
		net2901375
		net3565899
		net0336717
		net4530611
		net3813235
		net6890451
		net9760985
数据库那么多 还包括政府的  危害性不做阐述了

修复方案:

...........

版权声明:转载请注明来源 雅柏菲卡@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-12-04 10:19

厂商回复:

CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给广东分中心,由广东分中心后续协调网站管理单位处置。

最新状态:

暂无