当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0121722

漏洞标题:中科三方某站点SQL POST注入漏洞

相关厂商:北京中科三方网络技术有限公司

漏洞作者: 路人甲

提交时间:2015-06-26 19:13

修复时间:2015-08-13 08:46

公开时间:2015-08-13 08:46

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-06-26: 细节已通知厂商并且等待厂商处理中
2015-06-29: 厂商已经确认,细节仅向厂商公开
2015-07-09: 细节向核心白帽子及相关领域专家公开
2015-07-19: 细节向普通白帽子公开
2015-07-29: 细节向实习白帽子公开
2015-08-13: 细节向公众公开

简要描述:

刚刚洗完澡,看到评论,没睡也来一发;然而并卵。这种注入一大把。

详细说明:

这个后台未授权访问几个月前就出现。现在都还没修复。
注入url:http://fax.sfn.cn/feat/Account/List.aspx
POST数据:

POST /feat/Account/List.aspx HTTP/1.1
Host: fax.sfn.cn
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://fax.sfn.cn/feat/Account/List.aspx
Cookie: ASP.NET_SessionId=00fsuwb2tby5rj45wcrp1t55
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 14025
__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwUJNjA4OTI0OTUyD2QWAmYPZBYCAgMPZBYCAgEPZBYEAgkPFgIeC18hSXRlbUNvdW50Ak8WngECAQ9kFghmDxUFCGpldHN1bWN3EuatpuaxieaNt%2Bi%2FheS%2FoeaBrwAMMTM5NzEyODUxOTE3ATBkAgEPDxYCHg9Db21tYW5kQXJndW1lbnQFAjgzZGQCAw8PFgIfAQUCODNkZAIFDw8WAh8BBQI4M2RkAgIPZBYIZg8VBQpkdWFuNjEzNzE5CeautemTtuebmwAAATBkAgEPDxYCHwEFAjgyZGQCAw8PFgIfAQUCODJkZAIFDw8WAh8BBQI4MmRkAgMPZBYIZg8VBQV5bG5ldC3kvIrnioHlhazkvJflpJrlqpLkvZPkv6Hmga%2FmnInpmZDotKPku7vlhazlj7gAAAEwZAIBDw8WAh8BBQI4MWRkAgMPDxYCHwEFAjgxZGQCBQ8PFgIfAQUCODFkZAIED2QWCGYPFQUGZG91aGFvJOWMl%2BS6rOmAl%2BWPt%2Be9kee7nOenkeaKgOaciemZkOWFrOWPuAAAATBkAgEPDxYCHwEFAjgwZGQCAw8PFgIfAQUCODBkZAIFDw8WAh8BBQI4MGRkAgUPZBYIZg8VBQhjaGFuZ3NoaSTljJfkuqzluLjmsI%2FkvJ%2FkuJrlub%2FlkYrmnInpmZDlhazlj7gAAAEwZAIBDw8WAh8BBQI3OWRkAgMPDxYCHwEFAjc5ZGQCBQ8PFgIfAQUCNzlkZAIGD2QWCGYPFQUEMTAxMCrljJfkuqznvZHlipvlnKjnur%2FmlbDmja7mioDmnK%2FmnInpmZDlhazlj7gAAAEwZAIBDw8WAh8BBQI3OGRkAgMPDxYCHwEFAjc4ZGQCBQ8PFgIfAQUCNzhkZAIHD2QWCGYPFQUEamlzdQzmsrPljJfmnoHpgJ8M5rKz5YyX5p6B6YCfDOays%2BWMl%2BaegemAnwEwZAIBDw8WAh8BBQI3N2RkAgMPDxYCHwEFAjc3ZGQCBQ8PFgIfAQUCNzdkZAIID2QWCGYPFQUFeWl0dW8FeWl0dW8FeWl0dW8FeWl0dW8BMGQCAQ8PFgIfAQUCNzZkZAIDDw8WAh8BBQI3NmRkAgUPDxYCHwEFAjc2ZGQCCQ9kFghmDxUFBmh1YW55dRLljJfkuqznjq%2FlrofkvbPljZoJ5rGq57uP55CGA3d1IAEwZAIBDw8WAh8BBQI3NWRkAgMPDxYCHwEFAjc1ZGQCBQ8PFgIfAQUCNzVkZAIKD2QWCGYPFQUHemhlbmdkZQzmtY7ljZfmraPlvrcG5q2j5b63Buato%2BW%2BtwEwZAIBDw8WAh8BBQI3NGRkAgMPDxYCHwEFAjc0ZGQCBQ8PFgIfAQUCNzRkZAILD2QWCGYPFQUJY2hlbmppbjg1BumZiOi%2FmwbpmYjov5sDd3UgATBkAgEPDxYCHwEFAjczZGQCAw8PFgIfAQUCNzNkZAIFDw8WAh8BBQI3M2RkAgwPZBYIZg8VBQpiZWljaGVuMDEwCmJlaWNoZW4wMTAKYmVpY2hlbjAxMApiZWljaGVuMDEwATBkAgEPDxYCHwEFAjcyZGQCAw8PFgIfAQUCNzJkZAIFDw8WAh8BBQI3MmRkAg0PZBYIZg8VBQVzYWl5aRLlkIjogqXotZvmmJPnvZHnu5wJ5ZC057uP55CGAnd1ATBkAgEPDxYCHwEFAjcxZGQCAw8PFgIfAQUCNzFkZAIFDw8WAh8BBQI3MWRkAg4PZBYIZg8VBQZqdXpoZW4S5q2m5rGJ55%2Bp6Zi156eR5oqABuiDoeiLjxAwMjctODM1NTcxNjUtODAxATBkAgEPDxYCHwEFAjcwZGQCAw8PFgIfAQUCNzBkZAIFDw8WAh8BBQI3MGRkAg8PZBYIZg8VBQVzb29iYRLov57kupHmuK%2FlpKnooYzlu7oJ5byg5bCP5aeQA%2BaXoAEwZAIBDw8WAh8BBQI2OWRkAgMPDxYCHwEFAjY5ZGQCBQ8PFgIfAQUCNjlkZAIQD2QWCGYPFQUIZ3Vhbmd4aW4M5bm%2F5Lic5bm%2F6K6vCei1teWwj%2BWnkAJ3dQEwZAIBDw8WAh8BBQI2OGRkAgMPDxYCHwEFAjY4ZGQCBQ8PFgIfAQUCNjhkZAIRD2QWCGYPFQUKZHVhbjYxMzcxOQnmrrXpk7bnm5sJ5q616ZO255ubA%2BaXoAEwZAIBDw8WAh8BBQI2N2RkAgMPDxYCHwEFAjY3ZGQCBQ8PFgIfAQUCNjdkZAISD2QWCGYPFQUGMDIwOTA0D%2BWGheiSmeWPpOa1qea1twnnjovnu4%2FnkIYDd3UgATBkAgEPDxYCHwEFAjY2ZGQCAw8PFgIfAQUCNjZkZAIFDw8WAh8BBQI2NmRkAhMPZBYIZg8VBQkyODQyMzExNDIG5LiH6JmOCeasp%2BmYs%2BadsAsxNTMyMTA2NjEyMAEwZAIBDw8WAh8BBQI2NWRkAgMPDxYCHwEFAjY1ZGQCBQ8PFgIfAQUCNjVkZAIUD2QWCGYPFQULaHV6aG9uZ2hlbmcS5rmW5bee5Lit5oGS5L%2Bh5oGvCeWNouiwk%2BS4rQwwNTcyLTIxMDgwNzUBMGQCAQ8PFgIfAQUCNjRkZAIDDw8WAh8BBQI2NGRkAgUPDxYCHwEFAjY0ZGQCFQ9kFghmDxUFCHRvbWFsaWNlDOaLk%2Bi9r%2BenkeaKgAbnlLPmgLsMMDIxLTYyMzIwMjk3ATBkAgEPDxYCHwEFAjYyZGQCAw8PFgIfAQUCNjJkZAIFDw8WAh8BBQI2MmRkAhYPZBYIZg8VBQzmsrPljJfkuJbnqpcM5rKz5YyX5LiW56qXCeeOi%2BeCs%2BeroAwwMzE3LTMwNzk5OTEBMGQCAQ8PFgIfAQUCNjFkZAIDDw8WAh8BBQI2MWRkAgUPDxYCHwEFAjYxZGQCFw9kFghmDxUFBGpzYm4M5rGf6IuP6YKm5a6BBueOi%2BeQvAsxMzUxMjU0Mjg5NwEwZAIBDw8WAh8BBQI2MGRkAgMPDxYCHwEFAjYwZGQCBQ8PFgIfAQUCNjBkZAIYD2QWCGYPFQUEOTl0bwzkuK3lm73mlbDmja4G546L55C8CzEzNTEyNTQyODk3BDIwMDBkAgEPDxYCHwEFAjU5ZGQCAw8PFgIfAQUCNTlkZAIFDw8WAh8BBQI1OWRkAhkPZBYIZg8VBQZoYW5udW8n5ZOI5bCU5ruo57%2Bw6K%2B6572R57uc56eR5oqA5pyJ6ZmQ5YWs5Y%2B4BueOi%2BmbqA0%2FNDUxLTU1NTkzOTUyATBkAgEPDxYCHwEFAjU4ZGQCAw8PFgIfAQUCNThkZAIFDw8WAh8BBQI1OGRkAhoPZBYIZg8VBQnljqbpl6jpopwP5Y6m6Zeo6aKc5pmT5paMCeminOaZk%2BaWjAPml6ABMGQCAQ8PFgIfAQUCNTdkZAIDDw8WAh8BBQI1N2RkAgUPDxYCHwEFAjU3ZGQCGw9kFghmDxUFD%2BS4nOiOnua3mOWwj%2BS4iSrkuJzojp7luILmt5jlsI%2FkuInnlLXlrZDllYbliqHmnInpmZDlhazlj7gJ5YiY5bCP5aeQEjA3NjktMjI4ODY2NjM%2FPz8%2FPwEwZAIBDw8WAh8BBQI1NmRkAgMPDxYCHwEFAjU2ZGQCBQ8PFgIfAQUCNTZkZAIcD2QWCGYPFQUKbGVpeHVhbmh1aQbnjovlvIAD5pegA%2BaXoAEwZAIBDw8WAh8BBQI1NWRkAgMPDxYCHwEFAjU1ZGQCBQ8PFgIfAQUCNTVkZAIdD2QWCGYPFQUHbHhod2h1dAnliJjmmZPlro8J5YiY5pmT5a6PA%2BaXoAEwZAIBDw8WAh8BBQI1NGRkAgMPDxYCHwEFAjU0ZGQCBQ8PFgIfAQUCNTRkZAIeD2QWCGYPFQUFbGlrYWkG5p2O5YevBuadjuWHrwPml6ABMGQCAQ8PFgIfAQUCNTNkZAIDDw8WAh8BBQI1M2RkAgUPDxYCHwEFAjUzZGQCHw9kFghmDxUFDOazm%2BS6mui1hOiurwzms5vkuprotYTorq8J6a2P5bCP5aeQDTA1MTAtODI4MzUyMDMBMGQCAQ8PFgIfAQUCNTJkZAIDDw8WAh8BBQI1MmRkAgUPDxYCHwEFAjUyZGQCIA9kFghmDxUFCHdlaXFpd2ViEuS4iua1t%2Be7tOS8gee9kee7nAnmnY7oia%2Fnv6AMMDIxLTYxMDA5MTc3ATBkAgEPDxYCHwEFAjUxZGQCAw8PFgIfAQUCNTFkZAIFDw8WAh8BBQI1MWRkAiEPZBYIZg8VBQnng5%2Flj7DnvZEM54Of5Y%2Bw572R57ucCeadjuWFiOeUnwwwNTM1LTY2MTM4OTYBMGQCAQ8PFgIfAQUCNTBkZAIDDw8WAh8BBQI1MGRkAgUPDxYCHwEFAjUwZGQCIg9kFghmDxUFDOWNjuWlpeaXtuepuirljJfkuqzljY7lpaXml7bnqbrkv6Hmga%2FmioDmnK%2FmnInpmZDlhazlj7gJ5a2Z5aWz5aOrCDgyOTg2NjMxBS00NDAwZAIBDw8WAh8BBQI0OWRkAgMPDxYCHwEFAjQ5ZGQCBQ8PFgIfAQUCNDlkZAIjD2QWCGYPFQUGeG16a3p5JOWOpumXqOS4reenkei1hOa6kOe9kee7nOaciemZkOWFrOWPuAnpu4TlhYjnlJ8MMDU5Mi0zNjg4NTU4ATBkAgEPDxYCHwEFAjQ4ZGQCAw8PFgIfAQUCNDhkZAIFDw8WAh8BBQI0OGRkAiQPZBYIZg8VBQpxaW5mZW5xaW5nEuefs%2BWutuW6hOWNmuWjq%2BW%2BtwrnjovpmIHmmI4%2FDTAzMTEtODMwMzE5NjABMGQCAQ8PFgIfAQUCNDdkZAIDDw8WAh8BBQI0N2RkAgUPDxYCHwEFAjQ3ZGQCJQ9kFghmDxUFDOS4iua1t%2BazveW8gAzkuIrmtbfms73lvIAG546L5byADDAyMS01MDQyMjY3MwEwZAIBDw8WAh8BBQI0NmRkAgMPDxYCHwEFAjQ2ZGQCBQ8PFgIfAQUCNDZkZAImD2QWCGYPFQUJY3N6aGl0b25nDOiHs%2BmAmue9kee7nAnliJjnu4%2FnkIYQMDczMS04NDE1NTc2NiAgIAEwZAIBDw8WAh8BBQI0NWRkAgMPDxYCHwEFAjQ1ZGQCBQ8PFgIfAQUCNDVkZAInD2QWCGYPFQUM56We5bee5a6P572REuWMl%2BS6rOWuj%2Be9keelnuW3ngblkajmlY8INTEyODAwNjYBMGQCAQ8PFgIfAQUCNDRkZAIDDw8WAh8BBQI0NGRkAgUPDxYCHwEFAjQ0ZGQCKA9kFghmDxUFBnN5aHhsdBjmsojpmLPljY7kv6Hok53lm77np5HmioAJ5a6B57uP55CGDDAyNC02NDY1NjAwMQUtNTYwMGQCAQ8PFgIfAQUCNDNkZAIDDw8WAh8BBQI0M2RkAgUPDxYCHwEFAjQzZGQCKQ9kFghmDxUFBnF6ODA4OAnolKHmmKXmmZMJ6JSh5pil5pmTDDAyNC0yMzgyMTE0OAEwZAIBDw8WAh8BBQI0MmRkAgMPDxYCHwEFAjQyZGQCBQ8PFgIfAQUCNDJkZAIqD2QWCGYPFQUEeWJpeRLnpo%2FpqazkvIHkuJrpm4blm6IJ546L57uP55CGDjA1OTEtODc4OTcxMTcgBi0xMTMzMGQCAQ8PFgIfAQUCNDFkZAIDDw8WAh8BBQI0MWRkAgUPDxYCHwEFAjQxZGQCKw9kFghmDxUFBuWQtOmdmQzlkozliJvmmJPogZQJ5ZC057uP55CGDDAxMC04MTE2NDExOQEwZAIBDw8WAh8BBQI0MGRkAgMPDxYCHwEFAjQwZGQCBQ8PFgIfAQUCNDBkZAIsD2QWCGYPFQUEd3djcwzlhbHlgKHlkozosJAJ5p2O57uP55CGCDgxOTAwMzM2BS0yODAwZAIBDw8WAh8BBQIzOWRkAgMPDxYCHwEFAjM5ZGQCBQ8PFgIfAQUCMzlkZAItD2QWCGYPFQUIY25kbnMtemgY5LiK5rW3576O5qmZ56eR5oqA5L%2Bh5oGvCeW8oOWFtOaYjgwwMjEtNTE2OTc3NzEBMGQCAQ8PFgIfAQUCMzhkZAIDDw8WAh8BBQIzOGRkAgUPDxYCHwEFAjM4ZGQCLg9kFghmDxUFDOeCjum7hOe9kee7nBjlronlvr3ngo7pu4TnvZHnu5znp5HmioAJ5YiY54ix5Li9DDA1NTEtMzY3MDgyNQEwZAIBDw8WAh8BBQIzN2RkAgMPDxYCHwEFAjM3ZGQCBQ8PFgIfAQUCMzdkZAIvD2QWCGYPFQUG5LyB5pa5JeWQiOiCpeS8geaWueS%2FoeaBr%2BaKgOacr%2BaciemZkOWFrOWPuCAJ6b2Q57uP55CGDDA1NTEtNTYzOTA2NgEwZAIBDw8WAh8BBQIzNmRkAgMPDxYCHwEFAjM2ZGQCBQ8PFgIfAQUCMzZkZAIwD2QWCGYPFQUIeWFob29tc24M5Lit572R5LqS6LWiCeWImOe7j%2BeQhgg4NjMyNDYwNAUtNjk5NGQCAQ8PFgIfAQUCMzVkZAIDDw8WAh8BBQIzNWRkAgUPDxYCHwEFAjM1ZGQCMQ9kFghmDxUFC3dhbmdqaW5nODUwKuS5ieS5jOW4guWVhuWVhumAmue9kee7nOenkeaKgOaciemZkOWFrOWPuAnnjovnu4%2FnkIYNMDU3OS04OTkwNjgwMAEwZAIBDw8WAh8BBQIzNGRkAgMPDxYCHwEFAjM0ZGQCBQ8PFgIfAQUCMzRkZAIyD2QWCGYPFQUFMDIxa2oS5LiK5rW35byA5p2w5L%2Bh5oGvCeW8oOW8gOmTtgsxNTAyMTEyOTYwMAEwZAIBDw8WAh8BBQIzM2RkAgMPDxYCHwEFAjMzZGQCBQ8PFgIfAQUCMzNkZAIzD2QWCGYPFQUIMjAxMDA1MDYe5Y2X5Lqs5qCH5p2G56eR5oqA5pyJ6ZmQ5YWs5Y%2B4CeW8oOWwj%2BWnkAwwMjUtODM2OTIyOTgBMGQCAQ8PFgIfAQUCMzJkZAIDDw8WAh8BBQIzMmRkAgUPDxYCHwEFAjMyZGQCNA9kFghmDxUFBmVhc3kwMiTor5rmjJrlpKnkuIvvvIjmsrPljJfnm5vlrrTnp5HmioDvvIkJ5aec57uP55CGCzEzNDAxMTAxNDA0BTI4MjAwZAIBDw8WAh8BBQIzMWRkAgMPDxYCHwEFAjMxZGQCBQ8PFgIfAQUCMzFkZAI1D2QWCGYPFQUHc2hxaWhhbyTkuIrmtbfkvIHmtannvZHnu5znp5HmioDmnInpmZDlhazlj7gJ5YiY57uP55CGDTAyMS01Njg0NDA0OCABMGQCAQ8PFgIfAQUCMzBkZAIDDw8WAh8BBQIzMGRkAgUPDxYCHwEFAjMwZGQCNg9kFghmDxUFBnd4d3p6Ywnog6Hplb%2FliY0J6IOh6ZW%2F5YmNCDg2MzI0NjA0ATBkAgEPDxYCHwEFAjI5ZGQCAw8PFgIfAQUCMjlkZAIFDw8WAh8BBQIyOWRkAjcPZBYIZg8VBQhkbHlpbGlhbgzlpKfov57kur%2FogZQG546L57qiDTA0MTEtODQ1MTYzNjMBMGQCAQ8PFgIfAQUCMjhkZAIDDw8WAh8BBQIyOGRkAgUPDxYCHwEFAjI4ZGQCOA9kFghmDxUFDOW5uOi%2FkOWdkOaghyTmrabmsYnlubjov5DlnZDmoIfnvZHnu5zmnInpmZDlhazlj7gJ5b6Q5aWz5aOrCzEzOTcxNDcwMzkzATBkAgEPDxYCHwEFAjI3ZGQCAw8PFgIfAQUCMjdkZAIFDw8WAh8BBQIyN2RkAjkPZBYIZg8VBQZzaHQ3ODgJ5a2Z6LGq5aCCCeWtmeixquWgggsxNTk2MjQ1MzU1MgEwZAIBDw8WAh8BBQIyNmRkAgMPDxYCHwEFAjI2ZGQCBQ8PFgIfAQUCMjZkZAI6D2QWCGYPFQUFeG53bCAk6KW%2F5a6B572R6IGU55S15a2Q5L%2Bh5oGv5pyJ6ZmQ5YWs5Y%2B4CeadqOaiheiKsQ0wOTcxLTY1ODU0MjY0ATBkAgEPDxYCHwEFAjI1ZGQCAw8PFgIfAQUCMjVkZAIFDw8WAh8BBQIyNWRkAjsPZBYIZg8VBQR4ZHdsJOW5v%2BW3nuaso%2BWKqOe9kee7nOenkeaKgOaciemZkOWFrOWPuAnlkajnu4%2FnkIYMMDIwLTU2NDIzMTU0ATBkAgEPDxYCHwEFAjI0ZGQCAw8PFgIfAQUCMjRkZAIFDw8WAh8BBQIyNGRkAjwPZBYIZg8VBQVobG40NS3ljqbpl6jmrKPnvZHogZTnvZHnu5zmioDmnK%2FmnI3liqHmnInpmZDlhazlj7gJ546L5YWI55SfDDA1OTItNjUyMTQyMwEwZAIBDw8WAh8BBQIyM2RkAgMPDxYCHwEFAjIzZGQCBQ8PFgIfAQUCMjNkZAI9D2QWCGYPFQUFeWxpZGMt5LyK54qB5YWs5LyX5aSa5aqS5L2T5L%2Bh5oGv5pyJ6ZmQ6LSj5Lu75YWs5Y%2B4CemZtuWls%2BWjqwwwOTk5LTgzODEzOTYBMGQCAQ8PFgIfAQUCMjJkZAIDDw8WAh8BBQIyMmRkAgUPDxYCHwEFAjIyZGQCPg9kFghmDxUFCXpzdGVjMjAxMCTlpKfov57kuK3kuJbnp5HmioDlj5HlsZXmnInpmZDlhazlj7gJ5p2O57uP55CGCzE1OTYyNTIzMjQ1ATBkAgEPDxYCHwEFAjIxZGQCAw8PFgIfAQUCMjFkZAIFDw8WAh8BBQIyMWRkAj8PZBYIZg8VBQVXZWJteR7nu7XpmLPliqjlipvnvZHnu5zmnInpmZDlhazlj7gJ5p2O57uP55CGCzE4OTgwMTI5NTc5ATBkAgEPDxYCHwEFAjIwZGQCAw8PFgIfAQUCMjBkZAIFDw8WAh8BBQIyMGRkAkAPZBYIZg8VBQV5aWtheSTkuIrmtbfnv7zlvIDnvZHnu5znp5HmioDmnInpmZDlhazlj7gJ5LqO5YWI55SfDDAyMS0zMTI2MjM4MAEwZAIBDw8WAh8BBQIxOWRkAgMPDxYCHwEFAjE5ZGQCBQ8PFgIfAQUCMTlkZAJBD2QWCGYPFQUM5piO6IW%2B5L%2Bh5oGvJOWbm%2BW3neaYjuiFvuS%2FoeaBr%2BaKgOacr%2BaciemZkOWFrOWPuAnmrabnu4%2FnkIYMMDI4LTg1NTM3Mzc4ATBkAgEPDxYCHwEFAjE4ZGQCAw8PFgIfAQUCMThkZAIFDw8WAh8BBQIxOGRkAkIPZBYIZg8VBQZkb25ncWkM5Lic55Cq5Yib5pawCeWQtOe7j%2BeQhgwwMTAtODI2NjY2ODABMGQCAQ8PFgIfAQUCMTdkZAIDDw8WAh8BBQIxN2RkAgUPDxYCHwEFAjE3ZGQCQw9kFghmDxUFCUFpc2lkYTAwMTDokKXlj6PniLHmgJ3ovr7orqHnrpfmnLrkv6Hmga%2FmioDmnK%2FmnInpmZDlhazlj7gG6auY5YabDDA0MTctMjgxNTgzOAEwZAIBDw8WAh8BBQIxNmRkAgMPDxYCHwEFAjE2ZGQCBQ8PFgIfAQUCMTZkZAJED2QWCGYPFQUMYWdlbnRjaGluZXNlJOe9kei3r%2BS4reaWh%2Bi1hOiur%2BiCoeS7veaciemZkOWFrOWPuAnmnY7mjLrnlJ8OMDg4Ni0yMjUzMTkyMjIBMGQCAQ8PFgIfAQUCMTVkZAIDDw8WAh8BBQIxNWRkAgUPDxYCHwEFAjE1ZGQCRQ9kFghmDxUFCeiFvuWco%2Ba6kCfljJfkuqzohb7lnKPmupDnp5HmioDlj5HlsZXmnInpmZDlhazlj7gG5Yav54%2BNCzE1MTIwMDYwMzA4ATBkAgEPDxYCHwEFAjE0ZGQCAw8PFgIfAQUCMTRkZAIFDw8WAh8BBQIxNGRkAkYPZBYIZg8VBQR4aHdsCeWPtuiCsuW5swnlj7bogrLlubMLMTUyMTA4ODA5ODYBMGQCAQ8PFgIfAQUCMTNkZAIDDw8WAh8BBQIxM2RkAgUPDxYCHwEFAjEzZGQCRw9kFghmDxUFBGh4d2wk57uN5YW05a6P6ZGr572R57uc5oqA5pyv5pyJ6ZmQ5YWs5Y%2B4BuW%2BkOWonw0wNTc1LTgyNzA4MDAwATBkAgEPDxYCHwEFAjEyZGQCAw8PFgIfAQUCMTJkZAIFDw8WAh8BBQIxMmRkAkgPZBYIZg8VBQdKaW5nZW1hLemHkeaIiOmprO