记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

A5站长网某站存在SQL注入漏洞

2015-10-29 06:20

code 区域
POST /teamapply/apply_sub HTTP/1.1

Content-Length: 350

Content-Type: application/x-www-form-urlencoded

X-Requested-With: XMLHttpRequest

Referer: http://yun.admin5.com

Cookie: PHPSESSID=07nqqvcf38md6a5p9niuispu13; hd_sid=wcEjNS; IESESSION=alive; bdshare_firstime=1445401007997; cck_lasttime=1445401015274; cck_count=0; BAIDUID=4D5D3156822ABBCA4BE368A7B3FADBEC:FG=1; pgv_pvi=1811144704; pgv_si=s3427113984; HMACCOUNT=6CA4BBC24E8EF470; hasshown=1; BDCBID=fbe9ecfa-f6ca-488f-8ed5-17fceae831e4; Hm_lvt_0e3d9eb80077c6ed168c1e3c54c772f1=1445401185,1445401191,1445401197,1445401203; Hm_lpvt_0e3d9eb80077c6ed168c1e3c54c772f1=1445401203; LXB_REFER=www.acunetix-referrer.com

Host: yun.admin5.com

Connection: Keep-alive

Accept-Encoding: gzip,deflate

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21

Accept: */*



area_city=555&area_county=555&area_pro=555&company_address=3137%20Laguna%20Street&company_des=Acunetix&company_name=ftwllqod&company_url=Acunetix&email=sample%40email.tst&intent=1&mobile=987-65-4329&name=ftwllqod&qq=1

注入点:qq

666.png



漏洞证明:

修复方案:

知识来源: www.wooyun.org/bugs/wooyun-2015-0148904

阅读:108414 | 评论:0 | 标签:注入 漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“A5站长网某站存在SQL注入漏洞”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云

本页关键词