当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0108997

漏洞标题:某敏感单位SQL注入

相关厂商:某敏感单位

漏洞作者: 路人甲

提交时间:2015-04-24 11:17

修复时间:2015-06-13 08:32

公开时间:2015-06-13 08:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:已交由第三方合作机构(公安部一所)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-04-24: 细节已通知厂商并且等待厂商处理中
2015-04-29: 厂商已经确认,细节仅向厂商公开
2015-05-09: 细节向核心白帽子及相关领域专家公开
2015-05-19: 细节向普通白帽子公开
2015-05-29: 细节向实习白帽子公开
2015-06-13: 细节向公众公开

简要描述:

详细说明:

mask 区域 
*****公安^*****
*****efault.asp*****
*****dmsjw.*****
***** 6.1; rv:37.0) Gec*****
*****ml+xml,applicatio*****
*****;q=0.8,en-US;*****
*****: gzip, *****
*****ww.qdmsjw*****
*****29369112422;*****
***** keep-*****
*****on/x-www-for*****
*****gth: 1*****
**********
*****HuuaJgA%2FluILlnLrmtL7lh7rmiYAV6JCl5rW36L656Ziy5rS%2B5Ye65omAFRgAGWZlbmp1L0luZGV4LmFzcHg%2FVXNlcklEPTkcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE0OBxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTQ5HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xNTAcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE1MRxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTUyHFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xNTMcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE1NRxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTU2HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xNTccUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE1OBxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTU5HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xNjEcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE2MhxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTYzHFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xNjUcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE2NhxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTY5HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xNzAcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTE3MRxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MTcyHFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0zMTYcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTMxORQrAxhnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZAISDxYCHwAFCuWNs%2BWiqOW4giBkAhMPEA9kFgIfAQUXd2luZG93Lm9wZW4odGhpcy52YWx1ZSkQFQ0b6K%2B36YCJ5oup5L2g5omA5Zyo55qE56S%2B5Yy6EuWNs%2BWiqOW4guWFrOWuieWxgBXljbPloqjok53mnZHmtL7lh7rmiYAP5r2u5rW35rS%2B5Ye65omAD%2BmAmua1jua0vuWHuuaJgA%2Fnjq%2Fnp4DmtL7lh7rmiYAY5bel5Lia5byA5Y%2BR5Yy65rS%2B5Ye65omAGOeUsOaoquWym%2Bi%2BuemYsua0vuWHuuaJgBXlsbHljZfovrnpmLLmtL7lh7rmiYAV5Liw5Z%2BO6L656Ziy5rS%2B5Ye65omAFeWymeWxsei%2BuemYsua0vuWHuuaJgBXnmovomZ7ovrnpmLLmtL7lh7rmiYAY6buE6b6Z5bqE6L656Ziy5rS%2B5Ye65omAFQ0AGmZlbmp1L0luZGV4LmFzcHg%2FVXNlcklEPTEwHFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0xOTQcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTIyMxxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MjI0HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0yMjUcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTIyOBxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MzU0HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0zNTUcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTM1NhxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MzU3HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0zNTgcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTM1ORQrAw1nZ2dnZ2dnZ2dnZ2dnZGQCFA8WAh8ABQrlubPluqbluIIgZAIVDxAPZBYCHwEFF3dpbmRvdy5vcGVuKHRoaXMudmFsdWUpEBUWG%2Bivt%2BmAieaLqeS9oOaJgOWcqOeahOekvuWMuhLlubPluqbluILlhazlronlsYAP5Z%2BO5YWz5rS%2B5Ye65omAD%2BadjuWbrea0vuWHuuaJgA%2FlkIzlkozmtL7lh7rmiYAb5bmz5bqm5biC5rOw5bGx6Lev5rS%2B5Ye65omAD%2BS7geWFhua0vuWHuuaJgA%2FljZfmnZHmtL7lh7rmiYAP5piO5p2R5rS%2B5Ye65omAD%2BeZveWfoOa0vuWHuuaJgBLpqazmiIjluoTmtL7lh7rmiYAP5byg6IiN5rS%2B5Ye65omAD%2BaWsOays%2Ba0vuWHuuaJgA%2FngbDln6DmtL7lh7rmiYAP6ZW%2F5LmQ5rS%2B5Ye65omAEuWkp%2BazveWxsea0vuWHuuaJgA%2FlpKfnlLDmtL7lh7rmiYAP5pen5bqX5rS%2B5Ye65omAD%2Belneayn%2Ba0vuWHuuaJgA%2FltJTlj6zmtL7lh7rmiYAP55S15Lia5rS%2B5Ye65omAEummmea4r%2Bi3r%2Ba0vuWHuuaJgBUWABpmZW5qdS9JbmRleC5hc3B4P1VzZXJJRD0xMRxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9Mjc0HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0yNzUcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTI3NhxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9Mjc4HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0yODEcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTI4NBxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MjkwHFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0yOTEcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTI5NBxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9Mjk1HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0yOTYcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTI5NxxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9Mjk4HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0zMDEcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTMwMhxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MzAzHFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0zMDQcUG9saWNlL0luZGV4LmFzcHg%2FVXNlcklEPTMwNhxQb2xpY2UvSW5kZXguYXNweD9Vc2VySUQ9MzI2HFBvbGljZS9JbmRleC5hc3B4P1VzZXJJRD0zMjcUKwMWZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAhYPFgIfAAUK6IO25Y2X5biCIGQCFw8QD2QWAh8BBRd3aW5kb3cub3Blbih0aGlzLnZhbHVlKRAVHRvor7fpgInmi6nkvaDmiYDlnKjnmoTnpL7ljLoS6IO25Y2X5biC5YWs5a6J5bGAGOiDtuWNl%2BePoOa1t%2Bi3r%2Ba0vuWHuuaJgBLpk4HlsbHot6%2FmtL7lh7rmiYAS5YyX5Lqs6Lev5rS%2B5Ye65omAEumakOePoOmVh%2Ba0vuWHuuaJgBXlpKfnj6DlsbHplYfmtL7lh7rmiYAV5byg5a625qW86ZWH5rS%2B5Ye65omAEueQheeQiumVh%2Ba0vuWHuuaJgBLol4%2FljZfplYfmtL7lh7rmiYAS5rOK6YeM6ZWH5rS%2B5Ye65omAEuWkp%2BWcuumVh%2Ba0vuWHuuaJgBLmtbfpnZLplYfmtL7lh7rmiYAV55CG5Yqh5YWz6ZWH5rS%2B5Ye65omAEuWkp%2BadkemVh%2Ba0vuWHuuaJgBLlha3msarplYfmtL7lh7rmiYAS5a6d5bGx6ZWH5rS%2B5Ye65omAEumTgeWxsemVh%2Ba0vuWHuuaJgBLnjovlj7DplYfmtL7lh7rmiYAV54*****
**********
*****^ text*****
**********
*****609b8744ae0533ae9043.png&qu*****
**********
*****a5087bef0a8aef384349.png&qu*****
**********
*****a6b5d307722374ec5e77.png&qu*****
**********
*****9e1b107aca41bc8fc25b.png&qu*****

漏洞证明:

如上。

修复方案:

过滤。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-29 08:30

厂商回复:

验证确认所描述的问题,已通知其修复。

最新状态:

暂无

漏洞评价:

评论