漏洞概要 关注数(6) 关注此漏洞
缺陷编号: WooYun-2016-196062
漏洞标题: 浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)
相关厂商: dahuasystem.cn
漏洞作者: anonym
提交时间: 2016-04-14 23:33
公开时间: 2016-05-30 18:30
漏洞类型: SQL注射漏洞
危害等级: 中
自评Rank: 10
漏洞状态: 厂商已经确认
漏洞来源:www.wooyun.org ,如有疑问或需要帮助请联系
Tags标签: 无
漏洞详情
披露状态:
2016-04-14: 细节已通知厂商并且等待厂商处理中
2016-04-15: 厂商已经确认,细节仅向厂商公开
2016-04-25: 细节向核心白帽子及相关领域专家公开
2016-05-05: 细节向普通白帽子公开
2016-05-15: 细节向实习白帽子公开
2016-05-30: 细节向公众公开
简要描述:
RT
详细说明:
漏洞证明:
http://download.dahuatech.com/tools.php?cid=1054
+-----------------------------------+
| lbcms_about |
| lbcms_admin |
| lbcms_baike |
| lbcms_banner |
| lbcms_boutique |
| lbcms_branch |
| lbcms_case |
| lbcms_channel |
| lbcms_city |
| lbcms_class |
| lbcms_config |
| lbcms_contact |
| lbcms_cooperation |
| lbcms_fankui |
| lbcms_feedback |
| lbcms_field |
| lbcms_honner |
| lbcms_innovation |
| lbcms_jiejue |
| lbcms_job |
| lbcms_jobs |
| lbcms_kejianxiazai |
| lbcms_links |
| lbcms_mv |
| lbcms_news |
| lbcms_online_buy |
| lbcms_pmv |
| lbcms_product |
| lbcms_purchasing |
| lbcms_recruitment_news |
| lbcms_sdsds |
| lbcms_server |
| lbcms_share |
| lbcms_shidian |
| lbcms_shiyanshi |
| lbcms_solution |
| lbcms_success |
| lbcms_supplier |
| lbcms_technology |
| lbcms_test |
| lbcms_video |
| lbcms_viewpoint |
| lbcms_zhaopin |
| pre_common_admincp_cmenu |
| pre_common_admincp_group |
| pre_common_admincp_member |
| pre_common_admincp_perm |
| pre_common_admincp_session |
| pre_common_admingroup |
| pre_common_adminnote |
| pre_common_advertisement |
| pre_common_advertisement_custom |
| pre_common_banned |
| pre_common_block |
| pre_common_block_favorite |
| pre_common_block_item |
| pre_common_block_item_data |
| pre_common_block_permission |
| pre_common_block_pic |
| pre_common_block_style |
| pre_common_block_xml |
| pre_common_cache |
| pre_common_card |
| pre_common_card_log |
| pre_common_card_type |
| pre_common_connect_guest |
| pre_common_credit_log |
| pre_common_credit_log_field |
| pre_common_credit_rule |
| pre_common_credit_rule_log |
| pre_common_credit_rule_log_field |
| pre_common_devicetoken |
| pre_common_district |
| pre_common_diy_data |
| pre_common_domain |
| pre_common_failedip |
| pre_common_failedlogin |
| pre_common_friendlink |
| pre_common_grouppm |
| pre_common_invite |
| pre_common_magic |
| pre_common_magiclog |
| pre_common_mailcron |
| pre_common_mailqueue |
| pre_common_member |
| pre_common_member_action_log |
| pre_common_member_connect |
| pre_common_member_count |
| pre_common_member_crime |
| pre_common_member_field_forum |
| pre_common_member_field_home |
| pre_common_member_forum_buylog |
| pre_common_member_grouppm |
| pre_common_member_log |
| pre_common_member_magic |
| pre_common_member_medal |
| pre_common_member_newprompt |
| pre_common_member_profile |
| pre_common_member_profile_setting |
| pre_common_member_security |
| pre_common_member_secwhite |
| pre_common_member_stat_field |
| pre_common_member_status |
| pre_common_member_validate |
| pre_common_member_verify |
| pre_common_member_verify_info |
| pre_common_myapp |
| pre_common_myinvite |
| pre_common_mytask |
| pre_common_nav |
| pre_common_onlinetime |
| pre_common_optimizer |
| pre_common_patch |
| pre_common_plugin |
| pre_common_pluginvar |
| pre_common_process |
| pre_common_regip |
| pre_common_relatedlink |
| pre_common_remote_port |
| pre_common_report |
| pre_common_searchindex |
| pre_common_seccheck |
| pre_common_secquestion |
| pre_common_session |
| pre_common_setting |
| pre_common_smiley |
| pre_common_sphinxcounter |
| pre_common_stat |
| pre_common_statuser |
| pre_common_style |
| pre_common_stylevar |
| pre_common_syscache |
| pre_common_tag |
| pre_common_tagitem |
| pre_common_task |
| pre_common_taskvar |
| pre_common_template |
| pre_common_template_block |
| pre_common_template_permission |
| pre_common_uin_black |
| pre_common_usergroup |
| pre_common_usergroup_field |
| pre_common_visit |
| pre_common_word |
| pre_common_word_type |
| pre_connect_disktask |
| pre_connect_feedlog |
| pre_connect_memberbindlog |
| pre_connect_postfeedlog |
| pre_connect_tthreadlog |
| pre_forum_access |
| pre_forum_activity |
| pre_forum_activityapply |
| pre_forum_announcement |
| pre_forum_attachment |
| pre_forum_attachment_0 |
| pre_forum_attachment_1 |
| pre_forum_attachment_2 |
| pre_forum_attachment_3 |
| pre_forum_attachment_4 |
| pre_forum_attachment_5 |
| pre_forum_attachment_6 |
| pre_forum_attachment_7 |
| pre_forum_attachment_8 |
| pre_forum_attachment_9 |
| pre_forum_attachment_exif |
| pre_forum_attachment_unused |
| pre_forum_attachtype |
| pre_forum_bbcode |
| pre_forum_collection |
| pre_forum_collectioncomment |
| pre_forum_collectionfollow |
| pre_forum_collectioninvite |
| pre_forum_collectionrelated |
| pre_forum_collectionteamworker |
| pre_forum_collectionthread |
| pre_forum_creditslog |
| pre_forum_debate |
| pre_forum_debatepost |
| pre_forum_faq |
| pre_forum_filter_post |
| pre_forum_forum |
| pre_forum_forum_threadtable |
| pre_forum_forumfield |
| pre_forum_forumrecommend |
| pre_forum_groupcreditslog |
| pre_forum_groupfield |
| pre_forum_groupinvite |
| pre_forum_grouplevel |
| pre_forum_groupuser |
| pre_forum_hotreply_member |
| pre_forum_hotreply_number |
| pre_forum_imagetype |
| pre_forum_medal |
| pre_forum_medallog |
| pre_forum_memberrecommend |
| pre_forum_moderator |
| pre_forum_modwork |
| pre_forum_newthread |
| pre_forum_onlinelist |
| pre_forum_order |
| pre_forum_poll |
| pre_forum_polloption |
| pre_forum_polloption_image |
| pre_forum_pollvoter |
| pre_forum_post |
+-----------------------------------+
修复方案:
版权声明:转载请注明来源 anonym@乌云
漏洞回应
厂商回应:
危害等级:中
漏洞Rank:8
确认时间:2016-04-15 18:25
厂商回复:
漏洞已经确认,正在修复中。感谢作者的反馈。
最新状态:
暂无
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
评论