漏洞概要 关注数(24) 关注此漏洞
缺陷编号:wooyun-2015-0154035
漏洞标题:用友软件多个分站存在SQL注入
相关厂商:用友软件
漏洞作者: 路人甲
提交时间:2015-11-18 16:24
修复时间:2016-02-23 09:00
公开时间:2016-02-23 09:00
漏洞类型:SQL注射漏洞
危害等级:中
自评Rank:8
漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞
漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签: 无
漏洞详情
披露状态:
2015-11-18: 细节已通知厂商并且等待厂商处理中
2015-11-25: 厂商主动忽略漏洞,细节向第三方安全合作伙伴开放(绿盟科技、唐朝安全巡航)
2016-01-19: 细节向核心白帽子及相关领域专家公开
2016-01-29: 细节向普通白帽子公开
2016-02-08: 细节向实习白帽子公开
2016-02-23: 细节向公众公开
简要描述:
用友软件二级域名:
存在SQL注入,可跑出全部表
详细说明:
1、SQL注入点1——GET型
http://**.**.**.**/servicehome/kmview.aspx?postid=ZS20131231026
2、SQL注入点2——POST型
http://**.**.**.**/AppWeb/BuDing/BuDingGJCX.aspx
POST:
__EVENTTARGET=&__EVENTARGUMENT=&__LastVIEWSTATE_SessionKey=d8f1c755-6b47-485e-873d-0094bd6f8a13&__ContextPath=/&_qam_dialog_control=&__VIEWSTATE=/wEPDwULLTIwMzkyODUzMjkPZBYCAgMPZBYWAg8PDxYCHgVWYWx1ZWRkZAITDw8WBB4HRW51bVNRTAU6U0VMRUNUIEJhbkJlbixCaWFuSGFvIEZST00gSkNfWGluZ0hhbyBXSEVSRSBDaGFucGluRExCSD0nJx8AZGRkAhcPDxYEHwEFeVNFTEVDVCBYLk1pbmdDaGVuZyxYLkJpYW5IYW8gRlJPTSBKQ19DaGFuUGluWCBYIElOTkVSIEpPSU4gSkNfQ2hhblBpbkJCR1ggR1ggT04gR1guQ2hhblBpblg9WC5CaWFuSGFvIEFORCBHWC5DaGFuUGluQkI9JycfAGRkZAIbDw8WBB8BBT1TRUxFQ1QgTWluZ0NoZW5nLEJpYW5IYW8gRlJPTSBKQ19Nb0t1YWlYWCBXSEVSRSBDaGFuUGluWEJIPScnHwBkZGQCHw88KwANAQAPFgYeC18hRGF0YUJvdW5kZx4JUGFnZUNvdW50AhIeC18hSXRlbUNvdW50AqwCZBYCZg9kFiZmDw8WAh4HVmlzaWJsZWhkZAIBD2QWAmYPZBYCAgEPDxYCHgtOYXZpZ2F0ZVVybAUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDE1MDkxMTAwMWQWAmYPFQERVCvovazmjaJVOCvlt6XlhbdkAgIPZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDE0MDkxMjAwMWQWAmYPFQFDVTggVjEyLjDniYjmnKznmoTlj5HniYjor7TmmI7jgIHlronoo4Xor7TmmI7lkoxJVOmDqOe9suaWueahiOaWh%2Baho2QCAw9kFgJmD2QWAgIBDw8WAh8GBSVCdURpbmdaUy5hc3B4P0JpYW5IYW89QkRHSjIwMTQwODI3MDAyZBYCZg8VARzkvY7niYjmnKzljYfnuqdVOCvlt6XlhbcucmFyZAIED2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMjAyMDgwMDFkFgJmDxUBJVU4NTLlm7rlrprotYTkuqfmqKHlnZfooaXkuIHvvIjlhajvvIlkAgUPZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDExMTEwOTAwMWQWAmYPFQExVTgtT0EgMjgyc3Ay5o6n5Lu25Y%2BW5raI5pyf6ZmQ6KGl5LiB5YyFLnBhcnQxLnJhcmQCBg9kFgJmD2QWAgIBDw8WAh8GBSVCdURpbmdaUy5hc3B4P0JpYW5IYW89QkRHSjIwMTExMTA5MDAyZBYCZg8VATFVOC1PQSAyODJzcDLmjqfku7blj5bmtojmnJ/pmZDooaXkuIHljIUucGFydDIucmFyZAIHD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMDRkFgJmDxUBETg1MuWFqOmDqOihpeS4gTAxZAIID2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMDZkFgJmDxUBETg1MuWFqOmDqOihpeS4gTAyZAIJD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMDhkFgJmDxUBETg1MuWFqOmDqOihpeS4gTAzZAIKD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMTBkFgJmDxUBETg1MuWFqOmDqOihpeS4gTA0ZAILD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMTJkFgJmDxUBETg1MuWFqOmDqOihpeS4gTA1ZAIMD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMDAzMzEwMDFkFgJmDxUBHVU46KGl5LiB5pu05paw5bel5YW377yI5paw77yJZAIND2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMDAyMjUwMDFkFgJmDxUBEFU4NTLlubTnu5PooaXkuIFkAg4PZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDEwMDEyOTAwMWQWAmYPFQEbVTg1MuaIkOacrOeuoeeQhuihpeS4gSjlhagpZAIPD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMDAxMjIwMDFkFgJmDxUBFTg1Muezu%2Be7n%2BeuoeeQhuihpeS4gWQCEA9kFgJmD2QWAgIBDw8WAh8GBSVCdURpbmdaUy5hc3B4P0JpYW5IYW89QkRHSjIwMTAwMTA1MDAxZBYCZg8VARU4NTLlupTmlLblupTku5jooaXkuIFkAhEPZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDEwMDEwNTAwMmQWAmYPFQEfVTg1MumHh%2Bi0reeuoeeQhuihpeS4ge%2B8iOWFqO%2B8iWQCEg8PFgIfBWhkZAIhDw8WAh4HRW5hYmxlZGhkZAIjDw8WAh8HaGRkAikPFgIeBFRleHQFATFkAisPFgIfCAUCMThkAi0PFgIfCAUCMTdkAi8PFgIfCAUDMzAwZBgBBQhndkJ1RGluZw9nZFkuturiZNCy5pqb9h4s5JfNAuad&textfield=&txtBuDingMC=fdsfa&txtGuanJianZ=&dc_ChanPinDL=&dc_ChanPinBB=&dc_ChanPinX=&dc_ChanPinMK=&Button1=&gvBuDing$ctl02$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl02$TextBox6=2015/09/11&gvBuDing$ctl03$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E6%94%AF%E6%8C%81%E6%96%87%E6%A1%A3&gvBuDing$ctl03$TextBox6=2014/09/12&gvBuDing$ctl04$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl04$TextBox6=2014/08/27&gvBuDing$ctl05$TextBox5=8.52%EF%BC%8D%E8%B4%A2%E5%8A%A1%E4%BC%9A%E8%AE%A1%EF%BC%8D%E5%9B%BA%E5%AE%9A%E8%B5%84%E4%BA%A7&gvBuDing$ctl05$TextBox6=2012/02/08&gvBuDing$ctl06$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E8%A1%A5%E4%B8%81&gvBuDing$ctl06$TextBox6=2011/11/09&gvBuDing$ctl07$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl07$TextBox6=2011/11/09&gvBuDing$ctl08$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl08$TextBox6=2011/11/07&gvBuDing$ctl09$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl09$TextBox6=2011/11/07&gvBuDing$ctl10$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl10$TextBox6=2011/11/07&gvBuDing$ctl11$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl11$TextBox6=2011/11/07&gvBuDing$ctl12$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl12$TextBox6=2011/11/07&gvBuDing$ctl13$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl13$TextBox6=2010/03/31&gvBuDing$ctl14$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E4%BC%81%E4%B8%9A%E5%BA%94%E7%94%A8%E9%9B%86%E6%88%90&gvBuDing$ctl14$TextBox6=2010/02/25&gvBuDing$ctl15$TextBox5=8.52%EF%BC%8D%E7%AE%A1%E7%90%86%E4%BC%9A%E8%AE%A1%EF%BC%8D%E6%88%90%E6%9C%AC%E7%AE%A1%E7%90%86&gvBuDing$ctl15$TextBox6=2010/01/29&gvBuDing$ctl16$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E4%BC%81%E4%B8%9A%E5%BA%94%E7%94%A8%E9%9B%86%E6%88%90&gvBuDing$ctl16$TextBox6=2010/01/22&gvBuDing$ctl17$TextBox5=8.52%EF%BC%8D%E8%B4%A2%E5%8A%A1%E4%BC%9A%E8%AE%A1%EF%BC%8D%E5%BA%94%E6%94%B6%E5%BA%94%E4%BB%98&gvBuDing$ctl17$TextBox6=2010/01/05&gvBuDing$ctl18$TextBox5=8.52%EF%BC%8D%E4%BE%9B%E5%BA%94%E9%93%BE%EF%BC%8D%E9%87%87%E8%B4%AD%E7%AE%A1%E7%90%86&gvBuDing$ctl18$TextBox6=2010/01/05&textbox1=&textbox2=&textbox3=&textbox4=&__EVENTVALIDATION=/wEWLAKn98jGDgKuz4%2BGAwLqitdjAoznisYGApbW0/4DArG/8ZMOApbWz54EArG/7bMOApbW274DArG/%2BdMNApbW194DArG/9fMNApbWo4YFArG/wZsPApbW36YFArG//bsPApbW674GArG/iVQCltan5gQCsb/F%2Bw4C2dzLtgIC9MXpywwC2dyH5gIC9MWl%2BwwC2dzT/gMC9MXxkw4C2dzPngQC9MXtsw4C2dzbvgMC9MX50w0C2dzX3gMC9MX18w0C2dyjhgUC9MXBmw8C2dzfpgUC9MX9uw8C2dzrvgYC9MWJVAKE/PbtCgKPyfquDwKsyrLrBgKsyvbZDAKsyoq1BQKsyu58bUJO3omduVhkQUd4ISPu6CGoLE8%3D
漏洞证明:
1、SQL注入点1——GET型
http://**.**.**.**/servicehome/kmview.aspx?postid=ZS20131231026
2、SQL注入点2——POST型
http://**.**.**.**/AppWeb/BuDing/BuDingGJCX.aspx
POST:
__EVENTTARGET=&__EVENTARGUMENT=&__LastVIEWSTATE_SessionKey=d8f1c755-6b47-485e-873d-0094bd6f8a13&__ContextPath=/&_qam_dialog_control=&__VIEWSTATE=/wEPDwULLTIwMzkyODUzMjkPZBYCAgMPZBYWAg8PDxYCHgVWYWx1ZWRkZAITDw8WBB4HRW51bVNRTAU6U0VMRUNUIEJhbkJlbixCaWFuSGFvIEZST00gSkNfWGluZ0hhbyBXSEVSRSBDaGFucGluRExCSD0nJx8AZGRkAhcPDxYEHwEFeVNFTEVDVCBYLk1pbmdDaGVuZyxYLkJpYW5IYW8gRlJPTSBKQ19DaGFuUGluWCBYIElOTkVSIEpPSU4gSkNfQ2hhblBpbkJCR1ggR1ggT04gR1guQ2hhblBpblg9WC5CaWFuSGFvIEFORCBHWC5DaGFuUGluQkI9JycfAGRkZAIbDw8WBB8BBT1TRUxFQ1QgTWluZ0NoZW5nLEJpYW5IYW8gRlJPTSBKQ19Nb0t1YWlYWCBXSEVSRSBDaGFuUGluWEJIPScnHwBkZGQCHw88KwANAQAPFgYeC18hRGF0YUJvdW5kZx4JUGFnZUNvdW50AhIeC18hSXRlbUNvdW50AqwCZBYCZg9kFiZmDw8WAh4HVmlzaWJsZWhkZAIBD2QWAmYPZBYCAgEPDxYCHgtOYXZpZ2F0ZVVybAUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDE1MDkxMTAwMWQWAmYPFQERVCvovazmjaJVOCvlt6XlhbdkAgIPZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDE0MDkxMjAwMWQWAmYPFQFDVTggVjEyLjDniYjmnKznmoTlj5HniYjor7TmmI7jgIHlronoo4Xor7TmmI7lkoxJVOmDqOe9suaWueahiOaWh%2Baho2QCAw9kFgJmD2QWAgIBDw8WAh8GBSVCdURpbmdaUy5hc3B4P0JpYW5IYW89QkRHSjIwMTQwODI3MDAyZBYCZg8VARzkvY7niYjmnKzljYfnuqdVOCvlt6XlhbcucmFyZAIED2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMjAyMDgwMDFkFgJmDxUBJVU4NTLlm7rlrprotYTkuqfmqKHlnZfooaXkuIHvvIjlhajvvIlkAgUPZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDExMTEwOTAwMWQWAmYPFQExVTgtT0EgMjgyc3Ay5o6n5Lu25Y%2BW5raI5pyf6ZmQ6KGl5LiB5YyFLnBhcnQxLnJhcmQCBg9kFgJmD2QWAgIBDw8WAh8GBSVCdURpbmdaUy5hc3B4P0JpYW5IYW89QkRHSjIwMTExMTA5MDAyZBYCZg8VATFVOC1PQSAyODJzcDLmjqfku7blj5bmtojmnJ/pmZDooaXkuIHljIUucGFydDIucmFyZAIHD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMDRkFgJmDxUBETg1MuWFqOmDqOihpeS4gTAxZAIID2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMDZkFgJmDxUBETg1MuWFqOmDqOihpeS4gTAyZAIJD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMDhkFgJmDxUBETg1MuWFqOmDqOihpeS4gTAzZAIKD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMTBkFgJmDxUBETg1MuWFqOmDqOihpeS4gTA0ZAILD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMTExMDcwMTJkFgJmDxUBETg1MuWFqOmDqOihpeS4gTA1ZAIMD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMDAzMzEwMDFkFgJmDxUBHVU46KGl5LiB5pu05paw5bel5YW377yI5paw77yJZAIND2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMDAyMjUwMDFkFgJmDxUBEFU4NTLlubTnu5PooaXkuIFkAg4PZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDEwMDEyOTAwMWQWAmYPFQEbVTg1MuaIkOacrOeuoeeQhuihpeS4gSjlhagpZAIPD2QWAmYPZBYCAgEPDxYCHwYFJUJ1RGluZ1pTLmFzcHg/Qmlhbkhhbz1CREdKMjAxMDAxMjIwMDFkFgJmDxUBFTg1Muezu%2Be7n%2BeuoeeQhuihpeS4gWQCEA9kFgJmD2QWAgIBDw8WAh8GBSVCdURpbmdaUy5hc3B4P0JpYW5IYW89QkRHSjIwMTAwMTA1MDAxZBYCZg8VARU4NTLlupTmlLblupTku5jooaXkuIFkAhEPZBYCZg9kFgICAQ8PFgIfBgUlQnVEaW5nWlMuYXNweD9CaWFuSGFvPUJER0oyMDEwMDEwNTAwMmQWAmYPFQEfVTg1MumHh%2Bi0reeuoeeQhuihpeS4ge%2B8iOWFqO%2B8iWQCEg8PFgIfBWhkZAIhDw8WAh4HRW5hYmxlZGhkZAIjDw8WAh8HaGRkAikPFgIeBFRleHQFATFkAisPFgIfCAUCMThkAi0PFgIfCAUCMTdkAi8PFgIfCAUDMzAwZBgBBQhndkJ1RGluZw9nZFkuturiZNCy5pqb9h4s5JfNAuad&textfield=&txtBuDingMC=fdsfa&txtGuanJianZ=&dc_ChanPinDL=&dc_ChanPinBB=&dc_ChanPinX=&dc_ChanPinMK=&Button1=&gvBuDing$ctl02$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl02$TextBox6=2015/09/11&gvBuDing$ctl03$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E6%94%AF%E6%8C%81%E6%96%87%E6%A1%A3&gvBuDing$ctl03$TextBox6=2014/09/12&gvBuDing$ctl04$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl04$TextBox6=2014/08/27&gvBuDing$ctl