记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

siteserver最新版3.6.4 sql inject(第六七蛋)

2014-02-21 22:10

第六个注入存在/siteserver/userRole/background_user.aspx

用.NET Reflector 反编译UserCenter.Pages.dll这个文件

查看代码如下:


this.spContents.SelectCommand = UserDataProvider.UserDAO.GetSelectCommand(base.Request.QueryString["Keyword"], TranslateUtils.ToInt(base.Request.QueryString["CreateDate"]), TranslateUtils.ToInt(base.Request.QueryString["LastActivityDate"]), true, TranslateUtils.ToInt(base.Request.QueryString["TypeID"]), TranslateUtils.ToInt(base.Request.QueryString["DepartmentID"]), TranslateUtils.ToInt(base.Request.QueryString["AreaID"]));


可以明显看到能利用的点为keyword

修复方案:
对keyword进行过滤

 

第七个注入存在/UserCenter/cms/contents.aspx

用.NET Reflector 反编译UserCenter.Pages.dll这个文件

查看代码如下:



int totalCount;

bool flag;

string keyword = this.Keyword.Text.Trim();

if ((((uint) totalCount) - ((uint) flag)) <= uint.MaxValue)

{

string start = this.start.Value;

if (0 != 0)

{

return;

}

string end = this.end.Value;

if ((((uint) flag) - ((uint) flag)) <= uint.MaxValue)

{

base.SetPublishmentSystemID(TranslateUtils.ToInt(this.ddlPublishmentSystemID.SelectedValue));

this.spContents.ControlToPaginate = this.dlContents;

this.dlContents.ItemDataBound += new RepeaterItemEventHandler(this.x140df91522580d1f);

this.spContents.ItemsPerPage = 30;

this.spContents.ConnectionString = BaiRongDataProvider.ConnectionString;

this.spContents.SelectCommand = DataProvider.ContentDAO.GetSelectCommendOfTouGao(base.PublishmentSystemInfo.AuxiliaryTableForContent, base.PublishmentSystemID, start, end, keyword, base.UserName, this.touGaoType);

}

this.spContents.SortField = "ID";


关注keyword



public string GetSelectCommendOfTouGao(string tableName, int publishmentSystemID, string start, string end, string keyword, string userName, ETouGaoType touGaoType)

{

....

builder.AppendFormat("AND (Title LIKE '%{0}%' OR Content LIKE '%{0}%')", keyword);

 


很明显的注入
 


修复方案:
对keyword进行过滤\


 

知识来源: www.2cto.com/Article/201402/280269.html

阅读:73999 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“siteserver最新版3.6.4 sql inject(第六七蛋)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云

本页关键词