迪普UMC统一管理系统SQL注入

2015-08-28T00:00:00
ID SSV:89261
Type seebug
Reporter nandisec
Modified 2015-08-28T00:00:00

Description

<p>DPtech UMC统一管理中心<br><br>案例:<br><br></p><p><br></p><pre><code style="margin: 0px; font-family: 'Lucida Console', 'Courier New', Courier, mono, monospace; color: rgb(51, 51, 51); background-color: rgb(248, 248, 248);">http://222.171.148.161/UMC/Login.action<br style="margin: 0px; padding: 0px;"> http://222.75.152.197:8080/UMC/Login.action<br style="margin: 0px; padding: 0px;"> http://222.47.70.3:8080/UMC/Login.action<br style="margin: 0px; padding: 0px;"> http://218.28.177.149/UMC/Login.action<br style="margin: 0px; padding: 0px;"> http://211.138.102.195:8080/UMC/Login.action</code></pre><p><br><br><br><br>针对部分型号,并不通杀。<br><br><br><br></p><p><br></p><pre><code style="margin: 0px; font-family: 'Lucida Console', 'Courier New', Courier, mono, monospace; color: rgb(51, 51, 51); background-color: rgb(248, 248, 248);">POST /UMC/Login.action HTTP/1.1<br style="margin: 0px; padding: 0px;"> Host: 222.171.148.161<br style="margin: 0px; padding: 0px;"> Content-Length: 56<br style="margin: 0px; padding: 0px;"> Cache-Control: max-age=0<br style="margin: 0px; padding: 0px;"> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8<br style="margin: 0px; padding: 0px;"> Origin: http://222.171.148.161<br style="margin: 0px; padding: 0px;"> User-Agent: Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14<br style="margin: 0px; padding: 0px;"> Content-Type: application/x-www-form-urlencoded<br style="margin: 0px; padding: 0px;"> Referer: http://222.171.148.161/UMC/Login.action<br style="margin: 0px; padding: 0px;"> Accept-Encoding: gzip, deflate<br style="margin: 0px; padding: 0px;"> Accept-Language: zh-CN,zh;q=0.8<br style="margin: 0px; padding: 0px;"> Cookie: JSESSIONID=23B9AB4C1E48052484A6DC55D43EC6F4; JSESSIONID=5573F6953E2E1A27F87914CE46A5D1BD<br style="margin: 0px; padding: 0px;"> <br style="margin: 0px; padding: 0px;"> user.username=admin&user.password=admin&user.verify=prc1</code></pre><p><br><br><br><br>参数user.username存在注入。</p>