当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-078801

漏洞标题:某教育cms通用sql注入漏洞

相关厂商:创星伟业

漏洞作者: 路人甲

提交时间:2014-10-10 12:33

修复时间:2015-01-08 12:34

公开时间:2015-01-08 12:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-10-10: 细节已通知厂商并且等待厂商处理中
2014-10-14: 厂商已经确认,细节仅向厂商公开
2014-10-17: 细节向第三方安全合作伙伴开放
2014-12-08: 细节向核心白帽子及相关领域专家公开
2014-12-18: 细节向普通白帽子公开
2014-12-28: 细节向实习白帽子公开
2015-01-08: 细节向公众公开

简要描述:

影响北京市所有幼儿园中小学

详细说明:

程序名称:校园网群信息点
开发商:创星伟业 http://www.conking.com.cn/
漏洞类型:SQL注入(POST型)
漏洞文件:login1.aspx
漏洞参数:Login:LoginName
影响用户:

1.jpg


收集站点:

1.北京市西单小学(http://www.xjxdxx.org/)
2.北京市铁路第二中学(http://www.bjt2z.cn/)
3.北京一六一中学(http://www.bj161zhx.org/)
4.北京市第十三中学(http://www.bj13zhx.org/)
5.北京市第7中学(http://www.bj7zhx.org/)
6.北京市西城区奋斗小学(http://www.xjfdxx.org/)
7.北京市西城区四根柏小学(http://www.sgbxx.org/)
8.北京市西城区西四北四条小学(http://www.xjxsb4txx.org/)
9.北京市西城区中古友谊小学(http://www.xjzhgyyxx.org/)
10.北京市西城区教育考试中心(http://www.xjks.org/)
11.北京市西城区鸦儿胡同小学(http://www.xjyexx.org/)
12.北京市西城区白云路小学(http://www.xjbylxx.org/)
13.北京第三中学(http://www.bj3zhx.org/)
14.北京市第四十四中学(http://www.bj44zhx.org/)
15.北京市西城区阜成门外第一小学(http://www.xjfchmw1x.org/)
16.北京市第五十六中学(http://www.bj56zhx.org/)
17.北京教育学院附属中学(http://www.bjjyfzh.org/)
18.北京市西城区中华路小学(http://www.bjzhhlxx.org/)
19.北京市第八中学分校(http://www.no8ms.org/)
20.北京市第六幼儿园(http://bj6y.org/)
21.北京市外事学校(http://www.bjwszg.org/)


实例演示:
1.
http://www.xjxdxx.org/login1.aspx
POST包:

