神州数码某站SQL注入获取大量数据库信息
神州数码某站SQL注入获取大量数据库信息
漏洞url:http://servexpress.digitalchina.com/sms/login.asp
1:存在post注入,
POST /sms/login.asp HTTP/1.1 Host: servexpress.digitalchina.com Connection: keep-alive Content-Length: 27 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://servexpress.digitalchina.com User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://servexpress.digitalchina.com/sms/login.asp Accept-Encoding: gzip,deflate,sdch Accept-Language: zh-CN,zh;q=0.8,en;q=0.6,und;q=0.4 Cookie: Hm_lvt_95801fed4c3f7373790df805816308b4=1417056865; Hm_lpvt_95801fed4c3f7373790df805816308b4=1417056865; ASPSESSIONIDQCCQCBQR=MLDINHADLPFNKAAELKIJEBJA loginid=111111&password=123
2:可获取大量库的信息
3:获取大量用户信息
4:这么多数据,你可别跟我说不重要啊!
修复方案:过滤
相关文章
图文推荐
- 文章
- 推荐
- 热门新闻