当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155549

漏洞标题:某卫生和计划生育局存在注入,泄露数据库

相关厂商:cncert国家互联网应急中心

漏洞作者: thewind

提交时间:2015-11-24 20:58

修复时间:2016-01-11 17:26

公开时间:2016-01-11 17:26

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-24: 细节已通知厂商并且等待厂商处理中
2015-11-27: 厂商已经确认,细节仅向厂商公开
2015-12-07: 细节向核心白帽子及相关领域专家公开
2015-12-17: 细节向普通白帽子公开
2015-12-27: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

sql

详细说明:

参数过滤不足,导致sql注入

漏洞证明:

http://**.**.**.**/


舟山市卫生和计划生育局

11111.png


pr.png


POST /jzxx.aspx?lb=%u5728%u7ebf%u54a8%u8be2&slbh=iqUFvS3m HTTP/1.1
Content-Length: 13136
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://**.**.**.**:80/
Cookie: ASP.NET_SessionId=l4kdwb2ghvwkir55frhkzbet
Host: **.**.**.**
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
IB_cx=&IB_wyxx=&jzxx1_GV_SHOW_JumpBox=1&TextBox_slbh=1&Zncx1%24IB_search=&Zncx1%24TB_search=&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWCQLz66bVAwLBt7r%2bBQKYie3MDALokYizCQK0zZfqCQKLysu4DQLjpOiOBwK9yZTuDQLmpPzpD43QMxrE6HSunq/KpHj8eguXDgqq&__VIEWSTATE=/wEPDwULLTE3Nzk2ODY4OTQPZBYCAgMPZBYGZg9kFgICAw8PZBYCHgVzdHlsZQUibWFyZ2luLWxlZnQ6NHB4O21hcmdpbi1yaWdodDoyMnB4O2QCAg9kFgQCAQ8WAh8ABQxkaXNwbGF5Om5vbmVkAgMPFgIfAAUNZGlzcGxheTpibG9ja2QCBg8PFgYeA1NRTAV%2bc2VsZWN0IGJ0LGZrenQsaWQsZHdpZCx0anNqLGxiLGN4YmggZnJvbSB4eGZrIHdoZXJlIHNmZ2s9J%2bS4jeS/neWvhicgYW5kIGR3aWQ9J2R3MDAxJyBhbmQgbGI9J%2bWcqOe6v%2bWSqOivoicgb3JkZXIgYnkgdGpzaiBkZXNjHgVDb3VudAI1HglQYWdlQ291bnQCA2QWAmYPPCsADQIADxYGHgpTaG93Rm9vdGVyZx4LXyFEYXRhQm91bmRnHgtfIUl0ZW1Db3VudAIUFgYeEGJvcmRlckNvbG9yTGlnaHQFByNmZmZmZmYeD2JvcmRlckNvbG9yRGFyawUHI2ZmZmZmZh8ABRdib3JkZXJDb2xsYXBzZTpzZXBhcmF0ZQEQFgRmAgECAgIDFgQ8KwAFAQAWAh4OU29ydEV4cHJlc3Npb24FAmJ0PCsABQEAFgIfCQUEY3hiaDwrAAUBABYCHwkFBGZrenQ8KwAFAQAWAh8JBQJpZBYEZmZmZhYCZg9kFipmDw8WAh4HVmlzaWJsZWhkZAIBDw9kFgYfAAVrYmFja2dyb3VuZC1pbWFnZTp1cmwoJy4uL2ltYWdlc193c2ovanp4eC81LmpwZycpOyBiYWNrZ3JvdW5kLXJlcGVhdDpyZXBlYXQteDtiYWNrZ3JvdW5kLXBvc2l0aW9uOi0xMHB4IDMycHgeC29ubW91c2VvdmVyBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQSceCm9ubW91c2VvdXQFInRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPSd3aGl0ZScWCGYPDxYCHgRUZXh0BZEBPGEgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2NvbG9yOmJsYWNrIiBocmVmPSdKWlhYX0RldGFpbC5hc3B4P2lkPWY5MDYwYjg4LTc0MDAtNGI5Mi1iZWM2LWQwZDQ1ZmQyMmEyOSc%2b5oql6ICD5Yid57qn5b6u55Sf54mp5qOA6aqM5oqA5biIPC9hPmRkAgEPDxYCHw0FDjE1MDgyMzE0Mzc1MTM0ZGQCAg8PFgIfDQUJ5bey5a6h5qC4ZGQCAw8PFgQfDQUkZjkwNjBiODgtNzQwMC00YjkyLWJlYzYtZDBkNDVmZDIyYTI5HwpoZGQCAg8PZBYGHwAFa2JhY2tncm91bmQtaW1hZ2U6dXJsKCcuLi9pbWFnZXNfd3NqL2p6eHgvNS5qcGcnKTsgYmFja2dyb3VuZC1yZXBlYXQ6cmVwZWF0LXg7YmFja2dyb3VuZC1wb3NpdGlvbjotMTBweCAzMnB4HwsFJHRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRERGNEZBJx8MBSJ0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nd2hpdGUnFghmDw8WAh8NBZQBPGEgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2NvbG9yOmJsYWNrIiBocmVmPSdKWlhYX0RldGFpbC5hc3B4P2lkPWZmNjU4M2Q3LWI4NDQtNDQzNy04NmI1LTFjMThhMDYzZmE4YSc%2b5ZKo6K%2bi6L%2bZ5a625Yy76Zmi5pS26LS55piv5ZCm5ZCI55CGPC9hPmRkAgEPDxYCHw0FDjE1MDgxMDExMTIyODg2ZGQCAg8PFgIfDQUJ5bey5a6h5qC4ZGQCAw8PFgQfDQUkZmY2NTgzZDctYjg0NC00NDM3LTg2YjUtMWMxOGEwNjNmYThhHwpoZGQCAw8PZBYGHwAFa2JhY2tncm91bmQtaW1hZ2U6dXJsKCcuLi9pbWFnZXNfd3NqL2p6eHgvNS5qcGcnKTsgYmFja2dyb3VuZC1yZXBlYXQ6cmVwZWF0LXg7YmFja2dyb3VuZC1wb3NpdGlvbjotMTBweCAzMnB4HwsFJHRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRERGNEZBJx8MBSJ0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nd2hpdGUnFghmDw8WAh8NBX88YSBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOm5vbmU7Y29sb3I6YmxhY2siIGhyZWY9J0paWFhfRGV0YWlsLmFzcHg/aWQ9OGI2YTBkMjYtMWRmMy00MDRjLWI2MDItM2JjNjBiMGRhNDI2Jz7miafkuJrljLvluIjor4E8L2E%2bZGQCAQ8PFgIfDQUOMTUwODA0MDczMTU5NDNkZAICDw8WAh8NBQnlt7LlrqHmoLhkZAIDDw8WBB8NBSQ4YjZhMGQyNi0xZGYzLTQwNGMtYjYwMi0zYmM2MGIwZGE0MjYfCmhkZAIEDw9kFgYfAAVrYmFja2dyb3VuZC1pbWFnZTp1cmwoJy4uL2ltYWdlc193c2ovanp4eC81LmpwZycpOyBiYWNrZ3JvdW5kLXJlcGVhdDpyZXBlYXQteDtiYWNrZ3JvdW5kLXBvc2l0aW9uOi0xMHB4IDMycHgfCwUkdGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNEREY0RkEnHwwFInRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPSd3aGl0ZScWCGYPDxYCHw0FggE8YSBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOm5vbmU7Y29sb3I6YmxhY2siIGhyZWY9J0paWFhfRGV0YWlsLmFzcHg/aWQ9NmEwZjEwYjEtNzc5MC00YTM4LWE2N2EtODJkY2E0MTcxNWEyJz7lkqjor6LljLvluIjms6jlhow8L2E%2bZGQCAQ8PFgIfDQUOMTUwNzI4MTMxNDE1NDRkZAICDw8WAh8NBQnlt7LlrqHmoLhkZAIDDw8WBB8NBSQ2YTBmMTBiMS03NzkwLTRhMzgtYTY3YS04MmRjYTQxNzE1YTIfCmhkZAIFDw9kFgYfAAVrYmFja2dyb3VuZC1pbWFnZTp1cmwoJy4uL2ltYWdlc193c2ovanp4eC81LmpwZycpOyBiYWNrZ3JvdW5kLXJlcGVhdDpyZXBlYXQteDtiYWNrZ3JvdW5kLXBvc2l0aW9uOi0xMHB4IDMycHgfCwUkdGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNEREY0RkEnHwwFInRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPSd3aGl0ZScWCGYPDxYCHw0FeTxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD1jMjA5MWQxYy0wNjFmLTQ3MTEtOWRmNC0yYzE4ZDZiMWE5ZWYnPuWHhueUn%2bivgTwvYT5kZAIBDw8WAh8NBQ4xNTA3MDcxMTQzMzU4MWRