当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0196062

漏洞标题:浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

相关厂商:浙江大华技术股份有限公司

漏洞作者: anonym

提交时间:2016-04-14 23:33

修复时间:2016-05-30 18:30

公开时间:2016-05-30 18:30

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:10

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2016-04-14: 细节已通知厂商并且等待厂商处理中
2016-04-15: 厂商已经确认,细节仅向厂商公开
2016-04-25: 细节向核心白帽子及相关领域专家公开
2016-05-05: 细节向普通白帽子公开
2016-05-15: 细节向实习白帽子公开
2016-05-30: 细节向公众公开

简要描述:

RT

详细说明:

漏洞证明:

http://download.dahuatech.com/tools.php?cid=1054
+-----------------------------------+
| lbcms_about |
| lbcms_admin |
| lbcms_baike |
| lbcms_banner |
| lbcms_boutique |
| lbcms_branch |
| lbcms_case |
| lbcms_channel |
| lbcms_city |
| lbcms_class |
| lbcms_config |
| lbcms_contact |
| lbcms_cooperation |
| lbcms_fankui |
| lbcms_feedback |
| lbcms_field |
| lbcms_honner |
| lbcms_innovation |
| lbcms_jiejue |
| lbcms_job |
| lbcms_jobs |
| lbcms_kejianxiazai |
| lbcms_links |
| lbcms_mv |
| lbcms_news |
| lbcms_online_buy |
| lbcms_pmv |
| lbcms_product |
| lbcms_purchasing |
| lbcms_recruitment_news |
| lbcms_sdsds |
| lbcms_server |
| lbcms_share |
| lbcms_shidian |
| lbcms_shiyanshi |
| lbcms_solution |
| lbcms_success |
| lbcms_supplier |
| lbcms_technology |
| lbcms_test |
| lbcms_video |
| lbcms_viewpoint |
| lbcms_zhaopin |
| pre_common_admincp_cmenu |
| pre_common_admincp_group |
| pre_common_admincp_member |
| pre_common_admincp_perm |
| pre_common_admincp_session |
| pre_common_admingroup |
| pre_common_adminnote |
| pre_common_advertisement |
| pre_common_advertisement_custom |
| pre_common_banned |
| pre_common_block |
| pre_common_block_favorite |
| pre_common_block_item |
| pre_common_block_item_data |
| pre_common_block_permission |
| pre_common_block_pic |
| pre_common_block_style |
| pre_common_block_xml |
| pre_common_cache |
| pre_common_card |
| pre_common_card_log |
| pre_common_card_type |
| pre_common_connect_guest |
| pre_common_credit_log |
| pre_common_credit_log_field |
| pre_common_credit_rule |
| pre_common_credit_rule_log |
| pre_common_credit_rule_log_field |
| pre_common_devicetoken |
| pre_common_district |
| pre_common_diy_data |
| pre_common_domain |
| pre_common_failedip |
| pre_common_failedlogin |
| pre_common_friendlink |
| pre_common_grouppm |
| pre_common_invite |
| pre_common_magic |
| pre_common_magiclog |
| pre_common_mailcron |
| pre_common_mailqueue |
| pre_common_member |
| pre_common_member_action_log |
| pre_common_member_connect |
| pre_common_member_count |
| pre_common_member_crime |
| pre_common_member_field_forum |
| pre_common_member_field_home |
| pre_common_member_forum_buylog |
| pre_common_member_grouppm |
| pre_common_member_log |
| pre_common_member_magic |
| pre_common_member_medal |
| pre_common_member_newprompt |
| pre_common_member_profile |
| pre_common_member_profile_setting |
| pre_common_member_security |
| pre_common_member_secwhite |
| pre_common_member_stat_field |
| pre_common_member_status |
| pre_common_member_validate |
| pre_common_member_verify |
| pre_common_member_verify_info |
| pre_common_myapp |
| pre_common_myinvite |
| pre_common_mytask |
| pre_common_nav |
| pre_common_onlinetime |
| pre_common_optimizer |
| pre_common_patch |
| pre_common_plugin |
| pre_common_pluginvar |
| pre_common_process |
| pre_common_regip |
| pre_common_relatedlink |
| pre_common_remote_port |
| pre_common_report |
| pre_common_searchindex |
| pre_common_seccheck |
| pre_common_secquestion |
| pre_common_session |
| pre_common_setting |
| pre_common_smiley |
| pre_common_sphinxcounter |
| pre_common_stat |
| pre_common_statuser |
| pre_common_style |
| pre_common_stylevar |
| pre_common_syscache |
| pre_common_tag |
| pre_common_tagitem |
| pre_common_task |
| pre_common_taskvar |
| pre_common_template |
| pre_common_template_block |
| pre_common_template_permission |
| pre_common_uin_black |
| pre_common_usergroup |
| pre_common_usergroup_field |
| pre_common_visit |
| pre_common_word |
| pre_common_word_type |
| pre_connect_disktask |
| pre_connect_feedlog |
| pre_connect_memberbindlog |
| pre_connect_postfeedlog |
| pre_connect_tthreadlog |
| pre_forum_access |
| pre_forum_activity |
| pre_forum_activityapply |
| pre_forum_announcement |
| pre_forum_attachment |
| pre_forum_attachment_0 |
| pre_forum_attachment_1 |
| pre_forum_attachment_2 |
| pre_forum_attachment_3 |
| pre_forum_attachment_4 |
| pre_forum_attachment_5 |
| pre_forum_attachment_6 |
| pre_forum_attachment_7 |
| pre_forum_attachment_8 |
| pre_forum_attachment_9 |
| pre_forum_attachment_exif |
| pre_forum_attachment_unused |
| pre_forum_attachtype |
| pre_forum_bbcode |
| pre_forum_collection |
| pre_forum_collectioncomment |
| pre_forum_collectionfollow |
| pre_forum_collectioninvite |
| pre_forum_collectionrelated |
| pre_forum_collectionteamworker |
| pre_forum_collectionthread |
| pre_forum_creditslog |
| pre_forum_debate |
| pre_forum_debatepost |
| pre_forum_faq |
| pre_forum_filter_post |
| pre_forum_forum |
| pre_forum_forum_threadtable |
| pre_forum_forumfield |
| pre_forum_forumrecommend |
| pre_forum_groupcreditslog |
| pre_forum_groupfield |
| pre_forum_groupinvite |
| pre_forum_grouplevel |
| pre_forum_groupuser |
| pre_forum_hotreply_member |
| pre_forum_hotreply_number |
| pre_forum_imagetype |
| pre_forum_medal |
| pre_forum_medallog |
| pre_forum_memberrecommend |
| pre_forum_moderator |
| pre_forum_modwork |
| pre_forum_newthread |
| pre_forum_onlinelist |
| pre_forum_order |
| pre_forum_poll |
| pre_forum_polloption |
| pre_forum_polloption_image |
| pre_forum_pollvoter |
| pre_forum_post |
+-----------------------------------+

8.1.png

8.2.png

8.3.png

8.4.png

8.5.png

修复方案:

版权声明:转载请注明来源 anonym@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:8

确认时间:2016-04-15 18:25

厂商回复:

漏洞已经确认,正在修复中。感谢作者的反馈。

最新状态:

暂无


漏洞评价:

评价