Huawei Enterprise Information Engine SQL注入漏洞

Basic Fields

SSV ID:
SSV-89741
Find Time:
2015-11-11
Submit Time:
2015-11-16
Level:
Category:
SQL 注入
Component:
Author:
WooYun
Submitter:
Knownsec
CVE-ID:
Add
CNNVD-ID:
Add
CNVD-ID:
CNVD-2015-07447
ZoomEye Dork:
Add

Source

Detail

Unavailable Detail

PoC

Unavailable PoC

Reference Linking

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Popularity 2357
Need to bind phone before comment. Bind Now

All Comments (2)

  • wstart
    = = 其实 其中xxxTypeadmin参数为触发点,xxx不固定。 由于wooyun上挖掘的此漏洞为中国移动与华为开发,固相关源码与参数可能有所改变。 查询后发现共四处POST注入: 分别是/mms/musicList.jsp下的musicByname参数,musicTypeadmin参数,picTypeadmin参数,picType参数 这个不就是漏洞详情么?
    2F
  • 98zz
    没有详情,怎么写poc??
    1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes