来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 第11个注入存在 siteserver cms console_logSite aspx用 NET Reflector 反编译SiteServer CMS dll这个文件查看代码如下:public void Page_Load(object sender, EventArgs E){ int num; E...
第11个注入存在/siteserver/cms/console_logSite.aspx
用.NET Reflector 反编译SiteServer.CMS.dll这个文件
查看代码如下:
public void Page_Load(object sender, EventArgs E) { int num; Exception exception; bool isPostBack; int publishmentSystemID; this.spContents.ControlToPaginate = this.rptContents; if ((((uint) num) + ((uint) num)) >= 0) { this.spContents.ItemsPerPage = 0x19; this.spContents.ConnectionString = BaiRongDataProvider.ConnectionString; isPostBack = base.Request.QueryString["UserName"] != null; if (!isPostBack) { this.spContents.SelectCommand = DataProvider.LogDAO.GetSelectCommend(); } else { this.spContents.SelectCommand = DataProvider.LogDAO.GetSelectCommend(base.PublishmentSystemID, base.Request.QueryString["LogType"], base.Request.QueryString["UserName"], base.Request.QueryString["Keyword"], base.Request.QueryString["DateFrom"], base.Request.QueryString["DateTo"]); } this.spContents.SortField = "ID"; this.spContents.SortMode = SortMode.DESC; goto Label_068A; }
上面几个参数进入下面
public string GetSelectCommend(int publishmentSystemID, string logType, string userName, string keyword, string dateFrom, string dateTo) { // This item is obfuscated and can not be translated. StringBuilder builder; bool flag; bool flag2; if (publishmentSystemID != 0) { goto Label_0475; } while (!string.IsNullOrEmpty(logType)) { if (!StringUtils.EqualsIgnoreCase(logType, "All")) { goto Label_0475; } if (3 == 0) { goto Label_0016; } if (((uint) publishmentSystemID) >= 0) { break; } } if (!string.IsNullOrEmpty(userName) || !string.IsNullOrEmpty(keyword)) { goto Label_0475; } goto Label_046C; Label_0010: if (!flag2) { goto Label_013D; } Label_0016: return ("SELECT ID, PublishmentSystemID, ChannelID, ContentID, UserName, IPAddress, AddDate, Action, Summary FROM siteserver_Log " + builder.ToString()); ...... Label_02C8: flag = true; builder.AppendFormat("(UserName = '{0}')", userName); Label_02DD: flag2 = string.IsNullOrEmpty(keyword); goto Label_029C; }
几个Request.QueryString['xxx']都是可注入点
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com