当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147890

漏洞标题:华东师范大学两处漏洞

相关厂商:华东师范大学

漏洞作者: lufsy

提交时间:2015-10-20 10:41

修复时间:2015-12-04 21:32

公开时间:2015-12-04 21:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-20: 细节已通知厂商并且等待厂商处理中
2015-10-20: 厂商已经确认,细节仅向厂商公开
2015-10-30: 细节向核心白帽子及相关领域专家公开
2015-11-09: 细节向普通白帽子公开
2015-11-19: 细节向实习白帽子公开
2015-12-04: 细节向公众公开

简要描述:

华东师范大学是由国家举办,教育部主管,教育部与上海市人民政府重点共建的综合性研究型大学。

详细说明:

学生资助管理中心和华师大家教部

漏洞证明:

0x01
漏洞地址:
http://www.qinzhu.ecnu.edu.cn/department/HeartRoom/HeartFront/News.aspx?type=%B0%AE%D0%C4%CE%DD&style=%B0%AE%D0%C4%D4%C2%B1%A8

1.png


2.png


3.png


Database: qinzhu
[122 tables]
+--------------------------------------+
| CTApply |
| CTFastPass |
| CTGood |
| CampusPosition_Department |
| CampusPosition_Department_Staff |
| CampusPosition_Recruitment |
| CampusPosition_Recruitment_Enrolment |
| CertAllowance |
| CertAuditing |
| CertBookSubsidy |
| CharityTicket |
| College |
| DownloadFile |
| FamilyEconomyDetails |
| FamilyFinance |
| FamilyFinance1 |
| FamilyFinance20140928 |
| FamilyMember |
| FrozenStuInfo |
| FzDelivery |
| HaveCertificate |
| HaveCertificate_Training |
| HaveCertificate_Training_Enrolment |
| Have_ClassInfo |
| Have_RegistInfo |
| IPDengLu |
| News |
| Notice |
| PageIndexForStudent |
| Parent |
| RealDepartment |
| Sheet1 |
| Slide |
| StudentOtherInfo |
| SubsidyDeptMoney |
| SubsidyProject |
| SubsidyStuInfo |
| SuperUser |
| TBLHT001 |
| TBLHT002 |
| TBLHT0022 |
| TBLHT003 |
| TBLHT0033 |
| TBLHT005 |
| TBLHT0055 |
| TBLHTFeedBack |
| TBLHTQuestions |
| TBLHTstarapply |
| TBLHTstarpunish |
| TalentPool |
| TeacherToSendEmail |
| TempSubsidy |
| TutorAllowance |
| UpTightReasons |
| WageAssignment |
| WageGather |
| WageReport |
| XSCJSL |
| XSCJYG |
| YJ_7Pram |
| YJ_7Weight |
| YJ_Admin |
| YJ_Attention |
| YJ_CYnormal |
| YJ_CaterSet |
| YJ_ChengJiInfo |
| YJ_ChengJiSet |
| YJ_JD |
| YJ_Parameter |
| YJ_Project |
| YJ_QinInfo |
| YJ_QinSet |
| YJ_Score |
| YJ_ShengFen |
| YJ_StuData |
| YJ_StuData11 |
| YJ_StuInfo |
| YJ_StuNever |
| YJ_ZongHeInfo |
| YJ_ZongHeSet |
| 晛??201307 |
| 晛?? |
| ???梈 |
| ????潠?聟?啟 |
| a0 |
| aaaa |
| bbb |
| bjqx_ad |
| bjqx_ad2 |
| bm_applyTable |
| bm_projects |
| dtproperties |
| huifu |
| insurance_attendee |
| insurance_project |
| jbxx_ad |
| jbxx_ad1 |
| jbxx_ad2 |
| jbxx_xs |
| jbxx_xs1 |
| jbxx_xs2 |
| jbxx_xs8 |
| jbxx_xs齓? |
| jiajiao |
| jzda |
| jzda2 |
| list1 |
| list2 |
| liuyan |
| old_jzda |
| scb_applyTable |
| scb_projects |
| scb_settlement |
| scb_shortMessage |
| shichangbu |
| shujiApply |
| student_icon |
| vw_cjqgzx |
| vw_stuyj |
| vw_zxxs |
| yj_score_1 |
| ?発?抖 |
+--------------------------------------+
Database: qinzhu
Table: FamilyFinance20140928
[29 columns]
+-------------------------+---------------+
| Column | Type |
+-------------------------+---------------+
| assess_date | smalldatetime |
| civil_addr | nvarchar |
| civil_name | nvarchar |
| civil_phone | nvarchar |
| civil_postalcode | nvarchar |
| civil_sign | nvarchar |
| fami_accident | ntext |
| fami_members | ntext |
| famiProvideCostOfLiving | float |
| famiProvideTution | float |
| group_attitude | ntext |
| id | int |
| if_badillness | nvarchar |
| if_disabled | nvarchar |
| if_healthy | nvarchar |
| if_loan | nvarchar |
| if_materialcompleted | nvarchar |
| if_orphan | nvarchar |
| if_pardivorce | nvarchar |
| if_singleparent | nvarchar |
| if_soldierfami | nvarchar |
| if_workstudy | nvarchar |
| monthincome_pmember | float |
| poverty_level | nvarchar |
| remarks | ntext |
| school_attitude | ntext |
| status | nvarchar |
| stu_id | nvarchar |
| univ_attitude | ntext |
+-------------------------+---------------+

4.png


0x02
漏洞地址:
http://www.jiajiao.ecnu.edu.cn/dxal_details.aspx?id=18

5.png

修复方案:

RT

版权声明:转载请注明来源 lufsy@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-10-20 21:30

厂商回复:

漏洞确认,正在修复中

最新状态:

暂无


漏洞评价:

评价

  1. 2015-10-21 00:24 | lufsy ( 实习白帽子 | Rank:41 漏洞数:12 | 自由,分享,共进)

    @乌云 怎么又是小厂商???

  2. 2015-10-21 00:24 | lufsy ( 实习白帽子 | Rank:41 漏洞数:12 | 自由,分享,共进)

    @乌云 怎么又是小厂商???