Lenovo's website background security defects and SQL injection (including repair ideas)

Source: Internet
Author: User

Lenovo's website background security defects and SQL injection (including repair ideas)

Security defects in the background: Find SQL injection, read files, and log on to the background

Http://css.lenovo.com/lxymanage/login.php. The verification code is displayed on the backend.

 



Direct packet try brute force cracking, not successful, scan, crawler crawled to an address http://css.lenovo.com/lxymanage/indexindex.php

Access will jump to 302, but there is no exit. The html source code is returned.
 



If it is a js background jump, there is a little trick, fiddler writes bpu login in the command line. php (automatically changed according to the actual jump page), so that the page will be blocked by fiddler before jump, and other background function pages can be used normally.

But here 302 jump can not be directly through the interception jump page to achieve normal access, we have to combine the returned html content to see whether it can be used in depth, access to a few functional pages, found such an address http://css.lenovo.com/lxymanage/member_upd1.php? Id = 36

Simple and 1 = 1 and 1 = 2 tests, it was found to be an injection point, so sqlmap ran and got the Administrator account rxllajig/c4ca4238a0b923820dcc509a6f75849b, the md5 value is 1 and the file content can be read.



When I log on with this account, I am prompted that the password length cannot be less than 2. However, this is determined by js, and there are multiple methods to bypass it, the simplest thing is to use the debugging function of the browser to directly remove the corresponding js and log on to the background successfully.
 

 

Solution:

1. Verification Code backend Verification

2. exit after the background authentication file jumps to prevent execution of the logic below the program

3. id parameter intval Processing

4. Change the administrator password and increase the complexity of the password.

5. web connection mysql account downgrading

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.