当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151005

漏洞标题:铭万某分站sql注入漏洞(涉及186个库)

相关厂商:北京铭万智达科技有限公司

漏洞作者: 深度安全实验室

提交时间:2015-11-02 09:54

修复时间:2015-11-07 09:56

公开时间:2015-11-07 09:56

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-02: 细节已通知厂商并且等待厂商处理中
2015-11-07: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

rt

详细说明:

http://b.b2b.cn/news/InfoList.aspx?categoryid=3&Names=1


注入点 Name

铭万b1.png


涉及186个库

b铭万dbs.png

漏洞证明:

available databases [186]:
[*] 186clubcomcn
[*] 2K36LtyH9pWgmA269Pcn
[*] 3zhongcn
[*] 517kmcom
[*] 88633222com
[*] bb2bcn
[*] bbscn-commcom
[*] bd16var365cn
[*] bd19var365cn
[*] bd20var365cn
[*] bj50var365cn
[*] bj52var365cn
[*] bj53var365cn
[*] bj54var365cn
[*] bj55var365cn
[*] bj60var365cn
[*] bj61var365cn
[*] bj62var365cn
[*] bj64var365cn
[*] bj88var36cnen
[*] bjdy888cn
[*] bjmicrocomcn
[*] bjsjzyazhicom
[*] carefortcom
[*] cbccncom
[*] cc09var365cn
[*] china-dongyucom
[*] china-sanbangcom
[*] china518comcn
[*] chinaneonnet
[*] chinasolargspcom
[*] chinastuntcom
[*] cqcsthcom
[*] cqlacc
[*] cqtyfjcom
[*] cqyanpaicn
[*] cqywjjcom
[*] cqyyylcom
[*] cs06var365cn
[*] cs07var365cn
[*] cs08var365cn
[*] cs107var365cn
[*] cs11var365cn
[*] cs13var365cn
[*] cs16var365cn
[*] cs298var365cn
[*] ddhhmjcn
[*] ddykcn
[*] deerruncn
[*] dfplascom
[*] dg03var365cn
[*] dl23var365cn
[*] dl24var365cn
[*] dl25var365cn
[*] dl26var365cn
[*] doujeacom
[*] dyjiaojucom
[*] EastAsia-adcn
[*] faithmantractorcom
[*] fjshihuicn
[*] fs13var365cn
[*] gg
[*] gz13var365cn
[*] hbyazhicom
[*] heb08var365cn
[*] heb10var365cn
[*] hjwjnet
[*] hkhangaocom
[*] hnsjzyazhicom
[*] hongjun333com
[*] hszshcn
[*] hyytguigangcn
[*] hz06var365cn
[*] hz07var365cn
[*] hzxlbjcom
[*] ijinqucom
[*] jbgycn
[*] jiarongjituancom
[*] jindadoucn
[*] jinguigroupcom
[*] jixinhuanbaocom
[*] jsdzyjinhuicn
[*] justboncn
[*] jxjgejcom
[*] katopcn
[*] kezseacom
[*] km07var365cn
[*] km08var365cn
[*] leekunnet
[*] lqwwxncom
[*] luzunjiuyecom
[*] master
[*] model
[*] msdb
[*] mz-ceramicscom
[*] newnorsencncom
[*] nj05var365cn
[*] nj06var365cn
[*] nuclear273cn
[*] pghuitongcom
[*] pilingkingcn
[*] qd14var365cn
[*] qd17var365cn
[*] qd18var365cn
[*] qdlanfancn
[*] qiluchaoshangcom
[*] rayfar-elcom
[*] rjbnqqslcom
[*] rusnorsencncom
[*] schkpackagecom
[*] sh-guangdecn
[*] sh269var365cn
[*] sh31var365cn
[*] sh33var365cn
[*] sh34var365cn
[*] sh35var365
[*] sh35var365cn
[*] sh36var365cn
[*] sh38var365cn
[*] sh43var365cn
[*] sh44var365cn
[*] sh49var365cn
[*] sh50var365cn
[*] shenyangmeialicom
[*] sixb2bcn
[*] sjz05var365cn
[*] sjz07var365cn
[*] sxsjzyazhicom
[*] sxsmzscn
[*] sxzxjlcom
[*] sytianyilongcom
[*] sz22var365cn
[*] sz23var365cn
[*] teemingcn
[*] tempdb
[*] terxindacom
[*] test
[*] thbnqqslcom
[*] thhzcn
[*] tianbangcc
[*] tianruiaircoolercom
[*] tj-chzmvar365cn
[*] tj-haidecom
[*] tj-hcsmvar365cn
[*] tj-hdytvar365cn
[*] tj-hyslvar365cn
[*] tj-jsddvar365cn
[*] tj-jsyvar365cn
[*] tj-junjievar365cn
[*] tj-jyhwvar365cn
[*] tj-nttcvar365cn
[*] tj-obtvar365cn
[*] tj-pksdvar365cn
[*] tj-rjfvar365cn
[*] tj-rjysvar365cn
[*] tj-sftvar365cn
[*] tj-thjcvar365cn
[*] ts04var365cn
[*] ts08var365cn
[*] ts09var365cn
[*] ts11var365cn
[*] ts56var365cn
[*] tssjzyazhicom
[*] v-rivercom
[*] wanquantoolscn
[*] wx22var365cn
[*] wx23var365cn
[*] wxchsqcom
[*] wxnashcom
[*] xlmsmvar365cn
[*] xn--chqrB919X5eBcn
[*] xn--fjQ6Jk75Acn
[*] xn--pbto87ccglcn
[*] xn--rny09s5pp5gmcom
[*] xn--ssSA199Vcom
[*] xn--tfrx0scom
[*] xn--uiSr0Gg14Enet
[*] xn--vhqq32df13ax6lcn
[*] xn--wlQu3P71Kdk4Acn
[*] xn--wlQu3pkzAo18Jcn
[*] ynxmj01var365cn
[*] yxyspcom
[*] zgbxhbcom
[*] zgqichewcn
[*] zhongjievar365cn
[*] zz200var365cn

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-07 09:56

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无