记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

酷我音乐某站存在SQL注入漏洞

2015-11-24 12:40

code 区域
POST /yy/dd/BillBoardIndex HTTP/1.1

Content-Length: 153

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://yinyue.kuwo.cn

Cookie: JSESSIONID=2239AB7B78CA1BA5360DE883275DA713.worker3; JSESSIONID=3EB1C6CF70E5E8F0C6D890C4B22E9304.worker3; Hm_lvt_cdb524f42f0ce19b169a8071123a4797=1444408982,1444409080,1444409184,1444409273; Hm_lpvt_cdb524f42f0ce19b169a8071123a4797=1444409273; bdshare_firstime=1444408373733; HMACCOUNT=DE1039CBFBE0CBB4; BAIDU_DUP_lcr=http://www.acunetix-referrer.com/javascript:domxssExecutionSink(0,"'\"><xsstag>()refdxss"); rec_usr=1444408451288x248_0_1444408451288; BAIDUID=E873CCF12448972C14F2C33F05E23DBB:FG=1; KW_COL_MUSIC=6484107%2C6484108%2C6484109%2C6484110%2C6484111%2C6469484%2C6469480%2C6469481%2C6469482%2C6469483%2C6469485%2C442554%2C1294406%2C635632%2C125854%2C513481%2C481141%2C891712%2C150621%2C4061663%2C218086%2C4998874%2C138243%2C213974%2C84423%2C58604%2C162175%2C80403%2C279153%2C229022%2C4855762%2C202673%2C268360%2C1161285%2C156514%2C3615946%2C4020459%2C166731%2C78114%2C3307158%2C102851%2C5235286%2C320411%2C830227%2C156517%2C243825%2C1084932%2C1120849%2C1964675%2C4405653%2C81457%2C4802881%2C3241508%2C551607%2C540455%2C4122290%2C6573892%2C6623012%2C5354512; is_unique=sc8062124.1444409886.0; __cfduid=d20a0c14b0842eb66af268de781a491661444410333; _gscu_2087265495=44410487i5msu720; _gscs_2087265495=44410487l14p8v20|pv:1; _gscbrs_2087265495=1

Host: yinyue.kuwo.cn

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21

Accept: */*



cat=15&phase=39156&_=

cat参数存在注入

111.png

22.png

漏洞证明:

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0145705

阅读:70190 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“酷我音乐某站存在SQL注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词