当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0107583

漏洞标题:如家酒店多处安全漏洞小礼包(可影响到敏感数据)

相关厂商:如家酒店集团

漏洞作者: PgHook

提交时间:2015-04-14 14:18

修复时间:2015-05-29 16:58

公开时间:2015-05-29 16:58

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-14: 细节已通知厂商并且等待厂商处理中
2015-04-14: 厂商已经确认,细节仅向厂商公开
2015-04-24: 细节向核心白帽子及相关领域专家公开
2015-05-04: 细节向普通白帽子公开
2015-05-14: 细节向实习白帽子公开
2015-05-29: 细节向公众公开

简要描述:

没事,露露脸。

详细说明:

漏洞一:目录遍历
http://qc.homeinns.com/QNPlatom/

11.png


漏洞二:未授权访问
http://qc.homeinns.com/NewQC/HotelInternalReportDetails.aspx

12.png


漏洞三:未授权访问
http://oa.homeinns.com/Voucher/Tasks/TaskList.aspx

13.jpg


漏洞四:sql注入(dba权限,可执行命令)
http请求:

POST /NewQC/HotelInternalReportDetails.aspx HTTP/1.1
Host: qc.homeinns.com
Proxy-Connection: keep-alive
Content-Length: 9114
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://qc.homeinns.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://qc.homeinns.com/NewQC/HotelInternalReportDetails.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
cookie: ssuid=; _ga=; bqq-act=param={}&time=1425118664766; PHPSESSID=82fff66bde94f89f3d24002943541dab; bqq-refer=http://b.qq.com/; FTN5K=2ad84ce3; welnewuser=1; knowledge=0; idqq_account=theCanChange%3D0%3BtheShowUin%3D493391341%3Bshouldshowmail%3D1%3Bfirstsetidqq%3D1%3BMSK%3D0%3B; qz_gdt=tmyruvlaaaamlbsvaueq; archivePath=200007%20%26%20%u8425%u9500QQ%20%BB%20%u4EA7%u54C1%u529F%u80FD%u7C7B%20%BB%20%u5BA2%u6237%u7AEF%u8BBE%u7F6E%20%BB%20%u7CFB%u7EDF%u8BBE%u7F6E%3B200023%20%26%20%u8425%u9500QQ%20%BB%20%u4EA7%u54C1%u529F%u80FD%u7C7B%20%BB%20%u804A%u5929%u8BB0%u5F55%20%BB%20%u5EF6%u8FDF/%u4E22%u5931%3B200099%20%26%20BOSS%20%BB%20%u53D8%u66F4%20%BB%20%u4F01%u4E1A%u8054%u7CFB%u4EBA%u624B%u673A%u53F7%20%BB%20%u4F01%u4E1A%u8054%u7CFB%u4EBA%u624B%u673A%u53F7%3B200202%20%26%20%u4F01%u4E1AQQ%20%BB%20%u4EA7%u54C1%u5EFA%u8BAE%20%BB%20%u5176%u5B83%20%BB%20%u5176%u5B83%3B200012%20%26%20%u8425%u9500QQ%20%BB%20%u4EA7%u54C1%u529F%u80FD%u7C7B%20%BB%20%u5BA2%u6237%u7AEF%u767B%u9646%20%BB%20%u63D0%u793A%u9519%u8BEF%u7801; Hm_lvt_bb8beb2d26e5d753995874b8b827291d=1425371378,1425720267,1426737314; Hm_lpvt_bb8beb2d26e5d753995874b8b827291d=1427943190; _gscu_661903259=2486464863l94r72; _gscbrs_661903259=1; o_cookie=2355201074; ts_uid=; boss_login_key=cbbf7f8c8ee6457f1a54cd0b79b49f88ce553bbaec816234cc26baede92f162f5e23891077465c85e541d787a7395c8825a7d73bad37d07855ce8f593465f04376fdab2b4f437df6856e6d4eca789e94ad4a7b584c7001996e4ecc1d54790a25; boss_user=800035226%7C1057; boss_display_in_iframe=1; cuid=1374982552; qm_username=2880011312; qm_sid=4d860eb1694e47