当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0137203

漏洞标题:E动网某站存在SQL注入

相关厂商:中国E动网

漏洞作者: 路人甲

提交时间:2015-08-28 22:03

修复时间:2015-09-02 22:04

公开时间:2015-09-02 22:04

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-08-28: 细节已通知厂商并且等待厂商处理中
2015-09-02: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

详细说明:

POST /help/wenti/%E9%82%AE%E7%AE%B1%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98/233.html?infoid=233&infoid=233&infoid=233&menu=*&menu=wenti&menu=wenti&tmenu=%u90ae%u7bb1%u5e38%u89c1%u95ee%u9898&tmenu=%u90ae%u7bb1%u5e38%u89c1%u95ee%u9898&tmenu=%u90ae%u7bb1%u5e38%u89c1%u95ee%u9898 HTTP/1.1
Content-Length: 1800
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://new.edong.com:80/
Cookie: ASP.NET_SessionId=rf5ns3hlt43wmqwzsyd5tdxu; temp_user=sessionkey=temp_VacvlX3sMonakVQc
Host: new.edong.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
__VIEWSTATE=/wEPDwULLTE2OTc2OTQ5NDUPZBYCZg9kFgICAw9kFgRmDxYCHglpbm5lcmh0bWwFpAM8bGk%2bPGEgaHJlZj0iaHR0cDovL25ldy5lZG9uZy5jb20vIj7pppbpobU8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iL2hlbHAvd2VudGkvIj7luLjop4Hpl67popg8L2E%2bPC9saT48bGk%2bPGEgaHJlZj0iL2hlbHAvbmV3cy8iPuaWsOmXu%2bS4reW/gzwvYT48L2xpPjxsaT48YSBocmVmPSIvaGVscC9iZWlhbi8iPuWkh%2bahiDwvYT48L2xpPjxsaT48YSBocmVmPSIvaGVscC9kb3dubG9hZC8iPui1hOaWmeS4i%2bi9vTwvYT48L2xpPjxsaT48YSBocmVmPSIvaGVscC9hYm91dC8iPuWFs%2bS6juaIkeS7rDwvYT48L2xpPjxsaT48YSBocmVmPSIvaGVscC9lZG9uZ3l1bi8iPuaYk%2bWKqOS6keW4ruWKqeS4reW/gzwvYT48L2xpPjxsaT48YSBocmVmPSIvaGVscC/mmJPliqjkupHmlrDpl7vlhazlkYovIj7mmJPliqjkupHmlrDpl7vlhazlkYo8L2E%2bPC9saT5kAgEPZBYGAgEPFgIfAGVkAgMPFgIfAAUY5LyB5Lia6YKu566x6LSt5Lmw5rWB56iLZAIFDxYCHwAF6gU8cD7kuIDjgIHnlKjmiLfnmbvlvZUgPC9wPgo8cD7lnKjigJzkvIHkuJrpgq7nrrHigJ3lr7zoiKrpobnov5vlhaXigJzkvIHkuJrpgq7nrrHigJ3nlYzpnaIgPC9wPgo8cD7kuozjgIHkuqflk4HpgInmi6kgPC9wPgo8cD7lnKjigJzkvIHkuJrpgq7nrrHigJ3nlYzpnaLmoLnmja7pnIDopoHpgInmi6npnIDopoHnmoTkvIHkuJrpgq7nrrHkuqflk4HvvIzngrnlh7vkuIvkuIDmraUgPC9wPgo8cD7kuInjgIHnu5Hlrprln5/lkI0gPC9wPgo8cD7nu5Hlrprln5/lkI3vvIzovpPlhaXpgq7nrrHnu5HlrprnmoTln5/lkI3lj4ror6Xln5/lkI3nmoTlpIfmoYjlj7fvvIzlpoLln5/lkI3mnKrlpIfmoYjvvIzlj6/nlLFF5Yqo572R5Luj5Li65aSH5qGIIDwvcD4KPHA%2b5Zub44CB5Yqg5YWl6LSt54mp6L2mIDwvcD4KPHA%2b54K55Ye756Gu6K6k77yM5o%2bQ5Lqk6K6i5Y2V5bm25Yqg5YWl6LSt54mp6L2mIDwvcD4KPHA%2b5LqU44CB5o%2bQ5Lqk6K6i5Y2VIDwvcD4KPHA%2b55m75b2VL%2bazqOWGjEXliqjkvJrlkZggPC9wPgo8cD7mn6XnnIvotK3nianovabvvIzigJznu6fnu63otK3kubDigJ3mk43kvZzlpoLliY3vvIzov5vlhaXnq4vljbPnu5PnrpcgPC9wPgo8cD7lha3jgIHnu5PnrpcgPC9wPgo8cD7mo4Dmn6Xkv6Hmga/ml6Dor6/lkI7vvIzmj5DkuqTorqLljZXvvIzov5vlhaXigJzku5jmrL7pobXpnaLigJ0gPC9wPgo8cD7miJDlip/mlK/ku5jorqLljZUgPC9wPgo8cD7kvIHkuJrpgq7nrrHotK3kubDmiJDlip8gPC9wPmRkoESmLDh7HNdEHdZ%2bdoaSMZZbLyiQhrpPk70FpK9lOi0%3d

menu参数

2.jpg

漏洞证明:

修复方案:

版权声明:转载请注明来源 路人甲@乌云


漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-09-02 22:04

厂商回复:

漏洞Rank:4 (WooYun评价)

最新状态:

暂无