当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0142932

漏洞标题:上海外语教育出版社某站存在sql注入

相关厂商:www.sflep.com

漏洞作者: 深度安全实验室

提交时间:2015-09-24 09:20

修复时间:2015-11-08 09:24

公开时间:2015-11-08 09:24

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:15

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-09-24: 细节已通知厂商并且等待厂商处理中
2015-09-24: 厂商已经确认,细节仅向厂商公开
2015-10-04: 细节向核心白帽子及相关领域专家公开
2015-10-14: 细节向普通白帽子公开
2015-10-24: 细节向实习白帽子公开
2015-11-08: 细节向公众公开

简要描述:

rt

详细说明:

POST /wstechsupport/techsupport.aspx HTTP/1.1
Content-Length: 10498
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://service.sflep.com:80/
Cookie: ASPSESSIONIDSSSCDACT=LNEBHIPADHFEDLPLALLMKFCH; ASP.NET_SessionId=mddnty45tsn5zrjbqjv2s1zb; __utmt=1; __utma=114015237.1871609346.1442972818.1442972818.1442972818.1; __utmb=114015237.1.10.1442972818; __utmc=114015237; __utmz=114015237.1442972818.1.1.utmcsr=acunetix-referrer.com|utmccn=(referral)|utmcmd=referral|utmcct=/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss")
Host: service.sflep.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21
Accept: */*
btnSearch=%e6%90%9c%e7%b4%a2&ddlType=-1&tbSearchContent=e&_ctl10=1&__EVENTARGUMENT=&__EVENTTARGET=&__VIEWSTATE=dDwtNTA3Njg4ODY0O3Q8O2w8aTwwPjs%2bO2w8dDw7bDxpPDE%2bO2k8Nj47aTw4PjtpPDk%2bOz47bDx0PHA8cDxsPFN1YkJhclNvdXJjZTs%2bO2w8YjxBQUVBQUFELy8vLy9BUUFBQUFBQUFBQU1BZ0FBQUZGVGVYTjBaVzB1UkdGMFlTd2dWbVZ5YzJsdmJqMHhMakF1TlRBd01DNHdMQ0JEZFd4MGRYSmxQVzVsZFhSeVlXd3NJRkIxWW14cFkwdGxlVlJ2YTJWdVBXSTNOMkUxWXpVMk1Ua3pOR1V3T0RrRkFRQUFBQlZUZVhOMFpXMHVSR0YwWVM1RVlYUmhWR0ZpYkdVQ0FBQUFDVmh0YkZOamFHVnRZUXRZYld4RWFXWm1SM0poYlFFQkFnQUFBQVlEQUFBQXRBVThQM2h0YkNCMlpYSnphVzl1UFNJeExqQWlJR1Z1WTI5a2FXNW5QU0oxZEdZdE1UWWlQejROQ2p4NGN6cHpZMmhsYldFZ2FXUTlJblJ0Y0VSaGRHRlRaWFFpSUhodGJHNXpQU0lpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0lnZUcxc2JuTTZiWE5rWVhSaFBTSjFjbTQ2YzJOb1pXMWhjeTF0YVdOeWIzTnZablF0WTI5dE9uaHRiQzF0YzJSaGRHRWlQZzBLSUNBOGVITTZaV3hsYldWdWRDQnVZVzFsUFNKVVlXSnNaVEVpUGcwS0lDQWdJRHg0Y3pwamIyMXdiR1Y0Vkhsd1pUNE5DaUFnSUNBZ0lEeDRjenB6WlhGMVpXNWpaVDROQ2lBZ0lDQWdJQ0FnUEhoek9tVnNaVzFsYm5RZ2JtRnRaVDBpVG1GdFpTSWdkSGx3WlQwaWVITTZjM1J5YVc1bklpQnRjMlJoZEdFNmRHRnlaMlYwVG1GdFpYTndZV05sUFNJaUlHMXBiazlqWTNWeWN6MGlNQ0lnTHo0TkNpQWdJQ0FnSUNBZ1BIaHpPbVZzWlcxbGJuUWdibUZ0WlQwaVZYSnNJaUIwZVhCbFBTSjRjenB6ZEhKcGJtY2lJRzF6WkdGMFlUcDBZWEpuWlhST1lXMWxjM0JoWTJVOUlpSWdiV2x1VDJOamRYSnpQU0l3SWlBdlBnMEtJQ0FnSUNBZ1BDOTRjenB6WlhGMVpXNWpaVDROQ2lBZ0lDQThMM2h6T21OdmJYQnNaWGhVZVhCbFBnMEtJQ0E4TDNoek9tVnNaVzFsYm5RK0RRb2dJRHg0Y3pwbGJHVnRaVzUwSUc1aGJXVTlJblJ0Y0VSaGRHRlRaWFFpSUcxelpHRjBZVHBKYzBSaGRHRlRaWFE5SW5SeWRXVWlJRzF6WkdGMFlUcE1iMk5oYkdVOUlucG9MVU5PSWo0TkNpQWdJQ0E4ZUhNNlkyOXRjR3hsZUZSNWNHVStEUW9nSUNBZ0lDQThlSE02WTJodmFXTmxJRzFoZUU5alkzVnljejBpZFc1aWIzVnVaR1ZrSWlBdlBnMEtJQ0FnSUR3dmVITTZZMjl0Y0d4bGVGUjVjR1UrRFFvZ0lEd3ZlSE02Wld4bGJXVnVkRDROQ2p3dmVITTZjMk5vWlcxaFBnWUVBQUFBM3dVOFpHbG1abWR5T21ScFptWm5jbUZ0SUhodGJHNXpPbTF6WkdGMFlUMGlkWEp1T25OamFHVnRZWE10YldsamNtOXpiMlowTFdOdmJUcDRiV3d0YlhOa1lYUmhJaUI0Yld4dWN6cGthV1ptWjNJOUluVnlianB6WTJobGJXRnpMVzFwWTNKdmMyOW1kQzFqYjIwNmVHMXNMV1JwWm1abmNtRnRMWFl4SWo0TkNpQWdQSFJ0Y0VSaGRHRlRaWFErRFFvZ0lDQWdQRlJoWW14bE1TQmthV1ptWjNJNmFXUTlJbFJoWW14bE1URWlJRzF6WkdGMFlUcHliM2RQY21SbGNqMGlNQ0lnWkdsbVptZHlPbWhoYzBOb1lXNW5aWE05SW1sdWMyVnlkR1ZrSWo0TkNpQWdJQ0FnSUR4T1lXMWxQdWFJa2VpbWdlV1NxT2l2b2p3dlRtRnRaVDROQ2lBZ0lDQWdJRHhWY213K0wxZFRWR1ZqYUZOMWNIQnZjblF2VVhWbGMzUnBiMjR1WVhOd2VEd3ZWWEpzUGcwS0lDQWdJRHd2VkdGaWJHVXhQZzBLSUNBZ0lEeFVZV0pzWlRFZ1pHbG1abWR5T21sa1BTSlVZV0pzWlRFeUlpQnRjMlJoZEdFNmNtOTNUM0prWlhJOUlqRWlJR1JwWm1abmNqcG9ZWE5EYUdGdVoyVnpQU0pwYm5ObGNuUmxaQ0krRFFvZ0lDQWdJQ0E4VG1GdFpUN21pb0RtbksvcGw2N25yWlRsdXBNOEwwNWhiV1UrRFFvZ0lDQWdJQ0E4VlhKc1BpOVhVMVJsWTJoVGRYQndiM0owTDFSbFkyaFRkWEJ3YjNKMExtRnpjSGc4TDFWeWJENE5DaUFnSUNBOEwxUmhZbXhsTVQ0TkNpQWdJQ0E4VkdGaWJHVXhJR1JwWm1abmNqcHBaRDBpVkdGaWJHVXhNeUlnYlhOa1lYUmhPbkp2ZDA5eVpHVnlQU0l5SWlCa2FXWm1aM0k2YUdGelEyaGhibWRsY3owaWFXNXpaWEowWldRaVBnMEtJQ0FnSUNBZ1BFNWhiV1UrNW9pUjU1cUU2WmV1NmFLWVBDOU9ZVzFsUGcwS0lDQWdJQ0FnUEZWeWJENHZVRzl5ZEdGc1RHOW5hVzR2ZEdWdGNGSmxaR2x5WldOMExtRnpjSGcvVW1Wa2FYSmxZM1JWY213OU1qd3ZWWEpzUGcwS0lDQWdJRHd2VkdGaWJHVXhQZzBLSUNBOEwzUnRjRVJoZEdGVFpYUStEUW84TDJScFptWm5janBrYVdabVozSmhiVDRMPjs%2bPjs%2bO2w8aTwwPjtpPDE%2bOz47bDx0PHA8bDxfIUl0ZW1Db3VudDs%2bO2w8aTw4Pjs%2bPjtsPGk8MD47aTwxPjtpPDI%2bO2k8Mz47aTw0PjtpPDU%2bO2k8Nj47aTw3Pjs%2bO2w8dDw7bDxpPDA%2bOz47bDx0PEA8L1dpY3Jlc29mdC5QR1MuV2ViL2RlZmF1bHQuYXNweD9BcHBJRD0yODQ1O%2be9keermemmlumhtTs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPC9XaWNyZXNvZnQuUEdTLldlYi9QYWdlLmFzcHg/UGFnZUlEPTE3O%2bS6p%2bWTgeS7i%2be7jTs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPC9XaWNyZXNvZnQuUEdTLldlYi9QYWdlLmFzcHg/UGFnZUlEPTE5O%2bacgOaWsOi1hOiurzs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPC9XaWNyZXNvZnQuUEdTLldlYi9QYWdlLmFzcHg/UGFnZUlEPTIwO%2bS4i%2bi9veS4k%2bWMujs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPC93c3RlY2hzdXBwb3J0L3RlY2hzdXBwb3J0LmFzcHg75oqA5pyv5Lqk5rWBOz47Oz47Pj47dDw7bDxpPDA%2bOz47bDx0PEA8L3dpY3Jlc29mdC5mZWVkYmFjay9xdWVzdGlvbmxpc3QuYXNweDvlnKjnur/osIPmn6U7Pjs7Pjs%2bPjt0PDtsPGk8MD47PjtsPHQ8QDwvd3NtYWdhemluZS9tYWdhemluZS5hc3B4O%2baKgOacr%2badguW/lzs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPC9XaWNyZXNvZnQuUEdTLldlYi9QYWdlLmFzcHg/UGFnZUlEPTI4O%2biBlOezu%2baIkeS7rDs%2bOzs%2bOz4%2bOz4%2bO3Q8cDxsPF8hSXRlbUNvdW50Oz47bDxpPDM%2bOz4%2bO2w8aTwwPjtpPDE%2bO2k8Mj47PjtsPHQ8O2w8aTwwPjs%2bO2w8dDxAPC9XU1RlY2hTdXBwb3J0L1F1ZXN0aW9uLmFzcHg75oiR6KaB5ZKo6K%2biOz47Oz47Pj47dDw7bDxpPDA%2bOz47bDx0PEA8L1dTVGVjaFN1cHBvcnQvVGVjaFN1cHBvcnQuYXNweDvmioDmnK/pl67nrZTlupM7Pjs7Pjs%2bPjt0PDtsPGk8MD47PjtsPHQ8QDwvUG9ydGFsTG9naW4vdGVtcFJlZGlyZWN0LmFzcHg/UmVkaXJlY3RVcmw9MjvmiJHnmoTpl67popg7Pjs7Pjs%2bPjs%2bPjs%2bPjt0PHQ8cDxwPGw8RGF0YVRleHRGaWVsZDtEYXRhVmFsdWVGaWVsZDs%2bO2w8VHlwZU5hbWU7SUQ7Pj47Pjt0PGk8MTE%2bO0A85YWo6YOoO%2bWFtuS7ljvlhYnnm5jnsbs75paw55CG5b%2b1572R57uc5a2m5Lmg57O757ufO%2bWkp%2bWtpuiLseivreWIhue6p%2ba1i%2bivlemimOW6kzvlpKflraboi7Hor63lj6Por63ogIPor5