漏洞详情

披露状态:

2014-02-19: 细节已通知厂商并且等待厂商处理中
2014-02-24: 厂商已经确认,细节仅向厂商公开
2014-03-06: 细节向核心白帽子及相关领域专家公开
2014-03-16: 细节向普通白帽子公开
2014-03-26: 细节向实习白帽子公开
2014-04-05: 细节向公众公开

简要描述:

RT,或可泄漏大量敏感信息~

详细说明:

1)测试对象:http://sdnh.citybank365.com/

4.png



2)测试SQL注入点,这里仅仅在客户端使用js检测敏感字符:

1.png



2.png



3.png



3)获取的数据库信息:

available databases [7]:
[*] ABCKEY
[*] Cmbc
[*] JSCCBKEY
[*] master
[*] model
[*] msdb
[*] tempdb



Database: ABCKEY
[211 tables]
+--------------------------+
| AH_UserVerify |
| ActivitiesLimitRemoved |
| ActivitiesSet |
| ActivitiesTypes |
| ActivityCard |
| ActivityPeriod |
| ActivityRemoved |
| ActivitySignUp |
| ActivityStatistics |
| AdManage |
| AdSetting |
| AffirAword |
| AnswerActivity |
| AnswerRecord |
| ApplyMiniCard |
| ApplyPointsLog |
| AuctionGoods |
| AuctionOKList |
| AuctionRecord |
| AwardOrder |
| AwardPeriod |
| AwardPro |
| AwardTurntableOK20121127 |
| AwardTurntableOK20121127 |
| AwardTurntableOrder |
| AwardTurntablePro |
| AwardUser |
| Balance |
| BankActivity |
| BankLobbyManager |
| BankUser |
| BookingPeriod |
| BranchActivity |
| Brand |
| CCBBranch |
| CQ_Area |
| CQ_Merchant |
| CQ_OfferType |
| CQ_Region |
| CQ_Reviews |
| CQ_SmallClass |
| CashCoupons |
| CcbFinanceService |
| CharityBookCategory |
| CharityBookCategory |
| CharityBookOrder |
| CharityDonationOrder |
| Cities |
| City |
| CommonUsers |
| CouponCode |
| CouponOrders |
| Coupons |
| D99_Tmp |
| DC_Admin |
| DC_BaoJian_Code |
| DC_CaiPin_Code |
| DC_CaiPin_Code |
| DC_CaiXi_Code |
| DC_KouWei_Code |
| DC_Order_CaiPin |
| DC_Order_CaiPin |
| DC_ShangJia_CaiXi |
| DC_ShangJia_CaiXi |
| DC_ShangQuan_Code |
| DC_XingZheng_Code |
| DeliverRemoved |
| DiceOrders |
| DicePrize |
| DiceSet |
| DiscountProducts |
| DrawPrizesOrder |
| DrawPrizesOrder |
| EducationBackGround |
| EmailInvite |
| EmailTemplet |
| ExpressCompany |
| Feedback |
| FinancialProduct |
| ForumTopic |
| FreightTemplate |
| GS_UserVerify |
| GroupMembers |
| GroupTerms |
| Groups |
| HLJUkeyUser20121127 |
| HalfCard_Temp |
| HalfCard_Temp |
| HistoryStatistics |
| InvitationCodeOrder |
| InvitationCodeOrder |
| InvitationCodeUsers |
| Invite |
| InviteStat |
| JSAwardOrder |
| JSAwardPro |
| JSCity |
| JSSchool |
| KeySNBatch |
| KeySequence |
| LN_MS_UserInfo |
| MailBox |
| Manager |
| ManagerUsbkey |
| ManagerUserBranchName |
| Menus |
| MiaoShaOkBak |
| MiaoShaOkBak |
| MiaoShaPro |
| MiaoShaZC |
| ModuleCategory |
| MovieOrder |
| MsgTempletRemoved |
| NewsCategory |
| NewsCategory |
| Options |
| OrderDetail |
| P_CommodityDetail |
| P_CommodityDetail |
| P_OrderDetail |
| P_Orders |
| P_ProductSpecifications |
| P_ThreeSpecifications |
| P_TwoSpecifications |
| P_UserCoupon |
| PhilatelicSpike |
| PointsConsumptionLog |
| PointsToVoucherLog |
| ProductCategory |
| ProductFreightTemplate |
| ProductItem |
| ProductOrders |
| Province |
| RaffleItemsSettings |
| ReceiveManager |
| Receiving |
| RechargeLog |
| RechargeLotteryRecords |
| RechargePayment |
| SMSLog |
| SecondsKillLog |
| ShareDetail |
| Signedpolite |
| SuAwardFlashOrder |
| SuAwardFlashPro |
| SuZhouT_UserVerify |
| Subject |
| SupplierActivity |
| SupplierActivity |
| SupplierCategory |
| Sys_Function |
| Sys_RoleFunction |
| Sys_RoleFunction |
| Sys_UserRole |
| Tbl_SPPParameter |
| Tbl_SellerProduct |
| Tbl_SellersOrderProduct |
| Tbl_SellersOrderProduct |
| Tbl_VouchersPay |
| Tbl_VouchersPay |
| TuanGoldType |
| TuanGouBranchShop |
| TuanGouBranchShop |
| TuanGouCars |
| TuanGouCarsType |
| TuanGouCode |
| TuanOrder |
| TuanProCateg |
| TurnOKLobbyManagerExtend |
| UkeyUser20121127 |
| UkeyUser20121127 |
| UserActivity |
| UserBindPoints |
| UserBlackList |
| UserBooking |
| UserPerm |
| UserPoints |
| UserTemp |
| VAnswerList |
| VAuctionRecord |
| VCouponOrderList |
| VCouponOrderList |
| VCouponOrderStatistics |
| VOIP |
| V_P_Commodity |
| VerificationCodeRecord |
| VersionUpgrad |
| VoteItem |
| VoteItem |
| Voucher |
| WinningLimit |
| XJ_CCBUserInfo |
| XJ_UserAccess |
| YZMActivityCodeSNCJ |
| YZMActivityCodeSNCJ |
| YZMActivityCodeSNRemoved |
| YZMActivityType |
| YouLifeOrders |
| ZQAward |
| ZQAwardRemark |
| aukeyuser |
| choujiangdingdan |
| eCouponOrders |
| gsBranch |
| gssubbranch |
| temptable |
| test10 |
| test11 |
| test20 |
| vGroupList |
| xinchoujiangdingdan |
+--------------------------+





PS:由于是金融行业比较敏感,未近一步测试~



漏洞证明:

2.png



3.png

修复方案:

服务器端对所有参数进行过滤,而不仅仅在客户端使用js检测

版权声明:转载请注明来源 se55i0n@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2014-02-24 09:19

厂商回复:

CNVD确认所述情况,网站为银行合作方网站,已经转由CNCERT直接通报给中国农业银行信息化管理部门处置。

最新状态:

暂无


漏洞评价: