网站地图    收藏   

主页 > 后端 > 网站安全 >

siteserver最新版3.6.4 sql inject(第六七蛋) - 网站安

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] 第六个注入存在 siteserver userRole background_user aspx用 NET Reflector 反编译UserCenter Pages dll这个文件查看代码如下:this spContents SelectCommand = UserDataProvider UserDAO GetSelectComman...

第六个注入存在/siteserver/userRole/background_user.aspx

用.NET Reflector 反编译UserCenter.Pages.dll这个文件

查看代码如下:

this.spContents.SelectCommand = UserDataProvider.UserDAO.GetSelectCommand(base.Request.QueryString["Keyword"], TranslateUtils.ToInt(base.Request.QueryString["CreateDate"]), TranslateUtils.ToInt(base.Request.QueryString["LastActivityDate"]), true, TranslateUtils.ToInt(base.Request.QueryString["TypeID"]), TranslateUtils.ToInt(base.Request.QueryString["DepartmentID"]), TranslateUtils.ToInt(base.Request.QueryString["AreaID"]));


可以明显看到能利用的点为keyword

修复方案:
对keyword进行过滤

 

第七个注入存在/UserCenter/cms/contents.aspx

用.NET Reflector 反编译UserCenter.Pages.dll这个文件

查看代码如下:


int totalCount;

    bool flag;

    string keyword = this.Keyword.Text.Trim();

    if ((((uint) totalCount) - ((uint) flag)) <= uint.MaxValue)

    {

        string start = this.start.Value;

        if (0 != 0)

        {

            return;

        }

        string end = this.end.Value;

        if ((((uint) flag) - ((uint) flag)) <= uint.MaxValue)

        {

            base.SetPublishmentSystemID(TranslateUtils.ToInt(this.ddlPublishmentSystemID.SelectedValue));

            this.spContents.ControlToPaginate = this.dlContents;

            this.dlContents.ItemDataBound += new RepeaterItemEventHandler(this.x140df91522580d1f);

            this.spContents.ItemsPerPage = 30;

            this.spContents.ConnectionString = BaiRongDataProvider.ConnectionString;

            this.spContents.SelectCommand = DataProvider.ContentDAO.GetSelectCommendOfTouGao(base.PublishmentSystemInfo.AuxiliaryTableForContent, base.PublishmentSystemID, start, end, keyword, base.UserName, this.touGaoType);

        }

        this.spContents.SortField = "ID";


关注keyword

 

public string GetSelectCommendOfTouGao(string tableName, int publishmentSystemID, string start, string end, string keyword, string userName, ETouGaoType touGaoType)

{

....

   builder.AppendFormat("AND (Title LIKE '%{0}%' OR Content LIKE '%{0}%')", keyword);

 


很明显的注入
 


修复方案:
对keyword进行过滤\


 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论