神刀安全网

漏洞标题: 浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

漏洞详情

披露状态:

2016-04-14: 细节已通知厂商并且等待厂商处理中
2016-04-15: 厂商已经确认,细节仅向厂商公开
2016-04-25: 细节向核心白帽子及相关领域专家公开
2016-05-05: 细节向普通白帽子公开
2016-05-15: 细节向实习白帽子公开
2016-05-30: 细节向公众公开

简要描述:

RT

详细说明:

漏洞证明:

http://download.dahuatech.com/tools.php?cid=1054

+———————————–+

| lbcms_about |

| lbcms_admin |

| lbcms_baike |

| lbcms_banner |

| lbcms_boutique |

| lbcms_branch |

| lbcms_case |

| lbcms_channel |

| lbcms_city |

| lbcms_class |

| lbcms_config |

| lbcms_contact |

| lbcms_cooperation |

| lbcms_fankui |

| lbcms_feedback |

| lbcms_field |

| lbcms_honner |

| lbcms_innovation |

| lbcms_jiejue |

| lbcms_job |

| lbcms_jobs |

| lbcms_kejianxiazai |

| lbcms_links |

| lbcms_mv |

| lbcms_news |

| lbcms_online_buy |

| lbcms_pmv |

| lbcms_product |

| lbcms_purchasing |

| lbcms_recruitment_news |

| lbcms_sdsds |

| lbcms_server |

| lbcms_share |

| lbcms_shidian |

| lbcms_shiyanshi |

| lbcms_solution |

| lbcms_success |

| lbcms_supplier |

| lbcms_technology |

| lbcms_test |

| lbcms_video |

| lbcms_viewpoint |

| lbcms_zhaopin |

| pre_common_admincp_cmenu |

| pre_common_admincp_group |

| pre_common_admincp_member |

| pre_common_admincp_perm |

| pre_common_admincp_session |

| pre_common_admingroup |

| pre_common_adminnote |

| pre_common_advertisement |

| pre_common_advertisement_custom |

| pre_common_banned |

| pre_common_block |

| pre_common_block_favorite |

| pre_common_block_item |

| pre_common_block_item_data |

| pre_common_block_permission |

| pre_common_block_pic |

| pre_common_block_style |

| pre_common_block_xml |

| pre_common_cache |

| pre_common_card |

| pre_common_card_log |

| pre_common_card_type |

| pre_common_connect_guest |

| pre_common_credit_log |

| pre_common_credit_log_field |

| pre_common_credit_rule |

| pre_common_credit_rule_log |

| pre_common_credit_rule_log_field |

| pre_common_devicetoken |

| pre_common_district |

| pre_common_diy_data |

| pre_common_domain |

| pre_common_failedip |

| pre_common_failedlogin |

| pre_common_friendlink |

| pre_common_grouppm |

| pre_common_invite |

| pre_common_magic |

| pre_common_magiclog |

| pre_common_mailcron |

| pre_common_mailqueue |

| pre_common_member |

| pre_common_member_action_log |

| pre_common_member_connect |

| pre_common_member_count |

| pre_common_member_crime |

| pre_common_member_field_forum |

| pre_common_member_field_home |

| pre_common_member_forum_buylog |

| pre_common_member_grouppm |

| pre_common_member_log |

| pre_common_member_magic |

| pre_common_member_medal |

| pre_common_member_newprompt |

| pre_common_member_profile |

| pre_common_member_profile_setting |

| pre_common_member_security |

| pre_common_member_secwhite |

| pre_common_member_stat_field |

| pre_common_member_status |

| pre_common_member_validate |

| pre_common_member_verify |

| pre_common_member_verify_info |

| pre_common_myapp |

| pre_common_myinvite |

| pre_common_mytask |

| pre_common_nav |

| pre_common_onlinetime |

| pre_common_optimizer |

| pre_common_patch |

| pre_common_plugin |

| pre_common_pluginvar |

| pre_common_process |

| pre_common_regip |

| pre_common_relatedlink |

| pre_common_remote_port |

| pre_common_report |

| pre_common_searchindex |

| pre_common_seccheck |

| pre_common_secquestion |

| pre_common_session |

| pre_common_setting |

| pre_common_smiley |

| pre_common_sphinxcounter |

| pre_common_stat |

| pre_common_statuser |

| pre_common_style |

| pre_common_stylevar |

| pre_common_syscache |

| pre_common_tag |

| pre_common_tagitem |

| pre_common_task |

| pre_common_taskvar |

| pre_common_template |

| pre_common_template_block |

| pre_common_template_permission |

| pre_common_uin_black |

| pre_common_usergroup |

| pre_common_usergroup_field |

| pre_common_visit |

| pre_common_word |

| pre_common_word_type |

| pre_connect_disktask |

| pre_connect_feedlog |

| pre_connect_memberbindlog |

| pre_connect_postfeedlog |

| pre_connect_tthreadlog |

| pre_forum_access |

| pre_forum_activity |

| pre_forum_activityapply |

| pre_forum_announcement |

| pre_forum_attachment |

| pre_forum_attachment_0 |

| pre_forum_attachment_1 |

| pre_forum_attachment_2 |

| pre_forum_attachment_3 |

| pre_forum_attachment_4 |

| pre_forum_attachment_5 |

| pre_forum_attachment_6 |

| pre_forum_attachment_7 |

| pre_forum_attachment_8 |

| pre_forum_attachment_9 |

| pre_forum_attachment_exif |

| pre_forum_attachment_unused |

| pre_forum_attachtype |

| pre_forum_bbcode |

| pre_forum_collection |

| pre_forum_collectioncomment |

| pre_forum_collectionfollow |

| pre_forum_collectioninvite |

| pre_forum_collectionrelated |

| pre_forum_collectionteamworker |

| pre_forum_collectionthread |

| pre_forum_creditslog |

| pre_forum_debate |

| pre_forum_debatepost |

| pre_forum_faq |

| pre_forum_filter_post |

| pre_forum_forum |

| pre_forum_forum_threadtable |

| pre_forum_forumfield |

| pre_forum_forumrecommend |

| pre_forum_groupcreditslog |

| pre_forum_groupfield |

| pre_forum_groupinvite |

| pre_forum_grouplevel |

| pre_forum_groupuser |

| pre_forum_hotreply_member |

| pre_forum_hotreply_number |

| pre_forum_imagetype |

| pre_forum_medal |

| pre_forum_medallog |

| pre_forum_memberrecommend |

| pre_forum_moderator |

| pre_forum_modwork |

| pre_forum_newthread |

| pre_forum_onlinelist |

| pre_forum_order |

| pre_forum_poll |

| pre_forum_polloption |

| pre_forum_polloption_image |

| pre_forum_pollvoter |

| pre_forum_post |

+———————————–+

漏洞标题:  浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

漏洞标题:  浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

漏洞标题:  浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

漏洞标题:  浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

漏洞标题:  浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

修复方案:

版权声明:转载请注明来源 anonym@乌云

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞标题: 浙江大华股份技术有限公司存在SQL注入一枚(爆出大量数据库)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址