漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0123026
漏洞标题:西安交通大学分站SQL注入漏洞
相关厂商:西安交通大学
漏洞作者: 路人甲
提交时间:2015-08-10 14:22
修复时间:2015-09-24 15:52
公开时间:2015-09-24 15:52
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:6
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-10: 厂商已经确认,细节仅向厂商公开
2015-08-20: 细节向核心白帽子及相关领域专家公开
2015-08-30: 细节向普通白帽子公开
2015-09-09: 细节向实习白帽子公开
2015-09-24: 细节向公众公开
简要描述:
可能造成信息泄漏!
详细说明:
注入地址:
网站密码明文存储
漏洞证明:
Database: webdata
[6 tables]
+---------------------------------------+
| adminuser |
| art_type |
| article |
| lab_info |
| self_menulist |
| user_role |
+---------------------------------------+
Database: information_schema
[17 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: webdata
Table: art_type
[2 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| id | int(11) |
| type_name | varchar(255) |
+-----------+--------------+
Database: webdata
Table: lab_info
[13 columns]
+----------------+----------------+
| Column | Type |
+----------------+----------------+
| flag | tinyint(4) |
| id | int(11) |
| lab_admin | varchar(1924) |
| lab_contract | varchar(1024) |
| lab_device | varchar(10000) |
| lab_function | varchar(10000) |
| lab_map | varchar(255) |
| lab_name | varchar(255) |
| lab_web | varchar(1024) |
| last_mod_admin | varchar(255) |
| last_mod_time | timestamp |
| upload_admin | varchar(255) |
| upload_time | timestamp |
+----------------+----------------+
Database: webdata
Table: adminuser
[11 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| address | varchar(100) |
| contact1 | varchar(100) |
| contact2 | varchar(100) |
| email | varchar(100) |
| flag | smallint(6) |
| id | int(11) |
| password | varchar(20) |
| role | int(11) |
| truename | varchar(100) |
| user_unit | varchar(100) |
| username | varchar(100) |
+-----------+--------------+
Database: webdata
Table: user_role
[3 columns]
+------------+---------------+
| Column | Type |
+------------+---------------+
| id | int(11) |
| role_name | varchar(255) |
| role_table | varchar(1024) |
+------------+---------------+
Database: webdata
Table: self_menulist
[7 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| description | varchar(255) |
| id | int(11) |
| image | varchar(255) |
| menu_order | tinyint(4) |
| menuname | varchar(255) |
| p_id | smallint(6) |
| url | varchar(255) |
+-------------+--------------+
Database: webdata
Table: article
[25 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| abstract | varchar(500) |
| art_type | tinyint(4) |
| att_file1 | varchar(255) |
| att_file2 | varchar(255) |
| att_file3 | varchar(255) |
| att_file4 | varchar(255) |
| att_file5 | varchar(255) |
| att_name1 | varchar(255) |
| att_name2 | varchar(255) |
| att_name3 | varchar(255) |
| att_name4 | varchar(255) |
| att_name5 | varchar(255) |
| author | varchar(255) |
| content | text |
| first_flag | tinyint(4) |
| flag | tinyint(4) |
| id | int(11) |
| last_mod_admin | varchar(255) |
| last_mod_ip | varchar(255) |
| last_mod_time | timestamp |
| read_count | bigint(20) |
| title | varchar(500) |
| upload_admin | varchar(255) |
| upload_ip | varchar(255) |
| upload_time | timestamp |
+----------------+--------------+
-----+-----------+
| username | password |
+----------+-----------+
| admin | xjtunic |
| anng | ranbohehe |
+----------+-----------+
修复方案:
过滤吧!
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:6
确认时间:2015-08-10 15:51
厂商回复:
通知用户处理中
最新状态:
暂无