当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0143870

漏洞标题:人民大学sql注入一枚 可shell

相关厂商:中国人民大学

漏洞作者: MAX丶

提交时间:2015-09-28 13:39

修复时间:2015-11-12 14:54

公开时间:2015-11-12 14:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-09-28: 细节已通知厂商并且等待厂商处理中
2015-09-28: 厂商已经确认,细节仅向厂商公开
2015-10-08: 细节向核心白帽子及相关领域专家公开
2015-10-18: 细节向普通白帽子公开
2015-10-28: 细节向实习白帽子公开
2015-11-12: 细节向公众公开

简要描述:

额...

详细说明:

漏洞地址:http://career.ruc.edu.cn/article_show2.asp?id=2935

漏洞证明:

QQ截图20150928131205.png


Database: msdb
[78 tables]
+--------------------------------+
| RTblClassDefs |
| RTblClassExtension |
| RTblDBMProps |
| RTblDBXProps |
| RTblDTMProps |
| RTblDTSProps |
| RTblDatabaseVersion |
| RTblEQMProps |
| RTblEnumerationDef |
| RTblEnumerationValueDef |
| RTblGENProps |
| RTblIfaceDefs |
| RTblIfaceHier |
| RTblIfaceMem |
| RTblMDSProps |
| RTblNamedObj |
| RTblOLPProps |
| RTblParameterDef |
| RTblPropDefs |
| RTblProps |
| RTblRelColDefs |
| RTblRelshipDefs |
| RTblRelshipProps |
| RTblRelships |
| RTblSIMProps |
| RTblScriptDefs |
| RTblSites |
| RTblSumInfo |
| RTblTFMProps |
| RTblTypeInfo |
| RTblTypeLibs |
| RTblUMLProps |
| RTblUMXProps |
| RTblVersionAdminInfo |
| RTblVersions |
| RTblWorkspaceItems |
| backupfile |
| backupmediafamily |
| backupmediaset |
| backupset |
| log_shipping_primaries |
| log_shipping_secondaries |
| logmarkhistory |
| mswebtasks |
| restorefilegroup |
| restorefilegroup |
| restorehistory |
| sqlagent_info |
| sysalerts |
| syscachedcredentials |
| syscategories |
| sysconstraints |
| sysdbmaintplan_databases |
| sysdbmaintplan_history |
| sysdbmaintplan_jobs |
| sysdbmaintplans |
| sysdownloadlist |
| sysdtscategories |
| sysdtspackagelog |
| sysdtspackages |
| sysdtssteplog |
| sysdtstasklog |
| sysjobhistory |
| sysjobs_view |
| sysjobs_view |
| sysjobschedules |
| sysjobservers |
| sysjobsteps |
| sysnotifications |
| sysoperators |
| syssegments |
| systargetservergroupmembers |
| systargetservergroups |
| systargetservers_view |
| systargetservers_view |
| systaskids |
| systasks_view |
| systasks_view |
+--------------------------------+
Database: pubs
[15 tables]
+--------------------------------+
| authors |
| discounts |
| dtproperties |
| employee |
| jobs |
| pub_info |
| publishers |
| roysched |
| sales |
| stores |
| sysconstraints |
| syssegments |
| titleauthor |
| titles |
| titleview |
+--------------------------------+
Database: XscDb
[51 tables]
+--------------------------------+
| HistoryInfo |
| SurveyInfo |
| Update2Info |
| UpdateInfo |
| black |
| byqxdm |
| bys10002 |
| ccruc_syk |
| ccruc_syk |
| dtproperties |
| dwhydm |
| dwhydm |
| dwjjdmk |
| dwk |
| dwlsbmdm |
| dwlsdmk |
| dwpqk |
| dwszd_update |
| dwszddm |
| dwxzdmk |
| dwxzdmk |
| dxhzz |
| gzzw |
| jyxsdm_use |
| jyxsdm_use |
| ninety |
| pyfsdm |
| spring10002 |
| sscj02 |
| syk_ccruc |
| syk_ccruc |
| syk_tmp |
| sysconstraints |
| syssegments |
| waidi |
| wqy |
| xl_zy |
| xqxx_xlbak |
| xqxx_xlbak |
| xqxx_xlbak |
| xqxx_zybak |
| xqxx_zybak |
| xqxxbak |
| xqxxtj |
| xsm |
| xyzp |
| yjs_xsh |
| yqy |
| yxall |
| zyhz |
| zzmmdm |
+--------------------------------+
Database: model
[2 tables]
+--------------------------------+
| sysconstraints |
| syssegments |
+--------------------------------+
Database: mypower3513
[41 tables]
+--------------------------------+
| Admin |
| Advertisement |
| Announce |
| ArticleClass |
| ArticleComment |
| Channel |
| D99_CMD |
| D99_Tmp |
| FriendSite |
| Guest |
| Layout |
| Skin |
| Special |
| Vote |
| WCRTEMP00011 |
| WCRTEMP00012 |
| WCRTEMP00013 |
| WCRTEMP00014 |
| WCRTEMP00015 |
| WCRTEMP00017 |
| WCRTEMP00018 |
| WCRTEMP00019 |
| WCRTEMP00020 |
| <%NoDown%> |
| Article 查询
| Article 查询
| comd_list |
| dtproperties |
| foofoofoo |
| invest |
| kill_kk |
| picnews |
| shit_tmp |
| sysconstraints |
| syssegments |
| t_jiaozhu |
| visit |
| zSVK1 |
| zSVK2 |
| zSVK3 |
| 查询1
+--------------------------------+
Database: Northwind
[32 tables]
+--------------------------------+
| Categories |
| CustomerCustomerDemo |
| CustomerDemographics |
| Customers |
| EmployeeTerritories |
| Employees |
| Invoices |
| Region |
| Shippers |
| Suppliers |
| Territories |
| Alphabetical list of products |
| Category Sales for 1997 |
| Current Product List |
| Customer and Suppliers by City |
| Order Details Extended |
| Order Details Extended |
| Order Subtotals |
| Orders Qry |
| Orders Qry |
| Product Sales for 1997 |
| Products Above Average Price |
| Products Above Average Price |
| Products by Category |
| Quarterly Orders |
| Sales Totals by Amount |
| Sales by Category |
| Summary of Sales by Quarter |
| Summary of Sales by Year |
| dtproperties |
| sysconstraints |
| syssegments |
+--------------------------------+
Database: webconsul
[21 tables]
+--------------------------------+
| dtproperties |
| sysconstraints |
| syssegments |
| tb_admin |
| tb_bzzy |
| tb_grzx |
| tb_gzx |
| tb_news |
| tb_pc |
| tb_stu |
| tb_swhf |
| tb_swlx |
| tb_swwt |
| tb_teacher |
| tb_ttxx |
| tb_ttzx |
| tb_zxlx |
| tb_zxwt |
| tb_zxzt |
| tb_zylx |
| tb_zylx |
+--------------------------------+
这是只是一部分= =】

修复方案:

你们懂得】

版权声明:转载请注明来源 MAX丶@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-09-28 14:52

厂商回复:

已通知相关人员进行处理

最新状态:

暂无