漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-060799
漏洞标题:中国农业大学某分站存在sql注入漏洞
相关厂商:中国农业大学
漏洞作者: 路人甲
提交时间:2014-05-15 11:00
修复时间:2014-06-29 11:01
公开时间:2014-06-29 11:01
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-05-15: 细节已通知厂商并且等待厂商处理中
2014-05-20: 厂商已经确认,细节仅向厂商公开
2014-05-30: 细节向核心白帽子及相关领域专家公开
2014-06-09: 细节向普通白帽子公开
2014-06-19: 细节向实习白帽子公开
2014-06-29: 细节向公众公开
简要描述:
中国农业大学某分站存在sql注入漏洞,貌似是教育基金会
详细说明:
存在sql注入的页面:http://cauef.cau.edu.cn/read_article.jsp?col=23&id=1362
跑库之后得到的表
Database: NONGDAFUND
[120 tables]
+--------------------------+
| ASSOCIATION_MEMBER |
| ASSOCIATION_MEMBER_AREA |
| ASSOCIATION_MEMBER_TYPE |
| DONATE_BANK_FEEDBACK |
| DONATE_BENEFICIARY |
| DONATE_COIN_TYPE |
| DONATE_INFO |
| DONATE_INFO_TEMP |
| DONATE_MANNER |
| DONATE_PROJECT |
| DONATE_PROJECT_TYPE |
| DONATE_PRO_REL_BENEFI |
| DONATE_TYPE |
| DONATE_YEAR |
| DS_ARTICLE |
| DS_ARTICLE_COMMENT |
| DS_ARTICLE_KEYWORD |
| DS_ARTICLE_RELATION |
| DS_ARTICLE_TYPE |
| DS_AUDIT_RESULT |
| DS_AUDIT_ROLE |
| DS_AUDIT_SETTING |
| DS_BLOCK |
| DS_BLOCK_COLUMN_LIST |
| DS_COLUMN |
| DS_COLUMN_DISPLAY |
| DS_COLUMN_PERM |
| DS_COLUMN_TEMPLATE |
| DS_DEPSET |
| DS_FORM |
| DS_FORM_COLUMN |
| DS_FORM_DATA |
| DS_FORM_ITEM |
| DS_ICON |
| DS_KEYWORD |
| DS_PAGE_TEMPLATE |
| DS_POPWINDOW |
| DS_SPECIAL_COLUMN_SOURCE |
| DS_SPECIAL_TOPIC |
| DS_SYSTEMSET |
| DS_TEACHER_PAGE |
| DS_TEMPLATE_SET |
| DS_VOICESET |
| FM_ARTICLE |
| FM_ARTICLE_TYPE |
| FM_FACE |
| FM_FAVORITE |
| FM_FORUM |
| FM_FORUM_USER |
| FM_TEMPLATE |
| FM_THREAD |
| FM_USER_EXT |
| GUESTBOOK_FACE |
| GUESTBOOK_MESSAGE |
| GUESTBOOK_REPLY |
| GUESTBOOK_SORT |
| GUESTBOOK_SYSTEMSET |
| INTERNAL_MAIL_CONTACT |
| INTERNAL_MAIL_FOLDER |
| INTERNAL_MAIL_INFO |
| INTERNAL_MAIL_PROPERTY |
| INVESTIGATION_ANSWER |
| INVESTIGATION_COMMENT |
| INVESTIGATION_ITEM |
| INVESTIGATION_PAPER |
| INVESTIGATION_PROBLEM |
| INVESTIGATION_RESPONDENT |
| INVESTIGATION_USERSET |
| IP_ADDRESS |
| IP_ADDRESS_GROUP |
| IP_CONTROL_RESOURCE |
| IP_CONTROL_STRATEGY |
| JG_SIGNUP |
| LOG_RESOURCE |
| MODULES |
| OA_ADDRESS_SORT |
| OA_ARCHIVE_DOWN |
| OA_ARCHIVE_DOWN_OBJ |
| OA_ARCHIVE_REQ |
| OA_ARCHIVE_SERIESE |
| OA_ARCHIVE_TYPE |
| OA_ARCHIVE_UP |
| OA_ARCHIVE_UPREQ_OBJ |
| OA_DEPARTMENT |
| OA_GROUP |
| OA_GROUP_USER |
| OA_NOTICE |
| OA_NOTICE_OBJ |
| OA_PERSONAL_ADDRESS |
| OA_PERSONAL_SCHEDULE |
| OA_POST |
| OA_TASK_OBJ |
| OA_USER |
| SF_BUSINESS_RESOURCE |
| SF_GROUP |
| SF_GROUP_CLASS |
| SF_GROUP_USER_ROLE |
| SF_ONLINE_SESSION |
| SF_PRINCIPAL_PERM |
| SF_REGISTER_SETTING |
| SF_REGISTER_USER |
| SF_ROLE |
| SF_SYSTEM_RESOURCE |
| SF_USER |
| SF_USER_GROUP |
| SF_USER_LOGIN |
| SF_USER_ROLE |
| SMS_GROUP |
| SMS_GROUP_CONTACT |
| SMS_RECORD |
| SMS_RPT |
| THEOL_ACCESSCOUNTER |
| THEOL_FILES |
| THEOL_LOG |
| THEOL_TASK |
| THEOL_TASK_ASSIGNMENT |
| YH_COLUMN |
| YH_NEWS |
| YH_ONLINE_TEST |
| YH_USER |
+--------------------------+
就这样吧,貌似系统听庞大的!!
