漏洞概要 关注数(9) 关注此漏洞
缺陷编号: WooYun-2016-180075
漏洞标题: Japan Tokyo Women's Medical University multiple SQL injection vulnerabilities/any mail forgery/xss
相关厂商: 东京女子医科大学
漏洞作者: 路人甲
提交时间: 2016-03-02 20:27
公开时间: 2016-04-18 08:48
漏洞类型: SQL注射漏洞
危害等级: 高
自评Rank: 20
漏洞状态: 已交由第三方合作机构(日本国家互联网应急中心(JPCERT/CC))处理
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: 无
漏洞详情
披露状态:
2016-03-02: 细节已通知厂商并且等待厂商处理中
2016-03-04: 厂商已经确认,细节仅向厂商公开
2016-03-14: 细节向核心白帽子及相关领域专家公开
2016-03-24: 细节向普通白帽子公开
2016-04-03: 细节向实习白帽子公开
2016-04-18: 细节向公众公开
简要描述:
rt 蹭网提交漏洞是何等的卧槽?
详细说明:
Suman , see the phone profile
Very famous
Multiple sql injection vulnerability
http://**.**.**.**mu.ac.jp/twmhp/KgApp?kozac=C10100000000%27%20and%20%27%27=%27&year=2013
use sqlmap
Multiple injection of the same database
information_schema table
pg_catalog table 48
public table 117 (Too much public database)
It is also used a Joomla Spider Random Article SQL Injection
Technology gap , not use
---------------------------------------------分隔符-----------------------------------
any mail forgery
They will receive
It can be used for phishing attacks
Only for demonstration
-----------------------------------------分隔符---------------------------------------
There is also a XSS
two URL...........
漏洞证明:
It has proved to be described in detail
修复方案:
filter
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:20
确认时间:2016-03-04 08:48
厂商回复:
最新状态:
2016-03-04:Hello, 路人甲. This is JPCERT/CC. Thank you for your information. We will notify this vulnerability notes to Tokyo Women's Medical University.
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
( 核心白帽子 | Rank:1809 漏洞数:214 | 不接单、不黑产;如遇冒名顶替接单收徒、绝...)
评论