漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2014-080193
漏洞标题:某建站系统存在多处SQL注入
相关厂商:nxsuny.com
漏洞作者: 路人甲
提交时间:2014-10-21 19:07
修复时间:2015-01-19 19:08
公开时间:2015-01-19 19:08
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:20
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2014-10-21: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-01-19: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
RT
一共四处奥 如果这个再被认定为不是同一套系统,我那就真对乌云失望了
详细说明:
宁夏闪讯网络科技有限公司开发的建站系统存在多处SQL注入,一共四处
官网:http://www.nxsuny.com
案例:
http://nxsmnszs.com/about.asp?AsSortID=1
http://nxsmnszs.com/proinfo.asp?id=351
http://nxsmnszs.com/newsinfo.asp?id=369
http://nxsmnszs.com/message.asp?AsSortID=33
http://www.nxadmc.com/about.asp?AsSortID=3
http://www.nxadmc.com/proinfo.asp?id=198
http://www.nxadmc.com/newsinfo.asp?id=210
http://www.nxadmc.com/message.asp?AsSortID=4
http://www.ychysp.com/about.asp?AsSortID=1
http://www.ychysp.com/proinfo.asp?id=562
http://www.ychysp.com/newsinfo.asp?id=378
http://www.ychysp.com/message.asp?AsSortID=53
http://www.nxyatfl.com/about.asp?AsSortID=64
http://www.nxyatfl.com/proinfo.asp?id=530
http://www.nxyatfl.com/newsinfo.asp?id=424
http://www.nxyatfl.com/message.asp?AsSortID=63
http://www.qzlpgs.com/about.asp?AsSortID=54
http://www.qzlpgs.com/proinfo.asp?id=866
http://www.qzlpgs.com/newsinfo.asp?id=390
http://www.qzlpgs.com/message.asp?AsSortID=53
http://www.grace-english.com/about.asp?AsSortID=30
http://www.grace-english.com/proinfo.asp?id=331
http://www.grace-english.com/newsinfo.asp?id=340
http://www.grace-english.com/message.asp?AsSortID=33
http://www.nxdongcheng.com/about.asp?AsSortID=1
http://www.nxdongcheng.com/proinfo.asp?id=740
http://www.nxdongcheng.com/newsinfo.asp?id=885
http://www.nxdongcheng.com/Article/Message.asp?ID=378
http://www.nxksjc.com/about.asp?AsSortID=1
http://www.nxksjc.com/proinfo.asp?id=664
http://www.nxksjc.com/newsinfo.asp?id=682
http://www.nxksjc.com/message.asp?AsSortID=64
http://www.usana1992.com/about.asp?AsSortID=53
http://www.usana1992.com/proinfo.asp?id=379
http://www.usana1992.com/newsinfo.asp?id=370
http://www.usana1992.com/message.asp?AsSortID=52
http://gesenna.gotoip3.com/about.asp?AsSortID=67
http://gesenna.gotoip3.com/proinfo.asp?id=443
http://gesenna.gotoip3.com/newsinfo.asp?id=495
http://gesenna.gotoip3.com/message.asp?AsSortID=66
http://www.nxthbp.com/about.asp?AsSortID=1
http://www.nxthbp.com/proinfo.asp?id=409
http://www.nxthbp.com/newsinfo.asp?id=487
http://www.nxthbp.com/message.asp?AsSortID=52
http://www.nxycwy.net/about.asp?AsSortID=1
http://www.nxycwy.net/proinfo.asp?id=499
http://www.nxycwy.net/newsinfo.asp?id=532
http://www.nxycwy.net/message.asp?AsSortID=64
漏洞证明:
修复方案:
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