乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-06-23: 细节已通知厂商并且等待厂商处理中 2015-06-26: 厂商已经确认,细节仅向厂商公开 2015-06-29: 细节向第三方安全合作伙伴开放 2015-08-20: 细节向核心白帽子及相关领域专家公开 2015-08-30: 细节向普通白帽子公开 2015-09-09: 细节向实习白帽子公开 2015-09-24: 细节向公众公开
另5枚打包提交来
北京高百特科技有限公司开发的高百特网络视频会议系统支持几千人同时参加会议,支持工作会议、远程培训、产品销售、在线研讨会、咨询服务等各种应用场景,并与行业结合提供各类行业的解决方案,全高清视频和高保真音质效果突破地域的限制,丰富的多媒体互动和数据共享功能让沟通更方便。SQL1:
/web/users/depttree.php?deptid=&level=0&deptname= deptid 存在注入
Case:
http://115.28.233.30:7921/web/users/depttree.php?deptid=&level=0&deptname=http://1.93.4.40:89/web/users/depttree.php?deptid=&level=0&deptname=http://www.bj-tofi.com:89/web/users/depttree.php?deptid=&level=0&deptname=http://218.89.3.21:89/web/users/depttree.php?deptid=&level=0&deptname=http://121.199.29.166:89/users/depttree.php?deptid=&level=0&deptname=http://122.200.76.233/web/users/depttree.php?deptid=&level=0&deptname=
SQL2:
/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8 confid存在注入
http://115.28.233.30:7921/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8http://218.89.3.21:89/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8http://www.bj-tofi.com:89/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8http://122.200.76.233/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8http://1.93.4.40:89/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8
SQL3:
/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 parentid存在注入
http://121.199.29.166:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772http://122.200.76.233/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772http://www.bj-tofi.com:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772http://218.89.3.21:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772http://115.28.233.30:7921/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772http://1.93.4.40:89/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772
SQL4:
/web/department/depttree.php?parentid=1 parentid存在注入
http://121.199.29.166:89/web/department/depttree.php?parentid=1http://122.200.76.233/web/department/depttree.php?parentid=1http://www.bj-tofi.com:89/web/department/depttree.php?parentid=1http://218.89.3.21:89/web/department/depttree.php?parentid=1http://115.28.233.30:7921/web/department/depttree.php?parentid=1http://1.93.4.40:89/web/department/depttree.php?parentid=1
SQL5:
/web/dept.php?lan=zh_cn&deptcode=root deptcode存在注入
http://121.199.29.166:89/web/dept.php?lan=zh_cn&deptcode=roothttp://122.200.76.233/web/dept.php?lan=zh_cn&deptcode=roothttp://www.bj-tofi.com:89/web/dept.php?lan=zh_cn&deptcode=roothttp://218.89.3.21:89/web/dept.php?lan=zh_cn&deptcode=roothttp://115.28.233.30:7921/web/dept.php?lan=zh_cn&deptcode=roothttp://1.93.4.40:89/web/dept.php?lan=zh_cn&deptcode=root
证明:
第一处证明:/web/users/depttree.php?deptid=&level=0&deptname= 第二处证明:/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8 第三处证明:/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772 第四处证明:/web/department/depttree.php?parentid=1 第五处证明:/web/dept.php?lan=zh_cn&deptcode=root
第二处证明:/web/conferences/journal.php?confid=732453&page=2&topic=SMB%E6%B8%A0%E9%81%93%E6%9C%8D%E5%8A%A1%E6%94%BF%E7%AD%96%E8%AE%A8%E8%AE%BA-2&funid=8
第三处证明:/web/monitor/depttree.php?parentid=&level=0&deptname=&ran=1434786772
第四处证明:/web/department/depttree.php?parentid=1
第五处证明:/web/dept.php?lan=zh_cn&deptcode=root
危害等级:高
漏洞Rank:13
确认时间:2015-06-26 16:14
CNVD确认所述情况,已由CNVD通过软件生产厂商公开联系渠道向其邮件通报,由其后续提供解决方案并协调相关用户单位处置。
暂无