Cobub Razor - Open Source Mobile Analytics SQL注入

Question

Cobub Razor - Open Source Mobile Analytics SQL注入

lxj616 opened this issue 8 years ago · comments

A SQL Injection vulnerability has been found & reported to wooyun.org , since security bugs should not be disclosed before applying patch , please claim the bug report from wooyun.org for details and fix

http://wooyun.org/bugs/wooyun-2010-0172480

brucenan · Answer 1 · Mon Feb 01 2016 14:00:39 GMT+0800 (China Standard Time)

Thanks for your info. Any details about the SQL Injection? There're no details in the wooyun page.

lxj616 · Answer 2 · Mon Feb 01 2016 14:09:26 GMT+0800 (China Standard Time)

Please register and claim the bug report as Vendor , this report is only available for official vendor & CNVD (if not claimed by vendor) at present

brucenan · Answer 3 · Tue Feb 02 2016 13:24:22 GMT+0800 (China Standard Time)

I've registered as the Vendor (verified) , but how to claim this bug?

lxj616 · Answer 4 · Tue Feb 02 2016 14:20:05 GMT+0800 (China Standard Time)

http://www.wooyun.org/corps/%E5%8D%97%E4%BA%AC%E8%A5%BF%E6%A1%A5%E7%A7%91%E6%8A%80%E6%9C%89%E9%99%90%E5%85%AC%E5%8F%B8

It seems to be claimed & available for you now , but there could be some delay I suppose

brucenan · Answer 5 · Tue Feb 02 2016 14:23:37 GMT+0800 (China Standard Time)

Thank you very much. I've got the detailed info. We will fix this problem as soon as possible.

lxj616 · Answer 6 · Fri Apr 29 2016 17:07:45 GMT+0800 (China Standard Time)

Fix within develop branch confirmed effective against WooYun-2016-172480