%2B8iOWMl%2BS6rO%2B8ieS%2FoeaBr%2BaKgOacr%2BaciemZkOWFrOWPuAnnjovkupHpo54LMTM4MTA2NzgxMjEBMGQCAQ8PFgIfAQUCMTFkZAIDDw8WAh8BBQIxMWRkAgUPDxYCHwEFAjExZGQCSQ9kFghmDxUFBnBhbnl1bhLph43luobmlIDkupHnp5HmioAJ6IOh5bCP55C0DDAyMy04NjkxNTQwMAEwZAIBDw8WAh8BBQIxMGRkAgMPDxYCHwEFAjEwZGQCBQ8PFgIfAQUCMTBkZAJKD2QWCGYPFQUFY25yaGsM6aaZ5riv5Y2h6IuPA%2BaXoAPml6ABMGQCAQ8PFgIfAQUBOWRkAgMPDxYCHwEFATlkZAIFDw8WAh8BBQE5ZGQCSw9kFghmDxUFBWhycXl3DOWNjuS6uuWNmuWtpgnliJjojaPlpY4MMDEwLTg1Nzc5MzE4ATBkAgEPDxYCHwEFAThkZAIDDw8WAh8BBQE4ZGQCBQ8PFgIfAQUBOGRkAkwPZBYIZg8VBQZ6ejA3MzES6ZW%2F5rKZ5LyX5b%2BX5L%2Bh5oGvCeadjue7j%2BeQhg4wNzMxLTg4OTIyMDkwIAEwZAIBDw8WAh8BBQE3ZGQCAw8PFgIfAQUBN2RkAgUPDxYCHwEFATdkZAJND2QWCGYPFQUHZ3VvZmVuZyHlhoXokpnlj6Tlm73po47nvZHnu5zmioDmnK%2Flhazlj7gJ5YiY57Sr5L2zDDA0NzEtNjk2NzIyOAQxNjgwZAIBDw8WAh8BBQE2ZGQCAw8PFgIfAQUBNmRkAgUPDxYCHwEFATZkZAJOD2QWCGYPFQUHbGFuZGlhbivmsrPljJfok53ngrnnvZHnu5zmioDmnK%2FmnI3liqHmnInpmZDlhazlj7ggBueOi%2Ba2mw4wMzExLTg3MjgzODU4IAEwZAIBDw8WAh8BBQE1ZGQCAw8PFgIfAQUBNWRkAgUPDxYCHwEFATVkZAJPD2QWCGYPFQUKamluc3VhbnBhbiHph43luobph5Hnrpfnm5jova%2Fku7bmnInpmZDlhazlj7gG5p2o5pilDDAyMy04NjkxNTQwMQUtNDU3NmQCAQ8PFgIfAQUBNGRkAgMPDxYCHwEFATRkZAIFDw8WAh8BBQE0ZGQCCw8PFgIeEEN1cnJlbnRQYWdlSW5kZXgCAWRkZKytnvkneMVYBQrJqlV9FzE5HagE&__PREVIOUSPAGE=fVtRwYu0fAidT10HZfyovpTThCT5pj8yS6fg686diN5USkHEBTbB7OI2Yu215zd4Nf0a6gfzUe1lICrJznp4JQpoTGA1&__EVENTVALIDATION=%2FwEW8gEC3Lfi4gsC5bGLvQQC0J6t%2FAsCzvyZtAsCgOLJYwLB3%2BK%2FCgLih5usBgL2g6SRCgLB356ACQLih9fsBAKs1vObCQLB34rACQLih8OsBQKR7Zn6DALB38aACALih%2F%2FsAwLbmvKHCQLB37LACALih%2BusBAKs1u%2BKBQLB3%2B6ABwLih6ftAgLiqL%2BpDwLB39rABwLih5OtAwLHv%2BXzBwLB39b%2BDQLih4%2FrCQK5o4%2FpCQLB38K%2BDgLih%2FuqCgK5o%2FP4DAKGnZOSBQLdl4epBQKWm8OYDQKGnf%2FRBQLdl%2FPoBQL7sdnkDwKGnbuSBALdl6%2BpBAKxhNmCDAKGnafSBALdl5vpBAKCwMaiCwKGneOSAwLdl9epAwLM7c7DBAKGnc%2FSAwLdl8PpAwKxhKXeCgKGnYuTAgLdl%2F%2BpAgLn1qSQAgKGnffSAgLdl%2BvpAgK4kpKcBgKGnfOQCQLdl%2BenCQKK59MQAoad39AJAt2X0%2BcJAornh40GAsvaryQC2Kff5QQCm5juoQoCy9qbZALYp8ulBQLs0%2FvCBQLL2tekDwLYp4fmAwKipvvgAQLL2sPkDwLYp%2FOlBAKHvfGrCALL2v%2BkDgLYp6%2FmAgLR6vnMAQLL2uvkDgLYp5umAwKipsc8Asvap6UNAtin1%2BYBAtj4xu4HAsvak%2BUNAtinw6YCAr2PvaUDAsvaj6MEAtinv%2BQIAo%2Ba0dUHAsva%2B%2BIEAtinq6QJAo%2BahdINAsCrqYoOAtO3t6IEArS1ohICwKuVyg4C07ej4gQCmczo8Q8CwKvRig0C07ffogMCr8XyowQCwKu9yg0C07fL4gMCgIGQVwLAq%2FmKDALTt4ejAgLKrujkDALAq%2BXKDALTt%2FPiAgKvxe4SAsCroYsLAtO3r6MBAuWXvrEKAsCrjcsLAtO3m%2BMBArbT29ALAsCriYkCAtO3l6EIAqi3hcYNAsCr9cgCAtO3g%2BEIAqi36boHAq2f1%2FIHAvb9oLUCApGok8gEAq2fw7IIAvb9jPUCAuLj0PwMAq2f%2F%2FIGAvb9yLUBApi2oIcMAq2f67IHAvb9tPUBAv3MxuUPAq2fp%2FMFAvb98DUCx%2Fqe8wsCrZ%2BTswYC9v3cdQKYtpz2BwKtn8%2FzBAL2%2FZi2DwLOiOyUAgKtn7uzBQL2%2FYT2DwKzn5LfCgKtn7fxCwL2%2FYC0BgKFqvb7AQKtn6OxDAL2%2FezzBgKFqtrwCwLy3POEAwLxjfnxAQKC%2B%2B%2FoBgLy3N%2FEAwLxjeWxAgLnkYbQAgLy3JuFAgLxjaFyAp3khe4OAvLch8UCAvGNjbIBAu6f840OAvLcw4UBAvGNyfIPArjN%2B64HAvLcr8UBAvGNtTICneTRyQ0C8tzrBQLxjfHyDgLTttH7BALy3NdFAvGN3bIPAqTyvocJAvLc04MHAvGN2fAFAvbGgPwCAvLcv8MHAvGNxbAGAvbGtN0PAreakJcOAuyd0a4BAof4mvIDArea%2FNYOAuydve4BAtizqK4IAreauJcNAuyd%2BS4CjoaozAQCt5qk1w0C7J3lbgLznJ6XCwK3muCXDALsnaGvDwK9yqa4BAK3mszXDALsnY3vDwKOhvSnAwK3moiYCwLsncmvDgLE2PPZCgK3mvTXCwLsnbXvDgKp7%2BmQBgK3mvCVAgLsnbGtBQL7%2Bf3ACgK3mtzVAgLsnZ3tBQL7%2BbGiBwL816ypCQLnralrAqCB2XAC%2FNeY6QkC562VqwEChZif6wkC%2FNfUqQgC563R6w8Cu%2Bru9QgC%2FNfA6QgC5629KwKMpoypBQL81%2FypBwLnrfnrDgLW0%2BS2AQL81%2BjpBwLnreWrDwK76urkBAL816SqBgLnraHsDQLxvLqDDwL815DqBgLnrY2sDgLC%2BNciAvzXjKgNAuetieoEArTcgZgCAvzX%2BOcNAuet9akFArTc5YwMhc%2B5Ua0APMQYp6OFLjwBZHfrzTA%3D&ctl00%24ContentPlaceHolder1%24searchDomainName=123&ctl00%24ContentPlaceHolder1%24btnNameSearch=+%E6%9F%A5++%E8%AF%A2+


漏洞证明:

QQ图片20150620022619.png


表数据

QQ图片20150620022704.png

修复方案:

自己看着办

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:20

确认时间:2015-06-29 08:44

厂商回复:

正在处理。

最新状态:

暂无