2004-12-13网站检测记录

漏洞测试:
输入地 http://www.gzjpg.com/2004/index/op_w.jsp?id=0000000000000000 ;
提示
com.ionglobal.lib.SysException: Archive(DBI,int) of Archive: select id,catid,title,subtitle,source,author,content,link,pic,keyword,hot,crdate
,cruser,status,classes,chdate,chuser,udtdate,udtuser,ordernum,hits from cms_archive where id=0

http://www.gzjpg.com/2004/index/op_w.jsp?id=1855
提示
java.lang.NumberFormatException: For input string: “1855′”

估计应该有注入漏洞,进一步测试。不是ASP。JSP不熟悉。努力。一定要KILL它!

———————
原地址加1 http://www.gzjpg.com/2004/about/stock.jsp?cid=478&catid=5261 ;
提示
500 Servlet Exception
com.ionglobal.lib.SysException: Category(DBI,int) of CateGory: this cateId
5261 not found in database!
    at com.ionglobal.db.Category.<init>(Category.java:72)
    at _2004._about._stock__jsp._jspService(/2004/about/../init_include.jsp:34)
    at com.caucho.jsp.JavaPage.service(JavaPage.java:74)
    at com.caucho.jsp.Page.subservice(Page.java:485)
    at com.caucho.server.http.FilterChainPage.doFilter(FilterChainPage.java:181)
    at com.caucho.server.http.Invocation.service(Invocation.java:291)
    at com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:132)
    at com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:341)
    at com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:271)
    at com.caucho.server.TcpConnection.run(TcpConnection.java:136)
    at java.lang.Thread.run(Thread.java:534)

—–由以上得到的地址访问
http://www.gzjpg.com/2004/about/../init_include.jsp
提示500 Servlet Exception
Note: sun.tools.javac.Main has been deprecated.
/2004/init_include.jsp:46: ‘}’ expected.
  }
   ^
/2004/init_include.jsp:48: ‘try’ without ‘catch’ or ‘finally’.
  private com.caucho.java.LineMap _caucho_line_map;
  ^
/2004/init_include.jsp:48: Statement expected.
  private com.caucho.java.LineMap _caucho_line_map;
  ^
3 errors, 1 warning

2004-12-13网站检测记录》有1个想法

  1. geking说:

    学计算机多帅啊……..崇拜…我要学习

    威阿 于 2009-02-20 07:56 PM 回复:
    这么老的丢人检查也给我翻出来了.晕.

发表评论

电子邮件地址不会被公开。