当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155954

漏洞标题:维普资讯网某站存在SQL注入漏洞

相关厂商:cqvip.com

漏洞作者: 路人甲

提交时间:2015-11-26 10:10

修复时间:2015-12-01 10:12

公开时间:2015-12-01 10:12

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:14

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-11-26: 细节已通知厂商并且等待厂商处理中
2015-12-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /ajax/Export/ExportPdfHandler.ashx HTTP/1.1
Content-Length: 1742
Content-Type: application/x-www-form-urlencoded
Cookie: VCubeSessionId=bfd1b245-f7ea-49b4-b77e-da19cd0e5750; LIBBEHAVIORANALYSIS=d814235f-288e-4276-b36a-a1f02886d63e; bdshare_firstime=1448263669979; _ga=GA1.2.842322544.1448263670; _gat=1; BAIDUID=F9342B61ADBA3CBA1CD931E36589D702:FG=1
Host: test.cqvip.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
id=1111&image=%7b%22organ%22:%5b%5b%22imgprod%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgprod_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgyymedia%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgyymedia_2015-11-23-15-29-1.jpg%22%5d%2c%5b%22imgfstprod%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgfstprod_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgyear%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgyear_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgfstyear%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgfstyear_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgscdorgan%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgscdorgan_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgscdorganby%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgscdorganby_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgfthorgan%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgfthorgan_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgfthorganby%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgfthorganby_2015-11-23-15-29-0.jpg%22%5d%2c%5b%22imgfwmedia%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgfwmedia_2015-11-23-15-29-1.jpg%22%5d%2c%5b%22imgbymedia%22%2c%22E:%5c%5cwebroot%5c%5ctest.cqvip.com%5c%5cexportimage%5c%5corgan_2373_imgbymedia_2015-11-23-15-29-1.jpg%22%5d%5d%7d&name=&remark=&title=&type=organ

11.jpg

12.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-12-01 10:12

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无


漏洞评价:

评价