漏洞证明:
存在sql注入的页面:http://cauef.cau.edu.cn/read_article.jsp?col=23&id=1362
跑库之后得到的表
Database: NONGDAFUND
[120 tables]
+--------------------------+
| ASSOCIATION_MEMBER |
| ASSOCIATION_MEMBER_AREA |
| ASSOCIATION_MEMBER_TYPE |
| DONATE_BANK_FEEDBACK |
| DONATE_BENEFICIARY |
| DONATE_COIN_TYPE |
| DONATE_INFO |
| DONATE_INFO_TEMP |
| DONATE_MANNER |
| DONATE_PROJECT |
| DONATE_PROJECT_TYPE |
| DONATE_PRO_REL_BENEFI |
| DONATE_TYPE |
| DONATE_YEAR |
| DS_ARTICLE |
| DS_ARTICLE_COMMENT |
| DS_ARTICLE_KEYWORD |
| DS_ARTICLE_RELATION |
| DS_ARTICLE_TYPE |
| DS_AUDIT_RESULT |
| DS_AUDIT_ROLE |
| DS_AUDIT_SETTING |
| DS_BLOCK |
| DS_BLOCK_COLUMN_LIST |
| DS_COLUMN |
| DS_COLUMN_DISPLAY |
| DS_COLUMN_PERM |
| DS_COLUMN_TEMPLATE |
| DS_DEPSET |
| DS_FORM |
| DS_FORM_COLUMN |
| DS_FORM_DATA |
| DS_FORM_ITEM |
| DS_ICON |
| DS_KEYWORD |
| DS_PAGE_TEMPLATE |
| DS_POPWINDOW |
| DS_SPECIAL_COLUMN_SOURCE |
| DS_SPECIAL_TOPIC |
| DS_SYSTEMSET |
| DS_TEACHER_PAGE |
| DS_TEMPLATE_SET |
| DS_VOICESET |
| FM_ARTICLE |
| FM_ARTICLE_TYPE |
| FM_FACE |
| FM_FAVORITE |
| FM_FORUM |
| FM_FORUM_USER |
| FM_TEMPLATE |
| FM_THREAD |
| FM_USER_EXT |
| GUESTBOOK_FACE |
| GUESTBOOK_MESSAGE |
| GUESTBOOK_REPLY |
| GUESTBOOK_SORT |
| GUESTBOOK_SYSTEMSET |
| INTERNAL_MAIL_CONTACT |
| INTERNAL_MAIL_FOLDER |
| INTERNAL_MAIL_INFO |
| INTERNAL_MAIL_PROPERTY |
| INVESTIGATION_ANSWER |
| INVESTIGATION_COMMENT |
| INVESTIGATION_ITEM |
| INVESTIGATION_PAPER |
| INVESTIGATION_PROBLEM |
| INVESTIGATION_RESPONDENT |
| INVESTIGATION_USERSET |
| IP_ADDRESS |
| IP_ADDRESS_GROUP |
| IP_CONTROL_RESOURCE |
| IP_CONTROL_STRATEGY |
| JG_SIGNUP |
| LOG_RESOURCE |
| MODULES |
| OA_ADDRESS_SORT |
| OA_ARCHIVE_DOWN |
| OA_ARCHIVE_DOWN_OBJ |
| OA_ARCHIVE_REQ |
| OA_ARCHIVE_SERIESE |
| OA_ARCHIVE_TYPE |
| OA_ARCHIVE_UP |
| OA_ARCHIVE_UPREQ_OBJ |
| OA_DEPARTMENT |
| OA_GROUP |
| OA_GROUP_USER |
| OA_NOTICE |
| OA_NOTICE_OBJ |
| OA_PERSONAL_ADDRESS |
| OA_PERSONAL_SCHEDULE |
| OA_POST |
| OA_TASK_OBJ |
| OA_USER |
| SF_BUSINESS_RESOURCE |
| SF_GROUP |
| SF_GROUP_CLASS |
| SF_GROUP_USER_ROLE |
| SF_ONLINE_SESSION |
| SF_PRINCIPAL_PERM |
| SF_REGISTER_SETTING |
| SF_REGISTER_USER |
| SF_ROLE |
| SF_SYSTEM_RESOURCE |
| SF_USER |
| SF_USER_GROUP |
| SF_USER_LOGIN |
| SF_USER_ROLE |
| SMS_GROUP |
| SMS_GROUP_CONTACT |
| SMS_RECORD |
| SMS_RPT |
| THEOL_ACCESSCOUNTER |
| THEOL_FILES |
| THEOL_LOG |
| THEOL_TASK |
| THEOL_TASK_ASSIGNMENT |
| YH_COLUMN |
| YH_NEWS |
| YH_ONLINE_TEST |
| YH_USER |
+--------------------------+
就这样吧,貌似系统听庞大的!!
修复方案:
静态网页吧!
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:6
确认时间:2014-05-20 10:24
厂商回复:
正在通知相关学校处理
最新状态:
暂无