bdc5ae1fbdfd1b8e5a,cA7d6mF1kWsg.; pgv_pvi=5045124096; pgv_si=s6594832384; RK=ga0zw10o8u; ptui_loginuin=4006899918; pt_login_sig=hkK0kFZk35bPLngw6iT-9GXSpf7WC3JIwl4GJF901gxPTw7-bR0Ua8GjbUv-87My; pt_clientip=3c147f0000010409; pt_serverip=59360abf0664c6b7; hrtxcookie_v3=kfskey%3A0ee01e6cbc1a5fb77b4910c77ca116a346bc798e4a5e7291b9409cecf1ec88b2acc8bcc62951d81e91e82d01b9d313ca%24kfguin%3A2355000002%24ext%3A1001%24qquin%3A2355201074; pgv_pvid=; pgv_info=ssid=s6165974472&pgvReferrer=; hrtx_tag=2; verifysession=h021efFVY1_GdLw2nR-QWzEvSo0L1s33_I7GaxwqxB7XABefI7u_WwEsyF5_t74cc7y4I-d0m1sx5Wc6ntxZOjHO8dE5QQGUj6N; uin=o2880011312; skey=@F6I9Dk2xC; ptisp=ctc; ptcz=05e0d66a704425643d8cff38e5ada7bcc34711ce7e94658689cb476fed35a173; pt2gguin=o2880011312; p_uin=o2880011312; p_skey=wIf8Yowr6F-yhTp0vCih5T64IX4ECcq440odzgeW4WI_; pt4_token=wsCo-cxN4UVk3ci6jXL9fQ__; __session:0.42411685758270323:=http:; __session:0.27637550327926874:=http:
__VIEWSTATE=%2FwEPDwUKMjEyMDE0Mjg2Mg9kFgICAw9kFgYCAQ8WAh4HVmlzaWJsZWgWAgIBDzwrAA0AZAIDDxYCHwBnFgICAQ88KwANAQAPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCHmQWAmYPZBY%2BAgEPZBYOZg9kFgJmDxUBATFkAgEPZBYCAgEPDxYCHgRUZXh0BRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnlpJrpgInpophkZAIED2QWAgIBDw8WAh8DBUvku47mgqjlr7nphZLlupfmlbTkvZPnmoTmhJ%2Flj5fvvIzmgqjllpzmrKLmlrDlsJrlv6vmjbfphZLlupfnmoTlk6rkuKrljLrln59kZAIFD2QWAgIBDw8WAh8DBQblpJbop4JkZAIGD2QWAgIBDw8WAh8DBQblpJbop4JkZAICD2QWDmYPZBYCZg8VAQEyZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnlpJrpgInpophkZAIED2QWAgIBDw8WAh8DBUvku47mgqjlr7nphZLlupfmlbTkvZPnmoTmhJ%2Flj5fvvIzmgqjllpzmrKLmlrDlsJrlv6vmjbfphZLlupfnmoTlk6rkuKrljLrln59kZAIFD2QWAgIBDw8WAh8DBQblpKfloIJkZAIGD2QWAgIBDw8WAh8DZWRkAgMPZBYOZg9kFgJmDxUBATNkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NTMxMjMxMzAzMWRkAgIPZBYCAgEPDxYCHwMFCeeJm%2Bemj%2BWGm2RkAgMPZBYCAgEPDxYCHwMFCeWkmumAiemimGRkAgQPZBYCAgEPDxYCHwMFS%2BS7juaCqOWvuemFkuW6l%2BaVtOS9k%2BeahOaEn%2BWPl%2B%2B8jOaCqOWWnOasouaWsOWwmuW%2Fq%2BaNt%2BmFkuW6l%2BeahOWTquS4quWMuuWfn2RkAgUPZBYCAgEPDxYCHwMFBuWuouaIv2RkAgYPZBYCAgEPDxYCHwNlZGQCBA9kFg5mD2QWAmYPFQEBNGQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk1MzEyMzEzMDMxZGQCAg9kFgICAQ8PFgIfAwUJ54mb56aP5YabZGQCAw9kFgICAQ8PFgIfAwUJ5aSa6YCJ6aKYZGQCBA9kFgICAQ8PFgIfAwVL5LuO5oKo5a%2B56YWS5bqX5pW05L2T55qE5oSf5Y%2BX77yM5oKo5Zac5qyi5paw5bCa5b%2Br5o236YWS5bqX55qE5ZOq5Liq5Yy65Z%2BfZGQCBQ9kFgICAQ8PFgIfAwUG6aSQ5Y6FZGQCBg9kFgICAQ8PFgIfA2VkZAIFD2QWDmYPZBYCZg8VAQE1ZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnlpJrpgInpophkZAIED2QWAgIBDw8WAh8DBUvku47mgqjlr7nphZLlupfmlbTkvZPnmoTmhJ%2Flj5fvvIzmgqjllpzmrKLmlrDlsJrlv6vmjbfphZLlupfnmoTlk6rkuKrljLrln59kZAIFD2QWAgIBDw8WAh8DBQbotbDlu4pkZAIGD2QWAgIBDw8WAh8DZWRkAgYPZBYOZg9kFgJmDxUBATZkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NTMxMjMxMzAzMWRkAgIPZBYCAgEPDxYCHwMFCeeJm%2Bemj%2BWGm2RkAgMPZBYCAgEPDxYCHwMFCeWkmumAiemimGRkAgQPZBYCAgEPDxYCHwMFS%2BS7juaCqOWvuemFkuW6l%2BaVtOS9k%2BeahOaEn%2BWPl%2B%2B8jOaCqOWWnOasouaWsOWwmuW%2Fq%2BaNt%2BmFkuW6l%2BeahOWTquS4quWMuuWfn2RkAgUPZBYCAgEPDxYCHwMFBuaJgOaciWRkAgYPZBYCAgEPDxYCHwNlZGQCBw9kFg5mD2QWAmYPFQEBN2QCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk1MzEyMzEzMDMxZGQCAg9kFgICAQ8PFgIfAwUJ54mb56aP5YabZGQCAw9kFgICAQ8PFgIfAwUJ566A562U6aKYZGQCBA9kFgICAQ8PFgIfAwUgMeS4jeWWnOasouaIluayoeaEn%2BinieeahOWOn%2BWboCBkZAIFD2QWAgIBDw8WAh8DBQPnrZRkZAIGD2QWAgIBDw8WAh8DBQbllpzmrKJkZAIID2QWDmYPZBYCZg8VAQE4ZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnnroDnrZTpophkZAIED2QWAgIBDw8WAh8DBR8y5LiN5Zac5qyi5oiW5rKh5oSf6KeJ55qE5Y6f5ZugZGQCBQ9kFgICAQ8PFgIfAwUD562UZGQCBg9kFgICAQ8PFgIfAwUG5Zac5qyiZGQCCQ9kFg5mD2QWAmYPFQEBOWQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk1MzEyMzEzMDMxZGQCAg9kFgICAQ8PFgIfAwUJ54mb56aP5YabZGQCAw9kFgICAQ8PFgIfAwUJ566A562U6aKYZGQCBA9kFgICAQ8PFgIfAwUfM%2BS4jeWWnOasouaIluayoeaEn%2BinieeahOWOn%2BWboGRkAgUPZBYCAgEPDxYCHwMFA%2BetlGRkAgYPZBYCAgEPDxYCHwMFBuWWnOasomRkAgoPZBYOZg9kFgJmDxUBAjEwZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnnroDnrZTpophkZAIED2QWAgIBDw8WAh8DBR805LiN5Zac5qyi5oiW5rKh5oSf6KeJ55qE5Y6f5ZugZGQCBQ9kFgICAQ8PFgIfAwUD562UZGQCBg9kFgICAQ8PFgIfAwUG5Zac5qyiZGQCCw9kFg5mD2QWAmYPFQECMTFkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NTMxMjMxMzAzMWRkAgIPZBYCAgEPDxYCHwMFCeeJm%2Bemj%2BWGm2RkAgMPZBYCAgEPDxYCHwMFCeeugOetlOmimGRkAgQPZBYCAgEPDxYCHwMFHzXkuI3llpzmrKLmiJbmsqHmhJ%2Fop4nnmoTljp%2Flm6BkZAIFD2QWAgIBDw8WAh8DBQPnrZRkZAIGD2QWAgIBDw8WAh8DBQbllpzmrKJkZAIMD2QWDmYPZBYCZg8VAQIxMmQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk1MzEyMzEzMDMxZGQCAg9kFgICAQ8PFgIfAwUJ54mb56aP5YabZGQCAw9kFgICAQ8PFgIfAwUJ566A562U6aKYZGQCBA9kFgICAQ8PFgIfAwUfNuS4jeWWnOasouaIluayoeaEn%2BinieeahOWOn%2BWboGRkAgUPZBYCAgEPDxYCHwMFA%2BetlGRkAgYPZBYCAgEPDxYCHwMFBuWWnOasomRkAg0PZBYOZg9kFgJmDxUBAjEzZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnnroDnrZTpophkZAIED2QWAgIBDw8WAh8DBR835LiN5Zac5qyi5oiW5rKh5oSf6KeJ55qE5Y6f5ZugZGQCBQ9kFgICAQ8PFgIfAwUD562UZGQCBg9kFgICAQ8PFgIfAwUG5Zac5qyiZGQCDg9kFg5mD2QWAmYPFQECMTRkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NTMxMjMxMzAzMWRkAgIPZBYCAgEPDxYCHwMFCeeJm%2Bemj%2BWGm2RkAgMPZBYCAgEPDxYCHwMFCeeugOetlOmimGRkAgQPZBYCAgEPDxYCHwMFHzjkuI3llpzmrKLmiJbmsqHmhJ%2Fop4nnmoTljp%2Flm6BkZAIFD2QWAgIBDw8WAh8DBQPnrZRkZAIGD2QWAgIBDw8WAh8DBXLku43nhLbmsqHmnInmlLnpgKDljpXmiYDpvJPpo47mnLrvvIzov5nkuKrnoLTkuJzopb%2Flj6ropoHkvaDml4HovrnnmoTpgrvlsYXlpJzpl7TkuI3lhbPvvIzkvaDkuIDlrr%2FkuZ%2FliKvmg7PnnaHjgIJkZAIPD2QWDmYPZBYCZg8VAQIxNWQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk1MzEyMzEzMDMxZGQCAg9kFgICAQ8PFgIfAwUJ54mb56aP5YabZGQCAw9kFgICAQ8PFgIfAwUJ566A562U6aKYZGQCBA9kFgICAQ8PFgIfAwUe5LiN5Zac5qyi5oiW5rKh5oSf6KeJ55qE5Y6f5ZugZGQCBQ9kFgICAQ8PFgIfAwUD562UZGQCBg9kFgICAQ8PFgIfAwUG5Zac5qyiZGQCEA9kFg5mD2QWAmYPFQECMTZkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NTMxMjMxMzAzMWRkAgIPZBYCAgEPDxYCHwMFCeeJm%2Bemj%2BWGm2RkAgMPZBYCAgEPDxYCHwMFCeeugOetlOmimGRkAgQPZBYCAgEPDxYCHwMFD%2BaCqOeahOW7uuiuru%2B8mmRkAgUPZBYCAgEPDxYCHwMFA%2BetlGRkAgYPZBYCAgEPDxYCHwMFVzIz54K55Lul5ZCO5YWl5L2P55qE5a6i5Lq677yM5YmN5Y%2Bw5pyJ5LmJ5Yqh5o%2BQ6YaS77yM5qW85LiK5a6i5Lq65bey5LyR5oGv77yM6K%2B35a6J6Z2ZIWRkAhEPZBYOZg9kFgJmDxUBAjE3ZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTUzMTIzMTMwMzFkZAICD2QWAgIBDw8WAh8DBQnniZvnpo%2FlhptkZAIDD2QWAgIBDw8WAh8DBQnnroDnrZTpophkZAIED2QWAgIBDw8WAh8DBTDlpoLmnpzkuI3llpzmrKLphZLlupfnmoToibLlvanvvIzmgqjnmoTlu7rorq7mmK9kZAIFD2QWAgIBDw8WAh8DBQPnrZRkZAIGD2QWAgIBDw8WAh8DBQzllpzmrKLpu4ToibJkZAISD2QWDmYPZBYCZg8VAQIxOGQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk1MzEyMzEzMDMxZGQCAg9kFgICAQ8PFgIfAwUJ54mb56aP5YabZGQCAw9kFgICAQ8PFgIfAwUJ5aGr56m66aKYZGQCBA9kFgICAQ8PFgIfAwUM5oKo55qE5L%2Bh5oGvZGQCBQ9kFgICAQ8PFgIfAwUV5oKo5p2l6Ieq5ZOq5Liq5Z%2BO5biCZGQCBg9kFgICAQ8PFgIfAwUJ5YyX5Lqs5biCZGQCEw9kFg5mD2QWAmYPFQECMTlkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NTMxMjMxMzAzMWRkAgIPZBYCAgEPDxYCHwMFCeeJm%2Bemj%2BWGm2RkAgMPZBYCAgEPDxYCHwMFCeWhq%2BepuumimGRkAgQPZBYCAgEPDxYCHwMFDOaCqOeahOS%2FoeaBr2RkAgUPZBYCAgEPDxYCHwMFBuW5tOm%2BhGRkAgYPZBYCAgEPDxYCHwMFBuWFreWNgWRkAhQPZBYOZg9kFgJmDxUBAjIwZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTYyMDQxNzQwMjRkZAICD2QWAgIBDw8WAh8DBQbosKLojrpkZAIDD2QWAgIBDw8WAh8DBQnljZXpgInpophkZAIED2QWAgIBDw8WAh8DBRjmgqjnmoTlh7rooYznm67nmoTmmK%2FvvJ9kZAIFD2QWAgIBDw8WAh8DBQbllYbliqFkZAIGD2QWAgIBDw8WAh8DBQbllYbliqFkZAIVD2QWDmYPZBYCZg8VAQIyMWQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk2MjA0MTc0MDI0ZGQCAg9kFgICAQ8PFgIfAwUG6LCi6I66ZGQCAw9kFgICAQ8PFgIfAwUJ5Y2V6YCJ6aKYZGQCBA9kFgICAQ8PFgIfAwUY5oKo55qE5Ye66KGM55uu55qE5piv77yfZGQCBQ9kFgICAQ8PFgIfAwUG5peF5ri4ZGQCBg9kFgICAQ8PFgIfA2VkZAIWD2QWDmYPZBYCZg8VAQIyMmQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk2MjA0MTc0MDI0ZGQCAg9kFgICAQ8PFgIfAwUG6LCi6I66ZGQCAw9kFgICAQ8PFgIfAwUJ5Y2V6YCJ6aKYZGQCBA9kFgICAQ8PFgIfAwUY5oKo55qE5Ye66KGM55uu55qE5piv77yfZGQCBQ9kFgICAQ8PFgIfAwUG5Lya6K6uZGQCBg9kFgICAQ8PFgIfA2VkZAIXD2QWDmYPZBYCZg8VAQIyM2QCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk2MjA0MTc0MDI0ZGQCAg9kFgICAQ8PFgIfAwUG6LCi6I66ZGQCAw9kFgICAQ8PFgIfAwUJ5Y2V6YCJ6aKYZGQCBA9kFgICAQ8PFgIfAwUY5oKo55qE5Ye66KGM55uu55qE5piv77yfZGQCBQ9kFgICAQ8PFgIfAwUG5LyR6ZeyZGQCBg9kFgICAQ8PFgIfA2VkZAIYD2QWDmYPZBYCZg8VAQIyNGQCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk2MjA0MTc0MDI0ZGQCAg9kFgICAQ8PFgIfAwUG6LCi6I66ZGQCAw9kFgICAQ8PFgIfAwUJ5Y2V6YCJ6aKYZGQCBA9kFgICAQ8PFgIfAwUP5oKo55qE5bm06b6E5pivZGQCBQ9kFgICAQ8PFgIfAwUFMjAtMjlkZAIGD2QWAgIBDw8WAh8DZWRkAhkPZBYOZg9kFgJmDxUBAjI1ZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTYyMDQxNzQwMjRkZAICD2QWAgIBDw8WAh8DBQbosKLojrpkZAIDD2QWAgIBDw8WAh8DBQnljZXpgInpophkZAIED2QWAgIBDw8WAh8DBQ%2FmgqjnmoTlubTpvoTmmK9kZAIFD2QWAgIBDw8WAh8DBQUzMC0zOWRkAgYPZBYCAgEPDxYCHwNlZGQCGg9kFg5mD2QWAmYPFQECMjZkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NjIwNDE3NDAyNGRkAgIPZBYCAgEPDxYCHwMFBuiwouiOumRkAgMPZBYCAgEPDxYCHwMFCeWNlemAiemimGRkAgQPZBYCAgEPDxYCHwMFD%2BaCqOeahOW5tOm%2BhOaYr2RkAgUPZBYCAgEPDxYCHwMFBTQwLTQ5ZGQCBg9kFgICAQ8PFgIfAwUFNDAtNDlkZAIbD2QWDmYPZBYCZg8VAQIyN2QCAQ9kFgICAQ8PFgIfAwUSMTEwMTAxMTk2MjA0MTc0MDI0ZGQCAg9kFgICAQ8PFgIfAwUG6LCi6I66ZGQCAw9kFgICAQ8PFgIfAwUJ5Y2V6YCJ6aKYZGQCBA9kFgICAQ8PFgIfAwUP5oKo55qE5bm06b6E5pivZGQCBQ9kFgICAQ8PFgIfAwUFNTAtNTlkZAIGD2QWAgIBDw8WAh8DZWRkAhwPZBYOZg9kFgJmDxUBAjI4ZAIBD2QWAgIBDw8WAh8DBRIxMTAxMDExOTYyMDQxNzQwMjRkZAICD2QWAgIBDw8WAh8DBQbosKLojrpkZAIDD2QWAgIBDw8WAh8DBQnljZXpgInpophkZAIED2QWAgIBDw8WAh8DBQ%2FmgqjnmoTlubTpvoTmmK9kZAIFD2QWAgIBDw8WAh8DBQg2MOS7peS4imRkAgYPZBYCAgEPDxYCHwNlZGQCHQ9kFg5mD2QWAmYPFQECMjlkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NjIwNDE3NDAyNGRkAgIPZBYCAgEPDxYCHwMFBuiwouiOumRkAgMPZBYCAgEPDxYCHwMFCeWNlemAiemimGRkAgQPZBYCAgEPDxYCHwMFD%2BaCqOeahOaAp%2BWIq%2BS4umRkAgUPZBYCAgEPDxYCHwMFA%2BeUt2RkAgYPZBYCAgEPDxYCHwNlZGQCHg9kFg5mD2QWAmYPFQECMzBkAgEPZBYCAgEPDxYCHwMFEjExMDEwMTE5NjIwNDE3NDAyNGRkAgIPZBYCAgEPDxYCHwMFBuiwouiOumRkAgMPZBYCAgEPDxYCHwMFCeWNlemAiemimGRkAgQPZBYCAgEPDxYCHwMFD%2BaCqOeahOaAp%2BWIq%2BS4umRkAgUPZBYCAgEPDxYCHwMFA%2BWls2RkAgYPZBYCAgEPDxYCHwMFA%2BWls2RkAh8PDxYCHwBoZGQCBw8PFgYeEEN1cnJlbnRQYWdlSW5kZXgCAh4LUmVjb3JkY291bnQCxdgHHghQYWdlU2l6ZQIeZGQYAgUHX2d2VXNlcg88KwAKAQgCAWQFEF9ndkhlYWRlclJlcG9ydHMPZ2TjtZiyr9UujHH08hhvVnZRRr%2BfWQ%3D%3D&__EVENTTARGET=AspNetPager1&__EVENTARGUMENT=3&__EVENTVALIDATION=%2FwEWBQLx0bOHCQL12pOHCALhqIQTAt2T0YYPAqaUkf0K8XBFceZN7IOffuONOM5kOxM7%2Fb4%3D&hiddActionType=&hiddActionID=&hiddDetailID=s


