BeX5_V3.8版本
漏洞类型:SQL注入 漏洞描述:Web程序代码中对于用户提交的参数未做过滤就直接放到SQL语句中执行,导致参数中的特殊字符打破了SQL 漏洞修复建议:后端过滤或使用参数化查询接口
该漏洞点位于:
/x5/portal/login.w 请求包如下: POST/x5/portal/controller/system/User/login HTTP/1.1 Host:x-five.jstcc.com User-Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101Firefox/106.0 Accept:application/json, text/java***, */* Accept-Language:zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding:gzip, deflate Content-Type:application/x-www-form-urlencoded X-Requested-With:XMLHttpRequest Content-Length:143 Connection:close Cookie:JSESSIONID=D38030292FCA4EFBBC1A1468D7F246E0; request-use-base64=false Sec-Fetch-Dest:empty Sec-Fetch-Mode:cors Sec-Fetch-Site:same-origin username=admin'andascii(right(left((select name from roles whereid=1),1),1))=65--+&password=E10ADC3949BA59ABBE56E057F20F883E&language=zh_CN&loginDate=2022-11-09&jpolite_key_req_version=0.1
这个SQL注入是高危漏洞,上级网信安部门要求24小时之内解决,麻烦看一下如何进行后端过滤,或者在哪里直接关闭这个“username+password”传参可以直接登录的登录方式?
|