Xns7vnu5875oSP6KeB5LiO5bu66K6uO%2baAnemjnuWwj%2bWtpuiLseivreWtpuS5oOW5s%2bWPsDvlpJbmlZnnpL7mnInlo7DotYTmupDnvZE75aSW5pWZ56S%2b5oqA5pyv5pyN5Yqh572R56uZO0NFTeiLseivreivreaWmeW6kzs%2bO0A8LTE7MTs3Ozg7OTsxMDsxMTsxMjsxMzsxNDsxNTs%2bPjs%2bOzs%2bO3Q8cDxsPF8hSXRlbUNvdW50Oz47bDxpPDU%2bOz4%2bO2w8aTwwPjtpPDE%2bO2k8Mj47aTwzPjtpPDQ%2bOz47bDx0PDtsPGk8MD47PjtsPHQ8QDwyMDA5LTEtNCAyMTozNjozMTvlpKflraboi7Hor63lkKzor7TmlZnnqIvkuIvovb3nmoTlronoo4XnqIvluo/ov5jmmK/kuI3lpb3nlKjvvIHvvIF2aXN0Yeezu%2be7n%2b%2b8jOS7peWJjemDveayoemXrumimOeahO%2b8geaQnuS7gOS5iO%2b8n%2b%2b8nzsyMDA5LTEtMjEgMTM6NTk6NTA75oKo5aW977yM5oSf6LCi5oKo5L2/55So5oiR5Lus55qE5Lqn5ZOB77yMdmlzdGHns7vnu5/kuIvkvb/nlKjvvIzlu7rorq7mgqjmiorlronoo4XnqIvluo/nmoTov5DooYznjq/looPorr7nva7kuLrlhbzlrrnmqKHlvI/jgII7Pjs7Pjs%2bPjt0PDtsPGk8MD47PjtsPHQ8QDwyMDA4LTEyLTI3IDE1OjI4OjE1O%2baCqOWlve%2b8gSDmiJHoo4XkuoblpKflraboi7Hor63lkKzor7TmlZnnqIvlhajmlrDniYjnrKzkuIDlhozlj6/ku6Xov5DooYzvvIzkvYbmmK/miJHlnKjoo4XnrKzkuozlhoznmoTml7blgJnlsLHkuI3ooYzkuobvvIzlroPlnKjmiJHlronoo4XnmoTml7blgJnlvLnlh7rov5nmoLfnmoTor63oqIDvvJpBcHBsaWNhdGlvbiBmb3IgRmFzdFNwbGFzaCBub3QgZm91bmQg5LiK6Z2i5pivTWlzc2luZyBGaWxlIOOAgui/kOihjCJTRVRVUC5FWEUi77yM5o%2bQ56S65aaC5LiL77yaRXJyb3Igb3BlbmluZyBmaWxlIGZvciB3cml0aW5nOiJcXGJhY2tncm91bmQud2F2IiBIaXQgYWJvcnQgdG8gYWJvcnQgaW5zdGFsbGF0aW9uLHJldHJ5IHRvIHJldHJ5IHdyaXRpbmcgdGhlIGZpbGUsb3IgaWdub3JlIHRvIHNraXAgdGhpcyBmaWxl44CC5LiN55%2bl5aaC5L2V6Kej5Yaz77yfIOiwouiwou%2b8gQ0KDQo7MjAwOS0xLTIxIDE0OjAxOjQxO%2baCqOWlve%2b8jOaEn%2biwouaCqOS9v%2beUqOWkluaVmeekvueahOS6p%2bWTge%2b8jOivt%2bWIsGh0dHA6Ly93d3cuc2ZsZXBzZXJ2aWNlLmNvbee9keermeS4iuS4i%2bi9veacgOaWsOeahOWQrOivtOWFieebmOWuieijheihpeS4geOAgjs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPDIwMDgtMTEtNSAxNTowMTozMjvmiJHms6jlhozkuobvvIzkvYbmmK/mib7kuI3liLDpqozor4HnoIHov5jmmK/kuI3og73kuIvovb3ov5nmmK/mgI7kuYjlm57kuovllYrvvJ/luIzmnJvnu5nngrnmhI/op4HjgILmiJHkubDnmoTmmK/mlrDnvJboi7Hor63mlZnnqIs7MjAwOS0xLTIxIDE0OjAzOjMxO%2baCqOWlve%2b8jOaEn%2biwouaCqOi0reS5sOaIkeS7rOeahOS6p%2bWTgeOAgumqjOivgeeggeWcqOaCqOi0reS5sOeahOS6p%2bWTgeS4re%2b8jOivt%2bS7lOe7huafpeaJvuS4gOS4i%2bOAgjs%2bOzs%2bOz4%2bO3Q8O2w8aTwwPjs%2bO2w8dDxAPDIwMDgtOS0yMCAxMzozNDowNDvmiJHlnKjkuablupfkubDkuoblvrfor63lkKzlipvmlZnnqIsx5a2m55Sf55So5LmmDQrmj5DnpLrmiJFNUDPlnKjnvZHkuIrkuIvovb0uLuWPr%2baYr%2baIkeayoeacieaJvuWIsOWPr%2bS7peS4i%2bi9veeahOWcsOaWuS4u6K%2b35ZGK55%2bl5LiL6L2955qE5YW35L2T572R5Z2AOzIwMDgtMTAtNiAxNDoyMzoyNTvmgqjlpb3vvIzosKLosKLmgqjlr7nlpJbmlZnnpL7kuqflk4HnmoTpgInotK3lkozkvb/nlKjvvIzphY3lpZfnmoTlvZXpn7Por7fliLB3d3cuc2ZsZXBhdWRpby5jb23nvZHnq5nms6jlhozlkI7ov5vooYzkuIvovb3jgIIgOz47Oz47Pj47dDw7bDxpPDA%2bOz47bDx0PEA8MjAwOC02LTIwIDIxOjA1OjQwO%2baIkemZoui0reS5sOS6huWkp%2bWtpuiLseivreWIhue6p%2ba1i%2bivlemimOW6kzEuMe%2b8jOWcqOWuouaIt%2berr%2bWuieijheWQjui/kOihjOaAu%2baYr%2bi/nuaOpeS4jeWIsOaMh%2bWumueahOacjeWKoeWZqO%2b8jOW%2biOaYr%2bmDgemXt%2bWViu%2b8gTsyMDA4LTctMSAxNTowMzo1Mzvmgqjlpb3vvIzmhJ/osKLkvb/nlKjlpJbmlZnnpL7nlLXlrZDkuqflk4HjgILor7fnoa7orqTpopjlupPmnI3liqHlmajnq6/lkozlrqLmiLfnq6/mmK/lkKbpg73lt7Llronoo4XjgILlronoo4XlrozlkI7vvIzor7fmo4Dmn6XmnI3liqHlmajnq6/nmoTns7vnu5/orr7nva7kv6Hmga/vvIzkuI3og73ov57mjqXnmoTljp/lm6Dlj6/og73lnKjmj5DnpLrkv6Hmga/ph4zjgILlj6blpJbvvIzor7fnoa7orqTovpPlhaXnmoTmnI3liqHlmajlnLDlnYDmraPnoa7jgILlpoLmnpzov5jmnInpl67popjvvIzor7fmi6jmiZPmiJHku6znmoTmioDmnK/mnI3liqHnlLXor50wMjEtNjUwODE1OTLjgIINCjs%2bOzs%2bOz4%2bOz4%2bO3Q8cDxwPGw8UmVjb3JkQ291bnQ7UGFnZVNpemU7PjtsPGk8MjY%2bO2k8NT47Pj47PjtsPGk8MD47PjtsPHQ8cDxwPGw8Q3NzQ2xhc3M7XyFTQjs%2bO2w8VGFibGVQYWdlcjtpPDI%2bOz4%2bOz47bDxpPDA%2bOz47bDx0PHA8cDxsPEJvcmRlcldpZHRoO0hvcml6b250YWxBbGlnbjtWZXJ0aWNhbEFsaWduO18hU0I7PjtsPDE8MHB4PjtTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLkhvcml6b250YWxBbGlnbiwgU3lzdGVtLldlYiwgVmVyc2lvbj0xLjAuNTAwMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWIwM2Y1ZjdmMTFkNTBhM2E8Q2VudGVyPjtTeXN0ZW0uV2ViLlVJLldlYkNvbnRyb2xzLlZlcnRpY2FsQWxpZ24sIFN5c3RlbS5XZWIsIFZlcnNpb249MS4wLjUwMDAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iMDNmNWY3ZjExZDUwYTNhPE1pZGRsZT47aTwxOTY2NDA%2bOz4%2bOz47bDxpPDA%2bO2k8MT47aTwyPjs%2bO2w8dDxwPGw8Y2xhc3M7c3R5bGU7aW5uZXJodG1sOz47bDxEaXZGbG9hdExlZnQ7d2lkdGg6NTAlXDt0ZXh0LWFsaWduOmxlZnRcOzvlvZPliY0mbmJzcFw7MSZuYnNwXDsvJm5ic3BcOzYmbmJzcFw76aG1Jm5ic3BcO3wmbmJzcFw75YWx5pyJJm5ic3BcOzI2Jm5ic3BcO%2biusOW9lTs%2bPjs7Pjt0PHA8bDxjbGFzcztzdHlsZTs%2bO2w8RGl2RmxvYXRSaWdodDt3aWR0aDo0OSVcOzs%2bPjtsPGk8MD47aTwyPjtpPDQ%2bO2k8Nj47aTw4PjtpPDExPjs%2bO2w8dDxwPHA8bDxUb29sVGlwO0NvbW1hbmROYW1lO0NvbW1hbmRBcmd1bWVudDtDYXVzZXNWYWxpZGF0aW9uO1RleHQ7RW5hYmxlZDs%2bO2w856ys5LiA6aG1O1BhZ2U7MTtvPGY%2bOzk7bzxmPjs%2bPjtwPGw8c3R5bGU7PjtsPGZvbnQ6MTJweCBXZWJkaW5nc1w7Oz4%2bPjs7Pjt0PHA8cDxsPFRvb2xUaXA7Q29tbWFuZE5hbWU7Q29tbWFuZEFyZ3VtZW50O0NhdXNlc1ZhbGlkYXRpb247VGV4dDtFbmFibGVkOz47bDzkuIrkuIDpobU7UGFnZTtQcmV2O288Zj47MztvPGY%2bOz4%2bO3A8bDxzdHlsZTs%2bO2w8Zm9udDoxMnB4IFdlYmRpbmdzXDs7Pj4%2bOzs%2bO3Q8cDxwPGw8VG9vbFRpcDtDb21tYW5kTmFtZTtDb21tYW5kQXJndW1lbnQ7Q2F1c2VzVmFsaWRhdGlvbjtUZXh0Oz47bDzkuIvkuIDpobU7UGFnZTtOZXh0O288Zj47NDs%2bPjtwPGw8c3R5bGU7PjtsPGZvbnQ6MTJweCBXZWJkaW5nc1w7Oz4%2bPjs7Pjt0PHA8cDxsPFRvb2xUaXA7Q29tbWFuZE5hbWU7Q29tbWFuZEFyZ3VtZW50O0NhdXNlc1ZhbGlkYXRpb247VGV4dDs%2bO2w85pyA5ZCO5LiA6aG1O1BhZ2U7NjtvPGY%2bOzo7Pj47cDxsPHN0eWxlOz47bDxmb250OjEycHggV2ViZGluZ3NcOzs%2bPj47Oz47dDxwPHA8bDxNYXhMZW5ndGg7PjtsPGk8MT47Pj47cDxsPG9uZm9jdXM7b25rZXlkb3duO3NpemU7PjtsPHRoaXMuc2VsZWN0KClcOztyZXR1cm4gX19PbktleURvd24odGhpcylcOzsxOz4%2bPjs7Pjt0PHA8cDxsPENvbW1hbmROYW1lO0NhdXNlc1ZhbGlkYXRpb247VGV4dDs%2bO2w8UGFnZTtvPGY%2bO%2bi3s%2bi9rDs%2bPjtwPGw8b25jbGljazs%2bO2w8cmV0dXJuIF9fQ2FuR28odGhpcywgNiwgJ%2bmhteeggemUmeivrycpXDs7Pj4%2bOzs%2bOz4%2bO3Q8cDxwPGw8VGV4dDtWaXNpYmxlOz47bDxcPCDml6Dnm7jlhbPorrDlvZUgXD47bzxmPjs%2bPjs%2bOzs%2bOz4%2bOz4%2bOz4%2bOz4%2bOz4%2bOz74AVQcaRHDa4HPdFP0ebqr94Lksw%3d%3d&__VIEWSTATEGENERATOR=6ED76750

tbSearchContent参数

0923-1.png

0923-2.png

漏洞证明:

修复方案:

版权声明:转载请注明来源 深度安全实验室@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:15

确认时间:2015-09-24 09:22

厂商回复:

感谢指出漏洞

最新状态:

暂无