存在漏洞的有hiddActionType、hiddActionID和hiddDetailID。

61.png


62.png


漏洞证明:

8.jpg

修复方案:

版权声明:转载请注明来源 PgHook@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-04-14 16:56

厂商回复:

感谢关注,已转相关人员修改!

最新状态:

暂无

漏洞评价:

评论

  1. 2015-04-14 15:00 | 泳少 ( 普通白帽子 | Rank:231 漏洞数:79 | ★ 梦想这条路踏上了,跪着也要...)

    如家酒店多处安全漏洞大礼包(可影响到敏感数据&内网漫游)

  2. 2015-04-14 15:02 | 专业种田 认证白帽子 ( 核心白帽子 | Rank:1425 漏洞数:182 | 没有最专业的农民,只有更努力地耕耘..........)

    牛牛

  3. 2015-04-14 15:39 | XXXQQ ( 实习白帽子 | Rank:88 漏洞数:19 | 一个傻子)

    考试必挂!!!!!!

  4. 2015-04-14 17:02 | PgHook ( 普通白帽子 | Rank:964 漏洞数:115 | ...........................................)

    @专业种田 种田师傅教的好啊!!

  5. 2015-04-14 17:06 | PgHook ( 普通白帽子 | Rank:964 漏洞数:115 | ...........................................)

    @泳少 那里来的内网漫游啊?