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJGMyMDkxZDFjLTA2MWYtNDcxMS05ZGY0LTJjMThkNmIxYTllZh8KaGRkAgYPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWIATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD01NGI1MDUwYi1jZTQ0LTRlNTktODRkMS1iNzFmMmYyOGRjN2EnPuS6jOiDjuadoeS7tuaYr%2bWQpuespuWQiDwvYT5kZAIBDw8WAh8NBQ4xNTA2MTgxNDQ5MTI0N2RkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJDU0YjUwNTBiLWNlNDQtNGU1OS04NGQxLWI3MWYyZjI4ZGM3YR8KaGRkAgcPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWUATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD01ZGU4YWZlYi1hMWJjLTQ5NTgtODEyZC0xYTliNmRmYTRhZjYnPua1geWKqOS6uuWPo%2biuoeWIkueUn%2biCsueuoeeQhuWSqOivojwvYT5kZAIBDw8WAh8NBQ4xNTA2MTcxMDA2MDQ4N2RkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJDVkZThhZmViLWExYmMtNDk1OC04MTJkLTFhOWI2ZGZhNGFmNh8KaGRkAggPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWUATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD03NjA1N2UwNi1kZGQ3LTQyOTktOGYwYi00NGRkZjQ5NWE3M2YnPuWFs%2bS6juiBjOS4muWMu%2bW4iOS4ree6p%2biBjOensOafpeivojwvYT5kZAIBDw8WAh8NBQ4xNTA2MTEwODUyMzU2MWRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJDc2MDU3ZTA2LWRkZDctNDI5OS04ZjBiLTQ0ZGRmNDk1YTczZh8KaGRkAgkPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQV5PGEgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2NvbG9yOmJsYWNrIiBocmVmPSdKWlhYX0RldGFpbC5hc3B4P2lkPTk0ZjhlMzdmLTRkOWEtNDBjZi1hZjBiLTRkNmYwMWNkZGU3OCc%2b5YeG55Sf6K%2bBPC9hPmRkAgEPDxYCHw0FDjE1MDYxMDExMDAyMjMzZGQCAg8PFgIfDQUJ5bey5a6h5qC4ZGQCAw8PFgQfDQUkOTRmOGUzN2YtNGQ5YS00MGNmLWFmMGItNGQ2ZjAxY2RkZTc4HwpoZGQCCg8PZBYGHwAFa2JhY2tncm91bmQtaW1hZ2U6dXJsKCcuLi9pbWFnZXNfd3NqL2p6eHgvNS5qcGcnKTsgYmFja2dyb3VuZC1yZXBlYXQ6cmVwZWF0LXg7YmFja2dyb3VuZC1wb3NpdGlvbjotMTBweCAzMnB4HwsFJHRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRERGNEZBJx8MBSJ0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nd2hpdGUnFghmDw8WAh8NBZoBPGEgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2NvbG9yOmJsYWNrIiBocmVmPSdKWlhYX0RldGFpbC5hc3B4P2lkPTAxMWE2MjkyLTI2ZGUtNDU0MS05MmUyLWRlOTg1NzM3ZWQxZic%2b5Li65LqG5LqM6IOO55qE77yM5aSn5Lq654us55Sf5a2Q5aWz6K%2bB5piOPC9hPmRkAgEPDxYCHw0FDjE1MDUyMTE2NDcyMzIxZGQCAg8PFgIfDQUJ5bey5a6h5qC4ZGQCAw8PFgQfDQUkMDExYTYyOTItMjZkZS00NTQxLTkyZTItZGU5ODU3MzdlZDFmHwpoZGQCCw8PZBYGHwAFa2JhY2tncm91bmQtaW1hZ2U6dXJsKCcuLi9pbWFnZXNfd3NqL2p6eHgvNS5qcGcnKTsgYmFja2dyb3VuZC1yZXBlYXQ6cmVwZWF0LXg7YmFja2dyb3VuZC1wb3NpdGlvbjotMTBweCAzMnB4HwsFJHRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRERGNEZBJx8MBSJ0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nd2hpdGUnFghmDw8WAh8NBZUBPGEgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2NvbG9yOmJsYWNrIiBocmVmPSdKWlhYX0RldGFpbC5hc3B4P2lkPTk5ZDBhNzBjLWI0NDktNGE1MS1hOWEwLThhYzBhYmI0YTcyYyc%2b5YWz5LqOSeexu%2bWtpuWIhuWPiuaZi%2bWNh%2biuuuaWh%2bmXrumimDwvYT5kZAIBDw8WAh8NBQ4xNTA1MTUxODU4NDk3NWRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJDk5ZDBhNzBjLWI0NDktNGE1MS1hOWEwLThhYzBhYmI0YTcyYx8KaGRkAgwPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWLATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD1hOTUzZmQ4Ni0xZDE2LTQ0OWQtYWVjNS1iMzlkZGE1MzQ3MjEnPuWSqOivouW8gOiuvuS4reWMu%2beQhueWl%2bmmhjwvYT5kZAIBDw8WAh8NBQ4xNTA1MDcwOTQ1MDUxNGRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJGE5NTNmZDg2LTFkMTYtNDQ5ZC1hZWM1LWIzOWRkYTUzNDcyMR8KaGRkAg0PD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQV8PGEgc3R5bGU9InRleHQtZGVjb3JhdGlvbjpub25lO2NvbG9yOmJsYWNrIiBocmVmPSdKWlhYX0RldGFpbC5hc3B4P2lkPWJmMjgwNmI5LTdhOTAtNDdkYy04MWIzLWZhMWQ1ZjRjOTNiOSc%2b5a2V5aaH5Lqn5qOAPC9hPmRkAgEPDxYCHw0FDjE1MDQyNzE4MTUxODI1ZGQCAg8PFgIfDQUJ5bey5a6h5qC4ZGQCAw8PFgQfDQUkYmYyODA2YjktN2E5MC00N2RjLTgxYjMtZmExZDVmNGM5M2I5HwpoZGQCDg8PZBYGHwAFa2JhY2tncm91bmQtaW1hZ2U6dXJsKCcuLi9pbWFnZXNfd3NqL2p6eHgvNS5qcGcnKTsgYmFja2dyb3VuZC1yZXBlYXQ6cmVwZWF0LXg7YmFja2dyb3VuZC1wb3NpdGlvbjotMTBweCAzMnB4HwsFJHRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPScjRERGNEZBJx8MBSJ0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nd2hpdGUnFghmDw8WAh8NBXk8YSBzdHlsZT0idGV4dC1kZWNvcmF0aW9uOm5vbmU7Y29sb3I6YmxhY2siIGhyZWY9J0paWFhfRGV0YWlsLmFzcHg/aWQ9NGU0ZWRkNGItYTE4My00ZjVkLTg4NjgtNDIzOGNlNGE2MTU5Jz7lh4bnlJ/or4E8L2E%2bZGQCAQ8PFgIfDQUOMTUwNDAyMTcxNTM0MjVkZAICDw8WAh8NBQnlt7LlrqHmoLhkZAIDDw8WBB8NBSQ0ZTRlZGQ0Yi1hMTgzLTRmNWQtODg2OC00MjM4Y2U0YTYxNTkfCmhkZAIPDw9kFgYfAAVrYmFja2dyb3VuZC1pbWFnZTp1cmwoJy4uL2ltYWdlc193c2ovanp4eC81LmpwZycpOyBiYWNrZ3JvdW5kLXJlcGVhdDpyZXBlYXQteDtiYWNrZ3JvdW5kLXBvc2l0aW9uOi0xMHB4IDMycHgfCwUkdGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9JyNEREY0RkEnHwwFInRoaXMuc3R5bGUuYmFja2dyb3VuZENvbG9yPSd3aGl0ZScWCGYPDxYCHw0FdjxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD01ZWM2NmFlOS02YzRmLTRhNjgtOWZmMS02NzJiZWVhZDE5YzgnPueMruihgDwvYT5kZAIBDw8WAh8NBQ4xNTAzMjYwOTA1Mjk1NWRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJDVlYzY2YWU5LTZjNGYtNGE2OC05ZmYxLTY3MmJlZWFkMTljOB8KaGRkAhAPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWCATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD1iMjExYmQ1YS02NWVhLTQ5NTgtODQ2OC0xZmVkNmM3NjZjMjknPuaKpOWjq%2be8luWItuaLm%2biBmDwvYT5kZAIBDw8WAh8NBQ4xNTAzMDkxODU3MDMzOGRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJGIyMTFiZDVhLTY1ZWEtNDk1OC04NDY4LTFmZWQ2Yzc2NmMyOR8KaGRkAhEPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWXATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD1iM2YxZTJiOS0wOGFmLTRkY2ItYTk5Ni1hYTZjYmU3MTg3M2MnPuS6kuiBlOe9keWMu%2beWl%2bS/neWBpeacjeWKoeS/oeaBr%2bWuoeaJuTwvYT5kZAIBDw8WAh8NBQ4xNTAzMDkxMDA0MDc2NmRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJGIzZjFlMmI5LTA4YWYtNGRjYi1hOTk2LWFhNmNiZTcxODczYx8KaGRkAhIPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWdATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD1mMTMxNTg0My1kY2FkLTQzMjEtODU1YS03YzU5ZmU0NThhYTUnPuWyseWxseWOv%2bS4uuS9leS4jeiDveW8gOiuvuengeS6uuWPo%2biFlOiviuaJgDwvYT5kZAIBDw8WAh8NBQ4xNTAzMDgyMDMyMDk4M2RkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJGYxMzE1ODQzLWRjYWQtNDMyMS04NTVhLTdjNTlmZTQ1OGFhNR8KaGRkAhMPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWRATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD02YTE1YTEzZC0yNjJmLTRhMmItYjhiYy1jODJhNzk3Yjk1MWEnPuWFs%2bS6jumdnui9rOWGnOS6jOiDjueUn%2biCsuaUv%2betljwvYT5kZAIBDw8WAh8NBQ4xNTAzMDUxODUxMzIzOGRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJDZhMTVhMTNkLTI2MmYtNGEyYi1iOGJjLWM4MmE3OTdiOTUxYR8KaGRkAhQPD2QWBh8ABWtiYWNrZ3JvdW5kLWltYWdlOnVybCgnLi4vaW1hZ2VzX3dzai9qenh4LzUuanBnJyk7IGJhY2tncm91bmQtcmVwZWF0OnJlcGVhdC14O2JhY2tncm91bmQtcG9zaXRpb246LTEwcHggMzJweB8LBSR0aGlzLnN0eWxlLmJhY2tncm91bmRDb2xvcj0nI0RERjRGQScfDAUidGhpcy5zdHlsZS5iYWNrZ3JvdW5kQ29sb3I9J3doaXRlJxYIZg8PFgIfDQWIATxhIHN0eWxlPSJ0ZXh0LWRlY29yYXRpb246bm9uZTtjb2xvcjpibGFjayIgaHJlZj0nSlpYWF9EZXRhaWwuYXNweD9pZD1kN2MwYTliMy02ZWUwLTQ2M2EtODkxOC1lNjkyMmI3ZjY1YjYnPuWFs%2bS6juWHuueUn%2bWMu%2bWtpuivgeaYjjwvYT5kZAIBDw8WAh8NBQ4xNTAyMjcxMjU2MzY4NWRkAgIPDxYCHw0FCeW3suWuoeaguGRkAgMPDxYEHw0FJGQ3YzBhOWIzLTZlZTAtNDYzYS04OTE4LWU2OTIyYjdmNjViNh8KaGRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYDBQ9abmN4MSRJQl9zZWFyY2gFBUlCX2N4BQdJQl93eXh4BQ1qenh4MSRHVl9TSE9XDzwrAAoBCAIBZJF3kbbjWTGNKoW9XoZs3PfIzSi1


注入参数

slbh


22222222.png


333333333.png


444444444.png


可以看到用户是sa
直接--os-shell,试下怎么样

5555.png


可以直接执行命令
前面也看到了,我查了下pr值,还挺高的······

修复方案:

过滤参数

版权声明:转载请注明来源 thewind@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-11-27 17:25

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给浙江分中心,由其后续协调网站管理单位处置。

最新状态:

暂无