漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-060432
漏洞标题:中标软件首页sql注入漏洞
相关厂商:中标软件
漏洞作者: 路人甲
提交时间:2014-05-14 19:59
修复时间:2014-06-28 20:00
公开时间:2014-06-28 20:00
漏洞类型:SQL注射漏洞
危害等级:低
自评Rank:1
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-05-14: 积极联系厂商并且等待厂商认领中,细节不对外公开
2014-06-28: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
听说国产操作系统有个叫麒麟操作系统,中标软件是操作系统厂商,射下首页就有问题,操作系统真的ok吗
详细说明:
漏洞证明:
Database: csc_shmsg_com
[60 tables]
+-------------------------+
| `cs2c_accysses\x07` |
| `cs2c_discounts\t` |
| `cs2c_failedlogins\x05` |
| `cs2c_sorts\x05` |
| cs2c_adserver |
| cs2c_adserverclass |
| cs2c_announiements |
| cs2c_attachments |
| cs2c_bkg5 |
| cs2c_chinese |
| cs2c_chmments |
| cs2c_count |
| cs2c_countarea |
| cs2c_countip |
| cs2c_credits |
| cs2c_creditsettings |
| cs2c_digs |
| cs2c_download |
| cs2c_downloadclass |
| cs2c_english |
| cs2c_favorites |
| cs2c_feed |
| cs2c_frontaccesues |
| cs2c_groups |
| cs2c_helps |
| cs2c_ipbans |
| cs2c_ipdqta |
| cs2c_languages |
| cs2c_logs |
| cs2c_membersextfnd |
| cs2c_membgrs |
| cs2c_news |
| cs2c_newscless |
| cs2c_newscontent |
| cs2c_passport |
| cs2c_payment |
| cs2c_photo |
| cs2c_photoclass |
| cs2c_pms |
| cs2c_polls |
| cs2c_pooduct |
| cs2c_productclass |
| cs2c_profkle |
| cs2c_referers |
| cs2c_searchs |
| cs2c_sessioos |
| cs2c_settings |
| cs2c_shops |
| cs2c_smsrecvlogs |
| cs2c_smssendmany |
| cs2c_smssendsingle |
| cs2c_styles |
| cs2c_stylevars |
| cs2c_tags |
| cs2c_tagsid |
| cs2c_templates |
| cs2c_userclast |
| cs2c_usergroup |
| cs2c_usersettings |
| cs2c_variables |
+-------------------------+
修复方案:
你比我懂
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