05$TextBox5=8.52%EF%BC%8D%E8%B4%A2%E5%8A%A1%E4%BC%9A%E8%AE%A1%EF%BC%8D%E5%9B%BA%E5%AE%9A%E8%B5%84%E4%BA%A7&gvBuDing$ctl05$TextBox6=2012/02/08&gvBuDing$ctl06$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E8%A1%A5%E4%B8%81&gvBuDing$ctl06$TextBox6=2011/11/09&gvBuDing$ctl07$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl07$TextBox6=2011/11/09&gvBuDing$ctl08$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl08$TextBox6=2011/11/07&gvBuDing$ctl09$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl09$TextBox6=2011/11/07&gvBuDing$ctl10$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl10$TextBox6=2011/11/07&gvBuDing$ctl11$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl11$TextBox6=2011/11/07&gvBuDing$ctl12$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E8%A1%A5%E4%B8%81%E6%9B%B4%E6%96%B0%E5%B7%A5%E5%85%B7&gvBuDing$ctl12$TextBox6=2011/11/07&gvBuDing$ctl13$TextBox5=U8%E5%85%B6%E4%BB%96%EF%BC%8D%E6%96%87%E6%A1%A3%E5%B7%A5%E5%85%B7%EF%BC%8D%E4%B8%93%E7%94%A8%E5%B7%A5%E5%85%B7&gvBuDing$ctl13$TextBox6=2010/03/31&gvBuDing$ctl14$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E4%BC%81%E4%B8%9A%E5%BA%94%E7%94%A8%E9%9B%86%E6%88%90&gvBuDing$ctl14$TextBox6=2010/02/25&gvBuDing$ctl15$TextBox5=8.52%EF%BC%8D%E7%AE%A1%E7%90%86%E4%BC%9A%E8%AE%A1%EF%BC%8D%E6%88%90%E6%9C%AC%E7%AE%A1%E7%90%86&gvBuDing$ctl15$TextBox6=2010/01/29&gvBuDing$ctl16$TextBox5=8.52%EF%BC%8D%E7%B3%BB%E7%BB%9F%E5%B7%A5%E5%85%B7%E5%8F%8A%E7%8E%AF%E5%A2%83%EF%BC%8D%E4%BC%81%E4%B8%9A%E5%BA%94%E7%94%A8%E9%9B%86%E6%88%90&gvBuDing$ctl16$TextBox6=2010/01/22&gvBuDing$ctl17$TextBox5=8.52%EF%BC%8D%E8%B4%A2%E5%8A%A1%E4%BC%9A%E8%AE%A1%EF%BC%8D%E5%BA%94%E6%94%B6%E5%BA%94%E4%BB%98&gvBuDing$ctl17$TextBox6=2010/01/05&gvBuDing$ctl18$TextBox5=8.52%EF%BC%8D%E4%BE%9B%E5%BA%94%E9%93%BE%EF%BC%8D%E9%87%87%E8%B4%AD%E7%AE%A1%E7%90%86&gvBuDing$ctl18$TextBox6=2010/01/05&textbox1=&textbox2=&textbox3=&textbox4=&__EVENTVALIDATION=/wEWLAKn98jGDgKuz4%2BGAwLqitdjAoznisYGApbW0/4DArG/8ZMOApbWz54EArG/7bMOApbW274DArG/%2BdMNApbW194DArG/9fMNApbWo4YFArG/wZsPApbW36YFArG//bsPApbW674GArG/iVQCltan5gQCsb/F%2Bw4C2dzLtgIC9MXpywwC2dyH5gIC9MWl%2BwwC2dzT/gMC9MXxkw4C2dzPngQC9MXtsw4C2dzbvgMC9MX50w0C2dzX3gMC9MX18w0C2dyjhgUC9MXBmw8C2dzfpgUC9MX9uw8C2dzrvgYC9MWJVAKE/PbtCgKPyfquDwKsyrLrBgKsyvbZDAKsyoq1BQKsyu58bUJO3omduVhkQUd4ISPu6CGoLE8%3D
修复方案:
程序员最清楚
版权声明:转载请注明来源 路人甲@乌云
漏洞回应
厂商回应:
危害等级:无影响厂商忽略
忽略时间:2016-02-23 09:00
厂商回复:
漏洞Rank:8 (WooYun评价)
最新状态:
暂无