亿阳信通股份有限公司存在SQL注入漏洞泄露相关信息

admin
admin
admin
105694
文章
88
评论
2017年3月27日23:02:38评论297 views字数 223阅读0分44秒阅读模式
摘要

2016-03-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-06: 厂商已经主动忽略漏洞,细节向公众公开

漏洞概要 关注数(1) 关注此漏洞

缺陷编号: WooYun-2016-187538

漏洞标题: 亿阳信通股份有限公司存在SQL注入漏洞泄露相关信息

相关厂商: 亿阳信通股份有限公司

漏洞作者: 1993*

提交时间: 2016-03-22 09:35

公开时间: 2016-05-06 09:35

漏洞类型: SQL注射漏洞

危害等级: 中

自评Rank: 10

漏洞状态: 未联系到厂商或者厂商积极忽略

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 无

0人收藏

漏洞详情

披露状态:

2016-03-22: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-05-06: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://www.boco.com.cn:8080/bocoit/common.asp?id=4182

注入参数:id

亿阳信通股份有限公司存在SQL注入漏洞泄露相关信息

当前数据库

亿阳信通股份有限公司存在SQL注入漏洞泄露相关信息

有19个表

Database: BOCOICT

[19 tables]

+---------------+

| CAPLEVEL |

| CAPTION |

| FEEDBACK |

| FILEPASSWORD |

| FUNMODULE |

| HRAREA |

| HRCAPTION |

| HRDEPT |

| HRPAGECONTENT |

| HRTREECAPTION |

| LANGUAGETYPE |

| PAGECONTENT |

| PAGEFLOW |

| PICTYPE |

| SYSROLE |

| SYSUSER |

| TREECAPTION |

| UPFILE |

| VISITCOUNT |

+---------------+

数据库表中的字段

Database: BOCOICT

Table: HRCAPTION

[13 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| CAPDEEP | VARCHAR2 |

| CAPNAME | VARCHAR2 |

| CAPTIONORDER | NUMBER |

| CAPTREE | VARCHAR2 |

| CAPURL | VARCHAR2 |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| ID | VARCHAR2 |

| LANGUAGETYPE | VARCHAR2 |

| MODIFYMAN | VARCHAR2 |

| MODIFYTIME | DATE |

| POPTYPE | VARCHAR2 |

| REMARK | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: LANGUAGETYPE

[2 columns]

+------------------+--------

| Column | Type

+------------------+--------

| LANGUAGETYPECODE | VARCHAR

| LANGUAGETYPENAME | VARCHAR

+------------------+--------

Database: BOCOICT

Table: FEEDBACK

[7 columns]

+-----------+----------+

| Column | Type |

+-----------+----------+

| TIME | DATE |

| CONTENT | LONG |

| EMAIL | VARCHAR2 |

| ID | NUMBER |

| NAME | VARCHAR2 |

| TELEPHONE | VARCHAR2 |

| UNIT | VARCHAR2 |

+-----------+----------+

Database: BOCOICT

Table: HRDEPT

[4 columns]

+------------+-----------+

| Column | Type |

+------------+-----------+

| HRDEPTID | NVARCHAR2 |

| HRDEPTNAME | NVARCHAR2 |

| REGNAME | NVARCHAR2 |

| REGTIME | NVARCHAR2 |

+------------+-----------+

Database: BOCOICT

Table: UPFILE

[7 columns]

+-------------+----------+

| Column | Type |

+-------------+----------+

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| FILEID | VARCHAR2 |

| FILENAME | VARCHAR2 |

| FILESTATION | VARCHAR2 |

| FILEURL | VARCHAR2 |

| OFILENAME | VARCHAR2 |

+-------------+----------+

Database: BOCOICT

Table: FILEPASSWORD

[2 columns]

+----------+----------+

| Column | Type |

+----------+----------+

| FILENAME | VARCHAR2 |

| PSW | VARCHAR2 |

+----------+----------+

Database: BOCOICT

Table: HRPAGECONTENT

[27 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| AUDITRLT | VARCHAR2 |

| BELONG | VARCHAR2 |

| BEUP | VARCHAR2 |

| BEUSED | VARCHAR2 |

| CAPTIONID | VARCHAR2 |

| CAPTIONORDER | VARCHAR2 |

| CAPTIONTYPE | VARCHAR2 |

| CONTENT | LONG |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| EDITTYPE | VARCHAR2 |

| HR_DEPT | VARCHAR2 |

| HR_DIDIAN | VARCHAR2 |

| HR_EMAIL | VARCHAR2 |

| HR_GANGWEI | VARCHAR2 |

| HR_NUM | VARCHAR2 |

| HR_RENZHI | VARCHAR2 |

| HR_TIME | VARCHAR2 |

| ID | VARCHAR2 |

| LANGUAGETYPE | VARCHAR2 |

| NYEAR | VARCHAR2 |

| PAGENAME | VARCHAR2 |

| PAGETYPE | VARCHAR2 |

| PAGEURL | VARCHAR2 |

| PICTYPE | VARCHAR2 |

| PORDER | NUMBER |

| REMARK | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: SYSROLE

[2 columns]

