来源:自学PHP网 时间:2015-04-15 15:00 作者: 阅读:次
[导读] 投注网伪静态sql注入、短信轰炸、前端绕过详细说明:1、sql注入:80 8080 8888端口均有此问题以80端口的一个链接为例http: goucai touzhu cn actinfo news_39692 htmlhttp: goucai touzhu cn actinfo news_3...
投注网伪静态sql注入、短信轰炸、前端绕过 1、sql注入:80 8080 8888端口均有此问题
POST /customer/AllUserCheck.php HTTP/1.1 Host: goucai.touzhu.cn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 Accept: */* Accept-Language: zh-cn,zh;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Referer: http://goucai.touzhu.cn/customer/usersafe.php?usercz=5 Content-Length: 86 Cookie: PHPSESSID=ec00834031229b68214238f4227e66db; bdshare_firstime=1408523278454; helpskaiguan=CaiSo; JSESSIONID=451A224458AEA552813A284CF63807D2; Hm_lvt_bd0a40a63edb615722f22f4239f42596=1408523821; Hm_lpvt_bd0a40a63edb615722f22f4239f42596=1408524201; Hm_lvt_1960c483f4fc5ef584a135a1bf5419bf=1408524211; Hm_lpvt_1960c483f4fc5ef584a135a1bf5419bf=1408524238 Connection: keep-alive Pragma: no-cache Cache-Control: no-cache jq_input_mobile=13812345678&actionc=newSendMobileCheckCode&suijishu=0.9894352478371744
修复方案:修复吧 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com