POST /login1.aspx HTTP/1.1
Host: www.xjxdxx.org
Proxy-Connection: keep-alive
Content-Length: 3634
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.xjxdxx.org
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.xjxdxx.org/login1.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=rdnjmd45t3lh2fm14vzazorx; CheckCode=H74L; CNZZDATA1044803=cnzz_eid%3D1062287209-1412859161-%26ntime%3D1412859161
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=dDwyMDEwODA5MjAwO3Q8O2w8aTwwPjs%2BO2w8dDw7bDxpPDE%2BO2k8NT47PjtsPHQ8O2w8aTwwPjtpPDE%2BO2k8Mj47aTwzPjs%2BO2w8dDxwPGw8aW5uZXJodG1sOz47bDzku4rlpKnmmK8yMDE05bm0MTDmnIgwOeaXpSDmmJ%2FmnJ%2Flm5sg5Yac5Y6G55Sy5Y2IIOmprOW5tCDkuZ3mnIjljYHlha0g5YyX5LqsOiDpnL7ovazpm74g5peg5oyB57ut6aOO5ZCR5b6u6aOOIDEz4oSD772eMjLihIMgXDxpbWcgc3JjPSJodHRwOi8vd3d3LmJqeGNzbmcub3JnL2ltYWdlcy93ZWF0aGVyL25vdGhpbmcuZ2lmIiBib3JkZXI9IjAiIHdpZHRoPSIxOCIgaGVpZ2h0PSIxMyIgYWxpZ249ImFic21pZGRsZSIgL1w%2BIFw8aW1nIHNyYz0iaHR0cDovL3d3dy5ianhjc25nLm9yZy9pbWFnZXMvd2VhdGhlci8xOC5naWYiIGJvcmRlcj0iMCIgd2lkdGg9IjE4IiBoZWlnaHQ9IjEzIiBhbGlnbj0iYWJzbWlkZGxlIiAvXD47Pj47Oz47dDxwPGw8c3R5bGU7PjtsPGJhY2tncm91bmQ6dXJsKCcvZmlsZXMvYmFubmVyL3cxdDh2M244bThxMmEuanBnJylcOzs%2BPjtsPGk8MT47aTwzPjs%2BO2w8dDxwPGw8aW5uZXJodG1sOz47bDxcPGltZyBzcmM9Jy9maWxlcy9sb2dvLydcPjs%2BPjs7Pjt0PHA8bDxpbm5lcmh0bWw7PjtsPFw8RU1CRUQgcGx1Z2luc3BhZ2U9J2h0dHA6Ly93d3cubWFjcm9tZWRpYS5jb20vZ28vZ2V0Zmxhc2hwbGF5ZXInIHNyYz0nL2ltYWdlcy9zMS5zd2YnIHR5cGU9J2FwcGxpY2F0aW9uL3gtc2hvY2t3YXZlLWZsYXNoJyBxdWFsaXR5PSdoaWdoJyB3bW9kZT0ndHJhbnNwYXJlbnQnXD5cPC9FTUJFRFw%2BOz4%2BOzs%2BOz4%2BO3Q8cDxsPGlubmVyaHRtbDs%2BO2w8XDx1bFw%2BXDxsaVw%2BXDxhIGhyZWY9Ii9pbmRleC5hc3B4Ilw%2B6aaW6aG1XDwvYVw%2BXDwvbGlcPlw8bGlcPlw8YSBocmVmPSIvcGFnZS5hc3B4P2lkPTEiXD7lrabmoKHmpoLlhrVcPC9hXD5cPC9saVw%2BXDxsaVw%2BXDxhIGhyZWY9Ii9wYWdlLmFzcHg%2FaWQ9MiJcPuagoeWbreWKqOaAgVw8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0iL3BhZ2UuYXNweD9pZD0zIlw%2B5b636IKy5aSp5ZywXDwvYVw%2BXDwvbGlcPlw8bGlcPlw8YSBocmVmPSIvcGFnZS5hc3B4P2lkPTUiXD7lr7nlpJbkuqTmtYFcPC9hXD5cPC9saVw%2BXDxsaVw%2BXDxhIGhyZWY9Ii9wYWdlLmFzcHg%2FaWQ9NCJcPuaVmeWtpueglOeptlw8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0iL3BhZ2UuYXNweD9pZD02Ilw%2B5a2m55Sf5LiW55WMXDwvYVw%2BXDwvbGlcPlw8bGlcPlw8YSBocmVmPSIvcGFnZS5hc3B4P2lkPTciXD7lrrbplb%2Fnqbrpl7RcPC9hXD5cPC9saVw%2BXDxsaVw%2BXDxhIGhyZWY9Ii9wYWdlLmFzcHg%2FaWQ9OCJcPuaLm%2BeUn%2BWSqOivolw8L2FcPlw8L2xpXD5cPGxpXD5cPGEgaHJlZj0iL3BhZ2UuYXNweD9pZD05Ilw%2B5YWJ6I2j5qacXDwvYVw%2BXDwvbGlcPlw8bGlcPlw8YSBocmVmPSIvcGFnZS5hc3B4P2lkPTE3IiB0YXJnZXQ9Il9ibGFuayJcPuWPr%2BinhuWMluWxleekulw8L2FcPlw8L2xpXD5cPC91bFw%2BOz4%2BOzs%2BO3Q8O2w8aTwwPjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PDtsPGk8MT47PjtsPHQ8O2w8aTwwPjs%2BO2w8dDxwPGw8XyFJdGVtQ291bnQ7PjtsPGk8Mz47Pj47bDxpPDA%2BO2k8MT47aTwyPjs%2BO2w8dDw7bDxpPDE%2BOz47bDx0PHA8cDxsPE5hdmlnYXRlVXJsO1RhcmdldDs%2BO2w8Li4vaW5mby5hc3B4P2lkPTM2MDtfYmxhbms7Pj47cDxsPFRpdGxlOz47bDznm7TpgJrjgJDnhornjKvpopHpgZPjgJE7Pj4%2BO2w8aTwwPjs%2BO2w8dDxAPOebtOmAmuOAkOeGiueMq%2BmikemBk%2BOAkTs%2BOzs%2BOz4%2BOz4%2BO3Q8O2w8aTwxPjs%2BO2w8dDxwPHA8bDxOYXZpZ2F0ZVVybDtUYXJnZXQ7PjtsPC4uL2luZm8uYXNweD9pZD0zMjQ7X2JsYW5rOz4%2BO3A8bDxUaXRsZTs%2BO2w85a2m55Sf55S15a2Q5a2m57GN5L%2Bh5oGv5b2V5YWl6K%2B05piO5Y%2BK6KGo5qC85LiL6L29Oz4%2BPjtsPGk8MD47PjtsPHQ8QDzlrabnlJ%2FnlLXlrZDlrabnsY3kv6Hmga%2FlvZXlhaXor7TmmI7lj4rooajmoLzkuIvovb07Pjs7Pjs%2BPjs%2BPjt0PDtsPGk8MT47PjtsPHQ8cDxwPGw8TmF2aWdhdGVVcmw7VGFyZ2V0Oz47bDwuLi9pbmZvLmFzcHg%2FaWQ9MjY5O19ibGFuazs%2BPjtwPGw8VGl0bGU7PjtsPOWunueUqOW%2BruWNmuWcsOWdgOmbhumUpjs%2BPj47bDxpPDA%2BOz47bDx0PEA85a6e55So5b6u5Y2a5Zyw5Z2A6ZuG6ZSmOz47Oz47Pj47Pj47Pj47Pj47Pj47Pj47Pj47Pj47dDw7bDxpPDA%2BO2k8MT47aTwyPjs%2BO2w8dDxwPHA8bDxUZXh0Oz47bDw2NjAyMzM5Oz4%2BOz47Oz47dDxwPHA8bDxUZXh0Oz47bDw3MDYwOTs%2BPjtwPGw8dGl0bGU7PjtsPOWPkeeUn%2BWcqDIwMTAtNS0xMSAxODowMTowMDs%2BPj47Oz47dDxwPHA8bDxUZXh0Oz47bDwyMzE7Pj47Pjs7Pjs%2BPjs%2BPjs%2BPjtsPExvZ2luOlJlbWVtYmVyUGFzc3dvcmQ7TG9naW46T2tCdXR0b247TG9naW46UmV0dXJuQnV0dG9uOz4%2BhiZmqZz%2BUjaZA65rh1AQIeZJenE%3D&__VIEWSTATEGENERATOR=08C3A5DC&Login%3ALoginName=admin&Login%3ALoginPassword=111111&Login%3AOkButton.x=26&Login%3AOkButton.y=8&Login%3ALoginForced=true&Login%3ARememberLoginPassword=


1.jpg


2.
http://www.bjt2z.cn/login1.aspx

1.jpg


3.
http://www.bj161zhx.org/login1.aspx

1.jpg

漏洞证明:

4.
http://www.bj13zhx.org/login1.aspx

1.jpg


5.
http://www.xjfdxx.org/login1.aspx

1.jpg

修复方案:

参数过滤

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2014-10-14 17:07

厂商回复:

最新状态:

暂无