+----------+----------+

| Column | Type |

+----------+----------+

| ROLECODE | VARCHAR2 |

| ROLENAME | VARCHAR2 |

+----------+----------+

Database: BOCOICT

Table: CAPTION

[11 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| CAPNAME | VARCHAR2 |

| CAPTIONORDER | NUMBER |

| CAPURL | VARCHAR2 |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| ID | VARCHAR2 |

| LANGUAGETYPE | VARCHAR2 |

| MODIFYMAN | VARCHAR2 |

| MODIFYTIME | DATE |

| POPTYPE | VARCHAR2 |

| REMARK | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: CAPLEVEL

[2 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| CAPLEVELCODE | VARCHAR2 |

| CAPLEVELNAME | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: VISITCOUNT

[3 columns]

+---------+----------+

| Column | Type |

+---------+----------+

| COUNT | NUMBER |

| ID | VARCHAR2 |

| SUPERID | VARCHAR2 |

+---------+----------+

Database: BOCOICT

Table: SYSUSER

[11 columns]

+----------------+----------

| Column | Type

+----------------+----------

| BEUSED | VARCHAR2

| CREATMAN | VARCHAR2

| CREATTIME | DATE

| ID | VARCHAR2

| PASSWORD | VARCHAR2

| REMARK | VARCHAR2

| ROLE | VARCHAR2

| SYS | VARCHAR2

| USERDEPARTMENT | VARCHAR2

| USERNAME | VARCHAR2

| USERTRUENAME | VARCHAR2

+----------------+----------

Database: BOCOICT

Table: PAGEFLOW

[10 columns]

+-----------+----------+

| Column | Type |

+-----------+----------+

| AUDITEND | VARCHAR2 |

| AUDITPASS | VARCHAR2 |

| AUDITTIME | DATE |

| AUDITUSER | VARCHAR2 |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| ID | VARCHAR2 |

| MIND | VARCHAR2 |

| PAGEID | VARCHAR2 |

| TOPAGEID | VARCHAR2 |

+-----------+----------+

Database: BOCOICT

Table: PICTYPE

[2 columns]

+-------------+----------+

| Column | Type |

+-------------+----------+

| PICTYPECODE | VARCHAR2 |

| PICTYPENAME | VARCHAR2 |

+-------------+----------+

Database: BOCOICT

Table: HRTREECAPTION

[15 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| CAPTIONORDER | NUMBER |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| ID | VARCHAR2 |

| LANGUAGETYPE | VARCHAR2 |

| MODIFYMAN | VARCHAR2 |

| MODIFYTIME | DATE |

| POPTYPE | VARCHAR2 |

| REMARK | VARCHAR2 |

| SUPERID | VARCHAR2 |

| SUPERID1 | VARCHAR2 |

| SYS | VARCHAR2 |

| TCAPLEVEL | VARCHAR2 |

| TCAPNAME | VARCHAR2 |

| TCAPURL | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: FUNMODULE

[2 columns]

+---------+----------+

| Column | Type |

+---------+----------+

| MODCODE | VARCHAR2 |

| MODNAME | VARCHAR2 |

+---------+----------+

Database: BOCOICT

Table: PAGECONTENT

[19 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| AUDITRLT | VARCHAR2 |

| BELONG | VARCHAR2 |

| BEUP | VARCHAR2 |

| BEUSED | VARCHAR2 |

| CAPTIONID | VARCHAR2 |

| CAPTIONORDER | VARCHAR2 |

| CAPTIONTYPE | VARCHAR2 |

| CONTENT | LONG |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| EDITTYPE | VARCHAR2 |

| ID | VARCHAR2 |

| LANGUAGETYPE | VARCHAR2 |

| NYEAR | VARCHAR2 |

| PAGENAME | VARCHAR2 |

| PAGEURL | VARCHAR2 |

| PICTYPE | VARCHAR2 |

| PORDER | NUMBER |

| REMARK | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: TREECAPTION

[14 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| CAPTIONORDER | NUMBER |

| CREATMAN | VARCHAR2 |

| CREATTIME | DATE |

| ID | VARCHAR2 |

| LANGUAGETYPE | VARCHAR2 |

| MODIFYMAN | VARCHAR2 |

| MODIFYTIME | DATE |

| POPTYPE | VARCHAR2 |

| REMARK | VARCHAR2 |

| SUPERID | VARCHAR2 |

| SYS | VARCHAR2 |

| TCAPLEVEL | VARCHAR2 |

| TCAPNAME | VARCHAR2 |

| TCAPURL | VARCHAR2 |

+--------------+----------+

Database: BOCOICT

Table: HRAREA

[4 columns]

+----------+-----------+

| Column | Type |

+----------+-----------+

| AREAID | NVARCHAR2 |

| AREANAME | NVARCHAR2 |

| REGNAME | NVARCHAR2 |

| REGTIME | NVARCHAR2 |

+----------+-----------+

漏洞证明:

亿阳信通股份有限公司存在SQL注入漏洞泄露相关信息

修复方案:

还望指教!

版权声明:转载请注明来源 1993*@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:8 (WooYun评价)

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin