### 简要描述:
rt
### 详细说明:
官网站:http://**.**.**.**/Login.aspx 在注册用户,检测用户名是否存在 处存在POST注入!
附:**.**.**.**:8000/ 一例
数据包如下:
POST /CscAjax/ajax.aspx HTTP/1.1
Host: **.**.**.**
Proxy-Connection: keep-alive
Content-Length: 63
Accept: text/html, */*
Origin: http://**.**.**.**
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://**.**.**.**/CscUser/Register.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: ASP.NET_SessionId=sihpl4edptrhv5rllkq1vz45; tq_current_visit_time=1438136212880; tq_current_source_page_url=http://**.**.**.**/LoginUrl.aspx?infoid=122*InfoPager=Custom/Cust_Project.aspx; Hm_lvt_4861b8ec72ad47c31e8d238870b1bcb8=1438136215; Hm_lpvt_4861b8ec72ad47c31e8d238870b1bcb8=1438136215
Action=post&name=c_1231&func=proofread
POST DATA参数name 存在注入。
### 漏洞证明:
下图官网测试证明:
[<img src="https://images.seebug.org/upload/201507/29164723dc9b759bd7c81bbe9f44046e907fa38a.png" alt="QQ截图20150729164602.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/29164723dc9b759bd7c81bbe9f44046e907fa38a.png)
[<img src="https://images.seebug.org/upload/201507/29164728ffcbbfc188a452090d10254c09f9c3de.png" alt="QQ截图20150729164624.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/29164728ffcbbfc188a452090d10254c09f9c3de.png)
[<img src="https://images.seebug.org/upload/201507/291647356ad0f0a28eabb25b09fb1124c88aa4c3.png" alt="QQ截图20150729164129.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/291647356ad0f0a28eabb25b09fb1124c88aa4c3.png)
京公网安备 11010502034610号
暂无评论