漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0113448
漏洞标题:某企业建站系统sql注入漏洞
相关厂商:ShyPost
漏洞作者: 新生
提交时间:2015-05-11 17:54
修复时间:2015-06-25 17:56
公开时间:2015-06-25 17:56
漏洞类型:SQL注射漏洞
危害等级:高
自评Rank:15
漏洞状态:未联系到厂商或者厂商积极忽略
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-05-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-06-25: 厂商已经主动忽略漏洞,细节向公众公开
简要描述:
rt
详细说明:
演示站点:http://www.shypost.com/demo/
漏洞地址:http://www.shypost.com/demo/CompHonorBig.asp?id=44
案例:
http://www.jxhbqy.com/CompHonorBig.asp?id=6
http://www.feng-ling.com.cn/CompHonorBig.asp?id=54
http://www.smr.com.cn/CompHonorBig.asp?id=24
其它:
http://www.dd-taihua.com/english/CompHonorBig.asp?id=21
http://www.smr.com.cn/CompHonorBig.asp?id=24
http://www.feng-ling.com.cn/CompHonorBig.asp?id=54
http://202.199.224.144/english/CompHonorBig.asp?id=26
http://www.chinasuming.com/CompHonorBig.asp?id=33
http://www.czssv.com/CompHonorBig.asp?id=35
http://www.cr162.com/CompHonorBig.asp?id=10
http://www.zyjlib.com/CompHonorBig.asp?id=35
http://www.jxhbqy.com/CompHonorBig.asp?id=6
http://www.bowin.net.cn/CompHonorBig.asp?id=33
http://www.czhty.com/CompHonorBig.asp?id=40
http://218.5.241.11:8041/CompHonorBig.asp?id=18
http://shtgs.net/CompHonorBig.asp?id=35
http://www.aflft.com/CompHonorBig.asp?id=8
http://www.jlthj.com/CompHonorBig.asp?id=32
http://www.junyangchina.com/CompHonorBig.asp?id=32
http://www.aucma56.com/CompHonorBig.asp?id=54
http://www.composite.com.cn/CompHonorBig.asp?id=33
http://www.china-djh.com/Ch/CompHonorBig.asp?id=6
http://www.jrbaoya.com/CompHonorBig.asp?id=18
http://www.talent-sh.com/CompHonorBig.asp?id=17
http://www.shibm.com.cn/CompHonorBig.asp?id=31
http://www.bowenschool.cn/huashan/CompHonorBig.asp?id=4
http://www.bzinfo.ac.cn:803/lm/CompHonorBig.asp?id=10
http://www.chinalanhui.com/CompHonorBig.asp?id=50
http://www.xgxlrmy.com/CompHonorBig.asp?id=10
漏洞证明:
修复方案:
版权声明:转载请注明来源 新生@乌云
漏洞回应
厂商回应:
未能联系到厂商或者厂商积极拒绝