srun3000计费系统 注入漏洞

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: RT ### 详细说明: 挖得人还是挺多的啊。 ``` SQL:SELECT count(*) FROM `user` WHERE user_login_name='1'' AND user_real_name='Smith' error:You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Smith'' at line 1 ``` 从报错语句中可以看到,user_login_name、user_real_name俩个参数过滤不严导致直接导入查询语句。 [<img src="https://images.seebug.org/upload/201407/05192518238a42c42410c2e475cbcece3f2fb3c8.jpg" alt="QQ图片20140705192647.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/05192518238a42c42410c2e475cbcece3f2fb3c8.jpg) ### 漏洞证明: 注册页面: [<img src="https://images.seebug.org/upload/201407/05192720974ed9e74105613adf47e6e065eee56a.jpg" alt="QQ图片20140705192845.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/05192720974ed9e74105613adf47e6e065eee56a.jpg) POST抓包: ``` POST /index.php?action=userregister&ts=do_check HTTP/1.1 Host: 202.207.48.61:8800 User-Agent:...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息