当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0147992

漏洞标题:某书目数据检索系统oracle时间盲注一枚(影响众多高校)

相关厂商:北京金盘软件技术有限公司

漏洞作者: 路人甲

提交时间:2015-10-22 10:04

修复时间:2015-12-17 14:48

公开时间:2015-12-17 14:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:13

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-22: 细节已通知厂商并且等待厂商处理中
2015-10-27: 厂商已经确认,细节仅向厂商公开
2015-10-30: 细节向第三方安全合作伙伴开放(绿盟科技唐朝安全巡航
2015-12-21: 细节向核心白帽子及相关领域专家公开
2015-12-31: 细节向普通白帽子公开
2016-01-10: 细节向实习白帽子公开
2015-12-17: 细节向公众公开

简要描述:

详细说明:

某书目数据检索系统oracle时间盲注一枚(影响众多高校)。
案例:
**.**.**.**/gdweb/ScarchList.aspx
**.**.**.**:8098/ScarchList.aspx
http://**.**.**.**:8086/gdlisweb/ScarchList.aspx
http://**.**.**.**:82/netweb/ScarchList.aspx
http://**.**.**.**/ScarchList.aspx
**.**.**.**/ScarchList.aspx

漏洞证明:

案例证明:
**.**.**.**/gdweb/ScarchList.aspx

QQ图片20151020103920.png


POST /gdweb/ScarchList.aspx HTTP/1.1
Accept: */*
Accept-Language: zh-cn
Referer: **.**.**.**/gdweb/ScarchList.aspx
x-microsoftajax: Delta=true
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
DontTrackMeHere: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Host: **.**.**.**
Content-Length: 4824
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: ASP.NET_SessionId=towt5cmnyypwzdzrxx2oaoeh
ScriptManager1=UpdatePanel1|Button1&__EVENTTARGET=Button1&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJOTU1ODkwNjM4D2QWAgIDD2QWAgIFD2QWAmYPZBYMAgEPZBYEAgEPFgIeCWlubmVyaHRtbAUt5rGf6KW%2F5Yac5Lia5aSn5a2m5Zu%2B5Lmm6aaG6aaG6JeP5p%2Bl6K%2Bi57O757ufZAIDDw8WAh4EVGV4dAWOBjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdkZWZhdWx0LmFzcHgnPjxzcGFuPummlumhtTwvc3Bhbj48L0E%2BPC90ZD48dGQgc3R5bGU9ImhlaWdodDogMjFweCI%2BPEEgaHJlZj0nZGVmYXVsdC5hc3B4Jz48c3Bhbj7kuabnm67mn6Xor6I8L3NwYW4%2BPC9BPjwvdGQ%2BPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J01hZ2F6aW5lQ2FudG9TY2FyY2guYXNweCc%2BPHNwYW4%2B5pyf5YiK56%2BH5ZCNPC9zcGFuPjwvQT48L3RkPjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdSZXNlcnZlZExpc3QuYXNweCc%2BPHNwYW4%2B6aKE57qm5Yiw6aaGPC9zcGFuPjwvQT48L3RkPjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdFeHBpcmVkTGlzdC5hc3B4Jz48c3Bhbj7otoXmnJ%2FlhazlkYo8L3NwYW4%2BPC9BPjwvdGQ%2BPHRkIHN0eWxlPSJoZWlnaHQ6IDIxcHgiPjxBIGhyZWY9J05ld0Jvb0tTY2FyY2guYXNweCc%2BPHNwYW4%2B5paw5Lmm6YCa5oqlPC9zcGFuPjwvQT48L3RkPjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdBZHZpY2VzU2NhcmNoLmFzcHgnPjxzcGFuPuaDheaKpeajgOe0ojwvc3Bhbj48L0E%2BPC90ZD48dGQgc3R5bGU9ImhlaWdodDogMjFweCI%2BPEEgaHJlZj0nQ29tbWVuZE5ld0Jvb2tTY2FyY2guYXNweCc%2BPHNwYW4%2B5paw5Lmm5b6B6K6iPC9zcGFuPjwvQT48L3RkPjx0ZCBzdHlsZT0iaGVpZ2h0OiAyMXB4Ij48QSBocmVmPSdSZWFkZXJMb2dpbi5hc3B4Jz48c3Bhbj7or7vogIXnmbvlvZU8L3NwYW4%2BPC9BPjwvdGQ%2BZGQCAw8PFgIfAQUt5rGf6KW%2F5Yac5Lia5aSn5a2m5Zu%2B5Lmm6aaG5Lmm55uu5pWw5o2u5p%2Bl6K%2BiZGQCBQ9kFgQCAg8PFgIfAQUyPHNwYW4%2B5qyi6L%2BO5oKoOkd1ZXN0IOivt%2BmAieaLqeS9oOeahOaTjeS9nDwvc3Bhbj5kZAIDDw8WAh4HVmlzaWJsZWhkZAIPDw8WAh8BBSPlkb3kuK3nm67moIfmlbA6MyAg6ICX5pe2OjAwLjIwOOenkmRkAhcPFgIeC18hSXRlbUNvdW50AgMWBmYPZBYaAgMPDxYCHwEFlAE8YSBjbGFzcz0nV0wnICBocmVmPSdCYXNlVmlldy5hc3B4P0lEPTAnPuOAiuWwj%2BivtOaciOaKpSAgMTkyNuW5tDE35Y23MTAtMTLjgIsmbmJzcCZuYnNwJm5ic3AmbmJzcCZuYnNwJm5ic3AmbmJzcCZuYnNwW%2BeCueWHu%2Bafpeeci%2Bivpue7huS%2FoeaBr108L2E%2BZGQCBA8VAhIxLzQ6MTcoMTAtMTIpLzE5MjYAZAIFDw8WAh8BZWRkAgcPDxYCHwFlZGQCCQ8PFgIfAWVkZAILDw8WAh8BZWRkAg0PDxYCHwEFHDxhIGhyZWY9IHRhcmdldD1fYmxhbmsgPjwvYT5kZAIPDw8WAh8BBWM8aW1nIHNyYz0iSW1hZ2VzLzEzLnBuZyIgd2lkdGg9IjE2IiBoZWlnaHQ9IjE2IiAvPummhuiXj%2BaVsDpbM10g5Y%2Bv5aSW5YCf5pWwOlszXSAmbmJzcDsmbmJzcDsmbmJzcDtkZAIQDxUBBTM0OTA5ZAIRDw8WAh8BBWXmiYDlsZ7moKHljLo6PGZvbnQgY29sb3I9IiNGRjAwMDAiPjxkaXY%2BPHN0cm9uZz7msZ%2Fopb%2FlhpzkuJrlpKflrablm77kuabppoY8YnI%2BPC9zdHJvbmc%2BPC9kaXY%2BPC9mb250PmRkAhMPFgIfAmhkAhQPDxYCHwJoZGQCGA8WAh4KQ29udGV4dEtleQUFMzQ5MDlkAgEPZBYaAgMPDxYCHwEFngE8YSBjbGFzcz0nV0wnICBocmVmPSdCYXNlVmlldy5hc3B4P0lEPTEnPuOAiuS4lueVjOaWh%2BWtpuWQjeiRl%2BmAieivuyAgMSAg5Lqa6Z2e5paH5a2m44CLJm5ic3AmbmJzcCZuYnNwJm5ic3AmbmJzcCZuYnNwJm5ic3AmbmJzcFvngrnlh7vmn6XnnIvor6bnu4bkv6Hmga9dPC9hPmRkAgQPFQIHMTEvMTc6MQ03LTA0LTAwMzQzOS01ZAIFDw8WAh8BZWRkAgcPDxYCHwFlZGQCCQ8PFgIfAWVkZAILDw8WAh8BZWRkAg0PDxYCHwEFHDxhIGhyZWY9IHRhcmdldD1fYmxhbmsgPjwvYT5kZAIPDw8WAh8BBWM8aW1nIHNyYz0iSW1hZ2VzLzEzLnBuZyIgd2lkdGg9IjE2IiBoZWlnaHQ9IjE2IiAvPummhuiXj%2BaVsDpbM10g5Y%2Bv5aSW5YCf5pWwOlszXSAmbmJzcDsmbmJzcDsmbmJzcDtkZAIQDxUBBTM1MzM1ZAIRDw8WAh8BBWXmiYDlsZ7moKHljLo6PGZvbnQgY29sb3I9IiNGRjAwMDAiPjxkaXY%2BPHN0cm9uZz7msZ%2Fopb%2FlhpzkuJrlpKflrablm77kuabppoY8YnI%2BPC9zdHJvbmc%2BPC9kaXY%2BPC9mb250PmRkAhMPFgIfAmhkAhQPDxYCHwJoZGQCGA8WAh8EBQUzNTMzNWQCAg9kFhoCAw8PFgIfAQWVATxhIGNsYXNzPSdXTCcgIGhyZWY9J0Jhc2VWaWV3LmFzcHg%2FSUQ9Mic%2B44CK5pGY6K%2BRICDkuIDkuZ3kuIPlha3lubTnrKzlhavmnJ%2FjgIsmbmJzcCZuYnNwJm5ic3AmbmJzcCZuYnNwJm5ic3AmbmJzcCZuYnNwW%2BeCueWHu%2Bafpeeci%2Bivpue7huS%2FoeaBr108L2E%2BZGQCBA8VAgcxMS8xOjI3AGQCBQ8PFgIfAWVkZAIHDw8WAh8BZWRkAgkPDxYCHwFlZGQCCw8PFgIfAWVkZAINDw8WAh8BBRw8YSBocmVmPSB0YXJnZXQ9X2JsYW5rID48L2E%2BZGQCDw8PFgIfAQVjPGltZyBzcmM9IkltYWdlcy8xMy5wbmciIHdpZHRoPSIxNiIgaGVpZ2h0PSIxNiIgLz7ppobol4%2FmlbA6WzJdIOWPr%2BWkluWAn%2BaVsDpbMl0gJm5ic3A7Jm5ic3A7Jm5ic3A7ZGQCEA8VAQUzMzgzOGQCEQ8PFgIfAQVl5omA5bGe5qCh5Yy6Ojxmb250IGNvbG9yPSIjRkYwMDAwIj48ZGl2PjxzdHJvbmc%2B5rGf6KW%2F5Yac5Lia5aSn5a2m5Zu%2B5Lmm6aaGPGJyPjwvc3Ryb25nPjwvZGl2PjwvZm9udD5kZAITDxYCHwJoZAIUDw8WAh8CaGRkAhgPFgIfBAUFMzM4MzhkAhkPDxYCHwEF%2FQHlhbEx6aG1IOesrDDpobU8YSBocmVmPSJTY2FyY2hMaXN0LmFzcHg%2FUGFnZT0xIj4g56ys5LiA6aG1PC9hPjxhIGhyZWY9IlNjYXJjaExpc3QuYXNweD9QYWdlPS0xIj4g5LiK5LiA6aG1PC9hPjxhIGhyZWY9IlNjYXJjaExpc3QuYXNweD9QYWdlPTEiPiZuYnNwWzFdJm5ic3A8L2E%2BPGEgaHJlZj0iU2NhcmNoTGlzdC5hc3B4P1BhZ2U9MSI%2BIOS4i%2BS4gOmhtTwvYT48YSBocmVmPSJTY2FyY2hMaXN0LmFzcHg%2FUGFnZT0xIj4g5pyA5ZCO5LiA6aG1ZGRk6Zhz9y9JiuAluhBybs5f%2By5hLyY%3D&__EVENTVALIDATION=%2FwEWGALn%2Bsb5DQLgnZ70BAKlururBQLzyoK0AQKIyLuBCgLa4tPQAgLohNjtAwLztrOJAwLs0Yq1BQLT37y%2FCQKSy7y%2FCQLzhoi5AgLD5rypDwKM54rGBgKnururBQLxyoK0AQLY4tPQAgL4rPjBBwLqhNjtAwKKyLuBCgKyvbCXBgL5taD%2FCgLDr6P%2FCgK7q7GGCI%2F1o%2Fo2HBJYZdprKr61o8xCEEUp&DropDownList1=%E9%A2%98%E5%90%8D&TextBox3=1&DropDownList2=%E4%B8%AD%E9%97%B4%E4%B8%80%E8%87%B4&radio=%E7%BB%93%E6%9E%9C&DropDownList3=%E9%A2%98%E5%90%8D&DropDownList4=%E5%8D%87%E5%BA%8F&hiddenInputToUpdateATBuffer_CommonToolkitScripts=1&


QQ图片20151020112630.png


修复方案:

...

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-10-27 08:26

厂商回复:

CNVD确认所述情况,已经由CNVD通过以往建立的处置渠道软件生产厂商通报;并抄报给教育网应急组织,由其后续协调网站管理单位处置.

最新状态:

暂无


漏洞评价:

评价